Ngenye imini sifumene isicelo seenkonzo zefu. Sayichaza ngokubanzi into eya kufunwa kuthi saza sabuyisela uluhlu lwemibuzo ukucacisa iinkcukacha. Emva koko sihlalutye iimpendulo kwaye saqonda: umthengi ufuna ukubeka idatha yomntu kwinqanaba lesibini lokhuseleko efini. Siyamphendula: "Unenqanaba lesibini ledatha yakho, uxolo, singenza kuphela ilifu labucala." Kwaye yena: "Uyazi, kodwa kwinkampani X banokuthumela yonke into kum esidlangalaleni."
Ifoto nguSteve Crisp, Reuters
Izinto ezingaqhelekanga! Saya kwiwebhusayithi yenkampani X, safunda amaxwebhu abo isatifikethi, sashukumisa iintloko zethu kwaye saqaphela: kukho imibuzo emininzi evulekileyo ekubekweni kwedatha yomntu kwaye kufuneka iqwalaselwe kakuhle. Nantso into esiza kuyenza kule post.
Yonke into kufuneka isebenze njani
Okokuqala, makhe sibone ukuba yeyiphi imigaqo esetyenziselwa ukwahlula idatha yomntu njengenye okanye enye inqanaba lokhuseleko. Oku kuxhomekeke kudidi lwedatha, inani lezifundo zale datha ezigcinwa ngumqhubi kunye neenkqubo, kunye nohlobo lwezoyikiso zangoku.
Iindidi zezoyikiso zangoku zichazwe kwi yomhla kaNovemba 1, 2012 "Ekuvunyweni kweemfuno zokhuseleko lwedatha yobuqu ngexesha lokusetyenzwa kwiinkqubo zolwazi lwedatha yobuqu":
“Izoyikiso zoHlobo loku-1 zibalulekile kwinkqubo yolwazi ukuba ibandakanya izoyikiso zangoku ezinxulumene ne kunye nobukho bezakhono ezingabhalwanga (ezingachazwanga). kwisoftware yenkquboesetyenziswa kwinkqubo yolwazi.
Izoyikiso zohlobo lwe-2 zifanelekile kwinkqubo yolwazi ukuba kuyo, kubandakanywa izoyikiso zangoku ezinxulumene ne kunye nobukho bezakhono ezingabhalwanga (ezingachazwanga). kwisoftware yesiceloesetyenziswa kwinkqubo yolwazi.
Izoyikiso zohlobo lwe-3 zifanelekile kwinkqubo yolwazi ukuba yenzela yona izoyikiso ezinganxulumananga kunye nobukho bezakhono ezingabhalwanga (ezingachazwanga). kwisistim kunye nesoftware yesiceloisetyenziswe kwinkqubo yolwazi."
Eyona nto iphambili kwezi nkcazo bubukho bezakhono ezingabhalwanga (ezingachazwanga). Ukuqinisekisa ukungabikho kwezakhono zesofthiwe ezingabhalwanga (kwimeko yefu, le yi-hypervisor), isiqinisekiso senziwe yi-FSTEC yaseRashiya. Ukuba umqhubi wePD uyavuma ukuba akukho zakhono ezinjalo kwisofthiwe, ngoko ke izoyikiso ezihambelanayo azibalulekanga. Izoyikiso zeentlobo ze-1 kunye ne-2 zinqabile kakhulu zithathwa njengezifanelekileyo ngabaqhubi bePD.
Ukongeza ekumiseleni inqanaba lokhuseleko lwePD, umqhubi kufuneka kwakhona amisele izisongelo ezithile zangoku kwilifu loluntu kwaye, ngokusekelwe kwinqanaba elichongiweyo lokhuseleko lwePD kunye nezoyikiso zangoku, ukugqiba amanyathelo ayimfuneko kunye neendlela zokukhusela kubo.
I-FSTEC idwelisa ngokucacileyo zonke izoyikiso eziphambili (idathabheyisi yosongelo). Ababoneleli beziseko zelifu kunye nabavavanyi basebenzisa le datha kumsebenzi wabo. Nantsi imizekelo yezoyikiso:
: "Isoyikiso kukwaphulwa kokhuseleko lwedatha yomsebenzisi weenkqubo ezisebenza ngaphakathi kumatshini wenyani ngesoftware enobungozi esebenza ngaphandle komatshini wenyani." Esi soyikiso sibangelwa kubukho bobuthathaka kwisoftware ye-hypervisor, eqinisekisa ukuba indawo yedilesi esetyenziselwa ukugcina idatha yomsebenzisi kwiinkqubo ezisebenza ngaphakathi kumatshini wenyani ibekwe yodwa ekufikeleleni okungagunyaziswanga yisoftware engalunganga esebenza ngaphandle komatshini wenyani.
