CN119052235A

CN119052235A - Cross-cloud fusion system, method and electronic equipment

Info

Publication number: CN119052235A
Application number: CN202410967570.1A
Authority: CN
Inventors: 耿旭涵; 徐健; 李晓亮
Original assignee: Du Xiaoman Technology Beijing Co Ltd
Current assignee: Du Xiaoman Technology Beijing Co Ltd
Priority date: 2024-07-18
Filing date: 2024-07-18
Publication date: 2024-11-29

Abstract

The application provides a cross-cloud fusion system, a method and electronic equipment, wherein the cross-cloud fusion system comprises a data circulation auditing module, a routing distribution module and an execution module, wherein the data circulation auditing module is used for conducting authority approval on a user to determine the authority level of the user, then the routing distribution module is matched with the execution module to receive a data reading request transmitted by the user, and target data is acquired through physical isolation of the cross-private cloud according to whether different private clouds are respectively distributed between a first storage position requested by the user and the routing distribution module and the authority level of the user so as to respond to the data reading request of the user. By adopting the embodiment of the application, the data in different private clouds can be subjected to authority management under the condition that personal information safety is ensured and relevant supervision regulations are met, so that the requirement of acquiring target data across private clouds of authorized users is met.

Description

Cross-cloud fusion system, method and electronic equipment

Technical Field

The application relates to the technical field of cloud data service, in particular to a cross-cloud fusion system, a method and electronic equipment.

Background

In order to ensure the safety of personal information, relevant regulations require that data of different subjects are required to be built in respective machine rooms, and the data cannot be used by cross-attention at will. For example, in the financial field, the user personal information, credit information, financial information, insurance and other different subjects, the machine rooms storing the subject data are isolated from each other, and can not be randomly called across the machine rooms under the condition of no authority. Based on the above, in the technical field of cloud data service, a machine room for storing cloud data is generally divided into an exclusive cloud and a private cloud from a logic level, wherein all data in the exclusive cloud can be mixed for use without network isolation and stored physical isolation, and network isolation and physical isolation exist between data of different main bodies in the private cloud. For the situation that the private cloud is isolated, application scenes in which data services need to be provided based on data in different private clouds are limited.

Therefore, how to obtain data across private clouds becomes a technical problem faced by expanding the application range of private cloud data under the condition of meeting relevant regulatory regulations.

Disclosure of Invention

In view of this, the embodiments of the present application provide a cross-cloud fusion system, a method, and an electronic device, so as to obtain data from a cross-private cloud under the condition of meeting relevant regulatory regulations.

In a first aspect, the present application provides a cross-cloud fusion system, the system comprising:

the data circulation auditing module is used for carrying out authority approval on the user and determining the authority level of the user;

The route distribution module is used for distributing the data reading request according to the received data reading request transmitted by the user, wherein the data reading request carries a first storage position where the requested target data is located;

An execution module for:

If the first storage position and the routing distribution module belong to different private clouds and the authority level of the user meets a target access condition, reading the target data from the first storage position, wherein the target access condition is the authority level of the private cloud where the target data is located for allowing access;

writing the read target data into a second storage position in the private cloud where the route distribution module is located, and responding to the data reading request based on the target data in the second storage position;

and if the authority level of the user does not meet the target access condition, refusing to respond to the data reading request.

With reference to the first aspect, in a second possible embodiment, the system further includes:

And the front-end interaction interface is used for receiving the user operation instruction.

With reference to the first aspect, in a third possible embodiment, the route distribution module includes:

And the workflow scheduling sub-module is used for generating a scheduling instruction of a target execution task for the data reading request according to a preset scheduling rule, and distributing operation resources for the target execution task when the authority level of the user meets the target access condition.

With reference to the third possible embodiment of the first aspect, in a fourth possible embodiment, the execution module includes task execution engine sub-modules, where each task execution engine sub-module has a mapping relationship with each private cloud, and the task execution engine sub-module is configured to perform data reading and writing on data in each private cloud according to processing instruction information of the execution module;

The execution module is specifically configured to:

and receiving a scheduling instruction of a target execution task generated by the workflow scheduling submodule, and starting a target task execution engine submodule corresponding to the first storage position to read the target data from the first storage position.

