1.0 Intelligent Campus Network Solution
2.0 IDC Data Center Network Solution
3.0 Enterprise Cloud Solutions
4.0 Overall Information Security Solution
- 4.1 Exit Security Application Solutions
- 4.2 Branch and Mobile Internet Application Solutions
- 4.3 Data Center Security Solutions
- 4.4 Level Protection Comprehensive Solution
- 4.5 Disaster Recovery and Backup Integrated Solution
- 4.0 Overall Information Security Solution
- 4.6 CDP Local Disaster Recovery Solution
- 4.7 Dual-System Disaster Recovery Shared Storage Hot Standby Solution
- 4.8 Mirrored Hot Standby Solution for Dual-machine Disaster Recovery
- 4.9 Desktop Access Scheme
- 4.10 Anti-disclosure security management system for electronic documents
- 4.11 Email Security Overall Solution
5.0 Smart Wireless Total Solution
- 5.1 Cloud wireless solution
- 5.2 Application authentication access solution
- 5.0 Smart Wireless Total Solution
- 5.3 Smart Business Circle Solution
- 5.4 Wireless bridging solution
- 5.5 Elevator Wireless Coverage Solution
- 5.6 Hotel wireless coverage solution
- 5.7 Smart Campus Wireless Solution
- 5.8 Hospital Wireless Solution
- 5.9 Wireless retail solutions for malls
6.0 HD Video Conference Solution
7.0 IDC Computer Room Construction Solution
8.0 Intelligent Weak Current Solution
9.0 Intelligent Building Solution
10.0 Intelligent Management Center Overall Solution
1, 现状分析 XXX Status Analysis
With the development of information technology, data assets have gradually become the most valuable intangible assets. Data assets contain a large amount of documentation (unstructured data), which has accounted for more than 80% of all data. According to the status of XXXX Co., Ltd.'s informatization construction, the analysis has the following problems.
文档资料统一分类管理的需求 ：办公过程中产生的制度文档、资料文档，需要统一汇总、归档、查询机制； 1.1 Requirements for unified classification and management of documents and materials : The system documents and information files generated during the office process need a unified aggregation, archiving, and query mechanism;
业务系统办公、档案、报销、合同等重要文件的同步备份管理。 1.2 File backup requirements: Synchronous backup management of important files such as business system office, archives, reimbursement, and contracts.
： 共享文件采用文件/FTP服务器建设，而个人文档存储于PC终端内，由于技术限制，无法实现移动办公 。 1.3 Network disk service requirements : shared files are built using file / FTP servers, and personal files are stored in PC terminals. Due to technical limitations, mobile office cannot be achieved . 无法通过有效手段快速查找到所需资料。 A large number of documents are distributed on various servers and personal computers, and the required materials cannot be quickly found by effective means.
： 大量文档分散在个人桌面，无法集中管控，一旦硬盘故障、中毒、人员离职/更换电脑，都有可能导致数据丢失；文档的外发、修改、删除等操作，无法进行审计。 1.4 Requirements for security management and control : A large number of documents are scattered on the personal desktop and cannot be controlled centrally. Once a hard disk failure, poisoning, personnel departure / replacement of the computer may cause data loss; operations such as sending, modifying, and deleting documents cannot be audited . If the file is modified or deleted, it cannot be traced back.
Based on the above issues and after investigation and demonstration, it is recommended to use an advanced and mature secure and secure document cloud platform to comprehensively solve the problems of document management, control, sharing, sharing, collaboration, and backup, which greatly improves office efficiency.
2, Document Cloud Solution Architecture Design
This time, a set of document cloud platform is built. In order to realize the unstructured data storage of PC desktop office of XXXX Co., Ltd., support file upload and download, department file sharing, document classification organization and management, user management, hierarchical permission management and other functions, a set of Effective system for unified management and authorization.
By building a set of document clouds in the information room of XXXX Co., Ltd.
Employees can store desktop data in the cloud through the office intranet, so that personal documents and departmental documents can be managed in a unified manner;
Can use external links, permissions configuration, file sharing and other features to improve office efficiency.
