Design and construction practice of the hottest Ti

  • Detail

Tian'an property insurance: the design and construction practice of shuanghuo cloud data center

the 12th Five Year Plan period is the period when the development of China's insurance industry has changed the most and the comprehensive strength has improved the fastest. All insurance institutions have made comprehensive breakthroughs in reform and innovation, made scientific plans, and taken multiple measures at the same time. All work has been steadily promoted, and the overall construction has been fruitful. The 13th Five Year Plan period is a decisive stage for China to build a moderately prosperous society in an all-round way, a critical period for the insurance industry to move from a large insurance country to a strong insurance country, and a critical period for accelerating the development of modern insurance industry. The insurance industry is in an important strategic opportunity period with great achievements, but at the same time, it faces many problems and challenges, which require all insurance institutions to continue to promote industrial reform and innovation and better support economic and social construction, And make greater contributions to serving the modernization of national governance system and governance capacity

Tian'an Property Insurance Co., Ltd. (hereinafter referred to as Tian'an property insurance) is the first joint-stock commercial insurance company funded by enterprises in China and the fourth property insurance company in China. After the rapid development in recent years, the business scale and institutional construction have developed rapidly. The company has 33 branches (including shipping insurance center), 263 Prefecture and municipal branches and 944 branch level business points, and its business area covers the main administrative regions of the country except Hong Kong, Macao, Taiwan, Tibet, Qinghai, Ningxia and Inner Mongolia. At present, the company has formed a product system with strong market competitiveness

with the rapid development of information construction, the business system of the group increasingly relies on the service support of the data center. At present, Tian'an property insurance production data center was built in Jinqiao, Shanghai in 2008, and a data cold standby center was built in Foshan. Due to the collectivization of the company, the rapid development of business, and the continuous increase of servers, storage and networking equipment, the area and power supply of the current production data center are facing great challenges, which restricts the rapid construction and deployment of innovative business systems, and is difficult to meet the needs of continuous business development in the future. It has become a bottleneck restricting the rapid development of group business. In order to meet the needs of business development, In 2016, the group began to plan to build a new cloud data center in Zhangjiang Kayuan and build a city wide dual active architecture with the existing Jinqiao data center

the construction goal of shuanghuo cloud data center

everything is established in advance, and it is abandoned if not in advance. Before the establishment of the project, the group company carefully studied the national policy guidance, especially took the outline of the 13th five year plan for the development of China's insurance industry as the management guide of the company's development planning, and made an in-depth study of the current technology development trend. In the design of the new generation IT architecture, the group company focused on hot issues and technologies such as product innovation, Internet finance, cloud computing, big data, distributed architecture, etc. It is planned to promote scientific and technological innovation through it architecture innovation, meet safety and controllable requirements, and finally achieve the goal of technology leading business transformation and development

through the construction of shuanghuo cloud data center, the group company will achieve the following specific technical goals in information construction and provide it support for business transformation:

based on the construction of three centers in two places, Shanghai will realize business shuanghuo services, realize the integration of operation and maintenance management of three centers, and greatly improve the business continuity ability of IT system. Shanghai shuanghuo data center in the same city meets the level 6 requirements of the international standard SHARE78 disaster recovery specification

Zhangjiang Kayuan data center adopts advanced technologies such as micro modules to build a new generation of industry-leading data center with the characteristics of modularization, standardization, green energy conservation and intelligence

based on the cloud computing platform, realize unified resource planning, unified management, application on demand, allocation according to use, and efficient operation and maintenance, realize rapid application of resources and rapid online application, and realize flexible service changes at the same time

build a unified security system, meet the three-level requirements of security, etc., realize complete security event monitoring and audit, including the security of virtual resources, defend against apt and other attacks, and realize that the security risk is manageable and controllable

at the application level, it provides application automation and deployment functions, version management and version release functions, and meets the requirements of rapid deployment and rapid launch of applications. Provide application supervision and management function, and realize resource elastic supply based on APM (application performance management)

provide complete application migration guarantee, including a full set of implementation schemes for application migration transformation, verification and fallback, to ensure that application migration is foolproof

support the localization trend of financial information system and realize autonomy, safety and controllability. Through the construction of this project, we will practice cloud computing, big data and other technologies, and reserve relevant technical talents to provide support for the future scientific and technological capacity output of the group company

design architecture of shuanghuo cloud data center

the overall design architecture of three centers in Tian'an Property Insurance Co., Ltd. is shown in the figure below. Zhangjiang data center is a new cloud data center, and the existing Jinqiao data center is transformed into a cloud to build a Shanghai city shuanghuo service architecture, and Shanghai and Foshan build a two place three center architecture

the overall technical architecture of Zhangjiang Kayuan cloud data center is planned to be four horizontal and two vertical. The four horizontal refers to: infrastructure service layer (IAAs), data service layer (the number of revolutions is also about 1400 revolutions per minute DAAS), platform service layer (PAAS), application software service layer (SaaS); The four verticals refer to: resource capacity support system, information security system, management system and standard system

construction content of shuanghuo cloud data center

the system construction of Tian'an property insurance shuanghuo cloud data center starts from the enterprise strategy and designs the enterprise level business architecture and it architecture according to the objectives determined by the business strategy and it strategy. It mainly includes the following key construction contents:

