SFT0033-2019 English PDFUS$349.00 ยท In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. SFT0033-2019: (Notary data center construction and management specifications) Status: Valid
Basic dataStandard ID: SF/T 0033-2019 (SF/T0033-2019)Description (Translated English): (Notary data center construction and management specifications) Sector / Industry: Chinese Industry Standard (Recommended) Classification of Chinese Standard: A16 Classification of International Standard: 35.240.01 Word Count Estimation: 15,155 Date of Issue: 2019 Date of Implementation: 2019-05-20 Issuing agency(ies): Ministry of Justice of the People's Republic of China SFT0033-2019: (Notary data center construction and management specifications)---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.Construction and management specification for notarization data center The People's Republic of China Judicial Administration Industry Standard Notarization data center construction and management specifications 2019-5-5 release 2019-5 -20 Implementation Issued by the Ministry of Justice of the People's Republic of China 1 Scope...1 2 Normative references...1 3 Terms, definitions and abbreviations...1 4 General requirements...2 5 Overall structure and requirements...3 6 Equipment room construction requirements...7 7 Operation maintenance and safety management...9 ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some of the contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This standard was proposed by the Public Legal Service Administration of the Ministry of Justice and the Chinese Notary Association. This standard is under the jurisdiction of the Information Center of the Ministry of Justice. Drafting organization of this standard. China Notary Association. Notarization data center construction and management specifications1 ScopeThis standard specifies the overall requirements, overall structure and requirements for notarized data center construction, computer room construction requirements, operation and maintenance systems, and security management. Management system. This standard is applicable to the data center construction of judicial administrative notarization management departments, notary associations and various notary institutions.2 Normative referencesThe following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this document. For undated reference documents, the latest version (including all amendments) is applicable to this document. GB/T 2589 General Rules for Comprehensive Energy Consumption Calculation GB/T 2887 General Specification for Computing Station Site GB/T 9361 Site Safety Requirements for Computing Station GB/T 20269 Information Security Technology Information System Security Management Requirements GB/T 20988 Information Security Technology Information System Disaster Recovery Specification GB/T 22239-2008 Information Security Technology Information System Security Level Protection Basic Requirements GB/T 25070 Information Security Technology Information System Level Protection Security Design Technical Requirements GB 50174 Code for Design of Computer Room of Electronic Information System GB 50189 Energy-saving design standard for public buildings GB 50462 Specification for Construction and Acceptance of Computer Room of Electronic Information System GB 51194 Code for Design of Installation Engineering of Communication Power Supply Equipment 3 Terms, definitions and abbreviations 3.1 Terms and definitions The following terms and definitions apply to this document. 3.1.1 Used ratio of computer room The ratio of the total area of the main engine room, support area, and auxiliary area to the total construction area of the machine building. 3.1.2 Network flow model Based on the two-level division of the basic feature set and the combined feature set, the basic characteristics of the network traffic are extracted from the network traffic in real time data. Examples. traffic size, packet length information, protocol information, port traffic information, and TCP flag information, etc. 3.2 Abbreviations The following abbreviations apply to this document. API Application Programming Interface (Application Programming Interface) CPU Central Processing Unit (Central Processing Unit) DNS domain name system (Domain Name System) EVB Edge Virtual Bridging KVM virtual machine (Keyboard Video Mouse) IaaS Infrastructure as a Service (Infrastructure as a Service) IDS Intrusion Detection Systems (Intrusion Detection Systems) IP Internet Protocol (Internet Protocol) IPS Intrusion Prevention System (Intrusion Prevention System) PaaS platform as a service (Platform as a Service) PCI Peripheral Component Interconnect Standard (Peripheral Component Interconnect) SaaS Software as a Service (Software as a Service) SAN storage area network (Storage Area Network) TCP Transmission Control Protocol (Transmission Control Protocol) UPS uninterruptible power supply (Uninterruptible Power Supply) VLAN virtual local area network (Virtual Local Area Network) VPN Virtual Private Network (Virtual Private Network)4 General requirements4.1 Standardization The selection of equipment should follow the extended support capabilities required by EVB 802.1Qbg to ensure advanced nature. 