Ukuphunyezwa kwesi soyikiso kunokwenzeka ngaphandle kokuba ikhowudi yeprogram enobungozi yoyise ngempumelelo imida yomatshini wenyani, kungekuphela nje ngokuxhaphaza ubuthathaka be-hypervisor, kodwa nangokuqhuba impembelelo enjalo ukusuka kumanqanaba asezantsi (ngokunxulumene ne-hypervisor) ukusebenza kwenkqubo."
: “Isoyikiso sisekukwazini ukufikelela ngokungekho mthethweni kulwazi olukhuselweyo lomthengi wenkonzo yelifu komnye. Esi songelo sibangelwa kukuba, ngenxa yobume bobuchwepheshe befu, abathengi benkonzo yefu kufuneka babelane ngeziseko ezifanayo zefu. Esi sisongelo sinokuqondwa ukuba iimpazamo zenziwe xa kwahlulwa izinto zesiseko selifu phakathi kwabathengi benkonzo yelifu, kunye naxa besohlula izixhobo zabo kunye nokwahlula idatha komnye nomnye. "
Unokukhusela kuphela kwezi zoyikiso ngoncedo lwe-hypervisor, kuba nguye olawula izibonelelo ezibonakalayo. Ngaloo ndlela, i-hypervisor kufuneka ithathelwe ingqalelo njengendlela yokukhusela.
Kwaye ngokuhambelana Ngomhla we-18 kaFebruwari 2013, i-hypervisor kufuneka iqinisekiswe njenge-non-NDV kwinqanaba le-4, ngaphandle koko ukusetyenziswa kwe-level 1 kunye ne-2 yedatha yomntu kunye nayo ayiyi kuba semthethweni (“Igatya le-12. ... Ukuqinisekisa inqanaba le-1 kunye ne-2 yokhuseleko lwedatha yomntu, kunye nokuqinisekisa inqanaba le-3 lokhuseleko lwedatha yomntu kwiinkqubo zolwazi apho uhlobo lwe-2 lwezoyikiso luhlelwa njengangoku, izixhobo zokhuseleko lolwazi zisetyenzisiweyo, isofthiwe eye yafunyanwa. ivavanywe ubuncinci ngokwenqanaba le-4 lolawulo lokungabikho kwezakhono ezingachazwanga").
I-hypervisor enye kuphela, ephuhliswe eRashiya, inenqanaba elifunekayo lesatifikethi, i-NDV-4. . Ukuyibeka ngobulali, kungekhona isisombululo esithandwa kakhulu. Amafu ezorhwebo, njengomthetho, akhiwe kwisiseko seVMware vSphere, KVM, Microsoft Hyper-V. Akukho nanye kwezi mveliso eqinisekisiweyo yi-NDV-4. Ngoba? Kusenokwenzeka ukuba ukufumana isatifikethi esinjalo kubavelisi akukathetheleli ngokwezoqoqosho.
Kwaye konke okuseleyo kuthi kwinqanaba le-1 kunye ne-2 yedatha yomntu kwifu likawonkewonke yi-Horizon BC. Ilusizi kodwa yinyani.
Indlela yonke into (ngokombono wethu) isebenza ngokwenene
Xa ujonga nje kuqala, yonke into ingqongqo: ezi zoyikiso kufuneka zipheliswe ngokumisa ngokuchanekileyo iindlela zokhuseleko ezisemgangathweni ze-hypervisor eqinisekisiweyo ngokwe-NDV-4. Kodwa kukho ikroba elinye. Ngokuhambelana noMyalelo weFSTEC onguNombolo 21 (Igatya lesi-2 Ukhuseleko lwedatha yobuqu xa isenziwa kwinkqubo yolwazi lweenkcukacha zobuqu (emva koko ekubhekiselwa kuyo njengenkqubo yolwazi) iqinisekiswa ngumsebenzisi okanye umntu olungisa idatha yakhe egameni lomsebenzisi ngokungqinelana ne IRussian Federation"), ababoneleli bavavanya ngokuzimeleyo ukufaneleka kweengozi ezinokwenzeka kwaye bakhethe amanyathelo okukhusela ngokufanelekileyo. Ngoko ke, ukuba awukwamkeli izisongelo ze-UBI.44 kunye ne-UBI.101 njengangoku, ngoko akuyi kubakho mfuneko yokusebenzisa i-hypervisor eqinisekisiweyo ngokwe-NDV-4, eyona nto imele inikeze ukhuseleko kubo. Kwaye oku kuya kukwanela ukufumana isatifikethi sokuthotyelwa kwelifu loluntu kunye namanqanaba 1 kunye ne-2 yokhuseleko lwedatha yomntu, apho iRoskomnadzor iya kuneliseka ngokupheleleyo.
