ProHoster > Ibhulogi > Ulawulo > Indlela yokwenza abahlobo kunye neGOST R 57580 kunye ne-container virtualization. Impendulo yeBhanki ePhakamileyo (kunye neengcinga zethu ngalo mba)

Indlela yokwenza abahlobo kunye neGOST R 57580 kunye ne-container virtualization. Impendulo yeBhanki ePhakamileyo (kunye neengcinga zethu ngalo mba)

Kungekudala siqhube olunye uvavanyo lokuthotyelwa kweemfuno zeGOST R 57580 (emva koku kubhekiselwa kuyo nje ngokuba yiGOST). Umxhasi yinkampani ephuhlisa inkqubo yokuhlawula nge-elektroniki. Inkqubo inzulu: abasebenzisi abangaphezu kwezigidi ezi-3, ngaphezu kwe-200 amawaka entengiselwano yonke imihla. Baluthathela ingqalelo ukhuseleko lolwazi apho.

Ngexesha lenkqubo yovavanyo, umxhasi ubhengeze ukuba isebe lophuhliso, ukongeza koomatshini bokwenene, liceba ukusebenzisa izikhongozeli. Kodwa ngale nto, umxhasi wongezelela, kukho ingxaki enye: kwi-GOST akukho gama malunga ne-Docker efanayo. Ndingenza ntoni? Indlela yokuvavanya ukhuseleko lwezikhongozeli?

Indlela yokwenza abahlobo kunye neGOST R 57580 kunye ne-container virtualization. Impendulo yeBhanki ePhakamileyo (kunye neengcinga zethu ngalo mba)

Kuyinyani, i-GOST ibhala kuphela malunga ne-hardware virtualization - malunga nendlela yokukhusela oomatshini ababonakalayo, i-hypervisor, kunye neseva. Sacela iBhanki Ephakathi ukuba icacise. Impendulo yasixaka.

I-GOST kunye ne-virtualization

Ukuqala, masikhumbule ukuba iGOST R 57580 ngumgangatho omtsha ochaza "iimfuno zokuqinisekisa ukhuseleko lolwazi lwemibutho yezemali" (FI). Ezi FIs ziquka abaqhubi kunye nabathathi-nxaxheba beenkqubo zokuhlawula, imibutho yekhredithi kunye ne-non-credit, amaziko okusebenza kunye nokucoca.

Ukususela nge-1 kaJanuwari 2021, iiFIs kufuneka ziqhube Uvavanyo lokuthotyelwa kweemfuno zeGOST entsha. Thina, ITGLOBAL.COM, siyinkampani yophicotho-zincwadi eqhuba uvavanyo olunjalo.

I-GOST inesiqendwana esizinikezele ekukhuselweni kweendawo ezibonakalayo - No. 7.8. Igama elithi "virtualization" alichazwanga apho; akukho lwahlulo kwi-hardware kunye ne-container virtualization. Nayiphi na ingcali ye-IT iya kuthi ukusuka kumbono wezobugcisa oku akuchanekanga: umatshini we-virtual (VM) kunye ne-container ziindawo ezahlukeneyo, kunye nemigaqo yokuzimela eyahlukileyo. Ukusuka kwindawo yokujonga ukuba sesichengeni kwenginginya apho i-VM kunye nezikhongozeli ze-Docker zibekwe khona, oku ikwangumahluko omkhulu.

Kuyavela ukuba uvavanyo lokhuseleko lolwazi lwee-VM kunye nezikhongozeli kufuneka zohluke.

Imibuzo yethu kwiBhanki Enkulu

Sibathumele kwiSebe lezoKhuseleko lweNgcaciso yeBhanki ePhakathi (sibeka imibuzo kwifom efinyeziweyo).

  1. Ungaqwalasela njani izikhongozeli zohlobo lweDocker xa uvavanya ukuthotyelwa kweGOST? Ngaba kuchanekile ukuvavanya iteknoloji ngokuhambelana necandelwana 7.8 leGOST?
  2. Uzivandlakanya njani izixhobo zolawulo lwesikhongozeli? Ngaba kunokwenzeka ukuwalinganisa kumacandelo e-virtualization yomncedisi kwaye uvavanye ngokwecandelwana elifanayo leGOST?
  3. Ngaba kufuneka ndivavanye ngokwahlukeneyo ukhuseleko lolwazi ngaphakathi kwizikhongozeli zeDocker? Ukuba kunjalo, zeziphi izikhuselo ekufuneka ziqwalaselwe oku ngexesha lenkqubo yovavanyo?
  4. Ukuba i-containation ilingana neziseko ezingundoqo kwaye ivavanywa ngokwecandelwana 7.8, iimfuno ze-GOST zokuphunyezwa kwezixhobo ezikhethekileyo zokhuseleko ziphunyezwe?