4.2 Usability The availability requirements are as follows. a) Double backup strategy should be adopted in the overall network design and equipment configuration; b) Single point of failure should be eliminated on the network connection, and failover of key equipment should be provided; c) The physical links between key equipment should adopt dual redundant connections, and work in accordance with load balancing mode or dual-system hot standby mode; d) The key host should use dual-channel network cards, and the full redundancy method should be used to make the system reach 99.999% carrier-class reliability. 4.3 Performance The transformation of longitudinal flow into a complex multi-dimensional hybrid method should enable the entire system to have a higher throughput and processing capacity. 4.4 Open interface The open interface requirements are as follows. a) Open API interface should be provided; b) It should be ensured that resources such as server storage and network can be configured and issued to the device through API interfaces and command line scripts. 4.5 Green energy saving The overall energy consumption of the network room should follow the relevant regulations of GB 50189 and GB/T 2589.Use low-energy green network equipment. 4.6 Safe and reliable The security protection level of the notarized data center shall be planned and constructed in accordance with the third-level requirements in GB/T 22239-2008.5 Overall structure and requirements5.1 Overall architecture The overall architecture of the notarization data center is shown in Figure 1. Figure 1 The overall architecture of the notarization data center The overall architecture of the notarization data center mainly includes. resource pool, cloud computing service management platform and notarization data center security system. among them. a) The resource pool also includes. computer resource pool, storage resource pool and network resource pool; b) The cloud computing service management platform manages, dispatches, and monitors the resource pools and applications; c) The notarization data center security system guarantees the safe and reliable operation of the notarization data center. 5.2 Computer resource pool design requirements 5.2.1 Computer Resource Pool Architecture The structure of the computer resource pool should be composed of rack-mounted servers and blade servers, and blockchain resources should be increased if conditions are met. Among them. a) Blade servers should deploy general business systems and web application systems through server virtualization; b) Rack-mounted servers are used in deployment management platforms and high-load database servers, etc.; c) Blockchain resources are used to deploy blockchain technology, which should realize the encryption calculation of data. 5.2.2 Configuration and selection The configuration and selection requirements of the computer resource pool are as follows. a) According to the actual business development situation, capacity expansion and rolling construction should be required; b) One physical server should be able to virtualize multiple virtual machines, which should be determined according to the resources required by the application service; c) The virtual machine after blade server virtualization can be deployed with general application servers, and the virtual machine after high-performance server virtualization can be deployed Reload the database server; d) Each physical server must be configured with no less than 3 Gigabit Ethernet electrical ports, which are respectively used for the management port of the virtualization platform and the application system. The system provides external services and connects to NAS (Network Attached Storage) storage devices; e) HBA (Host Bus Adapter) cards and fiber optic switches should also be deployed to connect SAN storage devices. 5.2.3 Server selection The server selection requirements are as follows. a) Standard rack server can choose 2U or 4U model, including 2 to 4 CPU sockets, 2 to 8 PCI-E Or PCI-X slot, 4 to 6 hard drive bays; b) Blade servers should consider the number of CPUs and maximum memory contained in each blade in the blade architecture. Should be considered for each host The host server is used to support the network and storage I/O required by a certain number of clients, ensuring that each host server running on the blade The server and blade chassis themselves can provide support. 5.3 Storage resource pool design requirements 5.3.1 The storage resource pool configuration should adopt storage virtualization technology to build a storage guarantee environment that supports the efficient operation of the cloud computing center. 5.3.2 The storage virtualization environment should be no less than 2 groups of storage virtualization hardware devices, each group is configured with more than 2 controllers, and the high speed is above 72G Cache, and provide corresponding storage resource virtualization management software. 5.3.3 The high-speed SAN storage network should have no less than 2 high-speed SAN optical switches. 