The most complete interpretation of the whole network: party and government information innovation (localization)

With the rapid development of information technology, the information innovation industry (information technology application innovation industry) has become an important part of the national information construction. From the e-government system of party and government organs to the digital transformation of key industries, the localization of the information and innovation industry is accelerating. This article will provide an in-depth analysis of the current situation and development trend of the information innovation industry, and discuss its core technologies and application scenarios in the fields of basic hardware, basic software, application software, and information security for your reference.

I haven’t updated it for a long time, and the author has been busy with the localization of the system recently, and I just want to take this opportunity to interpret the specific content of the localization transformation of the party and government system in detail.

This article is a chapter of the experience section of the guide series, and please correct any errors or imperfections.

1. About party and government information innovation

For the party and government system that is preparing to be built or has been in operation for many years, localization is a matter that must be considered.

Regarding localization, it is closely related to the information and innovation industry, that is, the information technology application innovation industry.

Independent, controllable, safe and reliable is the core of the information and innovation industry, which not only needs to improve the level of information technology for our country, but also needs to bring practical benefits to society and economy (i.e., digital economic benefits).

In recent years, with the support of national policies and the development of information technology, the information and innovation industry has gone from promotion pilot to large-scale landing. The “2022 China Information and Innovation Ecological Market Research and Selection Evaluation Report” predicts that the scale of our country’s information and innovation industry will exceed 2 trillion yuan in 2025.

In addition to national policy support, local support policies are also emerging one after another.

On November 12, 2024, Fujian Province issued the “Several Measures to Support the High-quality Development of Information Technology Application Innovation Industries in Fujian Province”.

The policy points out that the information and innovation industry will be included in an important part of the digital economy, coordinate the province’s resources, optimize the industrial layout, and put forward 16 measures in 10 aspects, including strengthening the overall planning of the industry, consolidating the foundation of industrial development, cultivating and expanding the main body of enterprises, deepening the application and promotion of the industry, accelerating key technological innovation, supporting the creation of industry standards, strengthening industrial ecological services, expanding financial support channels, building a strong echelon of information and innovation talents, and building an expert system for industrial development.

After 10 years of interaction design, why did I transfer to product manager?
After the real job transfer, I found that many jobs were still beyond my imagination. The work of a product manager is indeed more complicated. Theoretically, the work of a product manager includes all aspects of the product, from market research, user research, data analysis…

View details >

For example, in terms of cultivating and expanding the main body of enterprises, Fujian Province proposed to “pilot the ‘chain master’ mechanism of the information and innovation industry chain, promote the quality empowerment of the industrial chain and supply chain, and promote the province’s information and innovation industry to strengthen, extend and supplement the chain.” At the same time, in terms of supporting the creation of industry standards, it is proposed to develop and release a number of group standards and enterprise standards in the field of information and innovation in key industries such as finance, education, medical care, energy, transportation, and security, which not only reflects the strength of Fujian Province in the information and innovation industry, but also shows the trend of gradually promoting and building from the party and government fields to a wider range of industries.

Regarding the localization and information innovation market, to quote Jia Song, vice president of Yongzhong Software, it is: At present, the party and government information innovation from the electronic official document exchange system to the e-government system is replaced and transformed, from increment to stock, and the market space is huge; With the formation of mass resonance between the party and government, industry and enterprises, it is expected that the replacement scale will reach 10 million units per year.

The development of our country’s information and innovation industry is mainly led by policies, and has made significant progress with the strong support of national and local policies, but it also faces many challenges.

For example, in terms of industrial ecology, CCID’s “2024-2026 China Xinchuang Hardware Industry Development Suggestions Report” pointed out that the current situation of lagging in the construction of Xinchuang ecology is an important reason affecting the competitiveness of enterprises.

The weaknesses of ecological construction are mainly reflected in the compatibility of software and hardware, including incompatibility between hardware and software and between software and software. Addressing these issues requires a well-established ecosystem and unified industry standards and processes.

Therefore, the “Several Measures” issued by Fujian Province is the key to solving the ecological problem of information innovation.

By strengthening industrial ecological services and jointly developing information and innovation enterprises, the government, as the leader and coordinator, guides information and innovation enterprises to focus on key core technologies to carry out joint research, build a comprehensive service platform for the information and innovation industry, and provide one-stop services for the development of the province’s information and innovation industry, so as to effectively enhance the overall competitiveness.

2. Information and innovation industry system

1. Basic hardware

Basic hardware (infrastructure), including chips, servers, memory, network equipment, etc.

1) Chips

CPU chip is one of the typical applications of integrated circuits. On July 27, 2020, the State Council issued the “Notice of the State Council on Printing and Distributing Several Policies to Promote the High-quality Development of the Integrated Circuit Industry and Software Industry in the New Era”, which provides policy support in eight aspects, including finance and taxation, investment and financing, research and development, import and export policies, talents, intellectual property rights, market applications, and international cooperation, to support the country’s informatization construction.

