1.0 Intelligent Campus Network Solution
2.0 IDC Data Center Network Solution
3.0 Enterprise Cloud Solutions
4.0 Overall Information Security Solution
- 4.1 Exit Security Application Solutions
- 4.2 Branch and Mobile Internet Application Solutions
- 4.3 Data Center Security Solutions
- 4.4 Level Protection Comprehensive Solution
- 4.5 Disaster Recovery and Backup Integrated Solution
- 4.0 Overall Information Security Solution
- 4.6 CDP Local Disaster Recovery Solution
- 4.7 Dual-System Disaster Recovery Shared Storage Hot Standby Solution
- 4.8 Mirrored Hot Standby Solution for Dual-machine Disaster Recovery
- 4.9 Desktop Access Scheme
- 4.10 Anti-disclosure security management system for electronic documents
- 4.11 Email Security Overall Solution
5.0 Smart Wireless Total Solution
- 5.1 Cloud wireless solution
- 5.2 Application authentication access solution
- 5.0 Smart Wireless Total Solution
- 5.3 Smart Business Circle Solution
- 5.4 Wireless bridging solution
- 5.5 Elevator Wireless Coverage Solution
- 5.6 Hotel wireless coverage solution
- 5.7 Smart Campus Wireless Solution
- 5.8 Hospital Wireless Solution
- 5.9 Wireless retail solutions for malls
6.0 HD Video Conference Solution
7.0 IDC Computer Room Construction Solution
8.0 Intelligent Weak Current Solution
9.0 Intelligent Building Solution
10.0 Intelligent Management Center Overall Solution
With the development of informatization and digitalization of various business systems, data has increasingly become the basis for the development of core decisions in daily operations. Institutional studies have shown that the loss of 300MB of data means a loss of RMB 130,000 for the marketing department. This means a loss of 160,000 to the finance department and 800,000 to the engineering department. If the lost data of the company is not recovered within 15 days, the company may be eliminated. Viruses such as CIH and Love Worm have cost the international community billions of dollars. Some domestic customers mistakenly deleted valid data due to no backup and manually reentered the business, which caused losses of hundreds of thousands of yuan. Such lessons happen from time to time in China, which shows the importance of ensuring the security of information and data.
The establishment and implementation of information system security protection measures is a weapon to ensure the stability, reliability, security, and availability of information systems. At present, the network system covers every department of the hospital, covering every link of various business systems. Hundreds of computers run at the same time, supporting various aspects of management, and becoming a business platform for services. The security of information systems is directly related to the work Normal operation, once the network is down or data is lost, it will bring huge disasters and irreparable losses to companies and enterprises. Therefore, the security work of the computer network system is very important, especially the security of the core business database server system. Thorough security maintenance measures must be formulated to ensure the durable, stable, efficient, and safe operation of the computer network system.
Threats or violations of data security can be broadly divided into the following categories:
Natural disasters: natural or unexpected accidents and disasters, such as hardware damage caused by earthquakes, floods, fires, etc., resulting in data corruption and loss.
Human negligence: Unintentional damage caused by authorized users, especially in the case of batch jobs.
Malicious destruction: Destruction, destruction, and other actions by malicious programmers, technical support personnel, and personnel performing database management functions.
Criminal behavior: theft, espionage, industrial spying, employees selling company secrets and mailing list data.
Privacy violations: irresponsible hunting, competitors look at data, get data for political and legal purposes
Events like these are likely to happen around us at any time. So what are the consequences of these accidents? At least, it is difficult for us to imagine such misfortune. At present, the government has clear regulations on the industry, and has strict requirements on the retention time of various business data, ensuring the security and reliability of information technology. The problem.
two, Information status and needs analysis
Informatization faces the entire internal MES, WEB, database, physical system, file system, etc. The overall management is based on the informatization platform, so the stability of the informatization platform is very important for the current and future development.
