chrispeng [ad_1]
Taking the campus card system as a platform, it realizes people-oriented, all digital management from campus environment, resources to activities. Therefore, the construction of a campus one-card system to realize “one card in hand, travel all over the campus” will definitely meet the needs and purposes of the school’s digital campus construction.
1. Project content:
The digital campus card of Dayi Middle School is divided into a card platform and various subsystems:
All-in-one card platform: unified identity authentication platform, initialization, issuance, reporting of loss, cancellation, replacement of card, cancellation of campus card, completion of sales, settlement and transfer reconciliation of various merchants. Business consumption system, access management system, computer management system, water control management system.
2. Database and software platform
The system adopts bus + star network topology, the client adopts windows9x/xp/2000. The server adopts Windows2000Server, SQL_SERVER7.0/2000 central database integration method and general interconnection software technology.
3. Network Architecture
Various terminal devices of the campus card system are directly connected to the TCP/IP backbone network through the network server. The campus card management center directly manages various terminal devices through the campus network, sets and changes the global configuration parameters, and is responsible for the black (white) list. Real-time synchronization management of real-time information such as real-time monitoring, and monitoring the status of various subsystem devices connected. The system has the advantages of high manageability, high security, and easy maintenance.
Additionally, complete the following in terms of network security:
1. Architecture and application: formulate security architecture and design special applications according to requirements.
2. Identification: This mechanism ensures that all system entities (processes, systems, members, users, etc.) are uniquely verifiable; the identification granularity must be sufficient to distinguish the access rights to the resources of each entity in the system.
3. Access control: This mechanism ensures authorized access and legal use of important system resources, including user division of permissions, resource operation authorization granularity should meet security requirements, etc.
4. Integrity: It ensures that the entire data is not illegally altered or destroyed through open system integrity, network integrity and data integrity. These data include permanently stored data and network message data.
5. Confidentiality: This mechanism ensures that important data is not leaked to unauthorized persons or computer processes through data encryption, secure linkage, and key management.
6. Non-repudiation: Non-repudiation mechanisms include open system non-repudiation, electronic signature and electronic out-of-order. The service ensures that senders and recipients of information cannot deny that they have sent or received certain information. It can also verify the legitimacy of software packages, or verify that hardware devices have not been altered since they left the factory.
7. Availability: The service is to ensure that the response time, uninterrupted communication and the normal operation of the system hardware equipment are provided.
8. System management: It makes the system operationally secure, including the verification of licenses and entrustment certificates, risk management, alarming, auditing, key management, and more.
9. Security tags: Security tags are some data associated with resources and marking their security attributes. Security tags can be used to control security in the following service areas: human-machine interfaces, data management, data exchange, graphics, networking, systems, and distributed computing.
10. Information system security management: Security management includes the formulation of security plans, security and maintenance of security mechanisms, and strengthening of information fields and information system security policies and regulations in information systems to provide secure information services. In addition, security management should include event processing, system auditing, and automatic recovery in addition to system core services.
1. Overall network design
The construction of the network platform generally adopts a two-layer star topology, which is divided into the backbone network (with the fast Ethernet switching network as the core) according to functional requirements, and the backbone network (with the fast Ethernet switching network as the core) according to functional requirements. part and part of the interface with the banking network. The backbone network is the core of the entire campus card system. Each terminal device is connected to the backbone network through the edge access switch, and can communicate with the data server located on the backbone network in real time.
1). Terminal device subnet
Including payment transaction POS machines, identification POS machines and other campus card systems, all kinds of terminal devices are connected to the network server in a star-shaped structure. Connect to the campus network switching equipment respectively, and the data is automatically uploaded to the data server of the campus IC card management and settlement center.
The RS485 subnet adopts standard structured wiring technology to construct a star topology. Compatible with the RS485 subnet star topology, the RS485 subnet wiring in this scheme adopts the international standard structured wiring technology. The star structure has the incomparable advantages of the bus structure, the device is easy to add and remove, the single point of failure does not affect the transmission of other devices, and the scalability and flexibility are good.
2). Program features
Flexible management: workstations can be set up by various departments according to their needs, or can be centrally managed by the school to provide operational reports for each department.
Real-time and integrity of data: replace the PC management machine with serial networking equipment, and upload all campus card data to the campus card center server in real time.
Improve transmission efficiency. Compared with the conventional application method of uploading data through the host computer, the data transmission efficiency is improved. More importantly, this solution will build a complete real-time campus card system, which greatly enhances the practicability of the system.
Centralized processing of data.
High security. System operation rights are managed hierarchically, and data is separated by department.
2. Network structure design
1) Goal: To build the one-card system into an independent VLAN, physically together with the campus network, and logically isolated from other systems on the campus network such as teaching and scientific research, so as to ensure that the one-card system forms a cross-campus, vertical and horizontal campus network. on the VLAN.
2) Means: By defining the whole school VLAN, it is separated from the management and scientific research LAN, because the connection within the VLAN is realized by switching, and the connection between VLAN and VLAN is realized by routing, so that the routing function is prohibited in the VLAN of “one card”. , to ensure that it cannot communicate with other VLANs, to isolate illegal users from sensitive network resources, to prevent possible illegal interception, to ensure the independence of VLANs, and to shield the IP addresses and all services of other VLANs at the ingress and egress.
3) Method: Use the Cisco VTP protocol to divide VLANs based on switch ports. This protocol can greatly save time and intensity in engineering implementation, and is beneficial to the modification and maintenance of the network in the future. The central switch of each campus acts as the VTP server of the campus and is responsible for VLAN management of the campus. At the same time, the global VLAN must also be configured locally.
Case diagram:
[ad_2]