The function of the CPU is mainly to interpret computer instructions and process data in computer software. The important core of the CPU is the instruction set, which can be divided into complex instruction set (CISC) architecture and reduced instruction set (RISC) architecture according to different complexity and design ideas.

• CISC, a single instruction is rich in functions and can handle complex tasks, and the architecture it represents is x86.
• RISC, a single instruction function is simplified, mainly dealing with basic actions, and the architecture represented is ARM, RISC-V, MIPS, POWER, etc.

In terms of technical route selection for domestic chips, there are x86 and ARM routes using technology authorization, as well as routes using self-developed instruction set architecture.

our country has formed six major domestic CPUs, namely Haiguang, Zhaoxin, Feiteng, Kunpeng, Loongson and Shenwei.

• Haiguang processor, with AMD’s x86 instruction set perpetual license and Zen architecture full license. Haiguang carries out independent research and development and iteration on the basis of authorization, and can independently complete the design and optimization of products, and has basically formed a continuous evolution rhythm of “mass production generation, R&D generation, and planning generation”.
• Megacore processor, with Intel’s x86 instruction set cross-license. Zhaoxin’s independently innovated and developed general-purpose processor products cover two series: “Kaixian” and “Kaisheng”, and are committed to providing users with efficient, compatible and safe independent general-purpose processor chip solutions.

The licensing method of Haiguang and Zhaoxin belongs to IP kernel authorization, which is to carry out some customized peripheral improvements on the basis of the existing kernel, and the degree of independent controllability and evolution ability are average.

• Feiteng processor, with a permanent license for ARM v8 architecture. Backed by state-owned enterprises, Feiteng has achieved completely independent research and development in processor kernel design, and released CPU security architecture specifications for the first time, which can meet the security needs of different application scenarios.
• Kunpeng processors, also have a permanent license for ARM v8 architecture. Kunpeng is a chip focusing on the server direction of Huawei chips, independently developing and designing processor cores, and with excellent R&D strength, it launched the Kunpeng 920 processor in 2019, which is the industry’s first data center-level ARM architecture processor using a 7nm process.

Although both Feiteng and Kunpeng have obtained permanent licenses, they are limited to the authorization of the v8 instruction set and can only be developed based on the purchased version, which also means that if the license is cut off, there will be some bottlenecks in subsequent iterations and technologies.

• Loongson processor, the first permanently authorized design CPU based on the MIPS architecture, later expanded the LoogISA architecture based on MIPS, and then directly abandoned the MIPS architecture, completely designed its own instruction set and officially released the independent instruction system architecture LoogArch (dragon architecture) in April 2021. Because it is a completely self-designed instruction set architecture, there are certain disadvantages in ecological construction, and it will compete with ARM and X86 chips in the open market in the future, with the goal of basically building a dragon architecture software ecosystem in 2025.
• Shenwei processor, expanding on the basis of the Alpha instruction set, developed the instruction set SW64, which has completely independent intellectual property rights and mainly focuses on high-performance computing. Similarly, because it is a completely self-designed instruction architecture, it will be difficult to build an ecosystem, and it should continue to focus on specific fields (such as supercomputing, military, etc.) in the future.

On January 9, 2025, CCID officially released the “2024-2026 China Information and Innovation Hardware Industry Development Suggestions Report”.

The report mentioned that Haiguang and Kunpeng have abundant orders in the Xinchuang PC market, and their market share is relatively high, which is in the first echelon; Loongson has formed strong competitiveness in the field of party and government with its independent and controllable advantages and continuously improving ecological capabilities; Feiteng is also gradually making efforts in the commercial market, but its sustainable development ability is weak and it is in the second competitive echelon; Zhaoxin and Shenwei each have their own competitive advantages, but there are also shortcomings in development, and their market share in Xinchuang hardware is relatively small, and they are in the third competitive echelon.

2) Server

According to the technical route of the chip, the R&D and design direction of the server is also different. In terms of server architecture, it can be divided into two categories: one is a server based on x86 chip architecture, which can run Windows operating system and has good cost performance and compatibility; the other is servers based on non-x86 chip architecture, which have good security and stability performance.

Representative manufacturers of domestic Xinchuang servers include Inspur, Great Wall of China, Huawei, Lenovo and H3C.

