Adhere to the people-centered development idea, closely follow the people's service needs and service experience, and take the people's satisfaction, dissatisfaction, dissatisfaction, and dissatisfaction as the work goals. Through the construction of a social insurance smart governance center in a certain city, we support the construction of a mass A satisfactory social insurance public service system in a certain city.

Comprehensive use of mainstream technologies such as the Internet, big data, intelligence, Internet of Things, 5G, AI, and GIS, and driven by mechanism reform, model innovation, data drive, and technology empowerment, build a social insurance smart governance center and promote the modernization of social insurance in a certain city Modernization of governance systems and governance capabilities.

We will focus on solving the key, difficult, and pain points that restrict the development of social insurance in a certain city as the focus of building a smart social insurance governance center in a certain city, identify breakthroughs, enhance pertinence, highlight the overall situation, and improve service standardization, specialization, and collaboration The level of management and management should be intelligent, precise and scientific.

The construction of a city's social insurance smart governance center must focus on the overall work of a city's social insurance system, starting from multiple dimensions of system connection, policy support, department linkage, business collaboration, and data sharing, to create business and technology, internal and external, and horizontal A new smart governance system for social insurance that integrates vertically, online and offline has formed a new driving force to support the high-quality development of social insurance in the new era.

The construction of a social insurance smart governance center in a certain city must correctly handle the relationship between innovative development and security, strengthen information security and personal privacy protection, improve the multi-level social insurance risk prevention and control system, and consolidate reliable, available, and sustainable information support ability.

According to the overall planning and construction plan of a certain city's social insurance smart center, clarify the boundaries, relationships and priorities between the construction of the social insurance smart governance center and the overall construction of the financial insurance project, make full use of the existing information infrastructure and application systems, coordinate planning, and carefully Implementation should focus on being implementable, operable and assessable to ensure that the effectiveness of the construction of a social insurance smart governance center in a certain city can be fully released.

Strategy system refers to the management activities and computer-aided systems related to strategy formulation and high-level decision-making in an organization.

In Information System Architecture (ISA), the strategic system consists of two parts

Establishing a strategic system in ISA has two meanings:

Usually organizational strategic planning is divided into two types: long-term planning and short-term planning. Long-term planning is relatively stable, such as adjusting product structure, etc.; short-term planning is generally formulated based on the purpose of long-term planning, and is relatively easy to adapt to the environment and organizational operations. And changes, such as deciding on the type of new product, etc.

Business system refers to the system composed of various parts (material, energy, information and people) in the organization that complete certain business functions.

There are many business systems in an organization, such as production systems, sales systems, purchasing systems, personnel systems, accounting systems, etc. Each business system consists of some business processes to complete the functions of the business system. For example, accounting systems often include accounts payable, accounts payable, and accounting systems. Account collection, invoicing, auditing and other business processes.

Business processes can be decomposed into a series of logically interdependent business activities. Business activities are completed in sequence. Each business activity has a role to perform and processes related data. When organizations adjust their development strategies to better adapt to internal and external development environments (such as deploying and using information systems), they often carry out business process reorganization. Business process reorganization is centered on business processes, breaking the division of labor between functional departments of the organization, and improving or reorganizing existing business processes in order to achieve significant improvements in production efficiency, cost, quality, delivery time, etc., and improve the organization competitiveness.

The role of the business system in ISA is:

Application system is the application software system, which refers to the application software part of the information system.

For application software (application systems) in organizational information systems, generally the completed functions can include:

No matter which level the application system is at, from an architectural perspective, it contains two basic components: the internal function implementation part and the external interface part. These two basic parts consist of more specific components and the relationships between them. The interface part is the part of the application system that changes relatively frequently, mainly caused by changes in user requirements for interface form. In the function implementation part, relatively speaking, the data processed change less, while the algorithm and control structure of the program change more, mainly caused by changes in the user's functional requirements for the application system and changes in interface form requirements.

Organizational information infrastructure refers to the construction of an environment consisting of information equipment, communication networks, databases, system software and supporting software based on the organization's current business and foreseeable development trends and requirements for information collection, processing, storage and circulation.

Organizational information infrastructure is divided into three parts:

Due to the development of technology and changes in organizational system requirements, technical infrastructure faces many changing factors in the design, development and maintenance of information systems, and due to the diversity of implementation technologies, there are multiple ways to achieve the same function. Information resource facilities have relatively little change in system construction. No matter what functions the organization completes or how business processes change, data and information must be processed, and most of them do not change with business changes. There are relatively many changes in management infrastructure. This is because organizations need to adapt to changes in the environment and meet the needs of competition. Especially in the stage of my country's transformation and upgrading to a market economy, the introduction or changes of economic policies, business model reforms, etc. will have a great impact on This leads to changes in organizational rules and regulations, management methods, personnel division of labor, and organizational structure. The above is just an overall description of the relative stability and relative change of the three basic components of information infrastructure. There are relatively stable parts and relatively volatile parts in technical infrastructure, information resource facilities, and management infrastructure. It cannot be generalized.

The project stakeholders of the software system (customers, users, project managers, programmers, testers, marketers, etc.) have different requirements for the software system, the development organization (project team) has different personnel knowledge structures, and the quality of the architecture designers Aspects such as experience and the current technical environment are all factors that affect the architecture. These factors affect the architecture by influencing the decisions of the architect through functional requirements, non-functional requirements, constraints, and conflicting requirements.

The architecture describes the large-grained (macro) overall structure of the system, so labor can be divided according to the architecture, and the project group is divided into several working groups, thereby making development orderly; affecting the goals of the development organization, that is, a successful architecture provides the development organization with New business opportunities have been created, thanks to the demonstrability of the system, the reusability of the architecture, and the improvement of the team’s development experience. At the same time, a successful system will influence customers’ requirements for the next system.

