[go: up one dir, main page]

CN116319835B - Data synchronization method, device, equipment and storage medium based on federal shooting range - Google Patents

Data synchronization method, device, equipment and storage medium based on federal shooting range Download PDF

Info

Publication number
CN116319835B
CN116319835B CN202310522968.XA CN202310522968A CN116319835B CN 116319835 B CN116319835 B CN 116319835B CN 202310522968 A CN202310522968 A CN 202310522968A CN 116319835 B CN116319835 B CN 116319835B
Authority
CN
China
Prior art keywords
data synchronization
range
data
command
shooting range
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310522968.XA
Other languages
Chinese (zh)
Other versions
CN116319835A (en
Inventor
李宗哲
杨明盛
贾焰
韩伟红
张家伟
黄珺
陈睿
杨杰
吴志良
吉青利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peng Cheng Laboratory
Original Assignee
Peng Cheng Laboratory
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peng Cheng Laboratory filed Critical Peng Cheng Laboratory
Priority to CN202310522968.XA priority Critical patent/CN116319835B/en
Publication of CN116319835A publication Critical patent/CN116319835A/en
Application granted granted Critical
Publication of CN116319835B publication Critical patent/CN116319835B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本申请公开了一种基于联邦靶场的数据同步方法、装置、设备及存储介质,属于网络安全领域,本申请应用于所述联邦靶场中的分靶场,所述联邦靶场还包括主靶场,分靶场获取所述主靶场下发的数据同步命令;分靶场基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,并通过所述数据传输通道与所述主靶场进行数据同步,在接收到数据同步命令时,临时为数据同步提供了专门的数据传输通道,无需人工操作,即可基于所述数据同步命令自动进行数据同步,提高了数据同步效率。

This application discloses a data synchronization method, device, device and storage medium based on a federal shooting range, which belongs to the field of network security. Obtaining the data synchronization command issued by the main shooting range; based on the data synchronization command, the sub-shooting range opens a data transmission channel with the main shooting range, and performs data synchronization with the main shooting range through the data transmission channel, When a data synchronization command is received, a special data transmission channel is temporarily provided for data synchronization, and data synchronization can be automatically performed based on the data synchronization command without manual operation, thereby improving data synchronization efficiency.

Description

基于联邦靶场的数据同步方法、装置、设备及存储介质Data synchronization method, device, equipment and storage medium based on federal shooting range

技术领域technical field

本申请涉及网络安全技术领域,尤其涉及一种基于联邦靶场的数据同步方法、装置、设备及存储介质。The present application relates to the technical field of network security, and in particular to a data synchronization method, device, equipment and storage medium based on a federal shooting range.

背景技术Background technique

联邦靶场通过集中各分靶场的资源形成大规模分布式网络靶场,由于各分靶场需要模拟不同场景,并配合完成同一个攻防对抗演练工程,各分靶场之间的数据同步效率将会影响到攻防对抗演练工程中各分靶场的任务执行效率。The federal shooting range forms a large-scale distributed network shooting range by concentrating the resources of each sub-range. Since each sub-range needs to simulate different scenarios and cooperate to complete the same offensive and defensive confrontation exercise project, the data synchronization efficiency between each sub-range will affect the attack and defense. The task execution efficiency of each sub-range in the confrontation exercise project.

目前,为了保证数据安全,各分靶场之间存在网络隔离,因此,无法在线对各分靶场进行数据同步,需要对各分靶场分别进行人工操作才能达到数据同步的目的,这种数据同步方式效率较低。At present, in order to ensure data security, there is network isolation between the sub-ranges. Therefore, it is impossible to synchronize the data of each sub-range online. It is necessary to perform manual operations on each sub-range to achieve the purpose of data synchronization. This data synchronization method is efficient. lower.

因此,相关技术中存在数据同步效率低下的问题。Therefore, there is a problem of low data synchronization efficiency in the related art.

发明内容Contents of the invention

本申请的主要目的在于提供一种基于联邦靶场的数据同步方法、装置、设备及存储介质,旨在解决数据同步效率低下的技术问题。The main purpose of this application is to provide a data synchronization method, device, equipment and storage medium based on the federal shooting range, aiming to solve the technical problem of low data synchronization efficiency.

为实现上述目的,本申请提供一种基于联邦靶场的数据同步方法,应用于所述联邦靶场中的分靶场,所述联邦靶场还包括主靶场,所述基于联邦靶场的数据同步方法,包括以下步骤:In order to achieve the above purpose, the present application provides a data synchronization method based on the federation shooting range, which is applied to the sub-shooting ranges in the federation shooting range, and the federation shooting range also includes the main shooting range, and the data synchronization method based on the federation shooting range includes the following step:

获取所述主靶场下发的数据同步命令;Obtain the data synchronization command issued by the main shooting range;

基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,并通过所述数据传输通道与所述主靶场进行数据同步。Based on the data synchronization command, open a data transmission channel with the main shooting range, and perform data synchronization with the main shooting range through the data transmission channel.

在本申请的一种可能的实施方式中,所述分靶场有多个,每个分靶场对应设有一个靶场ID,所述每个分靶场部署有至少一个工程,每个工程均对应设有一个工程ID;In a possible implementation of the present application, there are multiple sub-shooting ranges, and each sub-shooting range is correspondingly provided with a shooting range ID, and each sub-shooting range is deployed with at least one project, and each project is correspondingly equipped with a project ID;

所述获取所述主靶场下发的数据同步命令的步骤,包括:The step of obtaining the data synchronization command issued by the main shooting range includes:

基于自身的靶场ID以及对应工程的工程ID,从预设消息队列中读取对应的数据同步命令;Based on its own shooting range ID and the project ID of the corresponding project, read the corresponding data synchronization command from the preset message queue;

其中,所述数据同步命令是预先在所述主靶场中基于所述分靶场中对应工程的预设待同步内容、所述分靶场的靶场ID以及对应工程的工程ID构建好,并写入至所述预设消息队列中的。Wherein, the data synchronization command is pre-constructed in the main shooting range based on the preset content to be synchronized of the corresponding project in the sub-shooting range, the shooting range ID of the sub-shooting range, and the project ID of the corresponding project, and written to in the preset message queue.

在本申请的一种可能的实施方式中,所述通过所述数据传输通道与所述主靶场进行数据同步的步骤,包括:In a possible implementation manner of the present application, the step of synchronizing data with the main shooting range through the data transmission channel includes:

对所述数据同步命令进行解析,得到所述数据同步命令的类型,其中,所述数据同步命令的类型包括工程初始化、工程更新、配置文件下发;Analyzing the data synchronization command to obtain the type of the data synchronization command, wherein the type of the data synchronization command includes project initialization, project update, and configuration file delivery;

基于所述数据同步命令的类型,通过所述数据传输通道与所述主靶场进行所述预设待同步内容的同步。Based on the type of the data synchronization command, the synchronization of the preset content to be synchronized is performed with the main shooting range through the data transmission channel.

在本申请的一种可能的实施方式中,所述基于所述数据同步命令的类型,通过所述数据传输通道与所述主靶场进行所述预设待同步内容的同步的步骤,包括:In a possible implementation manner of the present application, the step of synchronizing the preset content to be synchronized with the main shooting range through the data transmission channel based on the type of the data synchronization command includes:

若所述数据同步命令的类型为工程更新,则将所述预设待同步内容在所述主靶场中对应的第一工程文件,与所述预设待同步内容在本地对应的第二工程文件进行比较,得到比较结果;If the type of the data synchronization command is project update, the first project file corresponding to the preset content to be synchronized in the main shooting range and the second project file corresponding to the preset content to be synchronized locally Make a comparison and get the comparison result;

若所述比较结果为不一致,则将所述第一工程文件中的增量数据同步至本地。If the comparison result is inconsistent, the incremental data in the first project file is synchronized locally.

在本申请的一种可能的实施方式中,所述基于所述数据同步命令,开通与所述主靶场之间的数据传输通道的步骤,包括:In a possible implementation manner of the present application, the step of opening a data transmission channel with the main shooting range based on the data synchronization command includes:

基于所述数据同步命令的类型,确定是否执行所述数据同步命令;determining whether to execute the data synchronization command based on the type of the data synchronization command;

若确定执行,则通过预设数据通信服务器开通在本地与所述主靶场之间建立的VPN隧道;If it is determined to execute, the VPN tunnel established between the local area and the main shooting range is opened by a preset data communication server;

通过所述VPN隧道与所述主靶场进行数据同步。Data synchronization is performed with the main shooting range through the VPN tunnel.