General information technology is based on traditional servers and storage devices. Under normal circumstances, information technology's ability to resist risks is relatively weak. At present, the company basically consists of X86 servers. Its core business systems, data applications, and file systems are deployed on multiple independent X86-structured servers. All server system data is manually backed up. There is no complete automatic data backup system. In the face of increasing data applications, the company's informatization security has certain great security risks, as follows:
(1) X86-based servers run in information systems. It is common for logical errors such as viruses, human operations to be accidentally deleted, and incorrect changes. The current business systems of information technology cannot be rolled back and traced back. The actual data is only one. The results show that if the production environment fails, it can only accept the losses caused by the failure;
(2) Run a specific application on a stand-alone server. Once a physical server fails, it is not simply an application downtime, but a web service, database, and background data analysis for the application call mechanism. Multiple applications will be simultaneously The risk and impact of downtime are very large;
(3) Multiple servers, the failure of any one server will definitely lead to the downtime of one or more applications, or even data corruption. At present, the data and applications of the entire business system are structured on multiple independent and decentralized application servers. Multiple scattered data are formed. Regardless of whether the original scheme involves storage devices, a large number of single points of failure will be formed in the scheme. There is a serious risk to the overall security of the information technology. Any one, two, or more data The consequences will be unimaginable;
(4) The realization of the exercise is also important. As any IT responsible person, the possible disasters, accidents, failures, and impacts of informationization should be controlled within a manageable range. Even how powerful the information is, simulation of failures, Exercises have become very important, and in the traditional sense, there are either no or no drills, or the cost of drills is very high. Therefore, in the case of failure of information technology, there are many "random" or customary treatment options. It is not scientific, and it is important to use a measurable, customized, simple, and testable disaster recovery exercise program;
(5) The standard informatization application scheme is generally three modes: online application, near-line extraction, and offline storage. Currently, there is only one online application. In a sense, the current informatization is actually structured on a set of independent online platforms. This risk is relatively large. Once there is data corruption and the need for data traceability, there are certain limitations, especially at the current scale, as one or more days of data loss? When the server or storage fails, some applications need to be stopped for one to two days or even longer, which will bring great risks to the operation of the enterprise.
Therefore, we need to create a set of information-based disaster recovery solutions that can ensure the continuous operation of information technology in the event of any failure. In the face of any disaster, it can still ensure the continuous operation of information technology.
The general principle is: to restore business in the shortest possible time regardless of any disaster, and achieve nearly "0" data loss;
The data protection and disaster recovery system adopted must pass strict market inspection, and there must be multiple successful cases of long-term operation in the market;
In order to prevent various logical disasters (such as human accidental deletion, virus infection, etc.), multiple historical versions need to be used as copies, and the historical version must be the same as the data format of the production system, so as to achieve instant recovery; The historical version must be verified in advance and cannot directly cover the production volume.
This data protection system should protect the production operating system, application system, and storage system to ensure that the business system still works normally if the production storage is damaged;
For site-level disasters, the data loss (RPO) and recovery time (RTO) are important assessment indicators, which are defined differently according to the importance of the business system;
Considering the importance of the production system, the shorter the downtime of the disaster recovery system, the better. Therefore, the disaster recovery technology must be used to synchronize the initial data with the database or application open. This can greatly reduce the downtime;
It is required that the disaster recovery solution must have deduplication, bandwidth optimization, and compression technologies, so that data can be transmitted in a narrowband environment to achieve second-stage offsite disaster recovery;
Data replication from the production side to the disaster recovery side must have a consistency guarantee mechanism to make the data at the disaster recovery side available, and the database or application system can be opened instantly when taking over the business;
上的波动是常见现象，所以异地容灾技术必须要有断点续传的功能，保证网络在较长时间中断的情况下不溢出，恢复网络后是增量传输； Fluctuations on the Internet are a common phenomenon, so remote disaster recovery technology must have the function of continuous transmission of breakpoints to ensure that the network does not overflow in the case of a long-term interruption, and it is an incremental transmission after the network is restored;
In order to avoid implementation risks, the data protection and disaster recovery system should not make any changes to the original production system, including the structure and underlying volume management.
In order to save management costs, the data protection and disaster recovery system should be integrated in a management interface, and the status can be monitored in real time.
Fourth, the solution
In this chapter, the overall architecture of this solution is introduced first, the principle of continuous data protection is introduced according to the architecture, and finally the recovery methods under various disasters are explained in detail.
Deploy the CDP solution to protect the overall information technology;
连续数据保护和容灾方案，是一套行之有效的，集磁盘镜像、数据连续保护和备份、远程容灾于一体的综合容灾解决方案。 The CDP continuous data protection and disaster recovery solution is an effective comprehensive disaster recovery solution that integrates disk mirroring, continuous data protection and backup, and remote disaster recovery. Its basic structure is:
A set of CDP disaster recovery equipment is deployed in the core computer room. CDP will not change any existing informationization structure, and can be connected to informationization through Ethernet or FC (both can coexist) links;
The CDP is bypassed into the data network without any changes and impacts on the existing network topology. It does not need to restart or even restart the application server, and does not affect the normal operating system, applications, and production data.
Each X86 application server or virtual machine is configured with CDP-Disksafe client software to synchronize the operating system, applications, and data of all X86 physical servers or virtualized servers to the local (local computer room) CDP device.