Physical architecture refers to not considering the actual work and functional architecture of each part of the system, but only abstractly examining the spatial distribution of its hardware system.

According to the topological relationship of information systems in space, they are generally divided into

Logical architecture refers to the synthesis of various functional subsystems of an information system.

The logical architecture of an information system is its functional complex and conceptual framework.

For the management information system of a production organization, it is divided from the perspective of management functions, including information management subsystems with major functions such as procurement, production, sales, human resources, and finance. A complete information system supports various functional subsystems of an organization, allowing each subsystem to complete functions at various levels such as transaction processing, operation management, management control, and strategic planning. Each subsystem can have its own dedicated files, and at the same time can share various types of data in the information system, and realize the connection between subsystems through standardized interfaces such as network and data. Similarly, each subsystem has its own application program, and can also call public programs that serve various functions and models in the system model library.

Horizontal integration refers to the integration of various functions and needs at the same level. For example, integrating the personnel and payroll subsystems of the operation control layer to integrate grass-roots business processing.

Vertical integration refers to organizing businesses at all levels with certain functions and requirements. This integration communicates the connections between superiors and subordinates. For example, the accounting system of an organization branch and the accounting system of the overall organization are integrated. They all have something in common. where an integrated processing process can be formed.

Vertical and horizontal integration refers to synthesis mainly from the two aspects of information model and processing model to achieve centralized sharing of information, make the program as modular as possible, pay attention to extracting common parts, and establish a system common data system and integrated information processing system.

1. Two-layer C/S

2. Three-layer C/S and B/S structure

3. Multi-layer C/S structure

4. Model-View-Controller Pattern

If two multi-layer C/S structure application systems need to communicate with each other, then a service-oriented architecture will be produced. (Service Oriented Architecture,SOA)

An independent application system means that no matter how many layers of services the application system consists of, if any layer is removed, it will not work properly. It can be an independent application that provides complete functions to the outside world.

Use middleware to realize SOA requirements, such as message middleware, transaction middleware, etc.

In practice, service-oriented architecture can be specifically divided into heterogeneous system integration, homogeneous system aggregation, federated architecture, etc.

The service-oriented architecture is reflected between Web applications and becomes Web Service, that is, two Internet applications can open some internal "services" to each other (such services can be understood as functional modules, functions, processes, etc.). Currently, the protocols used by Web applications to open their internal services to the outside world mainly include SOAP and WSDL. For specific information, please refer to the relevant standards.

Web Service is one of the most typical and popular application patterns of service-oriented architecture.

The essence is the message mechanism or remote procedure call (RPC).

For small and medium-sized industrial enterprises or industrial enterprises in the initial stage of informatization and digitalization, the main goal of information system integration construction is to improve work efficiency and reduce business risks. At the same time, due to the shortcomings of their own informatization teams and talents, as well as the lack of in-depth understanding of informatization and digitalization in their business systems, enterprises often adopt the "borrowing doctrine" to build their information systems, that is, directly purchasing complete sets of mature application software. , and build relevant infrastructure based on the operational requirements of the application software.

At this stage of enterprise development, the focus is on the detailed division of organizational functions and the introduction of industry best practices. Therefore, the information construction of an organization is often based on departments or functions. The core focus is on the software functions of the information system, such as financial management, equipment management, asset management, etc., so as to carry out information system planning, design, deployment and operation. At the same time, through the deployment of complete sets of software, it can strengthen its own management or process level. The integration and fusion between application software or modules is mainly completed through the system’s software interface. Enterprises often adopt unified planning and step-by-step implementation, that is, what functions are needed and what functions are deployed online

The system integration architecture with platform capabilities as the main line originated from the development of cloud computing technology and the gradual maturity of cloud services. Its core concept is to transform each component of the "silo-style" information system into a "flattened" construction method, including flattened data collection, flattened network transmission, flattened application middleware, and flattened application development. etc., and through standardized interfaces and new information technologies, the elasticity and agility of information systems can be built. Information system applications supported by platform architecture can be combined with special construction or independent configuration (or small-scale development) to quickly obtain the application system functions required by the enterprise, thus overcoming the shortcomings of complete software vendors in personalized software customization.

In specific practice, the architectural transformation of enterprises is a continuous process. Enterprises will continue to use the complete software deployment model for applications with high maturity and few changes, and adopt platform architecture for new and changing applications, and ultimately maintain the coexistence of the two architectures (also known as dual-state IT, that is, sensitive state and steady state). integration) or all converted to a platform architecture.

When an enterprise develops to the industrial chain or ecological chain stage, or becomes a complex and diversified group enterprise, the enterprise begins to seek a transfer or transition to a system integration architecture with the Internet as the main line.

A system integration architecture with the Internet as the main line, emphasizing the maximum application (microservices) of each information system function

The system integration architecture with the Internet as the main line integrates and applies more new generation information technologies and their application innovations

TOGAF is developed by the international organization The Open Group.

The organization began to develop system architecture standards in 1993 in response to customer requirements, and published the TOGAF architecture framework in 1995. The foundation of TOGAF is the Technical Architecture For Information Management (TAFIM) of the U.S. Department of Defense. It is based on an iterative process model that supports best practices and a reusable set of existing architectural assets. It can be used to design, evaluate, and establish a suitable enterprise architecture. Internationally, TOGAF has been proven to be able to build enterprise IT architecture flexibly and efficiently.

The framework is designed to help enterprises organize and address all critical business needs through the following four objectives:

TOGAF reflects the structure and content of an enterprise's internal architecture capabilities. The TOGAF9 version includes six components:

The core idea of ​​the TOGAF framework is:

The Architecture Development Method (ADM) describes the various steps required to develop an enterprise architecture and the relationships between them. Detailed definition, it is also the core content of the TOGAF specification.