在本申请的一种可能的实施方式中,所述对所述数据同步命令进行解析,得到所述数据同步命令的类型和所述预设待同步内容的步骤之后,所述方法还包括:In a possible implementation manner of the present application, after the step of parsing the data synchronization command to obtain the type of the data synchronization command and the preset content to be synchronized, the method further includes:

对同时接收到的多个数据同步命令进行解析,得到所述多个数据同步命令的执行优先级;Analyzing multiple data synchronization commands received at the same time to obtain execution priorities of the multiple data synchronization commands;

基于所述执行优先级的高低,依次执行所述多个数据同步命令。The multiple data synchronization commands are executed sequentially based on the execution priority.

在本申请的一种可能的实施方式中,所述通过所述数据传输通道与所述主靶场进行数据同步的步骤之后,所述方法还包括:In a possible implementation manner of the present application, after the step of synchronizing data with the main shooting range through the data transmission channel, the method further includes:

若数据同步结束,则向所述主靶场发送数据同步结束的反馈信息,以供所述主靶场进行其他数据同步命令的下发。If the data synchronization is completed, the feedback information of data synchronization completion is sent to the main shooting range, so that the main shooting range can issue other data synchronization commands.

本申请还提供一种基于联邦靶场的数据同步装置,所述装置包括:The present application also provides a data synchronization device based on a federal shooting range, the device comprising:

命令获取模块,用于获取主靶场下发的数据同步命令;The command acquisition module is used to acquire the data synchronization command issued by the main shooting range;

同步模块,用于基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,并通过所述数据传输通道与所述主靶场进行数据同步。The synchronization module is configured to open a data transmission channel with the main shooting range based on the data synchronization command, and perform data synchronization with the main shooting range through the data transmission channel.

本申请还提供一种基于联邦靶场的数据同步设备,所述设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的基于联邦靶场的数据同步程序,所述基于联邦靶场的数据同步程序配置为实现如上述任一项所述的基于联邦靶场的数据同步方法的步骤。The present application also provides a federated shooting range-based data synchronization device, which includes: a memory, a processor, and a federated shooting range-based data synchronization program stored on the memory and operable on the processor. The federated shooting range-based data synchronization program is configured to implement the steps of the federated shooting range-based data synchronization method described in any one of the above.

本申请还提供一种存储介质,所述存储介质上存储有基于联邦靶场的数据同步程序,所述基于联邦靶场的数据同步程序被处理器执行时实现如上述任一项所述的基于联邦靶场的数据同步方法的步骤。The present application also provides a storage medium, on which a data synchronization program based on a federal shooting range is stored. When the data synchronization program based on a federated shooting range is executed by a processor, the federation-based shooting range The steps of the data synchronization method.

本申请提供一种基于联邦靶场的数据同步方法,相较于现有技术中各分靶场之间存在网络隔离,因此,无法在线对各分靶场进行数据同步,需要对各分靶场分别进行人工操作才能达到数据同步的目的,本申请应用于所述联邦靶场中的分靶场,所述联邦靶场还包括主靶场,分靶场获取所述主靶场下发的数据同步命令;分靶场基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,并通过所述数据传输通道与所述主靶场进行数据同步,在接收到数据同步命令时,临时为数据同步提供了专门的数据传输通道,无需人工操作,即可基于所述数据同步命令自动进行数据同步,提高了数据同步效率。This application provides a data synchronization method based on the federal shooting range. Compared with the network isolation between the sub-shooting ranges in the prior art, the data synchronization of each sub-shooting range cannot be performed online, and each sub-shooting range needs to be manually operated. In order to achieve the purpose of data synchronization, this application is applied to the sub-ranges in the federal shooting range. The federal shooting range also includes the main shooting range. The sub-ranges obtain the data synchronization command issued by the main shooting range; the sub-ranges are based on the data synchronization Command, open the data transmission channel with the main shooting range, and perform data synchronization with the main shooting range through the data transmission channel, and temporarily provide a special data transmission channel for data synchronization when receiving the data synchronization command , without manual operation, data synchronization can be automatically performed based on the data synchronization command, which improves the efficiency of data synchronization.

附图说明Description of drawings

图1为本申请一种基于联邦靶场的数据同步方法的第一实施例的流程示意图;Fig. 1 is a schematic flow chart of a first embodiment of a data synchronization method based on a federal shooting range in the present application;

图2为本申请第一实施例的基于联邦靶场的数据同步方法的逻辑架构图;FIG. 2 is a logical architecture diagram of a data synchronization method based on a federal shooting range in the first embodiment of the present application;

图3为本申请第一实施例的基于联邦靶场的数据同步方法的第一场景示意图;FIG. 3 is a schematic diagram of a first scene of a data synchronization method based on a federal shooting range in the first embodiment of the present application;

图4是本申请实施例方案涉及的硬件运行环境的基于联邦靶场的数据同步设备的结构示意图;Fig. 4 is a schematic structural diagram of a data synchronization device based on a federal shooting range in the hardware operating environment involved in the embodiment scheme of the present application;

图5为本申请第一实施例的基于联邦靶场的数据同步装置示意图。Fig. 5 is a schematic diagram of a data synchronization device based on a federal shooting range according to the first embodiment of the present application.

本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization, functional features and advantages of the present application will be further described in conjunction with the embodiments and with reference to the accompanying drawings.

具体实施方式Detailed ways

应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。尽管在本文可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本文范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。It should be understood that the specific embodiments described here are only used to explain the present application, and are not intended to limit the present application. Although the terms first, second, third, etc. may be used herein to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of this document, first information may also be called second information, and similarly, second information may also be called first information.

本申请实施例提供了一种基于联邦靶场的数据同步方法,参照图1和图2,在本实施例中,所述基于联邦靶场的数据同步方法包括:The embodiment of the present application provides a data synchronization method based on a federated shooting range. Referring to FIG. 1 and FIG. 2, in this embodiment, the data synchronization method based on a federated shooting range includes:

步骤S10:获取所述主靶场下发的数据同步命令;Step S10: Obtain the data synchronization command issued by the main shooting range;

步骤S20:基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,并通过所述数据传输通道与所述主靶场进行数据同步。Step S20: Based on the data synchronization command, open a data transmission channel with the main shooting range, and perform data synchronization with the main shooting range through the data transmission channel.

在本实施例中,所述基于联邦靶场的数据同步方法应用于基于联邦靶场的数据同步设备,所述基于联邦靶场的数据同步设备可以是所述联邦靶场中的分靶场。In this embodiment, the federated range-based data synchronization method is applied to a federated range-based data synchronization device, and the federated range-based data synchronization device may be a sub-range in the federated range.

作为一种示例,联邦靶场包括多个分靶场,联邦靶场通过集中各分靶场的资源形成大规模分布式网络靶场,各分靶场需要承担不同角色,并配合完成同一个攻防对抗演练工程。As an example, the federal shooting range includes multiple sub-ranges. The federal shooting range forms a large-scale distributed network shooting range by concentrating the resources of each sub-range. Each sub-range needs to assume different roles and cooperate to complete the same offensive and defensive confrontation exercise project.

作为一种示例,每个分靶场中可以部署多个攻防对抗演练工程,每个分靶场中可以设有至少一个虚拟机(模拟物理计算机行为的软件程序),和/或者至少一个实物机,和/或者至少一个虚拟路由器等基础设施,每个攻防对抗演练工程都需要分靶场中不同基础设施的配合。As an example, multiple offensive and defensive confrontation exercises can be deployed in each sub-range, and each sub-range can be equipped with at least one virtual machine (a software program that simulates the behavior of a physical computer), and/or at least one physical machine, and / Or at least a virtual router and other infrastructure, each offensive and defensive confrontation exercise project requires the cooperation of different infrastructures in the shooting range.

作为一种示例,联邦靶场中各个分靶场在基础设施之间建立的网络架构有所不同(例如,建设在a城市的分靶场和b城市的分靶场,或者在攻防对抗演练工程中模拟不同场景的分靶场之间,在网络架构上会有一定区别),由此产生了分靶场之间的网络异构性。As an example, the network architectures established by the various sub-ranges in the federal shooting range are different (for example, the sub-ranges built in city a and the sub-ranges in city b, or the simulation of different scenarios in the offensive and defensive confrontation exercise project There will be certain differences in the network architecture between the sub-ranges), resulting in network heterogeneity between the sub-ranges.