The server or virtual machine with the disksafe client installed can synchronize data to CDP in various ways: (1) data synchronization at a fixed point in time; (2) cycle time, such as every five minutes; (3) synchronization For example, if the bandwidth capacity is insufficient during synchronization, it will automatically turn to asynchronous; (4) According to the mode of setting the bandwidth, that is, each client can be fixed to a background synchronization bandwidth of 10M or 512K (specified), CDP-Disksafe will When the bandwidth is not greater than this, data is continuously copied. The above modes can be set according to the site conditions;
In the 100M Ethernet environment, the disaster recovery rate is 7 ~ 10 MB / s; in the Gigabit Ethernet environment, the disaster recovery data rate is 70 ~ 80 MB / s; for the first time, the server room server is synchronized. After the data synchronization is completed, each subsequent synchronization is performed in an incremental manner and according to the set strategy;
During the data synchronization process of each application server (X86), CDP-Disksafe will configure 1000 historical snapshots (TimeMark) for each logical volume. In other words, it is equivalent to 1000 complete data states that are always available, such as a database server. A snapshot every ten minutes is equivalent to fetching the first ten minutes of data for viewing and recovery at any time to achieve multi-historical point protection. Any server needs to take a snapshot (find some data before deletion or modification), only This snapshot needs to be loaded. After the data is obtained, it can be unloaded without affecting normal business operations.
The disk group mode based on the RAC management system is external redundancy, and its redundancy mode cannot be changed once it is set. It needs to be changed to normal redundancy. Therefore, the process of protecting Oracle RAC management system by digital storage CDP is as follows: According to the disk group of the original management system Information, the original production storage and data storage CDP disk volume group is added to the system of each node (the production storage and CDP disk capacity and quantity are the same).
Create a new disk group with the same configuration according to the original disk group. Its type is normal redundancy. Add the production storage disk and data storage CDP disk group to a different failgroup of the new disk group to form a mirror relationship with the original production storage. Data is shunted through the redundant mirroring method of CDP consistent volume management. All data is written in real-time. The data at the production end will be stored in the original storage system and the disk group of CDP. To achieve storage dual-active and storage high availability; when a failure occurs, automatic switching can be achieved, but manual recovery is required when recovering.
After the CDP of the local computer room has obtained all server data, systems, and applications (you can choose which part or all of the disaster recovery), it will pass the local disaster recovery center to recover all the collected data to the next two phases. A remote disaster recovery center CDP. The disaster recovery center CDP is also configured with 1000 snapshots (TimeMark) to achieve protection of multiple historical points in the disaster recovery center. In this way, there are 1,000 historical snapshots in the local and the next two off-site disaster recovery centers, so that the historical data is double-protected.
The two CDPs use remote replication technology, and through the TCP / IP protocol, the replication strategy is flexibly formulated according to the actual data increment and transmission bandwidth. Then using the CDP thin copy technology, a continuous transmission mode can be realized, and the data loss is "0". Considering the bandwidth limitation in the data transmission process, when the local CDP synchronizes data with the remote disaster recovery center CDP, it uses the proprietary technology Microscan technology and sector-based deduplication strategy to transfer data between the local CDP and the future second-phase remote CDP data. Using the source-based data deduplication strategy, when a snapshot is synchronized from the local CDP to the remote CDP, it will compare whether the target end has the same sector-based data, and if it is, it will be deduplicated and not transmitted, thereby transmitting bandwidth. It has been greatly optimized. After experiments, it has been proved that the bandwidth can be saved by more than 80% after deduplication by Microscan technology, that is, the deduplication rate is more than 80%. Over time, this deduplication rate will be higher.
Based on the traditional WINDOWS and LINUX servers based on the X86 platform, digital storage CDP devices can be flexibly protected, and protection strategies such as the whole machine, partition, directory, and file can be selected. When the application server fails, the business of the whole machine takes over The time is less than 3 minutes, and the takeover time of partitions, directories, and files is less than 1 minute. The rapid service takeover effect ensures the continuous service capacity of the business system.
After the data storage CDP equipment has taken over the business system, the amount of new data generated can be restored to the original production system through data synchronization in the background within a time period that can be selected and defined.
The protection based on the UNIX platform is mainly the data in the UNIX environment. Through the CDP device, it can form a mirror relationship with the original production storage. All data is written in real-time double copies. When the production storage fails, the data storage CDP The equipment will automatically take over the production and storage work without human intervention, and the digital storage CDP equipment will temporarily replace the production storage to continue working. After the production storage is repaired, the digital storage CDP equipment will import the data back to the original production storage system and resume their respective work. status.
Based on the data storage CDP device forming a mirror relationship with the original storage device, the impact on production storage performance has become the focus of many customers' considerations. As the only solution in the computer room to provide protection for the entire computer room, the data write performance has Professional enhancement technologies, including Hotzone and SafeCache technology, ensure fast data writing. At the same time, SSD hard disk cache technology and hot and cold data layering technology ensure that digital storage CDP has a very powerful processing capacity.
No matter whether it is a WINDOWS, LINUX based on X86 platform or a UNIX platform based on RISC architecture, in the disaster recovery solution of CDP with digital storage, the impact on the business server CPU, memory and hard disk I / O is about "0", That is, it does not affect the normal work of the production system, ensuring that the original production system can exert the maximum performance and guarantee the continuous and healthy service capacity of the business.