• Inspur Group has three listed companies: Inspur Information, Inspur Software and Inspur Digital Enterprise. In 2018, Inspur integrated IBM’s China Power minicomputer business and successfully developed a new generation of domestic K1 key application host using POWER processors, realizing local R&D, production and after-sales service. In terms of information innovation, Inspur has also launched Yingzheng series servers based on domestic processors such as Haiguang (x86) and Feiteng (ARM), as well as Feiteng processor (ARM) Yingzheng series portable computers developed for party and government, finance, energy and other industries.
• The Great Wall of China is a sub-group of the computing industry under China Electronics, the main force in the construction of China’s “PKS” independent computing system and the new force of independent innovation in network information technology. Relying on the “PKS” independent computing system, the Great Wall of China has built a product lineage with complete independent intellectual property rights from chips, desktops, notebooks, servers, network switching equipment to application systems. Great Wall of China has developed a variety of security server product lines and commercial terminals based on Feiteng processors (ARMs), such as the SuperSky EF862 general-purpose server based on the high-performance Tengyun S2500 and the Great Wall TN140A2 portable computer based on the high-performance desktop server Tengrui D2000. In addition, Great Wall of China also develops Great Wall TN140C2 portable computers based on Zhaoxin processors (x86) for operators, education and other industries.
• In the field of computing, Huawei has developed TaiShan servers based on Kunpeng processors (ARM) for general computing and Atlas servers based on Ascend series processors (DaVinci) for AI computing. Among them, TaiShan servers are suitable for efficient acceleration of big data, distributed storage, native applications, high-performance computing, database and other applications, mainly to meet the needs of diverse computing and green computing in data centers, including high-performance, high-end and balanced types.
• Lenovo, as a global technology company with business in 180 markets, its core business consists of three major business groups: intelligent devices, intelligent infrastructure and industry solution services. Among them, in terms of intelligent infrastructure, Lenovo Kaitian Technology has developed localized servers since 2014 and has created a complete business system from full-stack design to full-stack experience. For example, Lenovo Kaitian KR722 series rack servers support Feiteng processors (ARM) and Mega Core processors (LoogArch), supporting various operating systems. In addition, Lenovo and Zhaoxin have also teamed up to launch the Kaitian N8 Pro Xinchuang high-performance portable computer based on the KX-7000 series.
• H3C, as a core enterprise of New Unigroup Group, has a full range of digital infrastructure capabilities such as computing, storage, network, 5G, security, and terminals. Among its UniServer family products, the H3C R4930 and R4950 are server products based on the Haiguang processor (x86). In addition, in the Desk series of H3C, the H3C X500Z G2 is a commercial desktop based on the LoogArch processor.

2. Basic software

Basic software, including operating systems, databases, cloud services, middleware, etc.

1) Operating system

As a connection between hardware and other basic software, the operating system is the basis for the operation of various information equipment and software applications.

The main domestic information and innovation operating systems are Galaxy Kirin, Winning Bid, Puhua, UnionTech, Zhongke Fangde, and ZTE New Fulcrum.

At present, domestic operating systems are mainly based on Linux kernel for secondary development.

There are two main types of Linux distributions, one is the RPM series (Red Hat Package Manager), including RHEL (Red Hat Enterprise Linux, enterprise commercial version, for servers), CentOS (free community version, for servers, compatible with RHEL), Fedora Linux (upstream community version, for desktop/server/Internet of Things), etc.

The other category is the DEB series (Debian), which includes Debian (community version, for servers), Ubuntu (based on Debian, for desktop/server/IoT), and Deepin (based on Debian, for desktop and server).

Among them, the domestic operating system Galaxy Kirin is based on Ubuntu, the winning Kirin is based on RHEL and Fedora Linux, PwC is based on Debian, UnionTech is based on Debian, Zhongke Fangde is based on CentOS, and ZTE New Fulcrum is based on CentOS.