作为一种示例,在联邦靶场中,各分靶场在配合完成一个攻防对抗演练工程过程中,需要进行数据交换或者数据同步等才能够实现各分靶场之间的交互。具体地,各分靶场在模拟不同场景时,所需要的配置文件或者需要调用的数据不同。然而,由于各个分靶场的异构性,且为了保证数据安全,各分靶场之间存在网络隔离,导致无法在线对各分靶场进行数据同步,需要对各分靶场分别进行人工操作才能达到数据同步的目的,这种数据同步方式效率较低,各分靶场之间的数据同步效率将会影响到攻防对抗演练工程中各分靶场的任务执行效率。As an example, in the federal shooting range, when each sub-range cooperates to complete an offensive and defensive confrontation exercise project, data exchange or data synchronization is required to realize the interaction between the sub-ranges. Specifically, when simulating different scenarios, each sub-range needs different configuration files or data that needs to be invoked. However, due to the heterogeneity of each sub-range, and in order to ensure data security, there is network isolation between each sub-range, which makes it impossible to synchronize the data of each sub-range online. It is necessary to manually operate each sub-range to achieve data synchronization. For the purpose of this method, the efficiency of this data synchronization method is low, and the data synchronization efficiency between each sub-range will affect the task execution efficiency of each sub-range in the offensive and defensive confrontation exercise project.

作为一种示例,联邦靶场还包括主靶场,主靶场可以是从分靶场中选择的一个靶场,也可以是分靶场之外的一个固定的靶场等,参照图3,可知主靶场和分靶场中均设有命令处理模块,消息处理模块,数据同步模块,数据通道管理模块。As an example, the federal shooting range also includes the main shooting range. The main shooting range can be a shooting range selected from the sub-shooting ranges, or a fixed shooting range other than the sub-shooting ranges. All have a command processing module, a message processing module, a data synchronization module, and a data channel management module.

本实施例旨在:通过主靶场下发数据同步命令,分靶场在接收到命令后,开通与所述主靶场之间的数据传输通道,自动实现与所述主靶场的数据同步。The purpose of this embodiment is to issue a data synchronization command from the main shooting range, and after receiving the command, the sub-shooting range opens a data transmission channel with the main shooting range to automatically realize data synchronization with the main shooting range.

具体步骤如下:Specific steps are as follows:

步骤S10:获取所述主靶场下发的数据同步命令;Step S10: Obtain the data synchronization command issued by the main shooting range;

作为一种示例,通过主靶场下发数据同步命令更便于分靶场的管理。具体地,可以是通过从多个分靶场中选举得到的一个主靶场下发数据同步命令,也可以是固定设置的一个主靶场下发数据同步命令,也可以是当某个分靶场需要其他靶场同步本地数据时,通过该分靶场下发数据同步命令等,能够适用不同数据同步场景。As an example, it is easier to manage the sub-ranges by issuing data synchronization commands through the main range. Specifically, it can be a data synchronization command issued by a main shooting range elected from multiple sub-shooting ranges, or a data synchronization command issued by a fixed main shooting range, or when a certain sub-shooting range needs other shooting ranges When synchronizing local data, the sub-range can issue data synchronization commands, etc., which can be applied to different data synchronization scenarios.

作为一种示例,分靶场接收主靶场下发的数据同步命令,可以是主靶场直接发送至某个分靶场,也可以是主靶场将数据同步命令下发至预设消息队列,分靶场定期获取或者随时获取等,能够满足即时命令和预定命令的下发场景。As an example, the sub-range receives the data synchronization command issued by the main range, which can be directly sent to a sub-range by the main range, or the main range sends the data synchronization command to the preset message queue, and the sub-range periodically obtains Or obtain it at any time, etc., which can meet the scenarios of issuing immediate orders and scheduled orders.

作为一种示例,数据同步命令可以是工程初始化,或者工程更新,或者工程的配置文件下发,或者工程的配置文件更新等命令,能够在工程创建好后,自动对工程进行数据同步(工程更新或者基于配置文件进行工程参数的配置),提升数据同步效率,节省工程实施前的准备时长。As an example, the data synchronization command can be project initialization, or project update, or project configuration file delivery, or project configuration file update command, which can automatically perform data synchronization on the project after the project is created (project update Or configure project parameters based on configuration files), improve data synchronization efficiency, and save preparation time before project implementation.

作为一种示例,数据同步命令用于命令某个分靶场执行数据同步任务。As an example, the data synchronization command is used to instruct a sub-range to perform a data synchronization task.

作为一种示例,命令处理模块用于对命令进行结构化语言描述以及数据同步命令的封装、解析。As an example, the command processing module is used for describing the command in a structured language and encapsulating and parsing the data synchronization command.

所述数据同步命令可以是预先通过命令描述模型进行结构化语言描述(yaml或json格式,其中,yaml格式用于配置和管理,yaml是一种简洁的非标记性语言,内容格式人性化,较易读;json的序列化和反序列化速度很快,使得更小更轻的代码可以处理json,json对于能够轻松地和平台兼容,则更加适用于消息传递)过的,即,在主靶场与分靶场之间设置一种专有的规范的沟通语言,能够提高命令下发的规范性,还能够提高数据传输的安全性。The data synchronization command can be described in a structured language (yaml or json format) through a command description model in advance, wherein the yaml format is used for configuration and management, and yaml is a concise non-markup language with a user-friendly content format, which is relatively Easy to read; the serialization and deserialization speed of json makes smaller and lighter code can handle json, and json is more suitable for message delivery for being easily compatible with the platform), that is, in the main shooting range Setting up a proprietary and standardized communication language with the sub-range can improve the standardization of command issuance and improve the security of data transmission.

作为一种示例,所述数据同步命令可以通过人工在线输入的,也可以是在主靶场中设定的周期性触发的。As an example, the data synchronization command may be manually input online, or may be periodically triggered in the main shooting range.

在本实施例中,所述获取所述主靶场下发的数据同步命令的步骤,包括:In this embodiment, the step of obtaining the data synchronization command issued by the main shooting range includes:

步骤A1:基于自身的靶场ID以及对应工程的工程ID,从预设消息队列中读取对应的数据同步命令;Step A1: Based on its own shooting range ID and the project ID of the corresponding project, read the corresponding data synchronization command from the preset message queue;

在本实施例中,所述分靶场有多个,每个分靶场对应设有一个靶场ID,所述每个分靶场部署有至少一个工程,每个工程均对应设有一个工程ID。In this embodiment, there are multiple sub-ranges, and each sub-range corresponds to a range ID, and each sub-range is deployed with at least one project, and each project corresponds to a project ID.

在本实施例中,所述数据同步命令是预先在所述主靶场中基于所述分靶场中对应工程的预设待同步内容、所述分靶场的靶场ID以及对应工程的工程ID构建好,并写入至所述预设消息队列中的。In this embodiment, the data synchronization command is pre-constructed in the main shooting range based on the preset content to be synchronized of the corresponding project in the sub-shooting range, the shooting range ID of the sub-shooting range, and the project ID of the corresponding project, and written to the preset message queue.

作为一种示例,主靶场在基于所述分靶场中对应工程的预设待同步内容、所述分靶场的靶场ID以及对应工程的工程ID,构建好数据同步命令后,将所述数据同步命令写入至所述预设消息队列中,以供分靶场进行读取。As an example, after the main shooting range constructs the data synchronization command based on the preset content to be synchronized of the corresponding project in the sub-shooting range, the shooting range ID of the sub-shooting range, and the project ID of the corresponding project, the data synchronization command Write it into the preset message queue for reading by the sub-range.

作为一种示例,消息处理模块主要对命令进行分发和处理。所述数据同步命令的下发可以是采用生产者-消费者模型(消息发布-订阅系统)进行的,主靶场(生产者)负责将数据同步命令发送至对应的预设消息队列(对应主题),分靶场通过读取预设消息队列接收数据同步命令(消费者通过订阅相关主题接收消息),能够实现命令的异步高效处理。As an example, the message processing module mainly distributes and processes commands. The delivery of the data synchronization command can be carried out by using the producer-consumer model (message publishing-subscription system), and the main shooting range (producer) is responsible for sending the data synchronization command to the corresponding preset message queue (corresponding topic) , the shooting range receives data synchronization commands by reading the preset message queue (consumers receive messages by subscribing to related topics), which can realize asynchronous and efficient processing of commands.