Impendulo yeBhanki Ephakathi

Ngezantsi kukho izicatshulwa eziphambili.

"I-GOST R 57580.1-2017 iseka iimfuno zokuphunyezwa ngokusetyenziswa kwemilinganiselo yobugcisa ngokumalunga nemigqaliselo elandelayo ye-ZI isiqendwana 7.8 seGOST R 57580.1-2017, leyo, ngokombono weSebe, inokwandiswa kwiimeko zokusebenzisa i-containization virtualization. itekhnoloji, kuthathelwa ingqalelo oku kulandelayo:

  • ukuphunyezwa kwemilinganiselo ZSV.1 - ZSV.11 yokuchongwa, ukuqinisekiswa, ukugunyazwa (ulawulo lokufikelela) xa kuphunyezwa ukufikelela okunengqiqo kumatshini obonakalayo kunye namacandelo e-server ye-virtualization inokwahluka kwiimeko zokusebenzisa iteknoloji ye-container virtualization. Ukuthathela ingqalelo oku, ukuze kuphunyezwe amanyathelo amaninzi (umzekelo, i-ZVS.6 ne-ZVS.7), sikholelwa ukuba kunokwenzeka ukucebisa ukuba amaziko emali aphuhlise imilinganiselo yembuyekezo eya kulandela iinjongo ezifanayo;
  • ukuphunyezwa kwamanyathelo ZSV.13 - ZSV.22 yombutho kunye nolawulo lwentsebenziswano yolwazi koomatshini benyani ibonelela ngokukwahlulwa kothungelwano lwekhompyuter yentlangano yemali ukwahlula phakathi kwezinto zokwazisa eziphumeza itekhnoloji ye-virtualization kwaye ibe kwiisekethe zokhuseleko ezahlukeneyo. Ukuthathela ingqalelo oku, sikholelwa ukuba kuyacetyiswa ukubonelela ngolwahlulo olufanelekileyo xa kusetyenziswa itekhnoloji ye-container virtualization (zombini ngokunxulumene nezikhongozeli eziphunyezwayo kwaye ngokunxulumene neenkqubo zokubonwayo ezisetyenziswa kwinqanaba lenkqubo yokusebenza);
  • ukuphunyezwa kwamanyathelo ZSV.26, ZSV.29 - ZSV.31 ukuququzelela ukukhuselwa kwemifanekiso yoomatshini benyani kufuneka kuqhutywe ngokufaniswa kwakhona ukwenzela ukukhusela imifanekiso esisiseko kunye nekhoyo ngoku yezikhongozeli ezibonakalayo;
  • ukuphunyezwa kwemilinganiselo ZVS.32 - ZVS.43 yokurekhoda iziganeko zokhuseleko lolwazi ezinxulumene nofikelelo koomatshini benyani kunye namacandelo e-server ye-virtualization kufuneka iqhutywe ngothelekiso kwakhona ngokunxulumene neempawu zokusingqongileyo eziphumeza itekhnoloji ye-container virtualization.

Ithetha ukuthini

Izigqibo ezibini eziphambili kwimpendulo yeSebe lezoKhuseleko loLwazi lweBhanki ePhakamileyo:

  • amanyathelo okukhusela izitya azahlukanga kumanyathelo okukhusela oomatshini bokwenene;
  • Oku kulandela ukuba, kumxholo wokhuseleko lolwazi, iBhanki Embindini ilinganisa iintlobo ezimbini ze-virtualization - izitya ze-Docker kunye ne-VM.

Impendulo ikwakhankanya "imilinganiselo yembuyekezo" ekufuneka isetyenziswe ukuthothisa izoyikiso. Akucaci nje ukuba yintoni le "imilinganiselo yembuyekezo" kunye nendlela yokulinganisa ukufaneleka kwabo, ukugqiba kunye nokusebenza.

Yintoni engalunganga ngesikhundla seBhanki Enkulu?

Ukuba usebenzisa iingcebiso zeBhanki Ephakathi ngexesha lokuvavanya (kunye nokuzivavanya), kufuneka uxazulule inani lobunzima bezobugcisa kunye nengqiqo.

