I-ProHoster > Блог > Ukuphatha > Indlela yokwenza ubungane nge-GOST R 57580 kanye ne-virtualization yeziqukathi. Impendulo yeBhange Elikhulu (kanye nemicabango yethu ngalolu daba)

Indlela yokwenza ubungane nge-GOST R 57580 kanye ne-virtualization yeziqukathi. Impendulo yeBhange Elikhulu (kanye nemicabango yethu ngalolu daba)

Esikhathini esingengakanani esidlule senza okunye ukuhlola kokuhambisana nezidingo ze-GOST R 57580 (ngemuva kwalokhu ebizwa ngokuthi i-GOST nje). Iklayenti yinkampani eyakha uhlelo lokukhokha ngogesi. Uhlelo lubucayi: abasebenzisi abangaphezu kwezigidi ezi-3, ukuthengiselana okungaphezu kwezinkulungwane ezingama-200 nsuku zonke. Babheka ukuphepha kolwazi njengento ebaluleke kakhulu lapho.

Phakathi nenqubo yokuhlola, iklayenti lamemezela ngokunganaki ukuthi umnyango wezokuthuthukiswa, ngaphezu kwemishini ebonakalayo, uhlela ukusebenzisa iziqukathi. Kodwa ngalokhu, iklayenti lengeze, kunenkinga eyodwa: ku-GOST alikho igama mayelana ne-Docker efanayo. Kumele ngenzeni? Indlela yokuhlola ukuphepha kweziqukathi?

Indlela yokwenza ubungane nge-GOST R 57580 kanye ne-virtualization yeziqukathi. Impendulo yeBhange Elikhulu (kanye nemicabango yethu ngalolu daba)

Kuyiqiniso, i-GOST ibhala kuphela mayelana ne-hardware virtualization - mayelana nendlela yokuvikela imishini ebonakalayo, i-hypervisor, neseva. Sicele iBhange Elikhulu ukuthi lisicacisele. Impendulo yasidida.

I-GOST kanye ne-virtualization

Okokuqala, masikhumbule ukuthi i-GOST R 57580 iyindinganiso entsha echaza "izidingo zokuqinisekisa ukuphepha kolwazi lwezinhlangano zezezimali" (FI). Lawa ma-FI ahlanganisa abaqhubi kanye nabahlanganyeli bezinhlelo zokukhokha, izinhlangano zezikweletu nezingezona zezikweletu, izikhungo zokusebenza nezokukhokha.

Kusukela ngomhlaka-1 Januwari 2021, ama-FIs kudingeka aqhube ukuhlolwa kokuhambisana nezidingo ze-GOST entsha. Thina, ITGLOBAL.COM, siyinkampani yocwaningomabhuku eyenza ukuhlola okunjalo.

I-GOST inesigatshana esizinikezele ekuvikelweni kwezindawo ezibonakalayo - No. 7.8. Igama elithi "virtualization" alicaciswanga lapho; akukho ukwehlukana phakathi kwehadiwe kanye nokwenza izinto ezibonakalayo. Noma yimuphi uchwepheshe we-IT uzothi ngokombono wezobuchwepheshe lokhu akulungile: umshini we-virtual (VM) nesiqukathi kuyizindawo ezihlukene, ezinezimiso ezihlukene zokuzihlukanisa. Ngokombono wokuba sengozini komsingathi lapho kuthunyelwa khona iziqukathi ze-VM ne-Docker, lona futhi umehluko omkhulu.

Kuvele ukuthi ukuhlolwa kokuphepha kolwazi kwama-VM nama-container kufanele futhi kwehluke.

Imibuzo yethu eya eBhange Elikhulu

Sizithumele eMnyangweni Wezokuphepha Kolwazi weBhange Elikhulu (sethula imibuzo ngendlela efushanisiwe).

  1. Ungacubungula kanjani iziqukathi ezibonakalayo zohlobo lwe-Docker lapho uhlola ukuthobela kwe-GOST? Ingabe kulungile ukuhlola ubuchwepheshe ngokuhambisana nesigatshana 7.8 se-GOST?
  2. Ungawahlola kanjani amathuluzi okuphatha iziqukathi ezibonakalayo? Kungenzeka yini ukuzilinganisa nezingxenye ze-virtualization zeseva futhi uzihlole ngokwesigatshana esifanayo se-GOST?
  3. Ngabe ngidinga ukuhlola ngokwehlukana ukuphepha kolwazi ngaphakathi kweziqukathi ze-Docker? Uma kunjalo, yiziphi izivikelo okufanele zibhekwe kulokhu ngesikhathi sohlelo lokuhlola?
  4. Uma ukufakwa kwesiqukathi kulinganisa nengqalasizinda ebonakalayo futhi kuhlolwa ngokwesigatshana 7.8, zisetshenziswa kanjani izimfuneko ze-GOST zokusetshenziswa kwamathuluzi okuvikela olwazi olukhethekile?

