Design And Implementation Of Virtual Network Protection System

In recent years, with the rapid development of Internet industry, cloud computing technology emerges as the times require. It has been widely applied and popularized in the whole world. Cloud computing has realized the centralized storage, management, and sharing of data as a substitute for grid computing. It provides fast and convenient service, high efficiency and accurate operation and also can greatly reduce the operating costs, to ensure business continuity. There are both advantages and disadvantages in everything. The cloud computing is powerful, but the technique has yet to mature. When we apply it, the news of security event can be heard without end at home and abroad. The security risks of cloud computing has gradually attracted people’s attention. From a single user to the multi-tenant, controllable and physical boundary to the border of the virtual network, cloud security threatens every aspect. The core technology of cloud computing is virtualization, and the virtual network security is related to the safety of the cloud directly. It is very necessary to ensure the safety of the virtual network. Because if we do that, we will authentically implement the true meaning of the data security and make the user completely trust the cloud to play a greater role in cloud computing, so as to realize the application and deployment of large-scale. Thus, the demand of the system is very urgent.The main work completed in this thesis is listed as following:(1) The development of cloud computing at home and abroad are investigated, the current platform of mainstream virtualization are compared, and the virtual network’s protection system required by the theory and technology are analyzed, including the virtualization technology Hypervisor, ESX/ESXi and Libvirt, access control technology IPTABLES, Web communication technology Django, Web.Py and REST API.(2) From the perspectives of the functional requirements and performance requirements, this paper discusses the virtual network protection system requirements. On the basis of this, have carried on the overall design of system. In order to take into account the high availability system, stability, and malleability, adopted B/S structure as the basic framework. According to the logical structure, System is divided into display layer, control layer, interface layer, function module layer and data layer. Designed the user interface, defined the basic functions of the system, and all functional modules were described in detail.(3) Researched each big website using the framework, and compared the main page developing language, and then determined the development framework of the system. In order to achieve loose coupling, flexibility, and scalability of the overall structure, selection is based on the MVC (model-view-control) software architecture model. Described in detail the presentation layer module, data acquisition module, strategy module and key database design and implementation process.(4) Explained the system test environment and deployment environment, and verified the usability of the system by the functional testing, performance testing and security testing.In this thesis, the design and implementation of virtual network protection system has been put into use in one municipal government. According to the virtual network boundary intangibly, multi-tenancy, and the resource management difficultly, the system protects the safety of the user data by dividing the security domain and domain strategy to Isolate virtual network. After verification, the system runs stably and has high availability. It has reached the anticipated goal.