作为一种示例,所述预设消息队列可以是Kafka消息队列(先进先出队列),队列中存储的命令可以是以json或yaml格式写入的,存储的命令的数据形式可以是key-value的形式,key包括分靶场的靶场ID以及对应工程的工程ID构成的队列名称,value包括通过结构化语言描述后的预设待同步内容,便于分靶场快速定位到与自身对应的数据同步命令(根据自身的靶场ID以及对应工程的工程ID,从预设消息队列中读取对应的数据同步命令,定位得到数据同步命令中的预设待同步内容),且,采用先进先出的消息队列能够保证数据同步命令的高效读取,保证分靶场在读取数据同步命令时的有序性,便于对数据同步命令的管理。As an example, the preset message queue can be a Kafka message queue (first in first out queue), the commands stored in the queue can be written in json or yaml format, and the data format of the stored commands can be key-value The key includes the shooting range ID of the sub-range and the queue name composed of the project ID of the corresponding project, and the value includes the preset content to be synchronized described in a structured language, so that the sub-range can quickly locate the data synchronization command corresponding to itself ( According to its own shooting range ID and the project ID of the corresponding project, the corresponding data synchronization command is read from the preset message queue, and the preset content to be synchronized in the data synchronization command is located), and the first-in-first-out message queue can be used Ensure the efficient reading of data synchronization commands, ensure the orderliness of the sub-range when reading data synchronization commands, and facilitate the management of data synchronization commands.

作为一种示例,所述预设待同步内容可以是在工程部署过程中,基于各分靶场工程的数据完整性判断得到的。As an example, the preset content to be synchronized may be determined based on the data integrity of each sub-range project during project deployment.

步骤S20:基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,并通过所述数据传输通道与所述主靶场进行数据同步。Step S20: Based on the data synchronization command, open a data transmission channel with the main shooting range, and perform data synchronization with the main shooting range through the data transmission channel.

作为一种示例,由于各分靶场之间存在网络隔离,导致无法在线对各分靶场进行数据同步,因此,可以通过专有的数据传输通道进行数据同步,不影响各分靶场的网络架构,且,使用专有的数据传输通道能够保证数据传输的安全性。As an example, due to the network isolation between the sub-ranges, it is impossible to synchronize the data of each sub-range online. Therefore, data synchronization can be performed through a dedicated data transmission channel without affecting the network architecture of each sub-range, and , using a proprietary data transmission channel can ensure the security of data transmission.

作为一种示例,基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,即,分靶场在接收到数据同步命令后,可以直接开通与所述主靶场之间的数据传输通道,提高数据同步的效率,也可以在接收到数据同步命令后,判断需要执行该命令后,再开通与所述主靶场之间的数据传输通道,确保数据同步命令的准确性。As an example, based on the data synchronization command, the data transmission channel with the main shooting range is opened, that is, after receiving the data synchronization command, the sub-shooting range can directly open the data transmission with the main shooting range channel to improve the efficiency of data synchronization, and after receiving the data synchronization command, it is judged that the command needs to be executed, and then the data transmission channel with the main shooting range is opened to ensure the accuracy of the data synchronization command.

作为一种示例,联邦靶场之间可以通过VPN技术(Ipsec VPN或SSL VPN),或者ZTNA(Zero Trust Network Access,零信任网络访问)在靶场之间构建虚机隧道(数据传输通道),从而实现靶场之间的网络安全互通。As an example, VPN technology (Ipsec VPN or SSL VPN) or ZTNA (Zero Trust Network Access) can be used to build virtual machine tunnels (data transmission channels) between federal shooting ranges to achieve Network security intercommunication between shooting ranges.

在本实施例中,相较于现有技术中各分靶场之间存在网络隔离,因此,无法在线对各分靶场进行数据同步,需要对各分靶场分别进行人工操作才能达到数据同步的目的,本申请应用于所述联邦靶场中的分靶场,所述联邦靶场还包括主靶场,分靶场获取所述主靶场下发的数据同步命令;分靶场基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,并通过所述数据传输通道与所述主靶场进行数据同步,在接收到数据同步命令时,临时为数据同步提供了专门的数据传输通道,无需人工操作,即可基于所述数据同步命令自动进行数据同步,提高了数据同步效率。采用先进先出的消息队列能够保证数据同步命令的高效读取,保证分靶场在读取数据同步命令时的有序性,便于对数据同步命令的管理。在靶场之间构建虚拟隧道(数据传输通道)实现靶场之间的网络安全互通。In this embodiment, compared with the prior art, there is network isolation between each sub-range, therefore, it is impossible to perform data synchronization for each sub-range online, and manual operation is required for each sub-range to achieve the purpose of data synchronization. This application is applied to the sub-shooting ranges in the federal shooting range, and the federal shooting range also includes the main shooting range, and the sub-shooting ranges obtain the data synchronization command issued by the main shooting range; based on the data synchronization command, the sub-shooting ranges open the The data transmission channel between the shooting ranges, and the data synchronization with the main shooting range is performed through the data transmission channel. When the data synchronization command is received, a special data transmission channel is temporarily provided for data synchronization without manual operation. Data synchronization is automatically performed based on the data synchronization command, which improves the efficiency of data synchronization. The first-in-first-out message queue can ensure the efficient reading of data synchronization commands, ensure the orderliness of the sub-range when reading data synchronization commands, and facilitate the management of data synchronization commands. Build virtual tunnels (data transmission channels) between shooting ranges to realize safe network intercommunication between shooting ranges.

进一步地,基于本申请上述实施例,提供本申请的另一实施例,在该实施例中,所述通过所述数据传输通道与所述主靶场进行数据同步的步骤,包括:Further, based on the above-mentioned embodiments of the present application, another embodiment of the present application is provided. In this embodiment, the step of synchronizing data with the main shooting range through the data transmission channel includes:

步骤B1:对所述数据同步命令进行解析,得到所述数据同步命令的类型,其中,所述数据同步命令的类型包括工程初始化、工程更新、配置文件下发;Step B1: Analyzing the data synchronization command to obtain the type of the data synchronization command, wherein the type of the data synchronization command includes project initialization, project update, and configuration file delivery;

作为一种示例,预先在所述主靶场中在主靶场中基于所述分靶场中对应工程的预设待同步内容、所述分靶场的靶场ID以及对应工程的工程ID构建数据同步命令的过程中,可以基于预设待同步内容,在数据同步命令中添加类型标识。As an example, the process of constructing a data synchronization command in advance in the main shooting range in the main shooting range based on the preset content to be synchronized of the corresponding project in the sub-shooting range, the shooting range ID of the sub-shooting range, and the project ID of the corresponding project In , you can add a type identifier to the data synchronization command based on the preset content to be synchronized.

具体地,待同步内容包括工程更新内容,工程初始化内容,配置文件等。Specifically, the content to be synchronized includes project update content, project initialization content, configuration files, and the like.

具体地,可以基于待同步内容,在数据同步命令中添加更新标识、或者初始化标识,或者配置标识。Specifically, an update flag, or an initialization flag, or a configuration flag may be added to the data synchronization command based on the content to be synchronized.

作为一种示例,不同数据同步命令的类型标识(更新、初始化等)可以通过cmdType字段进行描述。As an example, type identifications (update, initialization, etc.) of different data synchronization commands may be described by the cmdType field.

作为一种示例,对所述数据同步命令进行解析,得到所述数据同步命令的类型和所述预设待同步内容,便于分靶场快速识别命令的类型,并快速基于命令类型同步不同的预设待同步内容,提高了数据同步的速度。As an example, the data synchronization command is analyzed to obtain the type of the data synchronization command and the preset content to be synchronized, so that the sub-range can quickly identify the type of command, and quickly synchronize different presets based on the command type The content to be synchronized improves the speed of data synchronization.

作为一种示例,预设待同步内容可以是人工在线确定的,也可以是预先在主靶场中设定的周期性同步的内容。As an example, the preset content to be synchronized may be manually determined online, or may be periodically synchronized content pre-set in the main shooting range.

步骤B2:基于所述数据同步命令的类型,通过所述数据传输通道与所述主靶场进行所述预设待同步内容的同步。Step B2: Based on the type of the data synchronization command, synchronize the preset content to be synchronized with the main shooting range through the data transmission channel.