Impendulo ivela ku- Central Bank

Ngezansi kukhona izingcaphuno eziyinhloko.

I-GOST R 57580.1-2017 isungula izidingo zokuqaliswa ngokusetshenziswa kwezinyathelo zobuchwepheshe maqondana nalezi zinyathelo ezilandelayo ze-ZI isigatshana 7.8 se-GOST R 57580.1-2017, lokho, ngokubona koMnyango, kunganwetshwa ezimweni zokusebenzisa i-containization virtualization. ezobuchwepheshe, kucatshangelwa lokhu okulandelayo:

  • ukuqaliswa kwezinyathelo ZSV.1 - ZSV.11 zokuhlela ukuhlonza, ukufakazela ubuqiniso, ukugunyazwa (ukulawula ukufinyelela) lapho kusetshenziswa ukufinyelela okunengqondo emishinini ebonakalayo nezingxenye zeseva ye-virtualization kungase kuhluke ezimweni zokusebenzisa ubuchwepheshe bokusebenzisa iziqukathi. Uma sicabangela lokhu, ukuze sisebenzise izinyathelo ezimbalwa (isibonelo, ZVS.6 kanye ne-ZVS.7), sikholelwa ukuthi kungenzeka ukuncoma ukuthi izikhungo zezezimali zenze izinyathelo zokunxephezela ezizophishekela imigomo efanayo;
  • ukuqaliswa kwezinyathelo ZSV.13 - ZSV.22 zenhlangano kanye nokulawulwa kokuxhumana kolwazi lwemishini ebonakalayo kunikeza ukuhlukaniswa kwenethiwekhi yekhompiyutha yenhlangano yezezimali ukuze kuhlukanise phakathi kwezinto zokwazisa ezisebenzisa ubuchwepheshe be-virtualization futhi eziyingxenye yamasekethe okuphepha ahlukene. Uma sicabangela lokhu, sikholelwa ukuthi kuyatuseka ukunikeza ukuhlukaniswa okufanele lapho kusetshenziswa ubuchwepheshe bokusebenzisa iziqukathi (kokubili ngokuphathelene neziqukathi ezibonakalayo ezisebenzisekayo futhi ngokuhlobene nezinhlelo ze-virtualization ezisetshenziswa ezingeni lesistimu yokusebenza);
  • ukuqaliswa kwezinyathelo ZSV.26, ZSV.29 - ZSV.31 ukuhlela ukuvikelwa kwezithombe zemishini ebonakalayo kufanele kwenziwe ngokufanisa futhi ukuze kuvikelwe izithombe eziyisisekelo nezamanje zeziqukathi ezibonakalayo;
  • ukuqaliswa kwezinyathelo ZVS.32 - ZVS.43 zokurekhoda izehlakalo zokuphepha kolwazi ezihlobene nokufinyelela emishinini ebonakalayo kanye nezingxenye ze-virtualization zeseva kufanele kwenziwe ngesifaniso futhi ngokuhlobene nezici zemvelo yokwenziwa ngokoqobo esebenzisa ubuchwepheshe bokubona iziqukathi.”

Kusho ukuthini

Iziphetho ezimbili eziyinhloko ezivela empendulweni yoMnyango Wezokuphepha Kolwazi Lwebhange Elikhulu:

  • izinyathelo zokuvikela iziqukathi azihlukile ezinyathelweni zokuvikela imishini ebonakalayo;
  • Kulandela kulokhu ukuthi, esimweni sokuphepha kolwazi, iBhange Elikhulu lilinganisa izinhlobo ezimbili ze-virtualization - iziqukathi ze-Docker kanye nama-VM.

Impendulo iphinde ibalule “izinyathelo zokunxeshezelwa” okudingeka zisetshenziswe ukuze kuncishiswe izinsongo. Akukacaci ukuthi lezi "zinyathelo zesinxephezelo" ziyini nokuthi zingakala kanjani ukufaneleka kwazo, ukuphelela nokusebenza kwazo.

Yini engalungile ngesikhundla seBhange Elikhulu?

Uma usebenzisa izincomo zeBhange Elikhulu ngesikhathi sokuhlola (kanye nokuzihlola), udinga ukuxazulula izinkinga eziningi zobuchwepheshe nezinengqondo.