The ADM approach consists of a set of phases arranged in a ring in the order of architecture development in the architecture domain.

This model divides the ADM full life cycle into ten phases including preparation phase, demand management, architectural vision, business architecture, information system architecture (application and data), technical architecture, opportunities and solutions, migration planning, implementation governance, and architecture change governance. Stages, these ten stages are an iterative process.

The ADM approach is applied iteratively throughout the architecture development process, between phases, and within each phase. In the full life cycle of ADM, each stage needs to confirm the design results based on the original business requirements, which also includes some stages unique to the business process. Validation requires a revisiting of the enterprise's coverage, timeframe, level of detail, plans, and milestones. Each phase should allow for the reuse of architectural assets.

ADM has formed a three-level iteration concept:

Main activities in each development stage of ADM

（1） value expectation

（2） reaction force

（3） catalyst for change

（1） Pay more attention to the behavioral models of the participants and less to the goals within them.

（2） Participants are often rigidly divided into several roles, where the individuals in each role are essentially the same (for example, businessmen, investment managers, or system administrators).

（3） Differences in limiting factors are often ignored (e.g., whether securities traders in New York are the same as those in London, whether the market is open for trading versus daily trading).

（4） The result is simple. Requirements are met or not met, use cases are completed successfully or not.

（1） Which constraints affect one or more desired values.

（2） If impacts are known, would it be easier (positive impacts) or more difficult (negative impacts) for them to meet expectations.

（3） How severe the various effects are, in which case simple levels of low, medium and high are usually sufficient.

（1） Identify and prioritize appropriate value contexts.

（2） Define utility curves and prioritized expected values ​​in each context.

（3） Identify and analyze counterforces and catalysts for change in each context.

（4） Detect areas where constraints make it difficult to meet expectations.

（1） importance

（2） degree

（3） as a result of

（4） isolation

（1） organize

（2） operate

（3） variability

（4） evolution

（1） Software-intensive products and systems exist to provide value.

（2） Value is a scalar quantity that combines an understanding of marginal utility with the relative importance of many different goals. Goal trade-off is an extremely important issue.

（3） Value exists at multiple levels, some of which include the target system as a value provider. The value models used in these areas encompass the key drivers of software architecture.

（4） Value models at higher levels in the hierarchy can cause changes to the value models below them. This is an important basis for formulating system evolution principles.

（5） For each value group, the value model is homogeneous. Value contexts exposed to different environmental conditions have different expected values.

（6） System development sponsors have different priorities for meeting the needs of different value contexts.

（7） Architectural challenges arise from the impact of environmental factors on expectations within a context.

（8） An architectural approach attempts to maximize value by overcoming the highest priority architectural challenges first.

（9） The architectural strategy is synthesized from the highest priority architectural approach by summarizing common rules, policies, and organizational principles, operations, changes, and evolution.

（1） Governance channels

（2） Governance Center System

（3） Governance supporting system

（4） Relevant system modifications

（1） Based on the rationality principle of hierarchical positioning.

（2） The scalability of the architecture requires consideration of the data storage model and data storage technology.

The source database is the source of data required by a city’s social insurance smart governance center

Use synchronization tools such as OGG or synchronize the source database with data synchronization, service calls, etc. Step into the exchange database and use data synchronization or mirroring to reduce the impact on the source database.

The data in the exchange library is extracted through OGG For Bigdata to extract variable data, Sqoop extraction, push, import, etc., and stored in the transition library in the Hadoop platform to improve the performance of large batch data processing.

Compare, convert, clean, and aggregate the data in the transition database, and store it in a unified database table structure. In the integrated database, incremental data sources and full data sources are provided for each subject database.

That is, the service library extracts the required data from the integrated library according to the application requirements of the governance theme to provide governance Provide support for theoretical applications and visual presentation.

Follow international and domestic standards such as J2EE, HTML5, CSS3, SQL, Shell, XML/JSON, HTTP, FTP, SM2, SM3, JavaScript, etc.

1||| Relying on 5G network and Internet of Things to provide basic network support for this project;

2||| Relying on application middleware to provide application deployment support for this project;

3||| Relying on distributed cache, memory database, MPP database, and transaction database to provide basic data storage support for this project;

4||| Relying on the Hadoop platform to provide distributed storage and computing environment support for this project;

5||| Relying on search engine and rule engine components to provide technical component support for governance applications.

It is a technology that needs to be strictly followed and adopted in application system development.

The application framework adopts a layered design, including access layer, interaction control layer, business component layer, and resource access layer.

Including single sign-on, service bus (ESB), process engine, message queue and other technologies to support the integration between various application systems.

Including ETL tools, data synchronization replication tools, data indexing, SQL/stored procedures, MapReduce/Spark computing engines and other technologies, it provides data collection, data cleaning, data conversion, data processing, data mining, etc. for a city's social insurance smart governance center. Provide technical support for work.

Including BI engine, report engine, GIS engine, chart component, 3D engine, multi-dimensional modeling engine, AI algorithm package, data mining algorithm package and other big data technologies, providing social security maps, remote command and dispatch, panoramic analysis, macro decision-making, monitoring and supervision Provide technical support for visualization of other applications.

Including operation traces, fault warning, energy efficiency monitoring, log collection, vulnerability scanning, application Use monitoring, network analysis and other technologies to support the standardized operation and maintenance of application systems.

A single-core LAN usually consists of a core layer 2 or layer 3 switching device as the core device of the network, and user devices (such as user computers, smart devices, etc.) are connected to the network through several access switching devices.