5.4 Network resource pool design requirements 5.4.1 Physical topology The physical topology diagram of the network resource pool network is shown in Figure 2. Figure 2 Physical topology diagram of network resource pool networking 5.4.2 Design structure The network resource pool design structure requirements are as follows. a) Should meet the dual-network dual-plane structure, network interfaces, network links and key network equipment are all equipped with redundant components; b) Each physical server on the network interface is equipped with at least 2 network cards, which are used for business services, virtualization platform host management, IP storage system interconnection; c) The business service network is divided into public network area, Internet access area, and private network area through VPN according to different business attributes; d) Virtualized computing resources can be freely migrated in different network areas. 5.4.3 Structural safety The security requirements for the network resource pool structure are as follows. a) Security equipment such as firewalls, isolation gatekeepers, operation and maintenance audits, database audit systems, etc. should be installed; b) The firewall is used to realize the security isolation between different business systems in the same network area; c) The isolated gatekeeper is used for secure data exchange between different network areas isolated by VPN, and also used for electronic notarization. Secure data exchange. 5.4.4 Storage Security The storage security requirements of the network resource pool are as follows. a) Blockchain resources should be used to realize the deployment of blockchain computing resources. The blockchain resources are connected to the core switch equipment and are compatible with other Server resources form a local area network; b) Software blockchain technology solutions should be deployed on high-performance servers. 5.4.5 Network virtualization The network virtualization requirements are as follows. a) Convergence switches, firewalls, IPS, load balancers and other equipment should be deployed at the convergence layer of the cloud computing platform to achieve network services Virtualization; b) Virtualization technology simulates aggregation layer switches, each simulated switch should have its own software process and dedicated hardware resources (Interface) and independent management environment, different physical ports are assigned to different virtual switches, and there should be no Shared port c) Adopt network virtualization technology to perform virtualization partitions on different devices, including security audit virtualization, load balancing virtualization, Four aspects of IPS/IDS virtualization and firewall virtualization. 5.4.6 IP address and DNS The IP address and DNS requirements are as follows. a) The IP address planning should follow the relevant regulations and guidance of the State Information Office and the State Extranet Engineering Office; b) The network bandwidth of the notary data center should not be less than 100MB. 5.5 Cloud computing service management platform requirements The cloud computing service management platform should include the following. a) Management of physical resources and virtual resources in IT infrastructure; b) The management interface of the host machine (a single physical network card on the host machine is uniformly set for the cloud computing management platform to manage the virtual machine Management communication) shall carry out unified VLAN planning, realize the migration of virtual machines in different partitions in the same resource group, and realize cloud computing The platform has unified management of the 3 districts. 5.6 Security system requirements for notarized data centers 5.6.1 Overview The security system requirements for notarized data centers include IaaS, PaaS, SaaS, cloud security services, and security protection levels. The specific requirements are See 5.6.2, 5.6.3, 5.6.4, 5.6.5 and 5.6.6. 5.6.2 IaaS requirements IaaS requirements are as follows. a) The equipment room, power supply, monitoring and other facilities and surrounding environment and fire safety shall be strictly in accordance with the relevant national standards and meet the requirements of 24 Design and construction are required for hours of uninterrupted operation. The specific safety measures should follow the relevant requirements of GB/T 9361 and GB/T 2887 Stipulation b) Communication lines should be constructed by laying or leased dedicated lines; c) The communication line should be far away from the strong electromagnetic field radiation source, buried in the ground or use metal casing; d) The communication line should regularly test the signal strength to determine whether there are illegal devices connected to the line, and there is a new network set up near the line, When the electromagnetic enterprise starts to work, you can ask a professional organization to be responsible for testing; e) The communication line should be checked regularly at the junction box and other easily accessible line parts to prevent illegal interference; f) For backbone lines, redundant lines and ring routes should be set up on backbone lines or important nodes; g) The backbone line should be equipped with redundant power supply configuration; h) Backbone lines should be emphasized in important departments... ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of SFT0033-2019_English be delivered?Answer: Upon your order, we will start to translate SFT0033-2019_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of SFT0033-2019_English with my colleagues?Answer: Yes. The purchased PDF of SFT0033-2019_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
