公开(公告)号：US20180191682A1

公开(公告)日：2018-07-05

申请号：US15899233

申请日：2018-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chunliang Liu ,  Haiqing Jia ,  Dou Sun

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  G06F21/604 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L61/2015 ,  H04L63/0209 ,  H04L63/10 ,  H04L63/105 ,  H04L63/20 ,  H04L67/10

Abstract: A method and an apparatus are provided for deploying a security access control policy in the field of network security. The method, executed by a cloud management platform, includes: determining, according to an application creation instruction, an application template used for an application that needs to be created and a security profile corresponding to the application template; instructing a virtualization platform to create, according to the application template, a corresponding virtual machine for each application component in the application, and obtaining an IP address of each virtual machine created by the virtualization platform; generating a group of security access control policies corresponding to the application according to the IP address of each virtual machine and by using the security profile; and delivering the group of security access control policies to a corresponding firewall. Therefore, a security access control policy is automatically deployed.