• Galaxy Kirin and the winning Kirin operating system are both affiliated with Kirin Software. Kirin Software is a technology company under China Electronics (CEC), which was integrated by Tianjin Kirin and Winning Software in December 2019. Kirin Software takes secure and trustworthy operating system technology as the core, creates security innovative operating system products for general and special fields, and has formed a product line represented by desktop operating system, server operating system, intelligent connection operating system, industrial operating system, intelligent computing operating system products, etc., reaching the highest security level in China, fully supporting domestic mainstream CPUs such as Feiteng, Kunpeng, Loongson, etc., which has leading advantages in system security, stability and reliability, ease of use and overall performance, and has a leading edge in terms of system security, stability and reliability, ease of use and overall performance, and has provided for the party and government, Industry informatization and major national project construction provide secure and reliable operating system support. According to CCID Consulting statistics, Kirin Software’s operating system products have ranked first in China’s Linux market share for 13 consecutive years.
• The PwC operating system is part of PwC Basic Software. PwC is a technology company under China Electronics Technology (CETC), providing basic software platform solutions with operating systems as the core, including embedded operating systems, general-purpose operating systems and cloud operating systems. In addition, PwC also independently develops products such as PwC intelligent vehicle control operating system and PwC intelligent driving operating system in the field of automotive basic software, providing Chinese vehicle enterprises and Tier 1 suppliers with the design, development, configuration, integration, and testing of the whole life cycle tool chain, localized one-stop service and ecological support for automotive chips.
• The UnionTech operating system is affiliated with UnionTech Software. UnionTech Software was formerly known as the Deepin team established in 2004, which launched desktop operating systems, server operating systems, intelligent terminal operating systems, and cloud-native operating systems at the operating system product level. Among them, the desktop operating system is divided into three versions, namely the professional version for government and enterprise users (supporting domestic chips such as Haiguang, Zhaoxin, Feiteng, Kunpeng, Loongson and Shenwei), the education version for campus users and the community version (i.e., Deepin) for global users.
• The operating system of Zhongke Fangde is affiliated to Zhongke Fangde Software. In 2006, Zhongke Fangde Software was established as a legal entity of the “National Engineering Research Center for Basic Software” approved by the National Development and Reform Commission, and is a national key software enterprise. Zhongke Fangde’s products have two major product lines: server operating system and desktop operating system, of which Fangde desktop operating system is suitable for domestic CPUs such as Haiguang, Zhaoxin, Feiteng, Loongson, Shenwei, and Kunpeng.
• ZTE New Fulcrum operating system is affiliated with ZTE New Fulcrum Technology. ZTE New Fulcrum Technology was established in Guangzhou in 2004 and is a wholly-owned subsidiary of ZTE and the operating entity of the “Guangdong Linux Public Service Technical Support Center” established by the Guangdong Provincial Government. ZTE New Fulcrum’s products include two product lines: server operating system and desktop operating system, which are widely used in major telecom operators, large and medium-sized state-owned enterprises and e-government solutions at home and abroad, serving the underlying systems such as switching networks, core networks, backbone networks, smart cities, and video surveillance.

In order to further reduce dependence on foreign open source technology, master the core technology and development direction of the operating system, improve security and improve ecological construction, it is necessary to build its own open source community in China.

There are currently five open source communities for operating systems in China: deepin, openEuler, OpenAnolis, OpenCloudOS, and openKylin.

Taking “deep” as an example, according to Wang Yaohua, the head of the deep community, before 2009, deep was more inclined to community operation, based on Ubuntu for beautification, font configuration, and later began to lay out some localized applications, such as music players, video players, app stores, etc., which brought many users to the early development of deep.

Around 2011, Shenzhen began to lay out the desktop environment DDE and its underlying development framework. After 2015, Ubuntu was abandoned in favor of Debian-based R&D upstream communities (Debian’s repositories will never be deleted).

Subsequently, with the accumulation of community experience and development capabilities, the first Chinese desktop operating system root community was established based on Linux, Kernel, other open source projects and self-developed project components.

For the root community, Wang Yaohua said that it can not only help operating system manufacturers solve the problem of stuck necks, but also have better protection at the level of information security. At the security level, depth is based on the source code of the supplier on the chain to label and manage by category. On the basis of the source code, form a dependency tree identification mechanism, who relies on this component, whether this component has security vulnerabilities, and identify security vulnerabilities through the dependency tree relationship of different software to achieve systematic management.

For the adaptation of software and hardware, Wang Yaohua said that the deep community has done a series of cooperation mechanisms and standards in terms of firmware and drivers, so that the post-adaptation work can be migrated to the community to complete, driving upstream and downstream manufacturers to participate and develop and innovate according to unified standards. The direction of depth is to develop its own development kits for ecological manufacturers to use, and promote more developers to participate in the development of domestic open source operating systems.

In-depth examples cited sources:

“UnionTech Software Wang Yaohua: What has the root community brought to the breakthrough of domestic operating systems? 》

2) Database

A database (DB) is a warehouse that stores and manages data, which organizes, stores, and manages data according to a certain data model. A database management system (DBMS) is a software system designed for managing databases, managing the creation, access, operation, and maintenance of databases. According to the data storage method, databases can be divided into relational databases (tabular storage, columns) and non-relational databases (dataset storage, key-value pairs, files, etc.).

The main domestic databases in China include Wuhan Dameng, NTU GM, Electric Science and Technology Jincang (formerly Renmin University Jincang), China GM, HUAWEI CLOUD GaussDB, Alibaba Cloud OceanBase, Tencent Cloud TDSQL, etc.