This type of LAN can be connected to the WAN through interconnection routing equipment (border routers or firewalls) connecting the core network switching equipment and the WAN to achieve business access across the LAN.

Single core network has the following characteristics:

The advantage of using a single core to build a network is that the network structure is simple and equipment investment can be saved. It is more convenient for sub-organizations that need to use the LAN to access. They can directly connect to the idle interface of the core switching device through the access switching device. Its shortcomings are that the geographical scope of the network is limited, and the sub-organizations that require the use of LAN are relatively compact; the core network switching equipment has a single point of failure, which can easily lead to overall or partial failure of the network; the network expansion capability is limited; there are many switching devices connected to the LAN In this case, the port density of core switching equipment is required to be high.

As an alternative, for smaller-scale networks, user equipment using this network architecture can also be directly interconnected with core switching equipment, further reducing investment costs.

Dual-core architecture usually refers to the core switching equipment using three-layer and above switches.

Ethernet connections such as 100M/GE/10GE can be used between core switching equipment and access equipment. When dividing VLANs within the network, access between each VLAN must be completed through two core switching equipment. Only the core switching equipment in the network has the routing function, and the access equipment only provides the Layer 2 forwarding function.

Core switching devices are interconnected to achieve gateway protection or load balancing. The core switching equipment has protection capabilities and the network topology is reliable. Hot switching can be implemented in service routing and forwarding. For mutual access between the LANs of various departments connected to the network, or for accessing core business servers, there are more than one path to choose from, with higher reliability.

It is more convenient for special organizations that need to use the LAN to access. They can directly connect to the idle interface of the core switching device through the access switching device. Equipment investment is higher than that of single-core LAN. The port density requirements for core switching equipment are relatively high. All business servers are connected to two core switching devices at the same time and protected through the gateway protection protocol to provide high-speed access to user equipment.

A ring LAN is composed of multiple core switching devices connected into dual RPR (Resilient Packet Ring) dynamic elastic packet rings to build the core of the network.

Core switching equipment usually uses three-layer or above switches to provide business forwarding functions.

Each VLAN in a typical ring LAN network realizes mutual access through the RPR ring. RPR has a self-healing protection function to save optical fiber resources; it has the ability of 50ms self-healing time at the MAC layer, and provides multi-level, reliable QoS services, bandwidth fairness mechanism and congestion control mechanism. The RPR ring is available in both directions. The network forms a ring topology through two reverse optical fibers, and nodes on the ring can reach another node from two directions. Each fiber can transmit data and control signals simultaneously. RPR uses spatial reuse technology to effectively utilize the bandwidth on the ring.

When building a large-scale LAN through RPR, multiple rings can only communicate with each other through service interfaces and cannot achieve direct network communication. The investment in ring LAN equipment is higher than that of a single-core LAN. Core routing redundancy design is difficult to implement and can easily form loops. This network accesses the WAN through border routing devices that interconnect switching devices on the ring.

Hierarchical LAN (or multi-layer LAN) consists of core layer switching equipment, aggregation layer switching equipment, access layer switching equipment and User equipment and other components

The core layer equipment in the hierarchical LAN model provides high-speed data forwarding functions; the sufficient interfaces provided by the aggregation layer equipment realize mutual access control with the access layer, and the aggregation layer can provide different access devices under its jurisdiction (within the department LAN) The service switching function reduces the forwarding pressure on core switching equipment; the access layer equipment realizes access to user equipment. Hierarchical LAN network topology is easy to expand. Network faults can be classified and troubleshooted to facilitate maintenance. Usually, the hierarchical LAN is connected to the WAN through the border routing device with the WAN to realize mutual access of LAN and WAN services.

A single-core WAN usually consists of a core routing device and each LAN, as shown in Figure 4-13. The core routing equipment uses layer 3 and above switches. Access between LANs within the network requires core routing equipment.

There are no other routing devices between LANs in the network. Broadcast lines are used between each local area network and the core routing equipment. The interconnection interfaces between routing equipment and each LAN belong to the corresponding LAN subnet. The core routing equipment and each local area network can be connected using 10M/100M/GE Ethernet interfaces. This type of network has a simple structure and saves equipment investment. Each LAN accesses the core LAN and each other with high efficiency. It is more convenient for the new department LAN to connect to the WAN, as long as the core routing equipment has ports. However, there is a risk that a single point of failure in the core routing equipment can easily lead to the failure of the entire network. The network expansion capability is poor and the port density of core routing equipment is required to be high.

A dual-core WAN usually consists of two core routing devices and each LAN, as shown in Figure 4-14.

The main feature of the dual-core WAN model is that the core routing equipment usually uses three-layer and above switches. The core routing equipment is usually connected to each local area network through Ethernet interfaces such as 10M/100M/GE. Access between LANs in the network requires two core routing devices. There are no other routing devices between LANs for business access. Implement gateway protection or load balancing between core routing devices. There are multiple path options for each LAN to access the core LAN and to each other, with higher reliability. Hot switching can be achieved at the routing level, providing business continuity access capabilities. When the core routing equipment interface is reserved, the new LAN can be easily accessed. However, the equipment investment is higher than that of a single-core WAN. The routing redundancy design of core routing equipment is difficult to implement and can easily form routing loops. The network has higher port density requirements for core routing equipment.

A ring wide area network usually uses more than three core router devices to form a routing loop to connect various local area networks and realize mutual access of WAN services.

The main feature of a ring wide area network is that the core routing equipment usually uses three-layer or above switches. The core routing equipment and each local area network are usually connected through Ethernet interfaces such as 10M/100M/GE. Access between LANs within the network needs to pass through a ring formed by core routing devices. There are no other routing devices for mutual access between the LANs. Core routing devices are equipped with gateway protection or load balancing mechanisms, as well as loop control functions. Each LAN has multiple paths to choose from to access the core LAN or each other, with higher reliability. Seamless hot switching can be achieved at the routing level to ensure continuity of business access.

