National security information system is to facilitate the production of safety management departments in carrying out the national production safety inspection, implementation, monitoring, and design of management information systems.The system includes the construction of a number of subsystems, the network subsystem is the major construction elements of the system, this part of the subsystem is discussed.
National security is national security, production information system Administration of safety management to facilitate the country to carry out safety inspection department, the implementation, monitoring, and design of management information systems.System's construction goal is to fully utilize the existing information base, through the national security of production information systems, the increased safety monitoring and Jiancha information collection, handling, processing ability to achieve coal mine safety supervision, supervision and administrative law enforcement informationtechnology, to promote the safety management work of scientific development, and real-time forecast for the state accident, to eliminate hidden dangers of the security situation in production and timely decision-making services.The system includes the application subsystem, the network subsystem, database subsystem, the site subsystem, video subsystem, distance education and training subsystems, storage backup subsystem, subsystems such as contents of construction standards.Network subsystem is an important building elements of the system, provide access to other system services.
Network Subsystem Requirements Analysis
New Network Subsystem main requirements are:
● Using the national e-government network and telecom professionals outside the network, the establishment of safe production supervision and management of wide area network platform in the provinces to County General and networking organization;
● establishing and improving production safety supervision and management at all levels to monitor the agency local area network;
● Implementation of the State Council departments, the State Council Security Committee member units of information transmission and information sharing, to provide services for all departments;
● access for enterprises and public safety information systems to provide national Internet-based access methods;
● Administration and the provincial agencies to achieve between the video transmission.
Network subsystem building objectives are: to provide national security to the provincial Administration of institutions (of 45), in part, municipal bodies (of 116) and county-level institutions (total 900) and sub-regional coal mine monitoringinstitutions (of 71) of the application system of data exchange between the demand and video conferencing systems of various agencies and the VOIP system load platform.The subsystem design includes two parts, WAN and LAN.Here is the ideal design of the program.
WAN Design
According to the State Production Safety Supervision and monitoring of management features, network architecture should be used with a single central node of the star topology.Radiation to the national backbone network in all capital cities, provincial nodes around the city within the province is responsible for county-level node of the connection.With four five-story structure.
Administration of national security as the core node, four five-story structure as the first level and the first layer; Provincial Work Safety Supervision Bureau of the provincial coal monitoring nodes and nodes, four five-story structure as the second-classand the second layer; to class innings monitoring nodes and sub nodes of coal, as the four five-story structure in the third grade and the third layer; county innings node, as the first four five-story structure4 and the fourth layer; all county-owned unit of production and operation, as the information acquisition layer, the five-story structure is the last layer.
Core node to two node wide area network connections can be said that the production of national security information network in a backbone network, as Office business applications the gathering of data, so in a backbone network must be high-performance routing equipment andhigh-bandwidth communications links to meet the needs of data exchange.
A backbone network core router cluster node configuration of the two 45 second access node, mutual backup between the two routers, and to achieve load sharing.Side of the two nodes configured in a line of routers and an audience on stage line router, connect up General node, respectively, down to connect three nodes.
Choice in the link, not only as a backbone network carries data traffic, but also video services and voice services through its circulation, in which video services and voice services to the relatively large bandwidth, high performance requirements of the network, so consider these factorscore nodes and each node of the main link with two 2 × 2M links.As with the core node connected to two nodes 45, node-side of the core needs of 2 × 90M-bandwidth connection with two nodes, so the main core node configuration from the router, a channel of the port 155M POS to meet the demand for bandwidth.To ensure the reliability of a backbone, the core node equipped with 2 routers, as long as any of a good link and a router, the system can work properly.
2 nodes to 3 nodes of the State Production Safety Network's two wide-area network, wide area network of the primary node for the realization of two cluster centers province-wide interconnection of all three nodes of the network, the main operation data, voice,video and other services, which Xingmei FSS node monitoring stations and coal transfer data between nodes, voice and video services, the provincial Work Safety Supervision Bureau of Work Safety Bureau nodes and nodes between cities to transfer data and voice services only.
