CN102347959B - Resource access system and method based on identity and session - Google Patents

Resource access system and method based on identity and session Download PDF

Info

Publication number
CN102347959B
CN102347959B CN201110369727.3A CN201110369727A CN102347959B CN 102347959 B CN102347959 B CN 102347959B CN 201110369727 A CN201110369727 A CN 201110369727A CN 102347959 B CN102347959 B CN 102347959B
Authority
CN
China
Prior art keywords
session
identity
resource
manager
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110369727.3A
Other languages
Chinese (zh)
Other versions
CN102347959A (en
Inventor
汤传斌
熊丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Transoft Network Sci-Tech (shanghai) Co Ltd
Original Assignee
Transoft Network Sci-Tech (shanghai) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Transoft Network Sci-Tech (shanghai) Co Ltd filed Critical Transoft Network Sci-Tech (shanghai) Co Ltd
Priority to CN201110369727.3A priority Critical patent/CN102347959B/en
Publication of CN102347959A publication Critical patent/CN102347959A/en
Priority to PCT/CN2012/084810 priority patent/WO2013071890A1/en
Application granted granted Critical
Publication of CN102347959B publication Critical patent/CN102347959B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/61Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio
    • H04L65/613Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for the control of the source by the destination
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Hardware Redundancy (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a resource access system and method based on identity and session. The system comprises a client, a session management center, a resource center and an identity manager. The client sends a service request and defines resource information required by implementing the service request. The session management center receives the service request, creates a streaming session according to the service request and creating a control session according the streaming session, negotiates the resource required by the streaming session with the service provider required by the session control, and routes the request to the resource center. The resource center comprises an entity server, a network and a storage; the resource center receives the service request and manages the operation of request; the virtual machine on the entity server operates the service request and feeds the operation result back to the client. The identity manager manages the identity information of objects, such as the resource, the service provider, the session, the application and the like, and also manages the life cycle of the identity information.

Description

Resource access system and method based on identity and session
Technical field
The present invention relates to computer system application field, more particularly, relate to and comprise multiple servers, network, the system scene of storage, proposes a kind of resource access system based on identity and session.
Background technology
The service operation that how to utilize data center's resource to support enterprise is the matter of utmost importance that data center's management is considered.Especially make rapid progress in technical development, in the situation that application model emerges in an endless stream, the various device of data center, comprises server, storage, the equipment such as network are bought more and more, present blast trend, the planning mode of a business a set of equipment, has formed numerous equipment isolated islands, these equipment are seldom fully used, have caused the serious waste of resource; On the other hand, MRP and service operation are separated, MRP is in the mode of off-line (off-line), service operation is in the mode of online (on-line), constantly can not shared resource between business, traditional manual mode also makes the deployment cycle of business elongated, affects the efficiency of enterprise.Now, how effectively to provide resource provisioning business, realize resource share, dynamically supply with and the automation of operation flow just seems particularly important.At this moment just need powerful, to grow with each passing hour management method and a system, reply " new problem " better, to data center in addition effectively, comprehensively management.
Current, the virtual indispensable one of data center that almost becomes is applied, and increasing user starts data center to transfer in virtualized environment.Show according to the up-to-date research of authoritative institution, 90% enterprise has implemented Intel Virtualization Technology to a certain extent.This has brought new proposition also to data center's management tool.How to design effective resource provision method and system in the epoch of virtual " propagating its belief on a large scale ", keep and promote the usefulness of data center's management?