Utilize the system document synchronization mechanism to upload files, contracts, and reimbursement files to the document cloud, and back up and save such important files. It is recommended to use an offsite backup system in an offsite computer room to perform offsite backup of key documents cloud data to achieve second-tier backup. effect.
Document Cloud Solution Highlights
2.1 based on network disk experience
Issue a personal account for each employee, and uniformly allocate 10GB of personal use space, you can access files from any device anywhere:
Figure 2.5.1: Network Disk Interface
² 提供网盘服务，将个人PC上的文档上传备份至服务端，文档可以通过任何终端随处访问。 Mobile access: Provides network disk services, uploads and backs up documents on personal PCs to the server, and documents can be accessed from any terminal anywhere.
² 将个人的文件/文件夹共享给其他人（图2.3中“权限管理”），随时把资料共享给其他人（图2.3中“共享文档”类为被共享的文档）。 Share documents: Share personal files / folders with others ("Permission Management" in Figure 2.3), and share materials with others at any time ("Shared Documents" in Figure 2.3 are classified as shared documents). Users do not need to use mobile storage devices to copy data, nor need to send large attachments through their mailboxes; whether the sharer is one person or multiple people, at the headquarters or in a remote location, you can quickly share permissions by configuring permissions.
² 分散在电脑里的重要资料、手机或Pad里的会议记录等都可以上传云端，做数据备份。 Cloud storage: Important information scattered in the computer, meeting records in mobile phones or Pads can be uploaded to the cloud for data backup.
2.2 Publication and sharing of knowledge base
System administrators can build a knowledge base through background management and share and publish to the organization:
1. According to the construction plan of the knowledge base in the organization, it is determined that shared documents need to be published centrally, such as archive libraries, software shared libraries, and announcement release libraries.
Software shared library
Bulletin release library
Users with permission to view
Table 2.1: Knowledge base design
2. 软件共享库，文档类型为“知识库” ，空间配额200GB ： The system administrator logs in to the web background configuration, creates the corresponding knowledge base, specifies the information center Zhang Qian software shared library, the document type is "knowledge base" , and the space quota is 200GB :
Figure 2.5.2: Library building process
Figure 2.5.3: Library completed
3. The document library administrator logs in to the web disk client to configure the scope of resource sharing and publishing, such as:
u Archive library: all users in the organization have read and write permissions; they are responsible for uploading and archiving documents.
u Software shared library: all users in the organization are read-only; the owner of the document library is read-write, and is responsible for updating and publishing documents.
u Announcement release library: All users in the organization are read-only; a user in the designated office is read-write, deleted, and is responsible for updating the release document.
Figure 2.5.3: Rights Management
Figure 2.5.4: Permission Configuration
2.3 Collaboration based on document sharing
Ø Document sharing and collaboration in the same department
Figure 2.5.5: Create department document organization
u The person in charge will put the respective responsible department in the designated folder. All people in the department have read-only permissions. After the materials are submitted, the person in charge of the department can be set to go to the corresponding location of the corresponding directory for review.
Ø Document sharing and collaboration across departments
u Every ordinary user has the right to create 3 groups, and can share and collaborate based on special actions, data sharing or activities.
Figure 2.5.6: Create Group
Figure 2.5.7: Pull into a group
Ø Document collaboration
Turn on locked serial collaboration mode. When user 1 opens a word document, the file is automatically locked.
Show document lockers: other users access
Figure 2.5.10 Integration with Virtual Cloud Desktop
2.4 Audio and video, PDF, etc. can be integrated and shared online
² The audio and video of the recording and broadcasting system are synchronized to the user's personal file (the unified authentication of the user's identity is achieved through the management of the public service platform), and the user's recorded video can be accessed everywhere
² Users submit videos to the video library (applications for video storage);
² 、Word、图片可以提供在线浏览功能。 PDF , Word, and pictures can provide online browsing functions.