With reference to the fourth possible embodiment of the first aspect, in a fifth possible embodiment, the workflow scheduling sub-module is configured to allocate execution resources for the target execution task, including:

Determining a second storage location for the target execution task;

the execution module further comprises:

And the request forwarding sub-module is used for forwarding the data reading request to the second storage position and storing the target data read by the target task execution engine sub-module to the second storage position.

With reference to the second possible embodiment of the first aspect, in a sixth possible embodiment, the user operation instruction includes an authorization operation instruction for authority when the user logs in for the first time, and the system further includes:

The permission hosting module is used for determining a user group to which the user belongs based on the permission authorization operation instruction;

The data circulation auditing module is specifically used for determining the authority level of the user according to the user group to which the user belongs.

In a second aspect, the present application provides a cross-cloud fusion method, the method comprising:

Distributing the data reading request by using a route distribution module according to the received data reading request transmitted by the user, wherein the data reading request carries a first storage position where the requested target data is located, and the authority level of the user is determined by pre-approval;

if the first storage position and the routing distribution module belong to different private clouds and the authority level of the user meets the target access condition, reading the target data from the first storage position;

writing the read target data into a second storage position in the private cloud where the route distribution module is located, and responding to the target data reading request based on the target data in the second storage position;

And if the authority level of the user does not meet the target access condition, refusing to respond to the data reading request, wherein the target access condition is the authority level of the private cloud where the target data is located for allowing access.

With reference to the second aspect, in a second possible embodiment, the method further includes:

receiving a user operation instruction, wherein the user operation instruction comprises an authority authorization operation instruction when a user logs in for the first time;

And determining a user group to which the user belongs based on the permission authorization operation instruction, and determining the permission level of the user according to the user group to which the user belongs.

With reference to the second aspect, in a third possible embodiment, the method further includes:

generating a scheduling instruction of a target execution task for the data reading request according to a preset scheduling rule;

When the authority level of the user meets the target access condition, allocating operation resources for the target execution task, wherein the operation resources comprise a second storage position;

Receiving a scheduling instruction of the target execution task, and starting a target task execution engine sub-module corresponding to the first storage position to read the target data from the first storage position;

And forwarding the data reading request to the second storage position, and storing the target data read by the target task execution engine submodule to the second storage position.

In a third aspect, the present application provides an electronic device, including:

A processor and a memory storing a program,

Wherein the program comprises instructions which, when executed by the processor, cause the processor to perform the cross-cloud fusion method according to the second aspect.

In a fourth aspect, the present application provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the cross-cloud fusion method according to the second aspect.

The application has the beneficial effects that:

The application provides a cross-cloud fusion system, a method and electronic equipment, wherein the cross-cloud fusion system comprises a data circulation auditing module, a routing distribution module and an execution module, wherein the data circulation auditing module is used for conducting authority approval on a user, determining the authority level of the user, then the routing distribution module receives a data reading request transmitted by the user, whether a first storage position requested by the user and the routing distribution module belong to different private clouds or not is judged according to the first storage position requested by the user, if the authority level of the user is in accordance with the target access condition allowed to be accessed by the first storage position, the corresponding target data is read from the first storage position, the read target data is stored in a second storage position in the private cloud where the routing distribution module is located, the target data in the second storage position responds to the data reading request of the user, and if the authority level of the user does not meet the target access condition, the response to the data reading request is refused.

By adopting the embodiment of the application, the data in different private clouds can be subjected to authority management under the condition that personal information safety is ensured and relevant supervision regulations are met, so that the requirement of acquiring target data across private clouds of authorized users is met.

Drawings

Further details, features and advantages of the application are disclosed in the following description of exemplary embodiments with reference to the following drawings, in which:

Fig. 1 shows a schematic diagram of a logic architecture of a cross-cloud fusion system according to an embodiment of the present application;

FIG. 2 illustrates another logical architecture schematic diagram of a cross-cloud fusion system provided by an embodiment of the present application

FIG. 3 illustrates another logical architecture schematic diagram of a cross-cloud fusion system provided by an embodiment of the present application

FIG. 4 illustrates another logical architecture schematic diagram of a cross-cloud fusion system provided by an embodiment of the present application

Fig. 5 shows a schematic diagram of a cross-subject application architecture of a data map according to an embodiment of the present application;

Fig. 6 illustrates a schematic flow chart of a cross-cloud fusion method according to an embodiment of the present application;

fig. 7 shows a schematic logic structure of an electronic device according to an embodiment of the present application.