  • Isitya ngasinye esiphunyezwayo sidinga ukufakwa kwesofthiwe yokukhusela ulwazi (IP) kuyo: i-antivirus, ukubeka iliso kwingqibelelo, ukusebenza kunye nezigodo, iinkqubo ze-DLP (i-Data Leak Prevention), njalo njalo. Konke oku kunokufakwa kwi-VM ngaphandle kweengxaki, kodwa kwimeko yesikhongozeli, ukufaka ukhuseleko lolwazi yintshukumo engafanelekanga. Isikhongozeli siqulethe ubuncinci bemali β€œyekiti yomzimba” efunekayo ukuze inkonzo isebenze. Ukufaka i-SZI kuyo iphikisana nentsingiselo yayo.
  • Imifanekiso yesikhongozeli kufuneka ikhuselwe ngokomgaqo ofanayo; indlela yokuphumeza oku nayo ayicacanga.
  • I-GOST idinga ukukhawulela ukufikelela kwi-server virtualization components, oko kukuthi, kwi-hypervisor. Yintoni ethathwa njengecandelo leseva kwimeko yeDocker? Ngaba oku akuthethi ukuba isikhongozeli ngasinye kufuneka siqhutywe kwinginginya eyahlukileyo?
  • Ukuba kwi-virtualization yesiqhelo kuyenzeka ukuba unciphise ii-VM ngokhuseleko lwekhonta kunye namacandelo othungelwano, ngoko kwimeko yezikhongozeli zeDocker ngaphakathi komsingathi omnye, akunjalo.

Enyanisweni, kunokwenzeka ukuba umphicothi-zincwadi ngamnye uya kuvavanya ukhuseleko lwezikhongozeli ngendlela yakhe, ngokusekelwe kulwazi namava akhe. Ewe, okanye ungayivavanyi kwaphela, ukuba akukho nanye okanye enye.

Ukuba kunokwenzeka, songeza ukuba ukusukela nge-1 kaJanuwari 2021, awona manqaku asezantsi kufuneka angabikho ngaphantsi kwe-0,7.

Ngendlela, sithumela rhoqo iimpendulo kunye nezimvo ezivela kubalawuli ezinxulumene neemfuno ze-GOST 57580 kunye ne-Central Bank Regulations yethu. Itshaneli yeTelegram.

Yintoni oyenzayo

Ngokombono wethu, imibutho yezemali ineendlela ezimbini kuphela zokusombulula ingxaki.

1. Kuphephe ukusebenzisa izikhongozeli

Isisombululo kulabo balungele ukusebenzisa i-hardware virtualization kuphela kwaye ngexesha elifanayo bayesaba ukulinganiswa okuphantsi ngokweGOST kunye neentlawulo ezivela kwiBhanki Ephakathi.

A plus: kulula ukuthobela iimfuno zesiqendwana 7.8 seGOST.

thabatha: Kuya kufuneka silahle izixhobo ezitsha zophuhliso esekwe kwi-containization yesikhongozeli, ngakumbi iDocker kunye neKubernetes.

2. Ukwala ukuthobela iimfuno zecandelwana 7.8 leGOST

Kodwa kwangaxeshanye, sebenzisa ezona ndlela zilungileyo zokuqinisekisa ukhuseleko lolwazi xa usebenza nezikhongozeli. Esi sisisombululo kwabo baxabisa itekhnoloji entsha kunye namathuba ababonelela ngawo. β€œNgeendlela ezilungileyo” sithetha izithethe nemigangatho eyamkelweyo kumzi-mveliso wokuqinisekisa ukhuseleko lwezikhongozeli zeDocker:

  • ukhuseleko lwe-OS yomkhosi, ukugawulwa ngokufanelekileyo, ukuvinjelwa kotshintshiselwano lwedatha phakathi kwezikhongozeli, njalo njalo;
  • usebenzisa umsebenzi weDocker Trust ukujonga ingqibelelo yemifanekiso kunye nokusebenzisa iskena esisesichengeni esakhelwe ngaphakathi;
  • Asimele sikhohlwe malunga nokhuseleko lokufikelela kude kunye nemodeli yenethiwekhi ngokubanzi: ukuhlaselwa okufana ne-ARP-spoofing kunye ne-MAC-flooding ayizange ikhanselwe.

A plus: akukho zithintelo zobugcisa kusetyenziso lwe-container virtualization.

thabatha: kukho ithuba eliphezulu lokuba umlawuli uya kujezisa ngenxa yokungahambelani neemfuno ze-GOST.

isiphelo

Umxhasi wethu ugqibe ekubeni angaziyeki izikhongozeli. Kwangaxeshanye, kwafuneka ukuba aphinde aqwalasele ngokubanzi umda womsebenzi kunye nexesha lokutshintshela kwi-Docker (bahlala iinyanga ezintandathu). Umxhasi uwuqonda kakuhle umngcipheko. Kwakhona uyaqonda ukuba ngexesha lovavanyo olulandelayo lokuthotyelwa kweGOST R 57580, kuninzi kuya kuxhomekeka kumphicothi-zincwadi.

Ubuya kwenza ntoni kule meko?

umthombo: www.habr.com

Yongeza izimvo