2.5 Docking of Daily Office Software
Use AnyShare's API interface
起草审批文件，直接从非结构化数据中心获取审批文档URL（无期限限制）；邮件添加从网盘中添加附件直接从非结构化数据中心获取附件（15天有效）。 OA drafts the approval document, and obtains the URL of the approval document directly from the unstructured data center (no time limit); mails are added; attachments are added from the network disk; attachments are obtained directly from the unstructured data center (valid for 15 days).
审批后的文件，直接固化入全院审批文件，备注该文件夹下，设定部门（起草人、会签人、审批人有权限查阅）。 The documents approved by the OA are directly consolidated into the approval documents of the whole hospital, and the department (the drafter, the countersigner, and the approver has the authority to review) is noted under this folder.
2.6 Supports leak-proof privileges
The confidential permission model among the system, user, and file is shown in the following diagram:
Figure 2.5.16 Secret class diagram
There are three types of security levels:
System security level: The security level set for the entire server system is used to identify the upper limit of the highest secret level of the current system. The system security level setting can only be increased to a high security level and cannot be rolled back to a low security level
File security level: The security level set for a file, as an inherent attribute of the file, will not change (rename or move) because the path of the file changes.
User Secret Level: The secret level set for a user, as an inherent attribute of the user, will not change (removed or added or moved) because the user's organizational department changes.
There are three ways to set the security level:
Only allow administrator system to set the system's security level
Only the administrator admin is allowed to set the user's secret level
Allow only owner to set the file's security level
Secret-level access rules
If there is a conflict between security permissions and document permissions, the priority relationship is: Security permissions> Document permissions
If there is a conflict between the security authority and the organization authority, the priority relationship is: security authority> organization authority
A user's default password level is "non-secret" (when a user account is created, imported, or synchronized, a non-secret level is automatically generated)
The default security level of a file = the user security level of the creator of the file (the creation operation is understood as "new upload")
The user can only see the files with “File Secret Level <= Own Secret Level” (even the owner cannot see the files belonging to himself but “File Secret Level> Own Secret Level”)
If "File's Secret Level> Visitor's Secret Level", the sharer cannot share the file to the specified visitor
Provide more flexible and fine-grained permission configuration in the permission configuration window
When the user opens a file in the disk (trigger download), or clicks the [Download] button in the sidebar, it still checks whether there is "Download" permission (the existing implementation is maintained)
When a user selects a file, if the user does not have the "Download" permission for the file, the historical version list information cannot be seen on the [Version] Tab page in the sidebar
When users copy a document from disk to disk, or copy it from disk to disk, they should check whether they have "copy" permission instead of "download" permission
When a user cuts a document from disk to disk, or cuts it from disk to disk, he should check whether he has "copy + delete" permission, not "download + delete"
When the user performs the following operations, if the user does not have the "print" permission, the operation is blocked and a prompt of insufficient permissions pops up
Execute the [Print] function in the current or historical version of the opened file
Select the file and click the "Print" option in the right-click menu
When the user performs the following operations, if the user does not have the "copy screen" permission, the operation is blocked and a prompt of insufficient permissions pops up
Click the [Print Screen] button on the keyboard
Use the "Screenshot Tool" for Windows
Using QQ's "Screenshot Tool"
Supports distributed deployment
Multi-site distributed deployment of central nodes and sub-centers, data of central and sub-center nodes can be safely and controllably shared for inspection. Ensure that one account logs in to view all node resources.
节点与B节点优先访问本地资源，并且可以互相访问对方资源。 Node A and Node B preferentially access local resources and can access each other's resources.
² Ability to solve unified authority management and downward authorization;
² Able to solve the collaborative office needs in the above scenarios;
² Can ensure the security of data sharing access between different places;
² Can ensure the security of document data between places.
Figure 2.5.17 Two-node browsing mode
The client supports one end to log in to multiple resources.