1. Wuhan Dameng, founded in 2000, is a basic software enterprise under China Electronics (CEC), mainly used in dozens of fields such as party and government, finance, energy, aviation, and communications. According to reports released by CCID Consulting and IDC, from 2019 to 2023, the company’s product market share ranks among the top domestic database manufacturers in China’s database management system market. Dameng’s database products include relational databases (Dameng database management system DM8, etc.) and non-relational databases (Shutianmengtu database GDMBASE, Dameng new cloud document database DMDDM, etc.).
2. NTU General Motors, founded in 2004, is one of the few enterprises in China that focuses on the research and development of domestic database products, and has built a data product system and service solutions covering the entire life cycle of data management, including analytical, transactional, distributed transactional, cloud-native data warehouse and other full technology stacks. NTU GM’s database products include GBase 8a, a database cluster based on shared storage, and GBase 8c, a multi-modal and multi-state distributed database.
3. Founded in 1999, is a member of China Electric Technology (CETC) and the earliest domestic database enterprise with independent intellectual property rights. The V9 version of KES products has been certified by national authoritative institutions, and the core source code autonomy rate of the product has reached 100%.
4. Founded in 2008, China General Motors is a member enterprise of China Aerospace (CASC), and its core products mainly include MiTAC relational database, Shentong KStore massive data management system, Shentong business intelligence suite, etc., and its customers mainly cover government, telecommunications, energy, national defense and military industry.

The above four domestic databases have been established for more than 10 or 20 years, and belong to the first generation of domestic database pioneering and exploration enterprises in China, with a deep development background and product application. Of course, competition is changing, in addition to the four major domestic databases, there are also emerging domestic database companies and their products.

• At present, GaussDB not only retains the standard interface and public functions of PostgreSQL, but also open-sources the ability of centralized deployment in the self-developed ecosystem, architecture and key technologies, and reconstructs the storage engine and optimizer. In the government and enterprise field, GaussDB supports multiple solutions such as centralized data management, non-perceptual expansion of services, and real-time query. Taking the Shaanxi Provincial Department of Finance as an example, GaussDB has helped Shaanxi’s financial payment business improve the operation efficiency by 60%. The province’s unified data center supports 140+ financial divisions and more than 30,000 budget units, ensuring online concurrent operation of 20,000 users during peak periods, and secure payment of more than 100 billion yuan.
• Alibaba Cloud OceanBase is a distributed relational database independently developed by Ant Group and Alibaba, with cloud-native, strong consistency, and high compatibility with Oracle/MySQL. Taking the Shenzhen Provident Fund as an example, OceanBase helped the Shenzhen Provident Fund complete the country’s first intelligent distributed architecture transformation of the provident fund system, bringing a 20% reduction in storage resource maintenance costs, a 20% reduction in some counter business volumes, and an average TPS processing capacity of 500+.
• Tencent Cloud TDSQL is a high-performance enterprise-level database product created by Tencent, with strong consistency and high availability, high SQL compatibility, distributed horizontal scaling, complete transaction support, and enterprise-level security. Tencent Cloud’s dual-regulation operation solution supports one cloud and multiple cores, supports general X86 and localized resource mixing, and services can be operated in dual tracks and switched on demand.

3) Middleware

As the basic software between applications, databases, and operating systems, middleware provides basic support services and functions for various business applications, so as to solve common problems faced in the construction and use of medium and large platforms such as data circulation, application scheduling, and application integration in distributed environments, and can also simplify the development and deployment of business applications and enhance the reliability and security of business applications.

The main domestic middleware manufacturers in China include Dongfangtong, Baoland, Zhongchuang Middleware, Kingdee Tianyan, Puyuan Information, etc.

• Founded in 1992, Dongfangtong is a pioneer and leader in middleware in China, mainly serving more than 10,000 enterprise-level users in telecommunications, government, finance, energy, transportation and other industries, including basic middleware (server, message, distributed data cache, load balancing), data middleware (data integration, file transfer, API gateway, etc.), and cloud computing middleware (distributed messaging, transaction, high-speed transmission, etc.).
• Founded in 2008, in addition to being widely used in the three major telecom operators, its products include application server software, transaction middleware, message middleware, application performance management platform, intelligent operation and maintenance management platform, container cloud PaaS platform, data exchange, data integration and data visualization, etc.
• Founded in 2002, Zhongchuang Middleware, has been deeply involved in the middleware industry for 20 years, and its core products have the ability to replace the products of foreign mainstream middleware manufacturers on a large scale, mainly used in key industries such as government, military industry, and state-owned enterprises, and its products include application servers, workflows, enterprise service buses, messages, load balancing, distributed data caching and Paas platforms that integrate cloud computing.
• Kingdee Tianyan, founded in 2000, formerly known as “Kingdee Middleware Company”, middleware products are widely used in the national key process “two networks, one station, four libraries and twelve golds” and the first, second, third and fourth phases of information innovation, with a total of more than 100,000 party, government and enterprise customers, including application servers, distributed message queues, distributed caches, load balancing, full-text search, distributed configuration centers and middleware cloud platforms.
• Puyuan Information, founded in 2003, is a leader in full-stack middleware, and is the only professional manufacturer in China that can comprehensively benchmark the middleware product line of international manufacturers, and the product line integrity is the first in China, mainly used in key industries such as finance, government, military industry, energy, operators, and manufacturing, and its products include application servers, enterprise service buses, file transmission, message and data exchange platforms, etc.