Detailed Description

Embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While the application is susceptible of embodiment in the drawings, it is to be understood that the application may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided to provide a more thorough and complete understanding of the application. It should be understood that the drawings and embodiments of the application are for illustration purposes only and are not intended to limit the scope of the present application.

It should be understood that the various steps recited in the method embodiments of the present application may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the application is not limited in this respect.

The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment," another embodiment "means" at least one additional embodiment, "and" some embodiments "means" at least some embodiments. Related definitions of other terms will be given in the description below. It should be noted that the terms "first," "second," and the like herein are merely used for distinguishing between different devices, modules, or units and not for limiting the order or interdependence of the functions performed by such devices, modules, or units.

It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those skilled in the art will appreciate that "one or more" is intended to be construed as "one or more" unless the context clearly indicates otherwise.

The private cloud needs to realize isolation at the network level and the physical machine room level, which means that the data of the other party cannot be randomly called among different main bodies. However, the internet service which needs to be provided based on the data of each private cloud is limited, for example, in the financial field, after the credit private cloud and the payment private cloud are isolated from each other, the credit business cannot acquire the historical payment situation of the user, and further cannot determine the corresponding credit line for the user. Based on this, how to realize data fusion across clouds under the condition of conforming to relevant supervision becomes a technical problem to be solved.

In the cross-cloud data fusion process, the data exchange channel can be established, and target data in different private clouds can be acquired based on the data exchange channel. The data exchange path must satisfy several principles:

And 1, managing and controlling rights of objects and processes used by cross-cloud data.

Principle 2, each data storage needs to be stored and controlled according to different main bodies.

And 3, carrying out data fusion by meeting compliance safety regulations in all links such as a use scene, an authorization condition, a data processing mode and the like.

And 4, limiting the use scene of the backup data table which is already applied by other main bodies, and not releasing the backup data table for the second time.

Based on the principle, the application provides a cross-cloud fusion system, a method and electronic equipment, wherein the method can be applied to any electronic equipment with the cross-cloud fusion capability, and the type of the electronic equipment comprises, but is not limited to, a personal mobile terminal, a computer or a server in a machine room and the like. As an embodiment, the method may be applied to a cross-cloud fusion system that is preset in any type of electronic device. As an example, the cross-cloud fusion system may be preset in a management device for managing a machine room server of each private cloud.

In a first aspect, the present application provides a cross-cloud fusion system, as shown in fig. 1, where the cross-cloud fusion system includes the following parts:

a data circulation auditing module 101, a route distribution module 102 and an execution module 103. Wherein:

the data circulation auditing module 101 is used for carrying out authority approval on the user and determining the authority level of the user;

the route distribution module 102 is configured to distribute a received data reading request according to the data reading request incoming by a user, where the data reading request carries a first storage location where requested target data is located;

An execution module 103 for:

The data circulation auditing module is connected with each private cloud, and provides circulation rules for each private cloud, namely provides access conditions for authority verification for each private cloud. Only when the data read-write request meets the access condition, the data can be read and written to the storage position which is allowed to be accessed by the access condition.

According to the embodiment of the application, the authority of the user is approved by utilizing the data circulation auditing module, the authority level of the user is determined, then the data reading request transmitted by the user is received by the routing distribution module, according to whether the first storage position requested by the user and the routing distribution module belong to different private clouds or not, if the first storage position and the routing distribution module belong to different private clouds, if the authority level of the user is in accordance with the target access condition which the first storage position allows access, the corresponding target data is read from the first storage position, the read target data is stored in a second storage position in the private cloud where the routing distribution module is located, the target data in the second storage position responds to the data reading request of the user, and if the authority level of the user does not meet the target access condition, the data reading request is refused to respond. Therefore, under the condition that personal information safety is ensured and relevant supervision regulations are met, the data in different private clouds are subjected to authority management, and the requirement of acquiring target data across the private clouds of authorized users is met.

The cross-cloud fusion system and the cross-cloud fusion method provided by the application are described in detail below:

In the embodiment of the application, the private cloud is a cloud server or a cloud service system which needs to be subjected to data reading and/or writing by a permission verification party according to information security requirements. The cross-cloud fusion system provided by the application aims to enable users with rights to acquire required data across different private clouds under the condition of meeting relevant regulatory regulations. The essence of performing authority verification is to determine whether the authority level of the user accords with a target access condition, wherein the target access condition refers to whether the user has the authority of reading and/or writing for a private cloud. If the user has the reading authority and/or the writing authority, the user can be determined to accord with the target access condition, and the target access condition can be flexibly set based on actual requirements, so that the application does not have strict requirements.