When the core routing equipment interface is reserved, the new department LAN can be easily accessed. However, the equipment investment is higher than that of dual-core WAN, and the routing redundancy design of core routing equipment is difficult to implement, and routing loops are easily formed. The ring topology needs to occupy more ports, and the network has higher port density requirements for core routing equipment.

A semi-redundant WAN is formed by multiple core routing devices connecting various LANs, as shown in Figure 4-16. Among them, any core routing device has at least two or more links connected to other routing devices. A special case of a semi-redundant WAN is a fully redundant WAN if there is a link between any two core routing devices.

The main features of semi-redundant WAN are flexible structure and easy expansion. Some network core routing devices can adopt gateway protection or load balancing mechanisms or have loop control functions. The network structure is mesh-like, and there are multiple paths for each LAN to access the core LAN and each other, with high reliability. Routing selection at the routing level is more flexible. The network structure is suitable for deploying link state routing protocols such as OSPF. However, the network structure is fragmented and difficult to manage and troubleshoot.

The peer-to-peer subdomain network divides the routing equipment of the WAN into two independent subdomains, and each subdomain routing equipment is interconnected in a semi-redundant manner. The two subdomains are interconnected through one or more links, and any routing device in the peer subdomain can access the LAN, as shown in Figure 4-17.

The main feature of the peer-to-peer subdomain WAN is that mutual access between peer-to-peer subdomains is dominated by interconnection links between peer-to-peer subdomains. Route summary or detailed route entry matching can be achieved between peer sub-domains, and route control is flexible. Generally, the bandwidth of links between subdomains should be higher than the bandwidth of links within subdomains. Inter-domain routing redundancy design is difficult to implement and can easily form routing loops or run the risk of publishing illegal routes. The routing performance requirements of domain border routing equipment are relatively high. The routing protocols in the network are mainly dynamic routing. Peer-to-peer subdomains are suitable for scenarios where the WAN can be clearly divided into two areas and access within the areas is relatively independent.

The hierarchical subdomain WAN structure divides large WAN routing equipment into multiple relatively independent subdomains. The routing equipment in each subdomain is interconnected in a semi-redundant manner. There is a hierarchical relationship between multiple subdomains. High-level subdomains connect multiple subdomains. Low-level subdomains. Any routing device in the hierarchical subdomain can access the LAN, as shown in Figure 4-18.

The main feature of hierarchical subdomains is that the hierarchical subdomain structure has better scalability. Mutual access between low-level subdomains needs to be completed through high-level subdomains. The implementation of inter-domain routing redundancy design is difficult, it is easy to form routing loops, and there is a risk of publishing illegal routes. The link bandwidth between sub-domains must be higher than the link bandwidth within the sub-domain. The routing and forwarding performance requirements of domain border routing devices used for domain mutual access are relatively high. The routing protocols of routing devices are mainly dynamic routing, such as OSPF protocol. The interconnection between hierarchical subdomains and the upper-level external network is mainly completed with the help of high-level subdomains; the interconnection with the lower-level external network is mainly completed with the help of low-level subdomains.

When 5GS provides services to mobile terminal users (User Equipment, UE), it usually requires DN network, such as Internet, IMS (IP Media Subsystem), private network and other interconnections to provide the required services for the UE. UPF network elements in 5GS serve as the access point of DN for various Internet, voice, AR/VR, industrial control and driverless services. 5GS and DN are interconnected through the N6 interface defined by 5GS, as shown in Figure 4-19.

5G Network belongs to the 5G category and includes several network functional entities, such as AMF/SMF/PCF/NRF/NSSF, etc. For the sake of simplicity, only network functional entities closely related to user sessions are marked in the figure.

When 5GS and DN are interconnected based on IPv4/IPv6, from the DN perspective, UPF can be regarded as an ordinary router. On the contrary, from the perspective of 5GS, the devices interconnected with UPF through the N6 interface are usually routers. In other words, there is a routing relationship between 5GS and DN. The service flow of the UE accessing the DN is forwarded between them through bidirectional routing configuration. As far as the 5G network is concerned, the service flow flowing from UE to DN is called uplink (UL, UpLink) service flow; the service flow flowing from DN to UE is called downlink (DL, DownLink) service flow. The UL service flow is forwarded to the DN through the route configured on the UPF; the DL service flow is forwarded to the UPF through the route configured on the router adjacent to the UPF.

In addition, from the perspective of how UE accesses the DN through 5GS, there are two modes:

5G networks change the previous device- and business-centered orientation and advocate a user-centered concept. While 5G networks provide services to users, they also pay more attention to users’ service experience QoE (Quality of Experience). Among them, the provision of 5G network edge computing capabilities is one of the important measures to empower vertical industries and improve user QoE.

The Mobile Edge Computing (MEC) architecture of the 5G network is shown in Figure 4-22. It supports the deployment of 5G UPF network elements at the edge of the mobile network close to the end user UE, combined with the deployment of an edge computing platform (Mobile Edge Platform) at the edge of the mobile network. ,MEP), provides vertical industries with nearby business offloading services characterized by time-sensitive and high bandwidth. Therefore, on the one hand, it provides users with an excellent service experience, and on the other hand, it reduces the pressure on mobile network back-end processing.

The operator's own application or third-party application AF (Application Function) triggers the 5G network to dynamically generate local offloading policies for edge applications through the capability opening function network element NEF (Network Exposure Function) provided by 5GS, which is controlled by PCF (Policy Charging Function) Configure these policies to the relevant SMF. The SMF dynamically implements UPF (that is, the UPF deployed in the mobile edge cloud) insertion or removal in the user session based on the end-user location information or location change information after the user moves, and offloads these UPFs. Dynamic configuration of rules achieves excellent results for users to access required services.