With the popularization of cloud computing and distributed technology, middleware gradually extends from basic capabilities to middle office capabilities, and middleware capabilities are transformed into standard and reusable middle office services through modular adaptation and combination.

Taking the financial industry document center launched by Yongzhong Software as an example, the middle platform provides financial institutions with a document center for the whole life cycle management of documents of “production, storage, management and use” by docking with the internal OA, email system, printing control system, science and technology comprehensive management platform and credit system of financial institutions, which meets the functional requirements of the financial institution information system for online file preview, file format conversion, document capability processing, document online editing, and unified file management.

The Yongxian Chinese file middle office adopts a microservice architecture, modularizes functions such as document preview, editing, and conversion (relying on document processing middleware), supports the deployment mode of cloud services, and provides a complete secondary development interface, which is an industry-level middle office product solution.

3. Application software

Application software, including office software, financial software, management software, etc.

• Office software, representative manufacturers include but are not limited to Panwei, Lanling, Kingsoft Office, Yongzhong Software, etc. Taking Lanling’s Xinchuang OA product as an example, Lanling Xinchuang OA, as an Xinchuang application software, adapts to the basic software and hardware of domestic mainstream, covering chips, complete machines, operating systems, databases, middleware, browsers, streaming software, identity authentication, electronic signatures, security gateways, VPN devices, etc., and has various combinations of domestic environment tuning capabilities.
• Management software, which represents manufacturers, including but not limited to UFIDA, Kingdee, Fansoft, etc. Taking Yonyou’s Xinchuang cloud ERP product as an example, Yonyou U8 cloud product is designed based on the new enterprise Internet concept and provides government and enterprises with an overall cloud ERP solution integrating people, finance, goods and customer production, supply and marketing.

4. Information security

Information security, including terminal security, network security, data security, and security services.

• Terminal security mainly focuses on the security protection of localized terminal equipment (PC, server, etc.) and operating systems (Kirin, UnionTech UOS, etc.), and is usually equipped with a terminal security management (protection) system on the terminal. Domestic representative manufacturers include but are not limited to Qianxin, Sangfor Technology and 360 Digital Security.
• Network security mainly focuses on security protection at the network level, usually deploying firewalls, network intrusion detection systems, network intrusion prevention systems, security audit systems, traffic analysis systems, vulnerability scanning and other systems on terminals to deal with complex network threats by building a multi-layered defense system. Taking Qianxin’s Zero Trust Network Access (ZTNA) solution as an example, the solution covers identity, device, network, application, data and other dimensions, takes user identity as the cornerstone of security, and continuously optimizes access policies through dynamic access control mechanisms to effectively mitigate various access risks.

3. Government affairs

Government cloud is used to carry the business information system and data of government departments at all levels to carry out public services and social management, and to meet the needs of cross-departmental business collaboration, data sharing and exchange, and provide cloud computing services for IaaS, PaaS and SaaS services.

In 2021, the national “14th Five-Year Plan” pointed out that the national e-government network will be improved, the government cloud platform and data center system will be intensively built, and the government information system will be promoted to the cloud. With the construction and development of government cloud, government cloud has become the foundation for the development of digital government in various provinces and cities.

Taking the “Guangdong Province “Digital Government” Government Cloud Platform Construction Specification (Draft for Comments) as an example, the construction and services of the government cloud platform are analyzed in detail.

1. Service framework

The service framework of the Guangdong government cloud platform includes infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS) and cloud management platform.

1) IaaS layer

The infrastructure as a service layer provides government users with resource services such as computing, storage, and networking, service interfaces for accessing cloud infrastructure, and security services at the IaaS layer.

1. Compute resource services include but are not limited to virtual servers (ECS), physical servers (BMS, BMS, which carry some heavy loaded services), and image services (IMS, which can be selected as a running environment template for ECS instances).
2. Storage resource services include, but are not limited to, EVS (EVS, block storage service, independent of the VM lifecycle), object storage (OBS, object-based mass storage service), and file storage (FSS, which can be used for remote access and sharing of network files in different types of computers/operating systems/network architectures and transport protocol operating environments).
3. Network resource services include, but are not limited to, virtual private networks (VPCs, virtual private clouds that help users virtualize a private application running environment and security domain in the cloud), security group services (SGS, used to control access to virtual machines within and between groups), virtual firewalls (VFWs, virtualizing physical firewalls into multiple firewalls that are logically independent of each other), elastic load balancing (ELB), and elastic IP (EIP, static external IP addresses). , can access the virtual machine from Intenet).