In the embodiment of the application, each route distribution module and each execution module are preset in each private cloud, wherein one private cloud comprises one execution module and one route distribution module, and the execution modules of each private cloud and the route distribution modules are mutually independent and do not influence each other.

As one embodiment, the cross-cloud fusion system can be specifically subdivided into a production area and a network segment area as shown in FIG. 2, wherein the production area is a functional area for receiving, processing and responding to data reading requests. The method is specifically subdivided into a front-end interactive interface, a route distribution module and a plurality of execution modules. The network segment area is a bottom execution area of the production area, different network segments in the network segment area correspond to storage areas of different data, and the isolation of the data on the network layer can be realized by adopting a network segment area division mode. For example, taking different network segments of the IP address as examples, 192.168.0.0-192.168.1.0 corresponds to the data of the main body a, 192.168.1.1-192.168.2.0 corresponds to the data of the main body B, and so on.

The front-end interactive interface is used for receiving user operation instructions, wherein the user operation instructions are instruction messages corresponding to various types of operations triggered by a user aiming at page prompt content, and the instruction messages comprise clicking, checking, inputting and the like.

Based on this, in some embodiments, the user's operation instructions include a permission authorization operation instruction when the user logs in for the first time. The cross-cloud fusion system further comprises a permission hosting module, wherein the permission hosting module is used for determining a user group to which the user belongs based on the permission authorization operation instruction, and the data flow communication module is specifically used for determining the permission level of the user according to the user group to which the user belongs.

As an implementation manner, when a user logs in the cross-cloud fusion system for the first time, the front-end interactive interface can display authorization information, personal information, authorization information and the like of the user are input into the cross-cloud fusion system by checking or clicking, checking, inputting and the like of the user. The permission authorization information is permission information for a user to grant a cross-cloud fusion system agent user to execute certain operations, when the user logs in the cross-cloud fusion system for the first time, permission authorization operations of a plurality of columns are carried out, all permission rights of individuals are delegated to a permission hosting module in the cross-cloud fusion system, and trust of the user to the cross-cloud fusion system is established. Thus, the user does not need to perform personal information authentication for a second time later. The permission hosting module records permission operation instructions input by the user, and personal information authentication is not needed for reminding the user in the subsequent data reading process. The user group to which the user belongs, such as belonging to a personal credit user group, an enterprise credit user group, and the like, is determined directly according to the personal information type of the user authorized when the user logs in for the first time.

As one implementation mode, the rights management module can be used for replacing a user identity with an authentication server by an agent user, at this time, the cross-cloud fusion system provided by the application can provide information related to a data read-write task and user authorization credentials, the user authorization credentials are used for proving the validity of the rights management module for replacing the user identity, the authentication server can verify the user authorization credentials, and after verification, the rights management module of the cross-cloud fusion system can be granted with the rights of replacing the user identity.

When the routing distribution module receives a data reading request transmitted by a user, the data circulation auditing module firstly authenticates the identity information of the user, interacts with the authority hosting module to obtain a user group to which the user belongs, and then determines the authority level of the user. The user group is a logic unit for managing user rights across the cloud fusion system, different user groups have different rights ranges, and users can have specific rights of data in the private cloud through user group identity verification.

After the permission verification is completed, the cross-cloud fusion system can apply temporary use permission to the object storage service of the bottom layer through the permission hosting module, the object storage service of the bottom layer is a core component for storing and managing data, and the cross-cloud fusion system can meet the authorization requirement of a user when performing data read-write operation by providing the temporary permission. Then, an execution module in the cross-cloud fusion system can request corresponding read-write permission from the bottom object storage according to the data reading task requirement, and after obtaining the authorization, data reading or writing is performed.

In the whole cross-cloud fusion process, the cross-cloud fusion system always follows the principle of the user hosting authority, and each operation is ensured to be carried out under the authorization and the monitoring of the user. Therefore, the security of data operation can be improved, and the trust sense of a user on the cross-cloud fusion system can be enhanced. Meanwhile, through reasonable authority management and verification processes, the cross-cloud fusion system provided by the embodiment of the application can ensure the smooth execution of the data fusion task, and meet the data requirements of users in different scenes.

