Abstract: This is the second article in a series of articles on active safety network architecture. Traditional network mainly considers information and communication while it has little consideration of network security, which leads to the security protection of network applications having to be added to the network architecture by other security technologies and products to make up for the initial security flaws. However, these additional security measures lack integrity and coordination. As a result, the security protection is half of the effort and many important security issues still cannot be resolved. The four components of the active security network architecture cooperate with each other to provide overall and integrated network security capabilities, bringing a variety of new security features such as unified network access boundaries, identity authentication access, dynamic policy deployment, security capability integration, and unified management and control by the management center to the network. And it provides methods and capabilities to solve security problems from different perspectives, which can effectively solve problems that cannot be solved by traditional network security protection and realize network endogenous security, unified management and control, and coordinated defense.

Key words: endogenous security, active security, boundary control, control center, cooperative defense

摘要： 这是主动安全网络架构系列文章的第2篇.由于传统网络主要考虑信息通信而对网络安全考虑甚少，导致网络应用的安全防护不得不由其他的安全技术和产品附加在网络架构上，来弥补之初的安全缺陷.但附加的这些安全措施缺乏整体性和协同性，安全防护事倍功半，很多重要安全问题仍然无法解决.主动安全网络架构4大部件相互配合，可提供全局的、整体的、网络安全一体化的安全能力，给网络带来统一网络接入边界、身份认证准入、策略动态部署、管理中心统一管控、安全能力集成等多种安全新特性，提供了从不同的角度解决安全问题的方法和能力，可有效解决传统网络安全防护解决不了的问题，实现网络内生安全、统一管控、协同防御.

关键词: 内生安全, 主动安全, 边界管控, 管理中心, 协同防御