In addition, from the perspective of business continuity, the 5G network can provide SSC mode 1 (the IP access point of the user session remains unchanged during the user's movement), SSC mode 2 (the network triggers the release of the user's existing session during the user's movement) and immediately triggers the establishment of a new session), SSC mode 3 (establishes a new session before releasing the user's existing session during user movement) for the service provider ASP (Application Service Provider) or operator to choose.

Information is leaked or disclosed to an unauthorized entity.

Data is lost due to unauthorized addition, deletion, modification or destruction.

Legitimate access to information or other resources is unconditionally blocked.

A resource is used by an unauthorized person or in an unauthorized manner.

Use all possible legal or illegal means to steal information resources and sensitive information in the system. For example, monitoring signals transmitted in communication lines, or using electromagnetic leakage generated by communication equipment during operation to intercept useful information.

Through long-term monitoring of the system, statistical analysis methods are used to analyze such factors as communication frequency and communication Conduct research on changes in information flow and total communication volume to discover valuable information and patterns.

By deceiving the communication system (or user), the purpose is to achieve the purpose of illegal users pretending to be legitimate users, or users with low privileges pretending to be users with high privileges. Hackers mostly use impersonation to attack.

An attacker takes advantage of a system's security flaws or vulnerabilities to gain unauthorized rights or privileges. For example, attackers use various attack methods to discover some system "features" that should be kept secret but are exposed. Using these "features", attackers can bypass defenders and penetrate into the system.

A person who is authorized to use a system or resource for a certain purpose uses this permission for other unauthorized purposes, also known as an "insider attack."

The software contains an undetectable or harmless program segment that, when executed, destroys User safety. This kind of application is called a Trojan Horse.

A "chassis" is set up in a system or component to allow violations of security policies when specific input data is provided.

This is an attack from the user, for example, denying a message they have posted or forging a letter from the other party.

A legitimate communication data backup that was intercepted and retransmitted for illegal purposes.

The so-called computer virus is a functional program that can infect and infringe during the operation of the computer system. A virus usually has two functions: one is to "infect" other programs; the other is to cause damage or the ability to implant an attack.

An authorized person discloses information to an unauthorized person for money or profit, or due to carelessness.

Information is obtained from discarded disks or printed storage media.

Intruders gain access to a system by bypassing physical controls.

Important security items such as tokens or ID cards are stolen.

A fake system or system component that deceives legitimate users or systems into voluntarily giving up sensitive information.

System security architecture refers to the main components that build the security quality attributes of information systems and the relationships between them.

The goal of system security architecture is how to build its own security from the source without relying on external defense systems.

Security technology architecture refers to the main components of building a security technology system and the relationships between them.

The task of the security technology architecture is to build a general security technology infrastructure, including security infrastructure, security tools and technologies, security components and support systems, etc., to systematically enhance the security defense capabilities of each part.

The audit structure refers to the independent audit department or the risk discovery capabilities it can provide. The scope of audit mainly includes all risks including security risks.

When people design a system, they usually need to identify the security threats that the system may encounter. By conducting a reasonable evaluation of the security threats faced by the system and implementing corresponding control measures, effective and reasonable security technologies are proposed to form a security method that improves the security of the information system. Solution is the fundamental goal of security architecture design. In practical applications, security architecture design can be considered from the perspective of security technology, such as encryption and decryption, network security technology, etc.

（1） Early Warning(W)

（2） Protect(P)

（3） Detection(D)

（4） Response(R)

（5） Recovery(R)

（6） Counterattack(C)

1. System security system

2. Information security architecture

The field of network structure security focuses on whether the network topology is reasonable, whether lines are redundant, whether routing is redundant and preventing single points of failure.

Operating system security focuses on two aspects: ① Measures that can be taken to prevent operating system security, such as: try to use a more secure network operating system and make necessary security configurations, close some applications that are not commonly used but have security risks, Use permissions to restrict or strengthen the use of passwords, etc. ② By equipping the operating system security scanning system to conduct security scans on the operating system, discover vulnerabilities, and upgrade in a timely manner.

In terms of application system security, focus on the application server and try not to open some infrequently used protocols and protocol ports, such as file services, email servers, etc. You can turn off services such as HTTP, FTP, Telnet, etc. on the server. Login identity authentication can be strengthened to ensure the legality of user use.

Isolation and access control must have a strict control system, and a series of management measures such as "User Authorization Implementation Rules", "Password and Account Management Specifications", and "Permission Management Formulation" can be formulated.

Equipping a firewall is the most basic, economical and effective security measure in network security. Isolation and access control between internal and external networks or different trust domains in the internal network are achieved through strict security policies of the firewall. The firewall can implement one-way or two-way control, and implement finer-grained access control for some high-level protocols.

Intrusion detection requires real-time monitoring and recording of all operations in and out of the network segment based on the information codes of existing and latest attack methods, and implementing responses (blocking, alarming, and sending E-mails) according to established strategies. This prevents attacks and crimes against the network. Intrusion detection systems generally include a console and detectors (network engines). The console is used to formulate and manage all detectors (network engines). The network engine is used to monitor access behaviors in and out of the network and execute corresponding behaviors according to the instructions of the console.

Virus protection is a necessary means of network security, because in the network environment, computer viruses have immeasurable threats and destructive power. The operating system (such as Windows system) used in network systems is prone to virus infection. Therefore, the prevention of computer viruses is also one of the important aspects that should be considered in network security construction. Anti-virus technology includes three types: virus prevention, virus detection and anti-virus.