As one embodiment, the route distribution module includes:

Specifically, the english name of the workflow scheduling submodule may be a work flow module, and the workflow scheduling submodule is one of core submodules in the cross-cloud fusion system and is used for scheduling and executing the cross-cloud data fusion task according to a preset routing rule and a scheduling policy. As an implementation manner, the workflow scheduling sub-module may determine, according to a job scheduling algorithm, a target storage space that is sufficient to store target data of the cross-cloud requested by the user in the private cloud where the workflow scheduling sub-module is located.

For example, if the user requests the target data in the first private cloud in the second private cloud, where the size of the target data is about 1GB, the workflow scheduling sub-module may determine, in advance, a storage location for the target data in the underlying object storage service of the private cloud where the target data is located according to the size of the target data. As an implementation manner, according to the service type to which the target data belongs, an IP network segment of the machine storing the target data can be determined from network segments of the service type corresponding to the underlying object storage service.

In some embodiments, a task execution engine sub-module may be included in the execution module as shown in FIG. 3. The task execution engine sub-modules are in a mapping relation with the private clouds, and are used for reading and writing data in the private clouds according to the processing instruction information of the execution modules, and the execution modules are specifically used for receiving the scheduling instruction of the target execution task generated by the workflow scheduling sub-module and starting the target task execution engine sub-module corresponding to the first storage position to read the target data from the first storage position.

Specifically, the English name of the sub-module of the task execution engine can be engine, and the sub-module is a core component for realizing functions of data reading, writing, current limiting and the like of the whole cross-cloud fusion system. The task execution engine sub-module can read and write data in different private cloud databases in a cross-cloud mode according to task instructions (such as data reading instructions and/or data writing instructions) transmitted by the execution module. In the embodiment of the application, the task execution engine submodule can adopt an efficient data transmission technology and a flow control algorithm so as to ensure the rapid transmission and stable flow of data. For example, a congestion control manner may be adopted to perform flow control on the data read request initiated by each user, further, the flow control may be performed on the read request of the user according to the authority level of the user, for example, if the authority level of the user is higher, the response to the read request of the user may be more preferential.

As an embodiment, the execution module may further include a request forwarding sub-module, as shown in fig. 4. The workflow scheduling submodule is used for distributing running resources for the target execution task, wherein the task scheduling submodule is used for determining a second storage position for the target execution task, then the request forwarding submodule is used for modifying the first storage position originally requested by the data reading request into the second storage position, and the target data read by the task execution engine submodule is stored in the second storage position.

Specifically, the english name of the request forwarding submodule may be proxy server, which is used for forwarding a cross-cloud data reading request in a cross-cloud fusion system. The task execution engine submodule is informed by the workflow scheduling submodule according to the authority level of the user, if the user has the use authority of the first private cloud, the task execution engine submodule takes the agency of the user to access the first storage position of the first private cloud to read the target data, and then the target data is stored in the underlying object storage service of the second private cloud. At this time, when the task execution engine submodule needs to forward the data reading request of the user to the first private cloud environment, the task execution engine submodule interacts with the request forwarding submodule, and the request forwarding submodule receives the data reading request sent by the task execution engine submodule and forwards the data reading request to the bottom object storage service of the first private cloud, so that seamless transmission of cross-cloud data is realized.

Meanwhile, the request forwarding sub-module can also judge the load condition of the bottom object storage service of the first private cloud according to the condition of the data request forwarded to the bottom object storage service of the first private cloud, and further can forward and control the data request according to the load condition, for example, when the load of the bottom object storage service of the first private cloud is higher, the data request is temporarily forwarded to the bottom object storage service of the first private cloud, so that load balancing is realized, and the response efficiency and the safety of the whole cross-cloud fusion system are ensured.

In the embodiment of the application, the specific scheduling policy of the workflow scheduling submodule is realized by the scheduling policies of the resource control group RCC (Resource Control Client), the queue information and the routing rule. Specifically, the RCC serves as a resource control group, and different execution resources are divided into different groups according to the association attribute between the service requirement and the resources, and the user groups correspond to different authorities. Each RCC has corresponding permissions and configuration parameters so that the cross-cloud fusion system can respond minutely to users in different RCC groups.