The selection of the link, because three nodes and two nodes transmit data and voice services, while 3 node 4 node cluster the data needs to flow, so the two nodes connecting link between the wide area network using 2Mbandwidth E1 lines to connect.Three nodes and two nodes transmit data, video, voice services, so the two WAN links between nodes are also used 2M bandwidth E1 lines to connect.
Three nodes to four nodes to achieve wide area network primarily to three nodes as cluster centers under the jurisdiction of the county-level cities covered innings node wide area network infrastructure, the wide area network data services is the main host, not to deploy video conferencing systems,three nodes to four nodes WAN links or dial-up connection using DDN link.
LAN Design
A node LAN Design Administration of State Security LAN using core layer, convergence layer and access layer and three-tier network architecture, which includes 2 sets of the core layer of the core switch, 2 routers and 2 sets of firewall devices, convergence layercompletion of the core equipment and the interface between access equipment, access layer is responsible for end-user desktop access.Between two core switches, load balancing and redundancy to ensure network reliability and improve network performance.Core layer constitutes a firewall and core switch port shaped structure, also constitutes a firewall and router port shaped connection, in this type of structure can be achieved under the two firewall failover mode firewall device between the redundant backup control through the firewallstrategy, the data from WAN to restrict access.Two core switches are Gigabit fiber port through the second line was a star convergence layer switch connected to each convergence layer dual Gigabit link connection to the core switch, aggregation layer has three functions.Access layer formed by the more than three switches, access switches to provide the port authority.General node using two routers and provincial authorities WAN routers connected to each other mainly from these two routers, and work.
2 nodes 2 nodes in LAN design, including Provincial Work Safety Supervision Bureau of the node node and Xing Mei FSS, as two nodes in the management of the same function, so local area network device configuration is also similar.
A two node configuration for each device, 2 routers, 2 switches, 2 firewall, 1 VPN gateway.Among them, the upstream router as a router with two 2M-bandwidth link to connect with the Administration; the other router as the downstream router, through the split into a number of 2M 155M bandwidth and three nodes connected.Two nodes to the LAN through the firewall between private network and external network isolation, the protection of the private network.Firewall and router mounted on a tripod up and down the two connections, domestic second line switch, which switches the switch as the core of the secondary node.To facilitate the mobile users within the data network a visit in two nodes configured a VPN 网关, legitimate the mobile users can access via the Internet Yiji VPN gateway within two nodes Wang data.
3 Node Local Area Network design three nodes including municipal innings to monitor the nodes and sub nodes of coal, due to three nodes institutions function and work basically the same content, so three nodes within the network using the same network topology.Each node is equipped with a three-level routers, 1 three-switch, a firewall, a number of servers and PC.Which switches to connect the local user, the router as the WAN devices and the Provincial Bureau and the county bureau of the connection.Server as the application server and store the local production safety supervision and management of city data.
4 nodes 4 nodes in the LAN design since the same functionality of the system, so use the same network topology.4 node configuration of equipment to a router, 1 switch, 1 firewall and supporting equipment.Which switches to connect the local user, the router as the WAN devices and node-level connection innings.In the wide area network links, open green areas DDN using DDN way, there is no open area DDN line with dial-up connection to their cities of core routers.
Node network equipment selection principles at all levels
1. To meet the performance requirements and practical art.Select the equipment must meet state safety information system on the processing speed requirements.
2. Reliability.Use of more mature product requirements, product availability tested and proven reliable equipment operation.
3. Scalability.Products with a corresponding upgrade capability, ease of future expansion as the business development.
4. Service quality.As the equipment distributed throughout the country, so they requested that manufacturers of after-sales service responsive service and good quality.
Network Subsystem Management
Production of national security information network management network of equipment, range, and were 4 structure, in order to simplify management, network management, using the hierarchical management style, in the Administration to deploy a core network server, in everyprovinces and the deployment of a network server, network management systems Office and the Provincial Administration of the upstream router nodes, two nodes of the network management software addition to the upstream router other than the province level within the network equipment.
Manage the main implementation features: real time network equipment and its distribution; on the operation of the network state and traffic monitoring; to provide warning and processing network events; network equipment performance parameters of real-time monitoring and historical data collection; for third-partyand network hardware manufacturers to support the integration of management tools; different levels of management, a larger network environment for better management efficiency; to provide rights management capabilities of network devices.