In the time dynamically supplying with data center's resource as required, quality of service guarantee is to need the matter of utmost importance that solves, the processing of concurrency request, and resource multiplexing, the multiplexing of service is the key of raising efficiency, this just need to use identity and session management.For these problems, there are many solutions to be suggested, specially the patent No. is US 7,860,975, the United States Patent (USP) that is entitled as " System and method for secu re sticky routing of requests within a server farm " has proposed a kind of upstream equipment adopting in server farm, as load equalizer or router, carrys out the method for route requests to server.The session (session) that wherein server adopts a kind of safe and unique ID or how definite request of obtaining processes those requests by the network address of server farm route from request.The method can solve the problem of the server that routes requests to data center, but does not solve the problem by controlling session aspect route requests, does not also have the access that relates to virtual resource.The patent No. is US 7,930,734, the United States Patent (USP) that is entitled as " Method and system for creating and tracking network session " has proposed a kind of method of establishment and tracking network session, the identity information authenticating by collection, network address information, and network addressing information, and bind these information in the central database of session manager, form the conversation recording of a reaction customer access network, for detecting in real time the abnormal generations such as invasion.The method is also the communication aspect of BlueDrama, does not have the control plane of relating to.The patent No. is US 7,953,918, the United States Patent (USP) that is entitled as " Service Bus linking method and service bus for linking plurality of service buses together " has proposed a kind of service bus link method and a kind of method that a large amount of service bus is linked together.The method is used node identity symbol mark service bus, the position of identity symbol and service bus is joined in bus node form, and upgrade form.The method is intended to solve the Identity Management of service bus itself, and does not have the Identity Management of resource mentioned (various software and hardware resources) and application program.Also have some telecommunications companies that control session is separated with the words that fail to be convened for lack of a quorum, but its protocol stack only include the communication resource, relates to computational resource, even virtual computational resource.
Summary of the invention
The present invention is directed to these problems, especially under the network example environment of data center, the thought that ISP in conventional telecommunications is separated with resource provider is incorporated into the access of enterprise data center's resource, realize load and control separating of session, and adopting identity management method to manage the identity of these resources.
Technical scheme of the present invention is: the present invention has disclosed a kind of resource access system based on identity and session, comprising:
Client, client sends service request and the needed resource information of this service request is carried out in definition;
Session management center, receive the service request that described client is sent, create to fail to be convened for lack of a quorum according to this service request and talk about and according to stream conversation establishing control session, consult to fail to be convened for lack of a quorum and talk about required resource and the required ISP of control session, and route requests to resource center;
Resource center, comprise property server, network and memory, in described property server, move one or more empty machines, resource center receives described service request, and the operation of management request, described empty machine move described service request and by the result feedback of operation to client;
Identity manager, with session administrative center and resource center's communication connection, the identity information of the object of identity manager management resource, ISP, session, application, identity manager is also managed the life cycle of described identity information.
According to an embodiment of the resource access system based on identity and session of the present invention, described session management center comprises:
Stream session manager, receives the service request that described client sends, and creates to fail to be convened for lack of a quorum talk about and consult to fail to be convened for lack of a quorum the required resource of words according to this service request, and stream session manager forwards described service request;
Proxy server, with the communication connection of stream session manager, proxy server receives the service request being forwarded by stream session manager and keeps connecting, and proxy server obtains the frame stream conversation information that stream session manager creates, and proxy server is dispatched concurrent service request;
Control session manager, be connected with proxy server communication, obtain frame stream conversation information and create and control session and consult to control the required ISP of session according to frame stream conversation information from proxy server, control session manager and forward described service request;
Service bus, is connected to described control session manager, and is connected with multiple ISPs, transmits request and control session identity information between ISP;
Conversation database is preserved service request and is sent to the empty machine operation of resource center and the result of operation from client and feeds back to the words that fail to be convened for lack of a quorum, control session and the user session information the process of client from resource center.
According to an embodiment of the resource access system based on identity and session of the present invention, described stream session manager comprises:
The words that fail to be convened for lack of a quorum maker, for the service request that receives creates the life cycle of fail to be convened for lack of a quorum words management flow session, the words that the fail to be convened for lack of a quorum maker needed resource of words of also consulting to fail to be convened for lack of a quorum;
Stream signaling plane, with the words maker communication connection that fails to be convened for lack of a quorum, is formed by the communication protocol stack between the resource participating in stream conversation procedure, separates physical resource and dynamic resource in described resource.
