• Background

    The data center of Tianjin Municipal Human Resources and Social Security Bureau requires that the same-city data center, the production and disaster recovery data center shall perform their respective duties. In case of disaster, the production data center is down, and the same-city data center can quickly recover data and applications, so as to reduce the loss caused by disaster to users.

  • Solution

    The data center security system of Tianjin Municipal Human Resources and Social Security Bureau provides security support for data center, such as security interconnection, access control, identity authentication, authorization management, access control, vulnerability management, anti-virus, intrusion prevention, security audit, desktop (terminal) security, etc. The security management and O&M system is the guarantee for long-term effective operation of data center.

    From the location, they are divided into the production data center and the same-city data center, which are redundant and mutual disaster recovery. From the function, they are divided into business private network and public service network. Security isolation and information exchange system (YK-GAP series gateway) is adopted between business private network and public service network for safe data exchange.

    Digital China DCFW-1800E series firewalls are deployed in the service private network area of a single data center to form a cluster and hang on the core switch to perform secure filtering on cross-VLAN data through policies, while data of the same VLAN is not filtered. The other two sets form a dual-machine cluster and hang on the core switch to perform secure filtering on service data through policies, and at the same time provide high-performance VPN access services for relevant units.

    YK-GAP series gateway is used for physical connection control between data centers. The two data centers are connected to secure and non-secure networks respectively. Information ferry is carried out through the gateway to ensure that no direct physical path is set between the data of the two places. Meanwhile, information filtering, such as anti-virus and anti-malicious code is conducted to ensure information security.

    Each data center deploys a Web Application Firewall to protect the internal server of the entire public service network, providing complete WEB protection, web page protection, load balancing and other functions to ensure the continuous and stable operation of users’ core applications and services.

Customer Value

  • Secure architecture design throughout life cycle
    According to business rules, the whole network’s security is divided to build security domain target based on the business system and reasonable security control measures.
  • Excellent overall protection
    The security protection competence is improved comprehensively and the information security is guaranteed from many aspects such as border security, data security, O&M security, management security, etc.
  • All-round equal security protection
    The comprehensive network security protection is supplied to the customer data center, including full border security, application protection, audit traceability and other complete security programs.