Figure 2.5.18 Client supports multi-site access
3. Document Cloud Solution Value
3.1 Mobile access anytime, anywhere
Anytime, anywhere, and any device can access AnyShare documents;
Supports PC clients including Windows 8. Most operations are completed based on the resource manager, and the operation experience is fully localized;
Supports iOS, Android and other mobile clients, and can access the organization's public security information at any time through a smartphone or Pad;
Support webpage access, no need to install a client, you can access and use the documents in AnyShare where you have a browser.
3.2 Innovative document sharing efficiency
Unique permissions are shared: Whether it is a custom department document library, personal document library, or group document library, access based on permissions, whether it is a file or folder, is both shared and collaborative.
Original discovery and sharing mode: I do n’t know what you need, you do n’t know I own it, I make the document discoverable, and you discover the document and own it.
Unique sharing collaboration reminder: In the process of document sharing collaboration between teams and project groups, you can remind the designated person to check for updates and sharing by reminding Ta, and the sharing interaction is more accurate.
Safe external chain sharing: Through external chain sharing, you can pass data to external personnel, partners, and customers, while providing access passwords and time restrictions to ensure security.
3.3 One step ahead of the user experience
Unique trigger download: See all, use a few, trigger downloads on demand, and upload in real time.
The industry's first enterprise-level cloud storage that supports full-text retrieval: Faced with a large number of document centers, full-text retrieval is the basis for using documents. AnyShare is the first to support full-text retrieval in the field of cloud storage.
Quick Locate: Forget the storage location of the file, support quickly locate the file with access right through the keyword of the file name or the first letter of Pinyin.
3.4 IT-oriented, trusted document security
Up to 99.9999% data storage security: AnyShare supports 3 copies of redundant storage. Any node or disk damage will not cause data damage or loss. The system storage security can be as high as 99.9999%.
History version: The file operated by the PC client. The system records the modification history of the file. The user can retrieve the modified file content through the history version.
The cloud recycle bin supports the recovery of accidentally deleted files and avoids local misoperations. The recycle bin classification based on the document library is more clear for large-scale public security system files.
Separation of authority and responsibility mechanism: The multi-user organization unit cooperates with management authorization. The system administrator only needs to maintain system files and services. Document management and access authorization can be distributed to each business unit and department.
Mobile device security: The mobile client supports independent password access and remote data erasure. When the device is lost or an employee leaves the office, the cached data of a networked mobile device can be erased through the management console.
Support for Selective Security Boundaries: Provides secure access boundaries to control remote and mobile access to specific document libraries, specific people.
Third authentication integration: Supports LDAP-based authentication integration and third-party single sign-on extended integration;
Converged desktop virtualization management and control: Supports integration with desktop virtualization environments to achieve secure management and access to documents. For example, Citrix XenDesktop / XenApp, VMware View, etc.
Platform overlay expansion: AnyShare is built on the cloud storage architecture, each node is equal, and can be seamlessly expanded according to the scale of use.
High availability and load balancing: The cluster system is highly available and load balanced. The damage of any node does not affect normal use and data security.
Open integration: AnyShare is an open platform that provides open API interfaces to interact with other platforms and supports integration with existing third-party application systems.
3.5 Document Cloud Operation Management
运营统计 Operating statistics
System administrators can understand the operation performance of the entire cluster, including online people monitoring, file number and operation change statistics.
Figure: Document Statistics View
集群状态监控 2. Cluster status monitoring
The cloud storage platform supports cluster load balancing and high availability. According to the design, in the entire system, at least two storage nodes need to be configured, and two management nodes are also configured. The status and system data of the management node are stored through a distributed database. The two management nodes are deployed by Active-Standby. When the active management node fails, the standby management node will take over the services of the active management node. The storage node is a stateless service. The damage of any management node will not affect the external service of the system, it will only interrupt the external service of the node and let the client initiate the connection service again.
Figure: Cluster status monitoring
Each node is an independent computing and storage point. According to the design, when each node assumes storage responsibilities, it can support 800 people's online document operation experience at the same time. Browse, delete, etc. These operations may come from PC client, web page access or mobile client.
At the same time, administrators can view current and historical system load data, including the number of concurrent users.
Figure: Online user statistics