In addition to the above three resource services, it also provides virtual data centers (VDC, virtual WYSIWYG data centers, which can set the resource usage of each VDC) and hardware hosting services (IDC, users have their own servers and place them in the high-standard computer room environment of the Internet data center, and access the Internet through high-speed data ports).

Among them, VDC can be reflected in the form of commissioning bureaus (articles) or regions (lines), such as each commission and office corresponding to a resource organization, and built-in multi-level VDC for different business departments or business project groups (cross-departmental) under each commission and bureau. Each department can set quotas that correspond to the department’s budget for resources. Each VDC has an administrator who is responsible for the users and resources of the VDC at the same level and below.

2) PaaS layer

The platform-as-a-service layer provides government users with software development and operation platform services running on top of the infrastructure layer, as well as security services at the PaaS layer.

• Database services are mainly relational databases, including but not limited to Redis, PostgreSQL, MySQL, and MongoDB.
• Middleware services include distributed service frameworks, API gateways, and message middleware.
• Big Data Suite services include data access, ETL cleaning, and data export.
• Container services are mainly Docker.

In addition to the above services, there are many application support services (identity authentication, approval platform, payment services, electronic license services, etc.).

3) SaaS layer

The software-as-a-service layer provides government users with applications running on cloud infrastructure and security services at the SaaS layer.

The SaaS layer mainly provides public application services, including but not limited to fingertip livelihood services (mini programs, official accounts and management backgrounds), unified instant messaging tools, collaborative office platforms, intelligent image services, intelligent customer service, national secret encryption services and other services.

4) Cloud management platform

The cloud management platform includes the service portal and the O&M portal.

• Service portal: Provide a unified access entrance to government management, business users, and the general public. The use and operation of the province’s government cloud platform are uniformly presented.
• O&M portal: Provide platform services for O&M and operation to government management, business users, O&M operators, etc., and provide accurate platform O&M data for government cloud platform management units to support them in various O&M and performance indicator assessments.

2. Technical architecture

1) IaaS layer

The IaaS layer of the government cloud platform is mainly composed of hardware facilities and resource pools. It consists of service layers and management layers.

Hardware facilities are the foundation, mainly preparing hardware equipment such as servers, storage, and networks, and then integrating hardware devices into various resource pools (computing resource pools, storage resource pools, network resource pools, etc.) through the resource pool layer, and then encapsulating various resources in the resource pool through the service layer to realize the functions of cloud resource service discovery, routing, orchestration, computing, and access, and finally through the management platform of the management layer, the transformation from resources to services (VDC management, tenant management, service catalog, service console, performance management, etc.) is displayed.

2) PaaS layer

For example, database services include relational, distributed, and non-relational services, and public support platforms include basic platforms, business services, and basic services, and different services are managed and used according to different requirements and scenarios.

3) SaaS layer

The services of the SaaS layer of the government cloud platform are not hierarchical, and provide on-demand software services for all units in the city according to different user groups and business scenarios to avoid duplicate construction.

3. Business partitioning

Guangdong’s “Digital Government” government cloud as a whole is divided into a government extranet area (carrying government extranet business, including the professional business of various commissions and bureaus, which can only be accessed through the government extranet) and the Internet (carrying the business system resource area of government affairs directly facing public users, which can be accessed through the Internet), and the two business areas build a separate physical resource pool (there is a separate exchange area for data exchange between the two zones, and data cleaning and desensitization are processed through the data exchange platform), and the physical network is isolated from each other (firewall/ Security isolation gate), each area should be divided into at least a production area (officially launched), a test area (development and testing) and a hosting area (special requirements).

The above is an example of the guidance and specification for the construction of Guangdong provincial government cloud platform.

Then, in addition to formulating technical specifications, local government departments will also formulate management methods for government cloud from the business management level.

Taking the “Interim Measures for the Management of Shanghai Municipal Affairs Cloud” as an example, the scope of application of the measures covers the construction, use, operation and maintenance, security assurance and efficiency evaluation of Shanghai Municipal Affairs Cloud.

