1. Requirement analysis
Although the Internet export of XX university has been established, there are still some areas that need to be improved and optimized, and are facing the following challenges:
1. export bandwidth costs are expensive and schools are not being used properly;
In the egress link, the bandwidth utilization ratio of each link is unbalanced;
In the export flow, the P2P traffic occupies the bandwidth seriously.
2. can not cooperate with the public security organs inspection;
In the 82 order of the Ministry of public security, the unit that provides Internet access services shall record and retain the registration information of the users who use the Internet, the Internet address of the users and the corresponding address of the internal network;
3. students can not effectively filter illegal speech;
4.WEB security incidents occur frequently, the school website has been tampered with, the horse.
5. teachers and students out of office can not access the internal service system through intelligent terminals.
2. solutions
2.1 load balancing
The load balancing system is recommended A/S deployment in Internet network access, to achieve load balancing of multiple Internet access link, can simultaneously achieve out of the flow (internal access Internet) and inflow flow (Internet access internal) bidirectional load balancing. At the same time, the nearest neighbor algorithm is used to ensure the intelligent and dynamic proximity selection of the two-way traffic flow, which greatly improves the quality of service and access efficiency of the users.
2.2 firewall
Firewalls greatly enhance the security of an internal network and reduce risk by filtering insecure services. The firewall recommends the use of the A/S mode deployment behind load balancing system, and realize the isolation between different regions in different regions between the firewall, access must pass strict access control release, while the firewall also assume the network address conversion function.
2.3 Internet behavior management
Internet behavior management system can effectively assist the management of the network, from network access control, access control to the detailed application and protocol management, and more in-depth content management, the products have shown to be professional. The proposal of using Internet bandwidth management module of behavior management of bandwidth management based on user and application based on the management of users, the P2P bandwidth situation decisively to stop abuse; and the content management module, prohibition of speech and illegal access. In addition, it meets the requirements of the 82 order of the Ministry of public security
2.4 WEB firewall
To prevent the occurrence of WEB security time, this scheme proposes deploying WEB firewall. WEB firewall can be used in the three aspects of pre warning, security protection and post hoc analysis to provide full cycle security protection for the website. Beforehand, dynamic monitoring of Web services, the implementation of monitoring system of service capacity and service quality, establish risk warning mechanism; that, based on the "uptimes" principle, relying on the stability and safety of colleges and universities, the system kernel several advanced multidimensional protection system, through the application of WEB threat defense, web anti tamper, anti the function and application of WEB service refused to attack a number of optimization, operation to ensure the quality of web application service system; afterwards, multi angle decision support data, provide periodic statements detailed for the user, to help network managers to accurately understand the status of the website and carry out targeted adjustment.
2.5 VPN
To meet the staff through intelligent terminals, secure access to the internal business system office. The combination of the program will use virtualization technology and VPN technology, to support a variety of IOS, Android system intelligent terminal through SSL VPN remote access security, provides secure remote access, more perfect for intelligent terminal applications currently growing solutions.。