Resource sharing must strictly control the use of network shared resources by internal employees. Generally, shared directories should not be easily opened in internal subnets, otherwise important information may be leaked due to negligence when exchanging information among employees. For users who need to frequently exchange information, a necessary password authentication mechanism must be added when sharing, that is, only through password authentication can access to data be allowed.

Information storage refers to user hosts that involve secret information. Users should try to open as few uncommon network services as possible during the application process. Make a secure backup of the database in the data server. The database can be backed up and stored remotely through the network backup system.

Establishing and improving a security management system will be an important guarantee for the realization of network security. You can formulate security operation procedures, reward and punishment systems for security incidents according to your actual situation, and appoint security managers to be fully responsible for supervision and guidance.

Building a security management platform will reduce many risks caused by unintentional human factors. Building a security management platform can provide technical protection, such as forming a security management subnet, installing centralized and unified security management software, network equipment management systems, and network security equipment unified management software, etc., to achieve security management of the entire network through the security management platform.

Network security prevention awareness training should be conducted frequently for unit employees to comprehensively improve employees’ awareness of overall security methods.

OSI (Open System Interconnection/Reference Mode, OSI/RM) is an open communication system interconnection model (ISO 7498-2) formulated by an international standards organization. The national standard GB/T9387.2 "Basic Reference for Information Processing System Open System Interconnection" Model Part 2: Security Architecture" is equivalent to ISO 7498-2.

The purpose of OSI is to ensure the secure exchange of information over long distances between open system processes. These standards establish some guiding principles and constraints within the framework of a reference model, thereby providing a consistent approach to solving security issues in open interconnected systems.

OSI defines a 7-layer protocol, in which each layer except layer 5 (session layer) can provide corresponding security services.

It is most suitable to configure security services on the physical layer, network layer, transport layer and application layer. It is not suitable to configure security services on other layers.

The five types of security services of the OSI open system interconnection security system include authentication, access control, data confidentiality, data integrity and non-repudiation.

OSI defines a layered multi-point security technology architecture, also known as a defense-in-depth security technology architecture, which distributes defense capabilities to the entire information system in the following three ways.

The security of information systems not only relies on technology, but also requires non-technical defense methods. An acceptable level of information assurance relies on a combination of people, management, technology and processes.

The basic purpose of authentication is to prevent other entities from occupying and independently operating the identity of the authenticated entity.

Authentication provides assurance that an entity claims its identity and is meaningful only in the context of the relationship between the subject and the verifier.

There are two important relational contexts for identification:

The identification methods are mainly based on the following five methods:

Authentication information refers to the information generated, used and exchanged from the applicant's request for authentication to the end of the authentication process.

The types of authentication information are exchange authentication information, request authentication information and verify authentication information.

In some cases, the applicant needs to interact with a trusted third party in order to generate exchange authentication information. Similarly, in order to verify the exchange of authentication information, the verifier also needs to interact with a trusted third party. In this case, the trusted third party holds the verification AI of the relevant entity, and may also use the trusted third party to transfer and exchange authentication information. The entity may also need to hold the authentication information used in authenticating the trusted third party.

The authentication service is divided into the following stages:

Access Control is the process of determining which resources are allowed to be used in an open system environment and where it is appropriate to prevent unauthorized access.

In the case of access control, access can be to a system (that is, to an entity that is a communicating part of a system) or to within a system.

Figure 4-25 and Figure 4-26 illustrate the basic functions of access control.

ACI (Access Control Information) is any information used for access control purposes, including contextual information. ADI (Access Control Decision Information) is part (or all) of the ACI available to ADF when making a specific access control decision.

ADF (Access Control Decision Function) is a specific function that makes access control decisions by using access control policy rules on the access request, the ADI, and the context of the access request. AEF (Access Control Enforcement Function) ensures that only access allowed to the target is performed by the initiator.

Involved in access control are the initiator, AEF, ADF and target. Initiators represent people and computer-based entities that access or attempt to access a target. The target represents the computer or communications-based entity that is attempted to be accessed or is accessed by the initiator. For example, the target may be an OSI entity, file, or system. An access request represents the operations and operands that form part of the access attempt.

When the initiator requests special access to the target, AEF notifies ADF that a decision is needed to make a decision. To make a decision, the ADF is provided with an access request (as part of the decision request) and the following access control decision information (ADI).

Other inputs to ADF are access control policy rules (from the security domain authority of ADF) and the necessary contextual information used to interpret the ADI or policy. Contextual information includes the originator's location, access time, or special communication paths in use. Based on these inputs, and possibly ADI information retained from previous decisions, the ADF can make a decision that allows or disallows the initiator's attempted access to the target. The decision is passed to the AEF, which then allows the access request to be passed to the target or takes other appropriate action.

In many cases, successive access requests to the target by the initiator are related. A typical example in an application is that after opening a connection with the same layer target, the application process attempts to perform several accesses with the same (reserved) ADI. For some access requests that are subsequently communicated through the connection, it may be necessary to provide additional access requests to the ADF. ADI allows access requests. In other cases, security policies may require restrictions on certain related access requests between one or more initiators and one or more targets. In this case, ADF may use multiple initiators. Special access requests are adjudicated using ADI retained from previous decisions regarding the target.

If allowed by the AEF, the access request involves only a single interaction between the initiator and the target. Although some access requests between the initiator and target are completely unrelated to other access requests, often the two entities enter into a related set of access requests, such as the challenge-response pattern. In this case, the entity changes the initiator and target roles simultaneously or alternately as needed, and the access control function can be performed for each access request by separate AEF components, ADF components, and access control policies.