Ngokuqinisekileyo, ukongeza kwi-Roskomnadzor, i-FSTEC inokuza nokuhlolwa - kwaye lo mbutho ucokiseke ngakumbi kwimicimbi yobugcisa. Mhlawumbi uya kuba nomdla ukuba kutheni kanye izisongelo ze-UBI.44 kunye ne-UBI.101 zithathwa njengezingabalulekanga? Kodwa ngokwesiqhelo i-FSTEC yenza uhlolo kuphela xa ifumana ulwazi malunga nesiganeko esithile esibalulekileyo. Kule meko, inkonzo ye-federal ifika kuqala kumqhubi wedatha yomntu - oko kukuthi, umthengi weenkonzo zefu. Kwimeko embi kakhulu, umqhubi ufumana intlawulo encinci - umzekelo, kwi-Twitter ekuqaleni konyaka kwimeko efanayo yafikelela kuma-ruble angama-5000. Emva koko i-FSTEC iya phambili kumboneleli wenkonzo yelifu. Enokuthi ithintelwe ilayisenisi ngenxa yokusilela ukuthobela iimfuno zolawulo- kwaye ezi zimingcipheko eyahlukileyo ngokupheleleyo, kumboneleli welifu kunye nabathengi bayo. Kodwa, ndiyaphinda, Ukujonga iFSTEC, uhlala ufuna isizathu esicacileyo. Ngoko ababoneleli ngamafu bazimisele ukuthatha umngcipheko. Kuze kube yisiganeko sokuqala esinzima.
Kukho neqela lababoneleli "abanoxanduva ngakumbi" abakholelwa ukuba kunokwenzeka ukuvala zonke izisongelo ngokongeza i-add-on njenge-vGate kwi-hypervisor. Kodwa kwindawo ebonakalayo esasazwa phakathi kwabathengi ngenxa yezoyikiso ezithile (umzekelo, i-UBI.101 engentla), indlela yokukhusela esebenzayo inokuphunyezwa kuphela kwinqanaba le-hypervisor eqinisekisiweyo ngokwe-NDV-4, ekubeni nayiphi na inkqubo yokongeza. imisebenzi esemgangathweni ye-hypervisor yokulawula izixhobo (ngokukodwa, i-RAM) ayichaphazeli.
Sisebenza njani
Sinecandelo lelifu eliphunyezwe kwi-hypervisor eqinisekisiwe yi-FSTEC (kodwa ngaphandle kwesatifikethi se-NDV-4). Eli candelo liqinisekisiwe, ngoko ke idatha yomntu ingagcinwa kwilifu ngokusekelwe kuyo I-3 kunye ne-4 amanqanaba okhuseleko - Iimfuno zokhuseleko ngokuchasene nezakhono ezingachazwanga akufuneki ziqwalaselwe apha. Nantsi, ngendlela, kuyilo lwecandelo lethu elikhuselekileyo lelifu:
Iinkqubo zedatha yomntu I-1 kunye ne-2 amanqanaba okhuseleko Siphumeza kuphela kwizixhobo ezizinikeleyo. Kule meko kuphela, umzekelo, isongelo se-UBI.101 ayifanelekanga ngokwenene, ekubeni ii-racks zeseva ezingadityaniswanga yindawo enye ebonakalayo ayinakuchaphazela enye kwenye nangona ibekwe kwindawo efanayo yedatha. Kwiimeko ezinjalo, sinikezela ngenkonzo yokurenta izixhobo ezizinikeleyo (ikwabizwa ngokuba yi-Hardware njengenkonzo).
Ukuba awuqinisekanga ukuba leliphi inqanaba lokhuseleko olufunekayo kwinkqubo yakho yedatha yobuqu, sikwanceda ekuyihleleni.
isiphelo
Uphando lwethu oluncinci lwentengiso lubonise ukuba abanye abaqhubi bamafu bazimisele ukubeka emngciphekweni ukhuseleko lwedatha yabathengi kunye nekamva labo lokufumana iodolo. Kodwa kule miba sibambelela kumgaqo-nkqubo owahlukileyo, esiwuchaze ngokufutshane apha ngasentla. Siya kukuvuyela ukuphendula imibuzo yakho kumazwana.
umthombo: www.habr.com