According to an embodiment of the resource access system based on identity and session of the present invention, described stream signaling plane comprises:
I/O link circuit resource, the protocol stack that local network port resource and computational resource form, wherein computational resource protocol stack comprises local physical computing work stack, empty machine manager, local logical calculated work stack.
According to an embodiment of the resource access system based on identity and session of the present invention, described proxy server comprises:
Application container, preserves the solicited message relevant to described service request, comprises IP address, port numbers, agreement.
According to an embodiment of the resource access system based on identity and session of the present invention, described control session manager comprises:
Conversation controller, according to the life cycle of described stream conversation establishing control session management control session, conversation controller also consults to carry out the needed ISP of this control session;
Control signal plane, is formed by the communication protocol stack of controlling between the ISP who participates in conversation procedure, and control signal plane separates ISP with resource provider.
According to an embodiment of the resource access system based on identity and session of the present invention, described property server comprises server resource management device, hardware structure, empty machine manager and several empty machine, the operation of described server resource management management service request on empty machine, empty machine described in empty machine manager administration;
Described network packet includes network explorer, network resource manager network resource administration also carries out networking to the empty machine in property server;
Described memory comprises SRM device, SRM management storage resources.
According to an embodiment of the resource access system based on identity and session of the present invention, described identity manager comprises:
Handle solving system, solves the relation between position and the each object that service request relates to of determining resource by tree structure and graphic structure;
Maker, for resource and the ISP of each definition generate unique identity information, for each session, application generate identity information;
Register, for each object is registered to identity manager, it is that object generates identity that Register calls maker;
Identity store, stores the identity information of various objects, comprises session, ISP, resource, application.
The present invention has also disclosed a kind of resource access method based on identity and session, and described method comprises:
A upstream flow session manager receives the resource request of client;
This stream session manager is that request creates one for consulting to carry out the words that fail to be convened for lack of a quorum of client's load resource requirement, and request and frame stream conversation information are sent to upstream agent server;
This proxy server is acted on behalf of multiple requests as transfer, and request and frame stream conversation information are mail to upstream control session manager;
This control session manager be this request generate one with above-mentioned fail to be convened for lack of a quorum talk about be associated for consulting the ISP's who controls service request control session;
Control session manager and upstream service bus mutual, service bus is connected with multiple ISPs, request and control session identity information exchange are crossed service bus and are transmitted between multiple ISPs, and route requests to the property server at downstream sources center by ISP;
In property server, have one or more empty machines, the operation of resource management management request on empty machine, empty machine operation described request and by the result feedback of operation to client.
According to an embodiment of the resource access method based on identity and session of the present invention, described method further comprises:
Stream session manager creates the words that fail to be convened for lack of a quorum, and accesses identity manager, obtains stream session identity;
Proxy server creates virtual application, and accesses identity manager, solves service by relation, obtains the virtual application identity being associated with above-mentioned stream session identity;
Control session manager and create the control session being associated with the words that fail to be convened for lack of a quorum, accesses identity manager, solves service by relation, obtains the control session identity being associated with above-mentioned stream session identity.
Explorer accesses identity manager, obtains unique identity of resource, and can be solved service and found according to unique identity of resource the position of resource by address.
According to an embodiment of the resource access method based on identity and session of the present invention, described method further comprises:
Proxy server receives after the request and frame stream conversation information of stream conversation controller transmission, continues to keep the TCP/UDP between stream conversation controller to be connected;
After on the empty machine of request in the property server of resource center, operation is got up, the TCP/UDP disconnecting between proxy server and stream conversation controller is connected, and directly operation result is returned to client by being redirected.
According to an embodiment of the resource access method based on identity and session of the present invention, described method further comprises:
Stream session manager creates the words that fail to be convened for lack of a quorum, and generates stream signaling plane, separates physical resource and dynamic resource demand, and controls the logic core net generating as required.