In short:

• At the level of division of responsibilities, the General Office of the Municipal Government is the competent department of government cloud (overall planning), the Municipal Commission of Economy and Information Technology and the General Office are jointly responsible for the overall design, the Municipal Commission of Economy and Information Technology and the financial department conduct budget review and supervision and inspection, and the municipal and district financial departments do a good job in financial security; The municipal big data center specifically implements the construction of government cloud, operation and maintenance management, operation and maintenance and security guarantees.
• At the level of service scope, party and government organs and public institutions should apply government cloud resources to non-confidential information systems that have or are newly built at level 3 or below.
• At the capacity building level, compile a cloud service catalog, which includes the name of the service item, service content, pricing unit, and unit price.
• At the resource management level, the user unit should first report to the competent department of economic and information technology to review the quota when applying for project approval. After the project is completed, apply for test resources from the government cloud operation management unit; If the project verification is passed, the government cloud operation management unit will officially open the relevant government cloud resources; At the same time, in order to meet the needs of some short-term use scenarios, development resources, emergency resources and temporary resources are set up. If the project has not yet been established but it is really necessary to use government cloud resources, you can apply to use temporary resources.

In summary, before applying to use resources, users should reasonably assess the project resource requirements (relevant evaluation indicators), install and deploy cloud resource usage monitoring software as required, regularly inspect resources and optimize the use of resources. The usage cost of the government cloud is calculated in accordance with the principle of “use first and pay later, settlement according to the facts”, combined with the unit price, usage and performance evaluation results.

4. Cloud migration

The “14th Five-Year Plan” mentions that the national e-government network will be improved, the government cloud platform and data center system will be intensively built, and the cloud migration of government information systems will be promoted.

1. Migration background

In the process of government project management, according to the policy requirements of superiors and the needs of information construction planning, the construction unit needs to cooperate with the business unit to complete the cloud migration task requirements of business applications.

2. Migration Goals

In the context, government cloud migration needs to take into account business continuity and security, integrate the scattered business systems of each business unit, and ensure that the original business system services of each business unit are not affected and historical data is not lost during the migration process.

3. Migration plan

After determining the migration goals, it is necessary to carry out comprehensive research and analysis of the current situation, and sort out and analyze the migration plan.

Due to the greater or lesser differences in construction time and technical framework between different systems, it is necessary to conduct thorough research on different business systems to ensure the success of the migration.

The scope of the research includes but is not limited to the application level (system version, scope of use, service peak, etc.), network architecture (domain name configuration, internal and external network IP, mapping relationship, gateway requirements, etc.), server resources (virtual machine configuration, data volume, operating system, etc.), storage situation (storage type, form, scale, etc.), database environment (database specifications, quantity, middleware, etc.), software architecture (development framework, backup software, etc.), security requirements (level of protection, server security configuration, etc.), System documentation (database design, operation manual, architecture diagram, etc.).

After the investigation and sorting are completed, it is necessary to evaluate the potential difficulties or risk points of migration (inter-system communication), such as large migration scope, many systems, many data, and coordination, and evaluate the risk of single system migration (easy first and then difficult) or centralized system migration (overall planning) according to the actual situation, and design the migration plan based on this.

4. Migration implementation

The construction unit organizes and implements the relocation work in stages and steps in accordance with the relocation plan deliberated and approved by the meeting to ensure that the implementation process is standardized and orderly.

1) Resource application

Request server resources and select a reasonable deployment area according to the network access environment requirements of the business system. If it involves internal business (OA approval, supervision, etc.), the e-government extranet area can be selected, and if it involves online services provided to the public (portal network, government network, etc.), the Internet area can be selected.

Apply for a database instance and select database resources based on the amount of data and complexity of the business logic.

Request a file storage resource and select the storage resource according to the file type and performance requirements of the business system.

In addition to the above resources, you can also apply for other public platform service resources, such as identity authentication, electronic signatures, SMS services, etc.

2) Account allocation

Prepare user accounts with supporting environments, apply for minimum necessary permissions according to job responsibilities, and establish account security mechanisms (two-factor authentication, regular password change policy login) to facilitate the use of relevant personnel.

3) Application upgrades

During the migration process, if the original application system has business optimization requirements, you can choose to optimize or even refactor (establish a ledger) together. The optimized and refactored business system functions need to be fully tested and verified to retain the rollback ability of the source system.

4) Data migration

Before implementing data migration, data backup and cleaning (if necessary) are required to ensure that new and old data are not lost or distorted throughout the migration process.

5) System deployment

Adopt a hierarchical deployment strategy to test and verify the basic functions of the test environment, deploy the stable system version to the pre-production environment of the government cloud, and then conduct sufficient business scenario verification (including functions within the system and integration between systems, etc.), and finally complete the security evaluation and classified assurance test.

6) Online release

Prepare online materials (test reports, plans, etc.), organize online review meetings, submit online release applications after the meeting is passed, and officially release online after the application is approved. Before the release, it is also necessary to do a good job of notification and training before the launch, and be prepared for the rollback of the launch failure.

The above is a typical process of government cloud migration, which is a complex and endurance test, with long cycles, many links, and heavy coordination, and needs to be prepared for endurance battles (overall planning, distribution and implementation).