作为一种示例,若数据同步命令的类型为更新,则可以预先定位不是最新版本的程序以提高更新速度(更新验证速度、更新确认速度等)、或者预先检测当前版本是否为最新版本(若全部为最新版本,则不执行所述更新命令,就不需要具体查看预设待同步内容,提高了数据同步效率)等,在此不做限定。若数据同步命令的类型为初始化,则可以预先检测当前工程是否已经初始化过,若部分初始化,则预先定位至未经过初始化的程序以提高数据同步效率。As an example, if the type of the data synchronization command is update, you can pre-locate programs that are not the latest version to increase the update speed (update verification speed, update confirmation speed, etc.), or pre-detect whether the current version is the latest version (if all If it is the latest version, if the update command is not executed, there is no need to specifically check the preset content to be synchronized, which improves the efficiency of data synchronization), etc., which are not limited here. If the type of the data synchronization command is initialization, it can be pre-detected whether the current project has been initialized, and if it is partially initialized, it will pre-locate to the program that has not been initialized to improve the efficiency of data synchronization.

作为一种示例,可以先基于所述数据同步命令的类型,确定所述预设待同步内容的同步方式,再使用该同步方式通过所述数据传输通道与所述主靶场进行所述预设待同步内容的同步。As an example, based on the type of the data synchronization command, the synchronization method of the preset content to be synchronized can be determined first, and then the synchronization method can be used to perform the preset operation with the main shooting range through the data transmission channel. Synchronization of synchronized content.

在本实施例中,所述数据同步命令的类型包括工程初始化、工程更新、配置文件下发。In this embodiment, the types of the data synchronization command include project initialization, project update, and configuration file delivery.

在本实施例中,所述数据同步命令的类型还可以包括配置文件更新或者工程删除等。In this embodiment, the type of the data synchronization command may also include configuration file update or project deletion.

作为一种示例,通过解析所述数据同步命令的类型标识,确定所述数据同步命令的类型(更新、初始化或者配置等),若所述类型为更新,则同步方式为复制主靶场中待同步内容的增量文件。若所述类型为配置,则同步方式为给待同步内容的参数进行赋值和/或者使能某些功能等。As an example, the type of the data synchronization command (update, initialization or configuration, etc.) is determined by parsing the type identifier of the data synchronization command. If the type is update, the synchronization method is to copy the data synchronization command to be synchronized in the main shooting range. Incremental file of content. If the type is configuration, the synchronization method is to assign values to parameters of the content to be synchronized and/or to enable certain functions.

作为一种示例,数据同步模块用于数据同步,通过靶场之间的数据传输通道配合增量同步方法实现数据高效、快速同步。As an example, the data synchronization module is used for data synchronization, and the data transmission channel between shooting ranges cooperates with the incremental synchronization method to realize efficient and fast data synchronization.

在本实施例中,所述通过所述数据传输通道与所述主靶场进行数据同步的步骤,包括:In this embodiment, the step of synchronizing data with the main shooting range through the data transmission channel includes:

步骤C1:若所述数据同步命令的类型为工程更新,则将所述预设待同步内容在所述主靶场中对应的第一工程文件,与所述预设待同步内容在本地对应的第二工程文件进行比较,得到比较结果;Step C1: If the type of the data synchronization command is project update, the first project file corresponding to the preset content to be synchronized in the main shooting range, and the first project file corresponding to the preset content to be synchronized locally Compare the two project files and get the comparison result;

作为一种示例,若所述数据同步命令的类型为工程更新,则将所述预设待同步内容在所述主靶场中对应的第一工程文件,与所述预设待同步内容在本地对应的第二工程文件进行比较,得到比较结果。具体地,可以是通过比较待同步内容在本地对应第一工程文件的第一文件hash值(hash是根据文件的内容的数据通过逻辑运算得到的数值,不同的文件得到的hash值是不同),与待同步内容在主靶场对应第二工程文件的第二文件hash值是否一致;还可以是将待同步内容在本地对应文件的预设第一文件时间戳,与待同步内容在主靶场对应文件的预设第二文件时间戳进行比较。As an example, if the type of the data synchronization command is project update, the first project file corresponding to the preset content to be synchronized in the main shooting range corresponds to the preset content to be synchronized locally Compare the second project file and get the comparison result. Specifically, it may be by comparing the hash value of the first file locally corresponding to the first project file of the content to be synchronized (hash is a numerical value obtained through logical operation according to the content data of the file, and the hash values obtained by different files are different), Whether the hash value of the second file of the second project file corresponding to the content to be synchronized in the main shooting range is consistent; it can also be the preset first file time stamp of the content to be synchronized in the local corresponding file, and the file corresponding to the content to be synchronized in the main shooting range The preset second file timestamp for comparison.

步骤C2:若所述比较结果为不一致,则将所述第一工程文件中的增量数据同步至本地。Step C2: if the comparison result is inconsistent, synchronizing the incremental data in the first project file to the local.

作为一种示例,若所述比较结果为不一致,则将所述待同步内容在主靶场对应文件的增量文件复制至本地;或者,若所述预设第一文件时间戳小于或大于预设第二文件时间戳,则将所述待同步内容在主靶场对应文件的增量文件复制至本地。As an example, if the comparison result is inconsistent, copy the incremental file of the corresponding file of the content to be synchronized in the main shooting range to the local; or, if the preset first file timestamp is less than or greater than the preset For the second file timestamp, the incremental file of the corresponding file of the content to be synchronized in the main range is copied to the local.

在本实施例中,所述对所述数据同步命令进行解析,得到所述数据同步命令的类型和所述预设待同步内容的步骤之后,所述方法还包括:In this embodiment, after the step of parsing the data synchronization command to obtain the type of the data synchronization command and the preset content to be synchronized, the method further includes:

步骤S30:对同时接收到的多个数据同步命令进行解析,得到所述多个数据同步命令的执行优先级;Step S30: Analyzing multiple data synchronization commands received at the same time to obtain execution priorities of the multiple data synchronization commands;

作为一种示例,为了防止在同时接收到多个数据同步命令(多个部分的更新命令或者初始化以及配置命令等)时,由于执行顺序导致故障发生,则可以预先在数据同步命令中添加执行优先级标识。具体地,可以在结构化描述语言中通过cmdPriority字段来标识所述执行优先级。As an example, in order to prevent failures due to the order of execution when receiving multiple data synchronization commands (update commands of multiple parts or initialization and configuration commands, etc.) at the same time, you can add execution priority to the data synchronization command in advance. level ID. Specifically, the execution priority may be identified by a cmdPriority field in the structured description language.

步骤S40:基于所述执行优先级的高低,依次执行所述多个数据同步命令。Step S40: Execute the multiple data synchronization commands sequentially based on the execution priority.

作为一种示例,若同时接收到多个数据同步命令,则对多个数据同步命令进行解析,得到所述多个数据同步命令的执行优先级,基于所述多个数据同步命令的执行优先级,依次执行所述多个数据同步命令,以提高数据同步效率,减少命令执行错误的发生。As an example, if multiple data synchronization commands are received at the same time, the multiple data synchronization commands are analyzed to obtain the execution priorities of the multiple data synchronization commands, based on the execution priorities of the multiple data synchronization commands , executing the multiple data synchronization commands in sequence, so as to improve data synchronization efficiency and reduce occurrence of command execution errors.

在本实施例中,所述通过所述数据传输通道与所述主靶场进行数据同步的步骤之后,所述方法还包括:In this embodiment, after the step of synchronizing data with the main shooting range through the data transmission channel, the method further includes:

步骤S50:若数据同步结束,则向所述主靶场发送数据同步结束的反馈信息,以供所述主靶场进行其他数据同步命令的下发。Step S50: If the data synchronization is completed, send the feedback information of the data synchronization completion to the main shooting range, so that the main shooting range can issue other data synchronization commands.

在本实施例中,若数据同步结束,则向所述主靶场发送数据同步结束的反馈信息(可以是一个反馈信号,或者一个数据包等),若主靶场在下发所述数据同步命令后,在一定时间内未接收到所述反馈信息,则可以重新发送所述数据同步命令,若多次未接收到所述反馈信息,则可以提示管理人员进行故障维护。实现数据同步的实时故障监控,若主靶场接收到所述反馈信息,则可以进行其他数据同步命令的下发,或者结束数据同步命令的下发等。In this embodiment, if the data synchronization ends, the feedback information (which may be a feedback signal, or a data packet, etc.) is sent to the main shooting range, and if the main shooting range sends the data synchronization command, If the feedback information is not received within a certain period of time, the data synchronization command may be resent, and if the feedback information is not received for many times, the administrator may be prompted to perform fault maintenance. The real-time fault monitoring of data synchronization is realized. If the main shooting range receives the feedback information, other data synchronization commands can be issued, or the issuance of data synchronization commands can be terminated.

在本实施例中,基于数据同步命令的类型,确定数据同步方式或者进行预处理,能够对不同类型提供不同的数据同步方法,或者提高数同步效率。In this embodiment, based on the type of the data synchronization command, the data synchronization mode is determined or pre-processed, so that different data synchronization methods can be provided for different types, or data synchronization efficiency can be improved.