The queue information is specific information of a task queue, and describes the attribute and state of a data request execution queue, including the capacity, the current load, the execution speed and the like of the queue. The workflow scheduling sub-module can schedule the reading requests of all users according to all the attribute or state information in the queue information, comprehensively evaluate the multiple dimension information of the queue, determine the most suitable execution queue and be beneficial to improving the execution efficiency of the whole cross-cloud fusion system.

The routing rule is the core of the scheduling policy, and the routing distribution module defines a series of matching conditions and distribution logic according to the execution characteristics and requirements of the data request. The matching conditions and the distribution logic are all routing rules, when the task is executed, a routing distribution module in the cross-cloud fusion system can acquire relevant routing information from a routing table and match the routing information according to the routing rules, and once a certain rule is hit, the corresponding execution task can be distributed to a corresponding execution queue. This may support multi-cluster scheduling, load balancing, and priority control.

In the embodiment of the application, the workflow scheduling sub-module can also perform task scheduling according to the data map (Datamap). The data map may show that each underlying object stores service information, i.e. data space information, and support adding a service type tag for a service type of a different service. The cross-cloud fusion system can display the source, the structure and the association relation of the data to the user based on the data map, so that the user can conveniently manage and analyze the data. Meanwhile, the user can select the wanted service type according to different service type labels, and the user can classify and inquire the data.

Specifically, the data map may be understood in conjunction with one possible application scenario as shown in fig. 5:

The private cloud is divided into a small credit cloud, a payment cloud and a science and technology cloud. The user applies for a data table in the science and technology cloud through crossing the main body, applies for approval to the data exchange module, the data exchange module is the data flow approval module, if the approval passes, the science and technology cloud applies for data exchange to the small credit cloud, the small credit cloud can label according to a user data reading request sent by the science and technology cloud, the data reading request is marked as a data request of the science and technology cloud, then the small credit cloud performs verification, if the verification passes, the verification is issued, and if the verification does not pass, the verification is not allowed to be issued.

In the process, the data map plays a critical role after the data exchange operation is finished, and is responsible for generating a data table which has the same name as the source data table but is positioned in different private clouds in the cloud environment where the data application user is positioned, and ensuring that the ownership of the data table belongs to the data application user. Therefore, the data applicant is greatly facilitated, so that the user can conveniently access and operate the required data without worrying about the complexity of cross-cloud operation. In addition, the newly generated data table not only provides the access and storage functions of the data, i.e. the data table in the second storage location allows the data application user to add a service type label to it. The tag is used for clearly classifying and marking the data table, in particular marking the original data after the data fusion of the data table. Therefore, the data application user can easily distinguish the fused data from the original data, and accordingly the data resources can be better utilized.

In the data distribution stage, the data map provides a security check operation for the data fusion original data. This ensures that the original data is not mishandled or misused during the distribution process. Specifically, the data map may prohibit the user from publishing the data table marked as data fusion raw data. This measure effectively protects the integrity and security of the original data against unauthorized data leakage and abuse.

On the basis of the cross-cloud fusion system provided in the first aspect, the second aspect of the application provides a cross-cloud fusion method, which is mainly applied to the cross-cloud fusion system, as shown in fig. 6, and comprises the following steps:

and S61, distributing the data reading request by utilizing a route distribution module according to the received data reading request transmitted by the user.

The data reading request carries a first storage position where the requested target data is located, and the authority level of the user is determined by pre-approval;

S62, if the first storage position and the routing distribution module belong to different private clouds, and the authority level of the user meets a target access condition, reading the target data from the first storage position;

s63, writing the read target data into a second storage position in the private cloud where the route distribution module is located, and responding to the target data reading request based on the target data in the second storage position;

S64, if the authority level of the user does not meet the target access condition, refusing to respond to the data reading request. And the target access condition is the permission level of the private cloud where the target data is located for allowing access.

The step S61 may be performed by the route distribution module, and the steps S62 to S64 may be performed by the execution module. The private cloud to which the routing distribution module belongs can be determined based on the machine room set by the routing distribution module or the private cloud to which the system belongs, and the response to the target data reading request is to transmit the target data in the second storage position back to the user or the front-end interaction interface. And refusing to respond to the data reading request, namely acquiring target data without crossing the private cloud, and returning alarm information to prompt that the authority level of the user does not support access to the target data.

