Research And Implementation Of Automatic Deployment System Of Security Service For Network Security Experiment Platform

Network security technology innovation, network security product verification test can not be separated from the network security experimental platform support, building an advanced network security experimental platform is not only the basis of network security innovation,but also an important part of network security innovation. Network security experiment platform is used to research, test, verify the network security technology, products and systems hardware and software platform. In the network security experiment, constructing and deploying the system under test (SUT) is the prerequisite and basic work of the experiment. The traditional "start from scratch" approach to building SUT is time-consuming, error-prone, and resource-intensive and inflexible.To solve this problem, this paper proposes an automated deployment mechanism of security services under virtualized environment, and builds an automated deployment system of security services for network security experiment platform, which can be automatically distributed and loaded according to the user's experimental requirements, Install, configure the relevant security software and other resources, and real-time feedback deployment status, in a loosely coupled way to provide users with a flexible customization of security services. The main research results are as follows:(1) An automated deployment mechanism of security services in virtualized environment is proposed. Aiming at the coexistence of virtual machine and host, virtual network and physical network in virtual environment, this paper analyzes the deployment mechanism of security service automation, which allows administrators and users to realize security service customization by registration, association, The automatic deployment of security services can be realized by automatically distributing transmission, loading import and installation configuration to security resources.(2) A secure resource loading method based on shared storage is proposed. Aiming at the security resource sharing between virtual machine and host, this paper analyzes the drawbacks of the traditional network-based transmission method, and proposes a load-sharing method based on shared storage, which utilizes sharing physical storage features between virtual machine and host computer, so that users do not need to configure the external network, you can achieve the virtual machine access to security resources and load.(3) Design and implement a security service automation deployment system. Based on the above-mentioned mechanism and method, a security service automation deployment system is designed and implemented. The system includes user interaction layer, central control layer and host resource layer. The XML-RPC API interface is used to realize communication interaction. The key modules include the host agent module, the security service distribution module and the Web user interaction module. The test results show that the architecture of the system is reasonable in design and functions to meet the demand, thus realizing the on-demand automatic deployment of security services.