摘要
针对大规模虚拟专用网络中安全隧道管理的复杂性,提出了一种基于组策略的管理模型。通信实体按其安全需求聚合为不同的安全组,组策略以抽象方式定义组内成员间通信的安全保护机制,设备之间的隧道连接关系则通过对组策略的扩展自动生成。模型实现了对全网VPN设备的统一管理,有效减轻了VPN的管理负担,具有良好的扩展能力。
Group policy based management architecture is proposed to solve complexity problem of security tunnel management in large-scale VPN network. In this architecture, communication entities are aggregated into different security groups, and group policy is used to regulate security protection mechanism for communications among group members. For each VPN device, tunnel relationships are computed automatically via extension of corresponding group policy. This architecture is both efficient and scalable, and is supposed to have promising perspective.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2006年第5期102-103,182,共3页
Computer Engineering
基金
国家计委高科技产业化示范工程项目"联动式网络安全集成系统"