The purpose of confidentiality (Confidentiality) services is to ensure that information is only available to authorized persons. Because information is represented by data, and data may cause changes in relationships (for example, file operations may cause directory changes or changes in available storage areas), information can be derived from data in many different ways. For example, deriving by understanding the meaning of the data (such as the value of the data); deriving by using data-related attributes (such as existence, created data, data size, date of last update, etc.): by studying the context of the data, That is, derived through other data entities related to it; derived through observing the dynamic changes of data expressions.

The protection of information is to ensure that the data is restricted to authorized persons or obtained by representing the data in a specific way. The semantics of this protection method is that the data is only accessible to those who possess certain key information. Effective confidentiality protection requires that necessary control information (such as keys and RCI, etc.) be protected. This protection mechanism is different from the mechanism used to protect data (such as keys can be protected by physical means, etc.).

The two concepts of protected environment and overlapping protected environment are used in the confidentiality framework. Data in a protected environment can be protected through the use of a specific security mechanism (or mechanisms). All data in a protected environment is protected in a similar manner. When two or more environments overlap, the data in the overlap can be protected multiple times. It can be inferred that continuous protection of data moved from one environment to another necessarily involves overlapping protection environments.

The confidentiality of data can depend on the medium on which it resides and is transmitted, so the confidentiality of stored data is guaranteed by using mechanisms that hide data semantics (such as encryption) or shard the data. The confidentiality of data during transmission is ensured by mechanisms that prohibit access, hide data semantics, or disperse data (such as frequency hopping, etc.). These mechanism types can be used individually or in combination.

Mechanism type

The purpose of the integrity (Integrity) framework is to protect the integrity of data and the integrity of data-related attributes that may be compromised in different ways by preventing threats or detecting threats. Integrity refers to the characteristic that data is not altered or destroyed in unauthorized ways.

Integrity services are classified in several ways:

Since the ability to protect data is related to the media being used, data integrity protection mechanisms are different for different media and can be summarized as the following two situations.

According to the intensity of protection, integrity mechanisms can be divided into:

Non-repudiation (Non-repudiation) services include the generation, verification and recording of evidence, as well as the subsequent recovery and re-verification of evidence when resolving disputes. The purpose of the non-repudiation services described in the Framework is to provide evidence about specific events or actions. Entities other than the event or conduct itself can request non-repudiation services. Examples of behaviors that can be protected by the non-repudiation service include sending X.400 messages, inserting records in the database, requesting remote operations, etc.

When it comes to non-repudiation services for message content, the identity of the data originator and data integrity must be confirmed in order to provide proof of origin. To provide proof of delivery, recipient identity and data integrity must be confirmed. In some cases, evidence involving contextual information (such as date, time, originator/recipient location, etc.) may also be required. The non-repudiation service provides the following facilities that can be used in the event of attempted denial: evidence generation, evidence recording, verification of generated evidence, recovery and reexamination of evidence. Disputes may be resolved directly between the disputing parties through an examination of the evidence, or they may have to be resolved through an arbitrator, who will evaluate and determine whether the conduct or event at issue occurred.

Non-repudiation consists of 4 independent stages, namely:

（1） requirements analysis stage

（2） conceptual structural design stage

（3） Logical structure design stage

Refers to the code that implements business logic

It is all the third-party libraries that the business code depends on, including business libraries and Basic library

Refers to code that implements non-functional capabilities such as high availability, security, and observability.

1. Functional features

2. non-functional features

1. virtual machine

2. container

3. cloud service

1||| Enhance service resilience

2||| CQRS (Command Query Responsibility Segregation, command query responsibility separation)

3||| Data change notification

4||| Build open interfaces

5||| event stream processing

6||| Event-triggered responses

By introducing OLTP and OLAP databases, online data and offline analysis logic are split into two databases, changing the previous status quo of relying entirely on Oracle databases. Meet the shortcomings of actual business requirements supported by Oracle database in the scenario of processing historical data query.

With the introduction of containerization technology, the problem of inconsistent environments has been effectively solved through application containerization, ensuring the consistency of applications in development, testing, and production environments. Compared with virtual machines, containerization provides dual improvements in efficiency and speed, making applications more suitable for microservice scenarios and effectively improving production and research efficiency.

Since many businesses in the past were completed based on Oracle's stored procedures and triggers, the service dependencies between systems also required the Oracle database OGG (Oracle Golden Gate) to be completed simultaneously. The problem this brings is that the system maintenance is difficult and the stability is poor. By introducing Kubernetes service discovery, we can build a microservice solution and split the business according to business domains, making the entire system easier to maintain.

（1） infrastructure

（2） Traffic access

（3） platform layer

（4） application service layer

（5） Operation and maintenance management

Cloud products are all self-hosted in the cloud without operation and maintenance, effectively saving manual operation and maintenance costs and allowing enterprises to focus more on core business.

Cloud products provide at least five 9 (99.999%) SLA services to ensure system stability, while the stability of self-built systems is much higher. In terms of data security, data on the cloud can be easily backed up off-site. The archive storage products under the cloud service provider's data storage system have the characteristics of high reliability, low cost, security, and unlimited storage, making enterprise data safer.

With deep integration with cloud products, R&D personnel can complete one-stop R&D, operation and maintenance work. From business requirement establishment to pull branch development, to test environment function regression verification, and finally deployment to pre-release verification and online, the entire continuous integration process can be shortened to minutes. In terms of troubleshooting, R&D personnel directly select the application they are responsible for and quickly retrieve the program's exception logs through the integrated SLS log console to locate the problem, eliminating the need to log in to the machine to check the logs.

Cloud service providers provide more than 300 types of cloud components, covering computing, AI, big data, and IoT and many other fields. R&D personnel can use it right out of the box, effectively saving the technical costs brought about by business innovation.