The main function of network management from the following four aspects to consider:
(1) Performance Management
Performance management is mainly responsible for network performance monitoring, cost control and performance analysis to complete the network performance testing, and a variety of performance information collection, statistics, storage, performance, database maintenance, performance management set the threshold and the threshold overrun generatedperformance report.For the operators and management to provide network operations, packet statistics case, processor load capacity and other information, to identify specific problems and to conduct quality analysis.When necessary, by running the management and configuration management capabilities of the network were adjusted to improve the network's overall performance level of the normal and efficient operation to ensure network for users to provide satisfactory services.
(2) Fault Management
Fault and alarm management is mainly responsible for alarm monitoring, fault location, with the operation and management capabilities for troubleshooting and system recovery test equipment, to collect, process, said the network elements of various faults, alarms and abnormal network status information, and with a variety ofStatistical analysis of classification and guidance functions.
(3) configuration management
Configuration management functions mainly responsible for the overall management of the network element device dynamic configuration data, network elements of the security, Zhuangtai checking for and installing functionality will provide graphics, text and other forms of hierarchical display, and the ability to edit, add, delete, change, classification and statistics andPrint out these functions.
Device configuration data should include all network elements within the system has generated device configuration parameters, including documents and management information according to the design parameters of the two artificially generated content.To make configuration data and the actual configuration to always maintain the same for the output of unit equipment from the network configuration information Tigong time and Shougongqidong Fang Shi's Zidong check; other configuration information, provide input, Bian Ji and other Shouduan Youcaozuoyuan Jishigengzheng to Fan Yingthe actual situation.
Configuration management also provides an analysis of specific configuration and management tools.The tool can be configured for a group of related equipment, strategy analysis, and configuration can simulate the result.At the same time the configuration changes automatically generate reports, for the administrators configuration optimize the structure.
(4) safety management
Network management system used by permission with proper management.Enables user-based rights management, based on user group rights management, rights management based on access time, access to network elements based on group rights management and the combination of the above categories of access.
Various operations in the system functions on a detailed division of authority, including the alarm cancellation, alarm recognition, alarm pretreatment authority; data query, add, modify, delete permissions; network elements registry, sending machine command, use the batchcommand authority; user information query, add user, modify user information, delete the user data permissions.
A network management system for each user type and function of the above set levels, the provisions of its mandate, time constraints, the development mandate.When the user violating the right to operate, the system can generate alerts and timely information, and to prohibit the further operation of the current user.
National security information systems, the production of the safety management in line with national strategic development plan, its completion will greatly enhance the standardization of safety management, scientific and information level in order to really improve production safety and improve and lay a good foundation.
Link: Network Subsystem Features
Strong scalability: With the gradual increase of the scale of network construction, gradually increase the number of users, the network has strong expansion capability, user-friendly functionality of the system expansion.
Reliability: The network can provide more extensive services, core network equipment and links with key components of redundant backup technology to ensure stable and reliable core equipment
Safety: the most advanced security authentication means, the entire network with fire, theft, anti viruses, anti-hacking and other capacity to ensure system security.
Open High: A standard protocol to protect user investment, improve equipment interoperability.Network devices using mainstream technology, the development of standard protocols, with good interoperability of different manufacturers can support the same product, different manufacturer's products seamlessly interconnect and communicate.Network management system interface in complying with the normative basis of the principle, can be integrated with different equipment vendors, system or platform providers, software vendors products.
Application of high flexibility: based on IP technology to support multi-network equipment business, the perfect support data, voice and video integration, network VPN and VLAN through a variety of ways to achieve separation of the business.
The management subsystem in time, Quanmian Online's failure to grasp professionals, Xingneng, Pei Zhi Deng Xin Xi; Kuaisu, Zidongfanying online Shi Jian; Shu Ju Wang Shi Xian right analysis of events Ding Wei, to provide historical Jilu He statistical Gongneng; provide overall network andpartial load conditions and statistics for business security, network optimization and network expansion to provide references.