进一步地,基于本申请上述实施例,提供本申请的另一实施例,在该实施例中,所述基于所述数据同步命令,开通与所述主靶场之间的数据传输通道的步骤,包括:Further, based on the above-mentioned embodiments of the present application, another embodiment of the present application is provided. In this embodiment, the step of opening a data transmission channel with the main shooting range based on the data synchronization command includes :

步骤D1:基于所述数据同步命令的类型,确定是否执行所述数据同步命令;Step D1: Determine whether to execute the data synchronization command based on the type of the data synchronization command;

作为一种示例,在接收到所述数据同步命令后,可能所述数据同步命令的类型为工程删除命令,若工程删除命令与其他命令相矛盾,则不执行所述数据同步命令。或者若接收到的数据同步命令无法执行(需要其他操作的支撑或者已执行过等),则不执行所述数据同步命令。As an example, after the data synchronization command is received, the type of the data synchronization command may be a project deletion command, and if the project deletion command conflicts with other commands, the data synchronization command will not be executed. Or if the received data synchronization command cannot be executed (it needs support from other operations or has already been executed, etc.), then the data synchronization command will not be executed.

步骤D2:若确定执行,则通过预设数据通信服务器开通在本地与所述主靶场之间建立的VPN隧道;Step D2: If it is determined to be executed, open the VPN tunnel established between the local area and the main shooting range through the preset data communication server;

作为一种示例,数据通道管理模块用于在各分靶场之间(主靶场与分靶场之间)开通、维护和关闭数据传输通道;若确定执行所述数据同步命令,则通过预设数据通信服务器开通在本地与所述主靶场之间建立的VPN(Virtual Private Network,虚拟专用网)隧道,具体地,若当前VPN隧道为开通状态,则可以直接进行数据同步,若在预设时段内未接收到数据同步命令,则通过预设数据通信服务器关闭VPN隧道,以提高数据传输的安全性。As an example, the data channel management module is used to open, maintain and close data transmission channels between the sub-ranges (between the main range and the sub-ranges); if it is determined to execute the data synchronization command, the preset data communication The server opens a VPN (Virtual Private Network, virtual private network) tunnel established between the local area and the main shooting range. Specifically, if the current VPN tunnel is in an open state, data synchronization can be performed directly. After receiving the data synchronization command, the VPN tunnel is closed through the preset data communication server, so as to improve the security of data transmission.

具体地,可以通过VPN技术(Ipsec VPN或SSL VPN)在靶场之间构建VPN隧道(数据传输通道),在各分靶场中设置至少一台数据通信服务器负责对外VPN功能。Specifically, VPN tunnels (data transmission channels) can be constructed between shooting ranges through VPN technology (Ipsec VPN or SSL VPN), and at least one data communication server is set in each sub-range to be responsible for the external VPN function.

作为一种示例,通过VPN技术在本地与所述主靶场之间建立一个隧道,利用加密技术对传输数据进行加密,以保证数据的私有和安全性,可以为不同要求提供不同等级的服务质量保证。通过VPN可以建立强制隧道,通过支持VPN的数据通信服务器配置和创建,即,若分靶场确定执行所述数据同步命令,则可以强制通过数据通信服务器与所述主靶场进行数据同步,无需得到主靶场的回应,以此提高数据同步效率。As an example, VPN technology is used to establish a tunnel between the local area and the main shooting range, and encryption technology is used to encrypt the transmitted data to ensure data privacy and security, and different levels of service quality assurance can be provided for different requirements . A mandatory tunnel can be established through the VPN, configured and created by a data communication server supporting the VPN, that is, if the sub-range determines to execute the data synchronization command, it can be forced to perform data synchronization with the main range through the data communication server without obtaining the master The response from the shooting range, so as to improve the efficiency of data synchronization.

作为一种示例,各分靶场内部的不同拓扑网络之间采用vxLAN(vxLAN(VirtualeXtensible Local Area Network,虚拟扩展局域网)解决现有VLAN技术无法满足大二层网络需求的问题。vxLAN技术是一种大二层的虚拟网络技术,引入一个UDP格式的外层隧道作为数据链路层,而原有数据报文内容作为隧道净荷加以传输。As an example, vxLAN (vxLAN (VirtualeXtensible Local Area Network, Virtual Extended Local Area Network)) is used between different topological networks in each sub-range to solve the problem that the existing VLAN technology cannot meet the needs of a large layer-2 network. vxLAN technology is a large The second-layer virtual network technology introduces an outer tunnel in UDP format as the data link layer, and the original data message content is transmitted as the tunnel payload.

作为一种示例,若分靶场内部的虚拟机和/或者实物机等基础设施,与主靶场内部的虚拟机和/或者实物机等基础设施都配置有相同的vlanID,则能够通过数据通信服务器将分靶场内部的任何两个或两个以上的基础设施进行VPN连通。As an example, if the virtual machines and/or physical machines and other infrastructures in the sub-range are configured with the same vlanID as the virtual machines and/or physical machines and other infrastructures in the main shooting range, then the data communication server can Any two or more infrastructures in the sub-range are connected by VPN.

作为一种示例,开通本地与所述主靶场之间设置的至少一台数据通信服务器的VPN功能是为了能够同步处理多个数据同步命令,或者为了支持主靶场(其中一个分靶场)能够同时与多个分靶场进行数据同步。As an example, the VPN function of at least one data communication server set between the local area and the main shooting range is enabled to process multiple data synchronization commands synchronously, or to support the main shooting range (one of the sub-ranges) to simultaneously communicate with the Multiple sub-ranges perform data synchronization.

步骤D3:通过所述VPN隧道与所述主靶场进行数据同步。Step D3: Perform data synchronization with the main shooting range through the VPN tunnel.

作为一种示例,通过预设数据通信服务器开通在本地与所述主靶场之间建立的VPN隧道后,即可通过所述VPN隧道与所述主靶场进行数据同步。As an example, after the VPN tunnel established between the local area and the main shooting range is opened through the preset data communication server, data synchronization with the main shooting range can be performed through the VPN tunnel.

在本实施例中,通过在本地与所述主靶场之间建立VPN隧道,能够打破各分靶场之间的网络隔离,不仅实现了数据传输功能,还保证了数据同步的数据安全性和便利性。In this embodiment, by establishing a VPN tunnel between the local and the main shooting range, the network isolation between the sub-shooting ranges can be broken, which not only realizes the data transmission function, but also ensures the data security and convenience of data synchronization .

参照图4,图4是本申请实施例方案涉及的硬件运行环境的设备结构示意图。Referring to FIG. 4 , FIG. 4 is a schematic diagram of a device structure of a hardware operating environment involved in the solution of the embodiment of the present application.

如图4所示,该基于联邦靶场的数据同步设备可以包括:处理器1001,存储器1005,通信总线1002。通信总线1002用于实现处理器1001和存储器1005之间的连接通信。As shown in FIG. 4 , the data synchronization device based on a federal shooting range may include: a processor 1001 , a memory 1005 , and a communication bus 1002 . The communication bus 1002 is used to realize connection and communication between the processor 1001 and the memory 1005 .

可选地,该基于联邦靶场的数据同步设备还可以包括用户接口、网络接口、摄像头、RF(Radio Frequency,射频)电路,传感器、WiFi模块等等。用户接口可以包括显示屏(Display)、输入子模块比如键盘(Keyboard),可选用户接口还可以包括标准的有线接口、无线接口。网络接口可以包括标准的有线接口、无线接口(如WI-FI接口)。Optionally, the federated range-based data synchronization device may further include a user interface, a network interface, a camera, an RF (Radio Frequency, radio frequency) circuit, a sensor, a WiFi module, and the like. The user interface may include a display screen (Display), an input sub-module such as a keyboard (Keyboard), and an optional user interface may also include a standard wired interface and a wireless interface. The network interface may include a standard wired interface and a wireless interface (such as a WI-FI interface).

本领域技术人员可以理解,图4中示出的基于联邦靶场的数据同步设备结构并不构成对基于联邦靶场的数据同步设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art can understand that the data synchronization device structure based on the federal shooting range shown in FIG. certain components, or a different arrangement of components.