  • Isiqukathi ngasinye esisebenzisekayo sidinga ukufakwa kwesofthiwe yokuvikela ulwazi (IP) kuso: i-antivirus, ukuqapha ubuqotho, ukusebenza ngamalogi, izinhlelo ze-DLP (Ukuvimbela Ukuvuza Kwedatha), njalonjalo. Konke lokhu kungafakwa ku-VM ngaphandle kwezinkinga, kodwa esimweni sesiqukathi, ukufaka ukuphepha kolwazi kuyisinyathelo esingenangqondo. Isiqukathi siqukethe inani elincane “lekhithi yomzimba” elidingekayo ukuze isevisi isebenze. Ukufaka i-SZI kuyo kuyaphikisana nencazelo yayo.
  • Izithombe zesitsha kufanele zivikelwe ngokuvumelana nesimiso esifanayo; ukuthi lokhu kwenziwa kanjani nakho akucaci.
  • I-GOST idinga ukukhawulela ukufinyelela ezingxenyeni ze-virtualization zeseva, okungukuthi, ku-hypervisor. Yini ethathwa njengengxenye yeseva endabeni ye-Docker? Ingabe lokhu akusho ukuthi isiqukathi ngasinye sidinga ukuqhutshwa kumsingathi ohlukile?
  • Uma nge-virtualization evamile kungenzeka ukukhawula ama-VM ngamakhonco zokuphepha nezingxenye zenethiwekhi, lapho-ke esimweni seziqukathi ze-Docker ngaphakathi komsingathi ofanayo, akunjalo.

Empeleni, kungenzeka ukuthi umcwaningi mabhuku ngamunye azohlola ukuphepha kweziqukathi ngendlela yakhe, ngokusekelwe olwazini lwakhe nolwazi lwakhe. Hhayi-ke, noma ungayihloli nhlobo, uma ingekho eyodwa noma enye.

Uma kwenzeka, sizongeza ukuthi kusukela ngomhlaka-1 Januwari 2021, amaphuzu amancane akumele abe ngaphansi kuka-0,7.

Ngendlela, sithumela njalo izimpendulo namazwana avela kubalawuli ahlobene nezidingo ze-GOST 57580 kanye neMithetho Yebhange Eliphakathi Isiteshi socingo.

Okufanele ukwenze

Ngokombono wethu, izinhlangano zezezimali zinezinketho ezimbili kuphela zokuxazulula inkinga.

1. Gwema ukusebenzisa iziqukathi

Isixazululo salabo abakulungele ukukhokhela ukusebenzisa i-hardware virtualization kuphela futhi ngesikhathi esifanayo besaba izilinganiso eziphansi ngokusho kwe-GOST kanye nezinhlawulo ezivela eBhange Elikhulu.

Ukuhlanganisa: kulula ukuhambisana nezidingo zesigatshana 7.8 se-GOST.

Susa: Kuzodingeka silahle amathuluzi amasha okuthuthukisa asekelwe ekusetshenzisweni kwezinto ezibonakalayo, ikakhulukazi i-Docker ne-Kubernetes.

2. Ukwenqaba ukuhambisana nezidingo zesigatshana 7.8 se-GOST

Kodwa ngesikhathi esifanayo, sebenzisa izindlela ezingcono kakhulu zokuqinisekisa ukuphepha kolwazi lapho usebenza neziqukathi. Lesi yisixazululo salabo abazisa ubuchwepheshe obusha namathuba abawanikezayo. Ngokuthi “izenzo ezinhle kakhulu” sisho imikhuba namazinga amukelwa yimboni okuqinisekisa ukuphepha kweziqukathi ze-Docker:

  • ukuphepha kwe-OS yesikhungo, ukugawulwa kwemithi okulungiselelwe kahle, ukuvinjelwa kokushintshaniswa kwedatha phakathi kweziqukathi, njalonjalo;
  • kusetshenziswa umsebenzi we-Docker Trust ukuhlola ubuqotho bezithombe nokusebenzisa isikena esakhelwe ngaphakathi sokuba sengozini;
  • Akumele sikhohlwe ngokuvikeleka kokufinyelela kude kanye nemodeli yenethiwekhi iyonke: ukuhlasela okufana ne-ARP-spoofing ne-MAC-flooding akukhanseliwe.

Ukuhlanganisa: akukho mikhawulo yezobuchwepheshe ekusetshenzisweni kwe-virtualization yesitsha.

Susa: kunethuba elikhulu lokuthi umlawuli uzojezisa ngokungahambisani nezidingo ze-GOST.

isiphetho

Iklayenti lethu linqume ukungaziyeki iziqukathi. Ngesikhathi esifanayo, kwakudingeka ahlaziye ngokuphawulekayo ububanzi bomsebenzi kanye nesikhathi sokushintshela ku-Docker (bahlala izinyanga eziyisithupha). Iklayenti libuqonda kahle ubungozi. Uyaqonda futhi ukuthi ngesikhathi sokuhlolwa okulandelayo kokuhambisana ne-GOST R 57580, okuningi kuzoxhomeka kumcwaningi wamabhuku.

Ubungenzenjani kulesi simo?

Source: www.habr.com

Engeza amazwana