The specific implementation process of the method may refer to the relevant modules of the cross-cloud fusion system of the first aspect to perform steps, which are not described herein.

The processing of collecting, storing, using, processing, transmitting, providing, disclosing and the like of the personal information of the user, which is involved in the application, accords with the rules of relevant laws and regulations and does not violate the public order colloquial.

The names of messages or information interacted between the devices in the embodiments of the present application are for illustrative purposes only and are not intended to limit the scope of such messages or information.

In a third aspect, an embodiment of the present application also provides an electronic device including at least one processor, and a memory communicatively coupled to the at least one processor. The memory stores a computer program executable by the at least one processor for causing the electronic device to perform a method according to an embodiment of the application when executed by the at least one processor.

In a fourth aspect, embodiments of the present application also provide a non-transitory computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor of a computer, is for causing the computer to perform a method according to embodiments of the present application.

In a fifth aspect, embodiments of the present application also provide a computer program product comprising a computer program, wherein the computer program, when executed by a processor of a computer, is for causing the computer to perform a method according to embodiments of the present application.

Referring to fig. 7, a block diagram of an electronic device 700 that may be a server or a client of the present application will now be described, which is an example of a hardware device that may be applied to aspects of the present application. Electronic devices are intended to represent various forms of digital electronic computer devices, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other suitable computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the applications described and/or claimed herein.

As shown in fig. 7, the electronic device 700 includes a computing unit 701 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 702 or a computer program loaded from a storage unit 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the electronic device 700 may also be stored. The computing unit 701, the ROM 702, and the RAM 703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.

Various components in the electronic device 700 are connected to the I/O interface 705, including an input unit 706, an output unit 707, a storage unit 708, and a communication unit 709. The input unit 706 may be any type of device capable of inputting information to the electronic device 700, and the input unit 706 may receive input numeric or character information and generate key signal inputs related to user settings and/or function controls of the electronic device. The output unit 707 may be any type of device capable of presenting information and may include, but is not limited to, a display, speakers, video/audio output terminals, vibrators, and/or printers. Storage unit 708 may include, but is not limited to, magnetic disks, optical disks. The communication unit 709 allows the electronic device 700 to exchange information/data with other devices through computer networks, such as the internet, and/or various telecommunications networks, and may include, but is not limited to, modems, network cards, infrared communication devices, wireless communication transceivers and/or chipsets, such as bluetooth (TM) devices, wiFi devices, wiMax devices, cellular communication devices, and/or the like.

The computing unit 701 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 701 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 701 performs the various methods and processes described above. For example, in some embodiments, the foregoing cross-cloud fusion method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 708. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 700 via the ROM 702 and/or the communication unit 709. In some embodiments, the computing unit 701 may be configured to perform the aforementioned cross-cloud fusion method by any other suitable means (e.g., by means of firmware).

Program code for carrying out methods of the present application may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of the present application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user, for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback), and input from the user may be received in any form, including acoustic input, speech input, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a Local Area Network (LAN), a Wide Area Network (WAN), and the Internet.

The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

Claims

1. A cross-cloud fusion system, the system comprising:

An execution module for:

2. The system of claim 1, wherein the route distribution module comprises:

3. The system of claim 2, wherein the execution module comprises task execution engine sub-modules, each of which has a mapping relationship with each private cloud, and the task execution engine sub-modules are used for reading and writing data in each private cloud according to the processing instruction information of the execution module;

The execution module is specifically configured to:

4. The system of claim 3, wherein the workflow scheduling sub-module for allocating execution resources for the target execution task comprises:

Determining a second storage location for the target execution task;

the execution module further comprises:

5. The system of claim 1, wherein the system further comprises:

The system comprises a front-end interaction interface, a front-end interaction interface and a front-end interaction interface, wherein the front-end interaction interface is used for receiving user operation instructions, the user operation instructions comprise authority authorization operation instructions when a user logs in for the first time, and the system further comprises:

6. A cross-cloud fusion method, the method comprising:

7. The method of claim 6, wherein the method further comprises:

8. The method of claim 6, wherein the method further comprises:

9. An electronic device, the electronic device comprising:

Processor, and

A memory in which a program is stored,

Wherein the program comprises instructions which, when executed by the processor, cause the processor to perform the method according to any of claims 6-8.

10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 6-8.