如图4所示,作为一种存储介质的存储器1005中可以包括操作系统、网络通信模块以及基于联邦靶场的数据同步程序。操作系统是管理和控制基于联邦靶场的数据同步设备硬件和软件资源的程序,支持基于联邦靶场的数据同步程序以及其它软件和/或程序的运行。网络通信模块用于实现存储器1005内部各组件之间的通信,以及与基于联邦靶场的数据同步系统中其它硬件和软件之间通信。As shown in FIG. 4 , the memory 1005 as a storage medium may include an operating system, a network communication module, and a data synchronization program based on a federal shooting range. The operating system is a program that manages and controls the hardware and software resources of the data synchronization equipment based on the federation range, and supports the operation of the data synchronization program based on the federation range and other software and/or programs. The network communication module is used to realize the communication among the various components inside the storage 1005, as well as communicate with other hardware and software in the data synchronization system based on the federal range.

在图4所示的基于联邦靶场的数据同步设备中,处理器1001用于执行存储器1005中存储的基于联邦靶场的数据同步程序,实现上述任一项所述的基于联邦靶场的数据同步方法的步骤。In the data synchronization device based on federated shooting ranges shown in Figure 4, the processor 1001 is used to execute the data synchronization program based on federated shooting ranges stored in the memory 1005, so as to realize the data synchronization method based on federated shooting ranges described in any one of the above step.

本申请基于联邦靶场的数据同步设备具体实施方式与上述基于联邦靶场的数据同步方法各实施例基本相同,在此不再赘述。The specific implementation of the federated shooting range-based data synchronization device of this application is basically the same as the above-mentioned embodiments of the federated shooting range-based data synchronization method, and will not be repeated here.

本申请还提供一种基于联邦靶场的数据同步装置,如图5所示,所述装置包括:The present application also provides a data synchronization device based on the federal shooting range, as shown in Figure 5, the device includes:

命令获取模块10,用于获取主靶场下发的数据同步命令;Command acquiring module 10, used to acquire the data synchronization command issued by the main shooting range;

同步模块20,用于基于所述数据同步命令,开通与所述主靶场之间的数据传输通道,并通过所述数据传输通道与所述主靶场进行数据同步。The synchronization module 20 is configured to open a data transmission channel with the main shooting range based on the data synchronization command, and perform data synchronization with the main shooting range through the data transmission channel.

可选地,在本申请的一种可能的实施方式中,所述命令获取模块10包括:Optionally, in a possible implementation manner of the present application, the command acquisition module 10 includes:

命令读取单元,用于基于自身的靶场ID以及对应工程的工程ID,从预设消息队列中读取对应的数据同步命令;The command reading unit is used to read the corresponding data synchronization command from the preset message queue based on its own shooting range ID and the project ID of the corresponding project;

其中,所述数据同步命令是预先在所述主靶场中基于所述分靶场中对应工程的预设待同步内容、所述分靶场的靶场ID以及对应工程的工程ID构建好,并写入至所述预设消息队列中的。Wherein, the data synchronization command is pre-constructed in the main shooting range based on the preset content to be synchronized of the corresponding project in the sub-shooting range, the shooting range ID of the sub-shooting range, and the project ID of the corresponding project, and written to in the preset message queue.

可选地,在本申请的一种可能的实施方式中,所述同步模块20包括:Optionally, in a possible implementation manner of the present application, the synchronization module 20 includes:

命令解析单元,用于对所述数据同步命令进行解析,得到所述数据同步命令的类型,其中,所述数据同步命令的类型包括工程初始化、工程更新、配置文件下发;A command parsing unit, configured to parse the data synchronization command to obtain the type of the data synchronization command, wherein the type of the data synchronization command includes project initialization, project update, and configuration file delivery;

第一数据同步单元,用于基于所述数据同步命令的类型,通过所述数据传输通道与所述主靶场进行所述预设待同步内容的同步。The first data synchronization unit is configured to synchronize the preset content to be synchronized with the main shooting range through the data transmission channel based on the type of the data synchronization command.

可选地,在本申请的一种可能的实施方式中,所述第一数据同步单元包括:Optionally, in a possible implementation manner of the present application, the first data synchronization unit includes:

比较子单元,用于若所述数据同步命令的类型为工程更新,则将所述预设待同步内容在所述主靶场中对应的第一工程文件,与所述预设待同步内容在本地对应的第二工程文件进行比较,得到比较结果;A comparison subunit, configured to compare the first project file corresponding to the preset content to be synchronized in the main shooting range with the preset content to be synchronized locally if the type of the data synchronization command is project update Comparing the corresponding second project files to obtain a comparison result;

数据同步子单元,用于若所述比较结果为不一致,则将所述第一工程文件中的增量数据同步至本地。The data synchronization subunit is configured to synchronize the incremental data in the first project file to the local if the comparison result is inconsistent.

可选地,在本申请的一种可能的实施方式中,所述同步模块20还包括:Optionally, in a possible implementation manner of the present application, the synchronization module 20 further includes:

类型确定单元,用于基于所述数据同步命令的类型,确定是否执行所述数据同步命令;a type determining unit, configured to determine whether to execute the data synchronization command based on the type of the data synchronization command;

隧道开通单元,用于若确定执行,则通过预设数据通信服务器开通在本地与所述主靶场之间建立的VPN隧道;The tunnel opening unit is used to open the VPN tunnel established between the local area and the main shooting range through the preset data communication server if it is determined to be executed;

第二数据同步单元,用于通过所述VPN隧道与所述主靶场进行数据同步。The second data synchronization unit is configured to perform data synchronization with the main shooting range through the VPN tunnel.

可选地,在本申请的一种可能的实施方式中,所述对所述数据同步命令进行解析,得到所述数据同步命令的类型和所述预设待同步内容的步骤之后,所述装置还包括:Optionally, in a possible implementation manner of the present application, after the step of parsing the data synchronization command to obtain the type of the data synchronization command and the preset content to be synchronized, the device Also includes:

命令解析模块,用于对同时接收到的多个数据同步命令进行解析,得到所述多个数据同步命令的执行优先级;A command parsing module, configured to parse multiple data synchronization commands received at the same time, to obtain the execution priorities of the multiple data synchronization commands;

命令执行模块,用于基于所述执行优先级的高低,依次执行所述多个数据同步命令。The command execution module is configured to sequentially execute the multiple data synchronization commands based on the execution priority.

可选地,在本申请的一种可能的实施方式中,所述通过所述数据传输通道与所述主靶场进行数据同步的步骤之后,所述装置还包括:Optionally, in a possible implementation manner of the present application, after the step of synchronizing data with the main shooting range through the data transmission channel, the device further includes:

信息反馈模块,用于若数据同步结束,则向所述主靶场发送数据同步结束的反馈信息,以供所述主靶场进行其他数据同步命令的下发。The information feedback module is configured to send the feedback information of data synchronization completion to the main shooting range when the data synchronization is completed, so that the main shooting range can issue other data synchronization commands.

本申请基于联邦靶场的数据同步装置的具体实施方式与上述基于联邦靶场的数据同步方法各实施例基本相同,在此不再赘述。The specific implementation of the federated range-based data synchronization device of this application is basically the same as the above-mentioned embodiments of the federated range-based data synchronization method, and will not be repeated here.

本申请还提供一种存储介质,所述存储介质上存储有基于联邦靶场的数据同步程序,所述基于联邦靶场的数据同步程序被处理器执行时实现如上述任一项所述的基于联邦靶场的数据同步方法的步骤。The present application also provides a storage medium, on which a data synchronization program based on a federal shooting range is stored. When the data synchronization program based on a federated shooting range is executed by a processor, the federation-based shooting range The steps of the data synchronization method.

本申请存储介质具体实施方式与上述基于联邦靶场的数据同步方法各实施例基本相同,在此不再赘述。The specific implementation manner of the storage medium in this application is basically the same as the above-mentioned embodiments of the data synchronization method based on the federal shooting range, and will not be repeated here.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。It should be noted that, as used herein, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or system comprising a set of elements includes not only those elements, It also includes other elements not expressly listed, or elements inherent in the process, method, article, or system. Without further limitations, an element defined by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article or system comprising that element.

上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above embodiments of the present application are for description only, and do not represent the advantages and disadvantages of the embodiments.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus a necessary general-purpose hardware platform, and of course also by hardware, but in many cases the former is better implementation. Based on such an understanding, the technical solution of the present application can be embodied in the form of a software product in essence or the part that contributes to the prior art, and the computer software product is stored in a storage medium (such as ROM/RAM) as described above. , magnetic disk, optical disk), including several instructions to make a terminal device (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) execute the methods described in various embodiments of the present application.

