L2TP over IPSec技术在私有桌面云中的应用
|
摘要
随着国家气象信息中心内部私有桌面云系统的发展,希望通过多种接入设备随时随地访问业务数据和应用、提高工作效率的需求越来越迫切。文中提出了外部网络访问内网桌面云系统的网络方案,利用Internet等外部网络通过移动终端等多种设备访问桌面云系统,满足业务需求。由于外部网络的复杂性,保障安全传输成为该方案的技术关键。文中阐述了L2TP over IPSec技术的原理、适用性及其安全策略,并给出了利用L2TP over IPSec安全隧道技术实现该网络方案的思路及完整的接入过程、配置方法以及相应的代码,实现了基于此方案的国家气象信息中心私有桌面云系统试点建设的实例,取得了良好的收益,充分表明了L2TP over IPSec技术在外网访问私有桌面云的应用中的适用性。
With the development of internal private desktop cloud system in National Meteorological Information Center,more and more urgently,it's necessary to improve work efficiency by accessing data and APPs with multiple access devices anywhere anytime. Propose the network solution for the external network to access the intranet desktop cloud system,utilizing the Internet and other external network through mobile terminals and other devices to access the desktop cloud system,satisfying business demand. Due to the complexity of the external network,to ensure the safe transmission is key technology in this project. Describe the principle,applicability and security strategy of L2 TP over IPSec technique,by using the L2 TP over IPSec security tunneling technology,also provide the thoughts,whole access procedure,configuration methods and the corresponding code to achieve the program,and implement an experiment construction instance of private desktop cloud system in National Meteorological Information Center accordingly. This project obtains significant benefits,which fully indicates the applicability of the L2 TP over IPSec technology to access the private network in the desktop cloud.
With the development of internal private desktop cloud system in National Meteorological Information Center,more and more urgently,it's necessary to improve work efficiency by accessing data and APPs with multiple access devices anywhere anytime. Propose the network solution for the external network to access the intranet desktop cloud system,utilizing the Internet and other external network through mobile terminals and other devices to access the desktop cloud system,satisfying business demand. Due to the complexity of the external network,to ensure the safe transmission is key technology in this project. Describe the principle,applicability and security strategy of L2 TP over IPSec technique,by using the L2 TP over IPSec security tunneling technology,also provide the thoughts,whole access procedure,configuration methods and the corresponding code to achieve the program,and implement an experiment construction instance of private desktop cloud system in National Meteorological Information Center accordingly. This project obtains significant benefits,which fully indicates the applicability of the L2 TP over IPSec technology to access the private network in the desktop cloud.
引文
[1]刘鹏.云计算[M].第2版.北京:电子工业出版社,2011.
[2]王郑,韩焱,单联春.通信运营商桌面云运用探讨[J].电信科学,2011(S1):16-22.
[3]Celesti A,Tusa F,Villari M.Three-phase cross-cloud federation model:the cloud SSO authentication[C]//Proc of2010 second international conference on advances in future Internet.Venice:IEEE,2010:94-101.
[4]Rittinghouse J W,Ransome J F.Cloud computing:implementation,management and security[M].Beijing:China Machine Press,2010.
[5]Li Z,Wan Q L,Zhang X P,et al.Study on the SSO caused by HVDC link in hybrid AC-DC power systems[C]//Proc of9th IET international conference on AC and DC power transmission.London:IEEE,2010:1-5.
[6]Orawiwattanakul T,Yamaji K,Nakamura M,et al.User-controlled privacy protection with attribute-filter mechanism for a federated SSO environment using shibboleth[C]//Proc of2010 international conference on P2P,parallel,grid,cloud and Internet computing.[s.l.]:[s.n.],2010.
[7]贾湘兴.虚拟专用网络承载协议—L2TP的实现[D].成都:电子科技大学,2003.
[8]Townsley W,Valencia A.Layer two tunneling protocol(L2-TP)[S].RFC 2661,1999.
[9]Li H,Dai Y S,Tian L,et al.Identity-based authentication for cloud computing[C]//Proc of international conf on cloud computing.Beijing:[s.n.],2009:157-166.
[10]Aymerich F M,Fenu G,Surcis S.An approach to a cloud computing network[C]//Proc of ICADIWT.Ostrava:IEEE,2008:113-118.
[11]季超,楚艳萍.基于L2TP/IPSec的安全隧道技术方案[J].河南大学学报:自然科学版,2004,34(1):94-96.
[12]Patel B,Aboda B.Securing L2TP using IPsec[S].RFC 3193,2001.
[13]朱昌盛,余冬梅,王庆荣,等.IPSec与L2TP结合构筑的虚拟专用网络[J].计算机工程,2002,28(11):105-107.
[2]王郑,韩焱,单联春.通信运营商桌面云运用探讨[J].电信科学,2011(S1):16-22.
[3]Celesti A,Tusa F,Villari M.Three-phase cross-cloud federation model:the cloud SSO authentication[C]//Proc of2010 second international conference on advances in future Internet.Venice:IEEE,2010:94-101.
[4]Rittinghouse J W,Ransome J F.Cloud computing:implementation,management and security[M].Beijing:China Machine Press,2010.
[5]Li Z,Wan Q L,Zhang X P,et al.Study on the SSO caused by HVDC link in hybrid AC-DC power systems[C]//Proc of9th IET international conference on AC and DC power transmission.London:IEEE,2010:1-5.
[6]Orawiwattanakul T,Yamaji K,Nakamura M,et al.User-controlled privacy protection with attribute-filter mechanism for a federated SSO environment using shibboleth[C]//Proc of2010 international conference on P2P,parallel,grid,cloud and Internet computing.[s.l.]:[s.n.],2010.
[7]贾湘兴.虚拟专用网络承载协议—L2TP的实现[D].成都:电子科技大学,2003.
[8]Townsley W,Valencia A.Layer two tunneling protocol(L2-TP)[S].RFC 2661,1999.
[9]Li H,Dai Y S,Tian L,et al.Identity-based authentication for cloud computing[C]//Proc of international conf on cloud computing.Beijing:[s.n.],2009:157-166.
[10]Aymerich F M,Fenu G,Surcis S.An approach to a cloud computing network[C]//Proc of ICADIWT.Ostrava:IEEE,2008:113-118.
[11]季超,楚艳萍.基于L2TP/IPSec的安全隧道技术方案[J].河南大学学报:自然科学版,2004,34(1):94-96.
[12]Patel B,Aboda B.Securing L2TP using IPsec[S].RFC 3193,2001.
[13]朱昌盛,余冬梅,王庆荣,等.IPSec与L2TP结合构筑的虚拟专用网络[J].计算机工程,2002,28(11):105-107.