1 The construction of three centers in two places -- dual active in the same city and dual active deployment of remote disaster recovery

business. Through wavelength division optical fiber interconnection, when a data center level disaster or failure occurs in Zhangjiang card Park data center, the switching is approved through the disaster recovery process, and the business can be switched from Zhangjiang card Park data center to Jinqiao data center at the minute level

the role of Foshan disaster recovery center remains unchanged, and data level disaster recovery is still done. The data replication architecture of Jinqiao and Foshan remains unchanged. A new data replication/backup mechanism is built between Zhangjiang Kayuan data center and Foshan data center, forming a disaster recovery architecture of three centers in two places. When a regional disaster occurs in Shanghai business center, Foshan data center can provide complete data level disaster recovery support

use GSLB, Intelligent DNS, database data replication, storage gate, intelligent application management and other technologies to provide dual activation schemes for various business applications such as BS and CS, and realize dual activation at the front-end network, application and data levels

in order to ensure business continuity, provide the configuration and arrangement of dual active applications, and provide automatic deployment, monitoring and drilling of dual active applications. It also carries out topology management and application monitoring for the dual active application network, grasps the health status of the dual active application in real time, and supports the drill and switching of the dual active application with one click

2. The construction of Zhangjiang green data center

the construction of the data center must meet the current needs and applications, and also face the development needs of rapid growth in the future. Therefore, it is necessary to ensure that the new data center in Zhangjiang has the characteristics of high quality, high security, reliability, flexibility, openness and so on. At the same time, in the process of data center construction, Tian'an property insurance actively responded to the call of relevant national departments for data center to reduce energy consumption, fulfilled the social responsibility of enterprises, reduced the impact of carbon emissions on the environment, and committed to building this project into a green and efficient new data center

the newly-built data center in Zhangjiang Kayuan adopts the micro module solution with closed hot channel, and its refrigeration adopts the verified inter row air conditioning mode of chilled water, which can maximize the use of natural cold sources in combination with the climatic characteristics of the project site

modular IDC encloses it cabinet, air conditioning system, heat dissipation system, power distribution system, monitoring system, fire protection system, security system, lighting, etc. in a modular box; Through the isolation of cold and hot channels, effective air distribution is formed to meet the operation requirements of IT equipment

the cabinet, air conditioner, power distribution, gas extinguishing, alarm, security, wiring, etc. in the module are of integrated design, which adopts a fully enclosed structure and can reach the protection grade of IP66

3. The replacement demand of railway fasteners may promote the new growth of the company's deeds, and the safety construction of network

the construction of data center network follows the following principles:

the stability and reliability of data center products and networks is the first demand, and the redundant deployment of key equipment and lines

minimum transformation principle

minimize the changes to the existing network, protect the existing investment, and do not affect the application systems running in the existing data center

compatibility principle

the network protocol and business deployment should be as compatible with the existing network as possible

the data center network should maintain the ability of continuous evolution to the future, including the smooth upgrading of equipment and the ability of evolution to Sdn

the entire data center is partitioned according to functions, mainly divided into two categories: export network partition and business network partition. Firewalls are used for security isolation between partitions. In the Internet access area, firewalls are deployed in a heterogeneous manner. The service partition adopts a three-layer network architecture. The access control between the functional areas is carried out by the firewall and ACL, and the security protection is carried out by the firewall at the edge of the network. The firewalls in key business areas (such as the Internet access area/core area) are heterogeneous. DDoS and uplink are deployed in the Internet access area as management devices, and the DMZ deploys WAF for the security protection of the application layer

in order to ensure the dual active deployment of business between Zhangjiang Kayuan data center and the existing Jinqiao, vxlan, a large two-tier network technology between data centers, is used to open up the network resources of the dual active data center. Through the big two-tier network, clustering, resource sharing and fault detection across data centers can be realized

4. Application migration guarantee

in this project, a large number of businesses need to be transformed and migrated to Zhangjiang new cloud data center, and the coupling of businesses is strong, so perfect implementation steps and emergency mechanism are required in application migration

the project team has formulated systematic migration steps, including business information collection, evaluation and analysis, scheme design, migration verification, simulated migration, trial operation, acceptance test. And in the operation steps: each link should be documented for traceability

at the same time, the project team has developed reliable emergency response measures to reduce the risk of application migration. And built a perfect backtracking mechanism, once there is a problem in the business verification, it can immediately backtrack the business without affecting the business

5. Future technology capability output

currently, part of Tian'an property insurance's business is running in Alibaba cloud. By building a unified cloud platform and realizing a hybrid Cloud Architecture, we realize cross cloud resource scheduling, cross cloud dynamic scaling of applications, cross cloud data backup, business disaster recovery, etc. at the application layer, and realize a wider range of dynamic resource scheduling under the condition of ensuring security. In order to ensure business security, we can expand our core businesses in the private cloud in the future, while we can dynamically expand our peripheral businesses such as channel industry applications to the public cloud. At the same time, business applications can migrate quickly and smoothly between private and public clouds to ensure business flexibility

Tian'an technology is transferred from the Information Technology Department of Tian'an property insurance, which is a subsidiary of Tian'an property insurance and Tian'an group. After becoming a subsidiary, the financial accounting will be independent, and it services will be provided to the group and other financial companies in the future. Through the construction of cloud data center, revitalize existing resources and explore the establishment of public financial services in the insurance industry

Copyright © 2011 JIN SHI