以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only preferred embodiments of the present application, and are not intended to limit the patent scope of the present application. All equivalent structures or equivalent process transformations made by using the description of the application and the accompanying drawings are directly or indirectly used in other related technical fields. , are all included in the patent protection scope of the present application in the same way.

Claims (7)

1. A data synchronization method based on a federal target range, wherein the data synchronization method based on the federal target range is applied to a plurality of sub target ranges in the federal target range, each sub target range is correspondingly provided with a target range ID, each sub target range is deployed with at least one project, each project is correspondingly provided with a project ID, the federal target range further comprises a main target range, and the data synchronization method based on the federal target range comprises the following steps:
based on the target range ID of the self and the engineering ID of the corresponding engineering, reading a corresponding data synchronization command from a preset message queue;
the data synchronization command is built in the main shooting range in advance based on preset to-be-synchronized content of corresponding projects in the sub shooting ranges, shooting range IDs of the sub shooting ranges and project IDs of the corresponding projects, and is written into the preset message queue;
based on the data synchronization command, opening a data transmission channel between the main shooting range and the main shooting range, and performing data synchronization with the main shooting range through the data transmission channel;
the step of performing data synchronization with the main shooting range through the data transmission channel comprises the following steps:
analyzing the data synchronous command to obtain the type of the data synchronous command, wherein the type of the data synchronous command comprises engineering initialization, engineering updating and configuration file issuing;
based on the type of the data synchronization command, synchronizing the preset content to be synchronized with the main shooting range through the data transmission channel;
the step of opening a data transmission channel between the main shooting range and the main shooting range based on the data synchronous command comprises the following steps:
determining whether to execute the data synchronization command based on the type of the data synchronization command;
and if the synchronization is determined to be executed, opening a VPN tunnel established between the local and the main target range through a preset data communication server so as to synchronize the preset content to be synchronized with the main target range through the VPN tunnel.
2. The federal firing range-based data synchronization method according to claim 1, wherein the step of synchronizing the preset content to be synchronized with the main firing range through the data transmission channel based on the type of the data synchronization command comprises:
if the type of the data synchronization command is engineering update, comparing a first engineering file corresponding to the preset to-be-synchronized content in the main shooting range with a second engineering file corresponding to the preset to-be-synchronized content locally to obtain a comparison result;
and if the comparison result is inconsistent, synchronizing the incremental data in the first engineering file to the local.
3. The federal range-based data synchronization method according to claim 1, wherein after the step of parsing the data synchronization command to obtain the type of the data synchronization command and the preset content to be synchronized, the method further comprises:
analyzing a plurality of data synchronous commands received simultaneously to obtain the execution priority of the plurality of data synchronous commands;
and sequentially executing the plurality of data synchronous commands based on the execution priority.
4. The federal range-based data synchronization method according to claim 1, wherein after the step of data synchronizing with the main range via the data transmission channel, the method further comprises:
and if the data synchronization is finished, sending feedback information of the data synchronization to the main target range so as to enable the main target range to send other data synchronization commands.
5. A federal range-based data synchronization apparatus, the apparatus comprising:
the command acquisition module is used for reading a corresponding data synchronization command from a preset message queue based on the target range ID of the command acquisition module and the engineering ID of the corresponding engineering, wherein the data synchronization command is built in the main target range in advance based on the preset to-be-synchronized content of the corresponding engineering in the sub target ranges, the target range ID of the sub target ranges and the engineering ID of the corresponding engineering, and is written into the preset message queue;
the synchronization module is used for opening a data transmission channel between the main shooting range and the main shooting range based on the data synchronization command, and performing data synchronization with the main shooting range through the data transmission channel;
the synchronization module includes:
the command analysis unit is used for analyzing the data synchronous command to obtain the type of the data synchronous command, wherein the type of the data synchronous command comprises engineering initialization, engineering update and configuration file issuing;
the first data synchronization unit is used for synchronizing the preset content to be synchronized with the main shooting range through the data transmission channel based on the type of the data synchronization command;
the synchronization module further includes:
a type determining unit configured to determine whether to execute the data synchronization command based on a type of the data synchronization command;
and the tunnel opening unit is used for opening a VPN tunnel established between the local and the main target range through a preset data communication server if the execution is determined, so as to synchronize the preset to-be-synchronized content with the main target range through the VPN tunnel.
6. A federal range-based data synchronization apparatus, the apparatus comprising: a memory, a processor, and a federal range based data synchronization program stored on the memory and executable on the processor, the federal range based data synchronization program configured to implement the steps of the federal range based data synchronization method of any one of claims 1 to 4.
7. A storage medium having stored thereon a federal range based data synchronization program which when executed by a processor performs the steps of the federal range based data synchronization method of any one of claims 1 to 4.
CN202310522968.XA 2023-05-10 2023-05-10 Data synchronization method, device, equipment and storage medium based on federal shooting range Active CN116319835B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310522968.XA CN116319835B (en) 2023-05-10 2023-05-10 Data synchronization method, device, equipment and storage medium based on federal shooting range

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310522968.XA CN116319835B (en) 2023-05-10 2023-05-10 Data synchronization method, device, equipment and storage medium based on federal shooting range

Publications (2)

Publication Number Publication Date
CN116319835A CN116319835A (en) 2023-06-23
CN116319835B true CN116319835B (en) 2023-08-25

Family

ID=86781719

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310522968.XA Active CN116319835B (en) 2023-05-10 2023-05-10 Data synchronization method, device, equipment and storage medium based on federal shooting range

Country Status (1)

Country Link
CN (1) CN116319835B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117811840B (en) * 2024-02-29 2024-05-14 鹏城实验室 Multi-network range collaborative data transmission method, device, equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6247135B1 (en) * 1999-03-03 2001-06-12 Starfish Software, Inc. Synchronization process negotiation for computing devices
CN114363402A (en) * 2021-12-16 2022-04-15 绿盟科技集团股份有限公司 Target range interconnection method, system and electronic equipment
CN114500623A (en) * 2022-01-17 2022-05-13 北京永信至诚科技股份有限公司 Network target range interconnection and intercommunication method, device, equipment and readable storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6247135B1 (en) * 1999-03-03 2001-06-12 Starfish Software, Inc. Synchronization process negotiation for computing devices
CN114363402A (en) * 2021-12-16 2022-04-15 绿盟科技集团股份有限公司 Target range interconnection method, system and electronic equipment
CN114500623A (en) * 2022-01-17 2022-05-13 北京永信至诚科技股份有限公司 Network target range interconnection and intercommunication method, device, equipment and readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐国天 ; .面向取证能力提升的网络靶场训练系统构建.警察技术.2020,(第03期),全文. *

Also Published As

Publication number Publication date
CN116319835A (en) 2023-06-23

Similar Documents

Publication Publication Date Title
US10392823B2 (en) Synthetic client
EP2562973B1 (en) Virtual machine migration method, switch, virtual machine system
US9824080B2 (en) Automatic generation of forms for device configuration
WO2017215446A1 (en) Configuration information notification method, configuration method and corresponding device for interface expansion apparatus
CN111200837B (en) Wi-Fi software testing system and method
CN103516555A (en) Network device monitoring method and system
EP3890243A1 (en) Method and apparatus for network verification
CN103580942B (en) A kind of simulative serial port method of testing and device
EP3122008A1 (en) Cloud desktop pushing method and system, pushing end and receiving end
CN116319835B (en) Data synchronization method, device, equipment and storage medium based on federal shooting range
WO2017113848A1 (en) Testing method, testing platform and simulated testing device for test case
CN103856376A (en) Intelligent interaction method and intelligent interaction system
CN111464646B (en) Information processing method, information processing apparatus, electronic device, and medium
WO2014038820A1 (en) Method for managing access right of terminal to resource by server in wireless communication system, and device for same
CN112543109A (en) Cloud host creation method, system, server and storage medium
CN114422010A (en) A protocol testing method for satellite communication simulation platform based on network virtualization
CN112511343B (en) Configuration method, device and equipment of forward interface and storage medium
CN113572862A (en) Cluster deployment method and device, electronic equipment and storage medium
CN106713230A (en) Method of projection equipment for registering internet of things and projection equipment and user terminal
US11281829B2 (en) Device, system, and method for adaptive simulation
CN106878333B (en) A third-party authentication method, device and application system server
CN114040408A (en) Shooting range system based on 4G mobile network simulation environment
US11411797B2 (en) Device management method and related device
CN101969442B (en) Process running environment perception and migration based network analog framework implementation method
CN105897476B (en) A kind of method and device creating transmission channel

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant