{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations","id":"13127","self":"https://jira.geedge.net/rest/api/2/issue/13127","key":"OMPUB-35","fields":{"issuetype":{"self":"https://jira.geedge.net/rest/api/2/issuetype/10002","id":"10002","description":"需要完成的任务。","iconUrl":"https://jira.geedge.net/secure/viewavatar?size=xsmall&avatarId=10318&avatarType=issuetype","name":"任务","subtask":false,"avatarId":10318},"components":[],"timespent":null,"timeoriginalestimate":null,"description":"信息港环境可以通过wifi连接外网服务器，很方便，但是密码贴在墙上，记住密码后从楼下就能连上。服务器也都是弱密码。\r\n\r\n有以下几个建议：\r\n # 信息港wifi和有线接入分为两个zone\r\n\r\nn  Geedge Networks Guests 密码公开，可以访问外网，但无访问内网服务器的权限\r\n\r\nn  Geedge Networks Staffs，一人一密 802.1X ，有访问内网服务器的权限\r\n # 信息港机房在单独的zone，加个简单的防火墙，只允许22，80，443等端口，减少攻击面\r\n # 所有资源的访问引入单点登录（Single Sign On），ssh要求两步验证，如[https://smallstep.com/sso-ssh/]\r\n\r\n \r\n\r\n另外请补充安全策略，确保：\r\n\r\n每次出问题能找到人，能找到访问流量过大的用户等。\r\n\r\n \r\n\r\n请完善需求及相关的解决方案","project":{"self":"https://jira.geedge.net/rest/api/2/project/10206","id":"10206","key":"OMPUB","name":"Operation and Maintenance","projectTypeKey":"business","avatarUrls":{"48x48":"https://jira.geedge.net/secure/projectavatar?pid=10206&avatarId=10715","24x24":"https://jira.geedge.net/secure/projectavatar?size=small&pid=10206&avatarId=10715","16x16":"https://jira.geedge.net/secure/projectavatar?size=xsmall&pid=10206&avatarId=10715","32x32":"https://jira.geedge.net/secure/projectavatar?size=medium&pid=10206&avatarId=10715"},"projectCategory":{"self":"https://jira.geedge.net/rest/api/2/projectCategory/10002","id":"10002","description":"系统运维","name":"MaintenanceDev"}},"fixVersions":[],"aggregatetimespent":null,"resolution":{"self":"https://jira.geedge.net/rest/api/2/resolution/10000","id":"10000","description":"该问题的工作流程已完成。","name":"完成"},"timetracking":{},"customfield_10401":null,"customfield_10104":null,"customfield_10402":null,"customfield_10105":"0|i00hto:","customfield_10403":null,"customfield_10404":null,"attachment":[],"aggregatetimeestimate":null,"resolutiondate":"2022-04-18T10:41:23.850+0800","workratio":-1,"summary":"信息港三层网络调整","lastViewed":null,"watches":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-35/watchers","watchCount":7,"isWatching":true},"creator":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhuwei","name":"zhuwei","key":"JIRAUSER10116","emailAddress":"zhuwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10116&avatarId=10605","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10116&avatarId=10605","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10116&avatarId=10605","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10116&avatarId=10605"},"displayName":"朱嵬","active":true,"timeZone":"Asia/Shanghai"},"subtasks":[],"created":"2020-06-08T14:01:26.772+0800","reporter":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhuwei","name":"zhuwei","key":"JIRAUSER10116","emailAddress":"zhuwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10116&avatarId=10605","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10116&avatarId=10605","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10116&avatarId=10605","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10116&avatarId=10605"},"displayName":"朱嵬","active":true,"timeZone":"Asia/Shanghai"},"customfield_10000":"{summaryBean=com.atlassian.jira.plugin.devstatus.rest.SummaryBean@407970be[summary={pullrequest=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@32529781[overall=PullRequestOverallBean{stateCount=0, state='OPEN', details=PullRequestOverallDetails{openCount=0, mergedCount=0, declinedCount=0}},byInstanceType={}], build=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@561936d6[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BuildOverallBean@70d14d0b[failedBuildCount=0,successfulBuildCount=0,unknownBuildCount=0,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], review=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@69a9231[overall=com.atlassian.jira.plugin.devstatus.summary.beans.ReviewsOverallBean@29519f5e[stateCount=0,state=<null>,dueDate=<null>,overDue=false,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], deployment-environment=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@3661b324[overall=com.atlassian.jira.plugin.devstatus.summary.beans.DeploymentOverallBean@4c2209f6[topEnvironments=[],showProjects=false,successfulCount=0,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], repository=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@1efb1159[overall=com.atlassian.jira.plugin.devstatus.summary.beans.CommitOverallBean@3bf5c6b7[count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], branch=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@b6aa7e[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BranchOverallBean@5c876e27[count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}]},errors=[],configErrors=[]], devSummaryJson={\"cachedValue\":{\"errors\":[],\"configErrors\":[],\"summary\":{\"pullrequest\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":\"OPEN\",\"details\":{\"openCount\":0,\"mergedCount\":0,\"declinedCount\":0,\"total\":0},\"open\":true},\"byInstanceType\":{}},\"build\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"failedBuildCount\":0,\"successfulBuildCount\":0,\"unknownBuildCount\":0},\"byInstanceType\":{}},\"review\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":null,\"dueDate\":null,\"overDue\":false,\"completed\":false},\"byInstanceType\":{}},\"deployment-environment\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"topEnvironments\":[],\"showProjects\":false,\"successfulCount\":0},\"byInstanceType\":{}},\"repository\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}},\"branch\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}}}},\"isStale\":false}}","aggregateprogress":{"progress":0,"total":0},"customfield_10100":null,"priority":{"self":"https://jira.geedge.net/rest/api/2/priority/1","iconUrl":"https://jira.geedge.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},"customfield_10200":null,"customfield_10400":null,"labels":["网络建设"],"environment":null,"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"duedate":"2020-07-15","progress":{"progress":0,"total":0},"issuelinks":[],"comment":{"comments":[{"self":"https://jira.geedge.net/rest/api/2/issue/13127/comment/13229","id":"13229","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangshuo","name":"zhangshuo","key":"JIRAUSER10112","emailAddress":"zhangshuo@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"张硕","active":true,"timeZone":"Asia/Shanghai"},"body":"五层机房实施后可实现的功能：\r\n\r\n1、信息港的wifi接入和有线接入通过不同vlan不同网段来隔离成2个区域，3层/5层通过网段和vlan隔离必须路由网关互联。\r\n\r\n2、 Geedge Networks Guests可以使用小米路由，根据领导会客的地方安排接入点，使用单独的vlan和网段，wifi接入交换机做相应acl策略，使其只能访问公网不可以访问服务器。\r\n\r\n3、Geedge Networks AP接入，使用单独的vlan和网段，只可以访问外网和工位有线互通，但不可以连接内部服务器。\r\n\r\n4、内部服务器只允许使用有线获取ip的网段接入，可通过ACL实现。\r\n\r\n目前需要验证的东西：\r\n\r\n1、Geedge Networks Staffs，一人一密 802.1X ，有访问内网服务器的权限。 \r\n\r\n      需要双向认证，访问和被访问的设备都需要认证一次才可以连接，服务器重启或者线缆插拔后会增加重复认证操作。\r\n\r\n      正在验证过程中，争取简化验证步骤，但如果做到服务器之间交互数据不验证需要浪费一台交换机。\r\n\r\n \r\n\r\n2、所有资源的访问引入单点登录（Single Sign On），ssh要求两步验证，如[https://smallstep.com/sso-ssh/]\r\n\r\n     尚未安排人实际验证。","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangshuo","name":"zhangshuo","key":"JIRAUSER10112","emailAddress":"zhangshuo@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"张硕","active":true,"timeZone":"Asia/Shanghai"},"created":"2020-06-08T16:32:44.906+0800","updated":"2020-06-08T16:32:44.906+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/13127/comment/13264","id":"13264","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhuwei","name":"zhuwei","key":"JIRAUSER10116","emailAddress":"zhuwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10116&avatarId=10605","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10116&avatarId=10605","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10116&avatarId=10605","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10116&avatarId=10605"},"displayName":"朱嵬","active":true,"timeZone":"Asia/Shanghai"},"body":"服务器要管理好root账户，一般只开放普通账号","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhuwei","name":"zhuwei","key":"JIRAUSER10116","emailAddress":"zhuwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10116&avatarId=10605","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10116&avatarId=10605","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10116&avatarId=10605","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10116&avatarId=10605"},"displayName":"朱嵬","active":true,"timeZone":"Asia/Shanghai"},"created":"2020-06-09T09:04:34.391+0800","updated":"2020-06-09T09:04:34.391+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/13127/comment/13316","id":"13316","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhengchao","name":"zhengchao","key":"JIRAUSER10000","emailAddress":"zhengchao@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10000&avatarId=10604","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10000&avatarId=10604","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10000&avatarId=10604","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10000&avatarId=10604"},"displayName":"郑超","active":true,"timeZone":"Asia/Qyzylorda"},"body":"Geedge Networks Staffs的AP也要能连接内网服务器。","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhengchao","name":"zhengchao","key":"JIRAUSER10000","emailAddress":"zhengchao@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10000&avatarId=10604","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10000&avatarId=10604","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10000&avatarId=10604","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10000&avatarId=10604"},"displayName":"郑超","active":true,"timeZone":"Asia/Qyzylorda"},"created":"2020-06-09T17:58:42.986+0800","updated":"2020-06-09T17:58:42.986+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/13127/comment/14571","id":"14571","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangshuo","name":"zhangshuo","key":"JIRAUSER10112","emailAddress":"zhangshuo@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"张硕","active":true,"timeZone":"Asia/Shanghai"},"body":"因本周办公区有重要会议，机房搬迁改造施工日期改至7月18-19日","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangshuo","name":"zhangshuo","key":"JIRAUSER10112","emailAddress":"zhangshuo@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"张硕","active":true,"timeZone":"Asia/Shanghai"},"created":"2020-07-14T15:27:29.990+0800","updated":"2020-07-14T15:27:29.990+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/13127/comment/15719","id":"15719","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangshuo","name":"zhangshuo","key":"JIRAUSER10112","emailAddress":"zhangshuo@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"张硕","active":true,"timeZone":"Asia/Shanghai"},"body":"目前实现功能：\r\n\r\n1、Geedge Networks Staffs的AP能连接内网服务器。（计划近期修改一次无线密码）\r\n\r\n2、 Geedge Networks Guests的AP无法链接信息港内网环境，只能访问互联网，带宽限速2M。（目前与staffs密码一致，尚未修改密码）\r\n\r\n3、5层办公区已开启radius认证（有线、无线）\r\n\r\n4、华为防火墙 vpn配置已完成，可直接与华严和闵庄通信。\r\n\r\n5、服务器root密码管理、远程登陆服务器，计划使用jumpserver，不开放root用户，按组走审批流程申请服务器权限。\r\n\r\n需审批及确认的问题如下：\r\n * 3层radius开启时间待领导确认。\r\n * AP的无线staffs密码和Guests修改周期待领导确认。\r\n * vpn申请开通是否需要走审批流程，待领导确认。\r\n * jumpserver权限分组需领导确认。\r\n * 服务器root密码是否需要按周期批量修改，待领导确认。","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangshuo","name":"zhangshuo","key":"JIRAUSER10112","emailAddress":"zhangshuo@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"张硕","active":true,"timeZone":"Asia/Shanghai"},"created":"2020-08-21T15:22:11.911+0800","updated":"2020-08-21T15:22:11.911+0800"}],"maxResults":5,"total":5,"startAt":0},"votes":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-35/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"assignee":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangshuo","name":"zhangshuo","key":"JIRAUSER10112","emailAddress":"zhangshuo@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"张硕","active":true,"timeZone":"Asia/Shanghai"},"updated":"2022-04-18T10:41:23.851+0800","status":{"self":"https://jira.geedge.net/rest/api/2/status/10102","description":"","iconUrl":"https://jira.geedge.net/images/icons/status_generic.gif","name":"完成","id":"10102","statusCategory":{"self":"https://jira.geedge.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"完成"}}}}