According to an embodiment of the resource access method based on identity and session of the present invention, described method further comprises:
Control session manager and create control session, generate and control session plane, need to carry out any dynamic combined to ISP according to request, generate multiple ISP's planes.
According to an embodiment of the resource access method based on identity and session of the present invention, described method further comprises:
Use bridge joint to set up the identity corresponding relation of empty machine and the various virtual resources on it.
According to an embodiment of the resource access method based on identity and session of the present invention, described method further comprises:
For empty machine arranges two identity, one is empty machine self, and another is to quote identity, points to assembly above, sets up the identity corresponding relation of empty machine and inter-module.
Resource access system based on identity and session of the present invention can be under the network example environment of data center, the thought that ISP in conventional telecommunications is separated with resource provider is incorporated in the access of enterprise data center's resource, realize load and control separating of session, and adopting identity management method to manage the identity of these resources.
Brief description of the drawings
The above and other feature of the present invention, character and advantage are by more obvious by what become below in conjunction with the description of drawings and Examples, and identical Reference numeral represents identical feature all the time in the accompanying drawings, wherein:
Fig. 1 is the structured flowchart of the resource access system based on identity and session according to an embodiment of the invention.
Fig. 2 is the general flow chart of the course of work of the resource access system based on identity and session according to an embodiment of the invention, describes and sends application request from user, moves the whole process of returning to client to application example.
Fig. 3 is the words plane graph that fails to be convened for lack of a quorum in the resource access system based on identity and session according to an embodiment of the invention, has embodied the communication resource and computational resource protocol stack that client's load need to pass through.
Fig. 4 be in the resource access system based on identity and session according to an embodiment of the invention proxy server with control the mutual of session management, and control the block diagram of session manager.
Fig. 5 is proxy server and the mutual flow chart of controlling session management in the resource access system based on identity and session according to an embodiment of the invention.
Fig. 6 is the part storage organization of the conversation database of store session relation in the resource access system based on identity and session according to an embodiment of the invention.
Fig. 7 is the structured flowchart of identity manager in the resource access system based on identity and session according to an embodiment of the invention.
Fig. 8 is that the relation in the identity manager of Fig. 7 solves service and implement the description block diagram of (Relationship Resolution Service Implementation).
Fig. 9 is the relation statement figure of the address resolution (Address Resolution) in the identity manager in Fig. 7.
Figure 10 is the flow chart that uses identity manager in the resource access system based on identity and session according to an embodiment of the invention.
Embodiment
Fig. 1 is the structured flowchart of the resource access system based on identity and session according to an embodiment of the invention.Shown in figure 1, the present invention has disclosed a kind of resource access system based on identity and session, comprising: client 11, session management center 12, resource center 14, identity manager 13.
Client 11 sends service request and the needed resource information of this service request is carried out in definition.
Session management center 12 receives the service request that client 11 is sent, and in the present invention, service request also can be referred to as application request.Session management center 12 creates according to this service request the words according to stream conversation establishing control session of failing to be convened for lack of a quorum, session management center 12 consult the to fail to be convened for lack of a quorum required resource of words and control the required ISP of session, and route requests to resource center.
Resource center 14 comprises property server, network and memory, moves one or more empty machines in property server.Resource center 14 receives service request, and the operation of management request, empty machine operation service request and by the result feedback of operation to client 11.
Identity manager 13 and session administrative center and resource center's communication connection, the identity information of the objects such as identity manager 13 management resources, ISP, session, application, identity manager 13 is also managed the life cycle of identity information.
Shown in figure 1, session management center 12 comprises: stream session manager 121, proxy server 122, control session manager 123 and and conversation database 125.Stream session manager 121 is managed real-time BlueDrama, and stream session manager 121 receives the service request that client 11 sends, and creates to fail to be convened for lack of a quorum talk about and consult to fail to be convened for lack of a quorum the required resource of words according to this service request, and stream session manager 121 forwards service request.In the embodiment shown in fig. 1, stream session manager 121 comprises fail to be convened for lack of a quorum words maker 1211 and stream signaling plane 1212.The words that fail to be convened for lack of a quorum maker 1211 creates the life cycle of fail to be convened for lack of a quorum words management flow session for the service request receiving, and the words that fail to be convened for lack of a quorum maker 1211 is also consulted to fail to be convened for lack of a quorum and talked about needed resource, the i.e. required resource of run user load.Stream signaling plane 1212 communicates to connect with the words maker 1211 that fails to be convened for lack of a quorum, and forms physical resource and the dynamic resource in stream signaling plane 1212 separate resources by the communication protocol stack between the resource participating in stream conversation procedure.Proxy server 122 communicates to connect with stream session manager 121, proxy server 122 is go-between or the brokers between user and resource, proxy server can be identified user's request, proxy server 122 receives the service request being forwarded by stream session manager 121 and keeps connecting, proxy server 122 obtains the frame stream conversation information that stream session manager creates, and proxy server 122 is dispatched concurrent service request.In the embodiment shown in fig. 1, proxy server 122 comprises application container 1221, and application container 1221 is preserved the solicited message relevant to service request, comprises IP address, port numbers, agreement.Controlling session manager 123 communicates to connect with proxy server 122, control session manager 123 and obtain frame stream conversation information and create corresponding control session and consult to control the required ISP of session from proxy server 122, control the ISP of user's request.Control session manager 123 and forward service request.In the embodiment shown in fig. 1, control session manager 123 and comprise conversation controller 1231 and control signal plane 1232.Conversation controller 1231 is controlled the life cycle of session according to the control session of stream conversation establishing management, conversation controller 1231 also consults to control the needed ISP of session.Control signal plane 1232 is formed by the communication protocol stack of controlling between the ISP who participates in conversation procedure, and control signal plane 1232 separates ISP with resource provider.Service bus 124 is connected to controls session manager 123, and service bus 124 is realized by middleware architecture, and service bus comprises event-driven and message engine, and is connected with multiple ISPs.Conversation database is preserved service request and is sent to the empty machine operation of resource center and the result of operation from client and feeds back to the words that fail to be convened for lack of a quorum, control session and the user session information the process of client from resource center.Conversation database 125 is preserved service request and is sent to the empty machine operation of resource center 14 and the result of operation from client 11 and feeds back to the words that fail to be convened for lack of a quorum, control session and the user session information the process of client 11 from resource center 14.Conversation database 125 may operate on one or more servers.
Continue with reference to figure 1, the property server 141 in resource center 14 comprises server resource management device 1411, hardware structure 1412, empty machine manager 1413 and several empty machine 1414.1411 operations of management service request on empty machine of server resource management device, empty machine manager 1413 is managed empty machine 1414.Network 142 comprises network resource manager 1421, and network resource manager 1421 network resource administrations also carry out networking to the empty machine 1414 in property server 141.Memory 143 comprises SRM device 1431, and SRM device 1431 managing memory sources also provide stores service for various information such as empty machine image.
Shown in figure 1, identity manager 13 comprises handle solving system 131, maker 132, Register 133 and identity store 134.Handle solving system 131 solves the relation between position and the each object that service request relates to of determining resource by tree structure and graphic structure.Resource and ISP that maker 132 is each definition generate unique identity information, and maker 132 is also each real-time session, and application generates identity information.Register 133 is registered to identity manager for object, and it is that object generates identity that Register calls maker.Identity store 134 is stored the identity information of various objects, comprises session, ISP, resource, application etc.
Continue with reference to shown in figure 1, should the resource access system based on identity and session move as follows: client 11 can be user, and client 11 is sent a service request, and such as request creates lamp, and definition creates the required resource information of lamp.Service request first arrives the stream session manager (streaming session manager) 121 in session management center 12, session maker (session creator) 1211 in stream session manager 121 is the words (session) that fail to be convened for lack of a quorum of this service request establishment, consult to carry out the required resource of user's load, and the life cycle of managing conversation.Communication protocol stack between the resource participating in stream conversation procedure forms stream signaling plane 1212, can separate physical resource and dynamic resource demand, controls the logic core net generating as required.The stream session manager 121 here can be four to seven layer switch or application delivery controller, can be specifically the equipment such as F5 LTM, Cisco ACE.Stream session manager 12 transfers a request to proxy server (broker) 122 by TCP/UDP agreement, and keeps this TCP/UDP to connect.Proxy server 122 is go-between or the brokers between user and resource, receive customer-oriented application request, user's solicited message is comprised to IP, port, the information such as protocol are deposited in application container 1221, proxy server 122 to concurrency request dispatch.Proxy server 122 then mails to request to control session manager (controlling session manager) 123, controls session manager 123 and is made up of conversation controller 1231 and control signal plane 1232.Conversation controller 1231, according to the relevant control session of stream conversation establishing, is consulted to control the required ISP of session, controls the ISP of user's request, and the life cycle of managing conversation.Control the communication protocol stack formation control signaling plane 1232 between the ISP who participates in conversation procedure, ISP can be separated with resource provider, any dynamic combined of ISP is provided as required.Control session manager 123 and be connected with service bus 124, service bus 124 is by middleware architecture technology realization, by event-driven and message engine, and the structure of the software architecture providing for Enterprise SOA.In the present invention, each ISP is connected with service bus 124, and user's request and session identity are propagated between ISP by service bus.By ISP's processing (process) and certain strategy, finally route requests to the server 141 in resource center 14, for the intermediation of proxy server 122 above, property server 141 is hardware devices of final operation request.In each property server 141, there are hardware structure 1412, empty machine manager 1413 and several empty machine 1414, also have server resource management device 1411.Network resource manager 1421 network resource administrations and the networking to empty machine in network 142, SRM device 1431 managing memory sources in memory 143.Service request is finally by operation on the several empty machine 1414 of server resource management device 1411 in property server 141, and the operation of an empty machine example need to be used Internet resources and storage resources simultaneously.After service request is moved, result is directly turned back to client 11, this is the transmitting procedure of load, and the TCP/UDP simultaneously breaking between stream session manager 12 and proxy server (broker) 122 is connected, and control signal process finishes.The words that fail to be convened for lack of a quorum, control session, and the information such as user conversation are all stored in conversation database 125, and the data in conversation database 125 can exist in internal memory or on disk.Session manager and identity manager are alternately to obtain the identity of session and information relevant session is stored in conversation database.Identity manager 13 is managed the life cycle of identity information (ID), it is the generation of identity information, maintain, delete, identity manager 13 is by handle solving system (handle resolution system) 131, maker (Generator) 132, Register (Registry) 133, identity store (Store) 134 compositions, handle solving system 131 is cores of identity manager 13, mainly solves position and the application relation of resource by tree structure and graphic structure.Register 133 management resources are registered to identity manager 13, and the object that maker 132 is each definition according to certain rule generates identity symbol.Identity store 134 is the data storage centers in identity manager 13, and the identity information of the objects such as storage resources, ISP, session, application, solves information, the information such as configuration service.In one or more preferred embodiments of the present invention, in the time that the request of arrival host resource manager 1411 is start VM (starting empty machine), host resource manager 1411 need to obtain the URL of empty machine from identity manager 13.Empty machine mirror image leaves in storage (shared storage) 143, in the time that request is create Vm (creating empty machine), need to be from storing the URL that obtains empty machine template 143, to use the SRM device 1431 in storage 143 here.
Fig. 2 is the general flow chart of the course of work of the resource access system based on identity and session according to an embodiment of the invention, describes and sends application request from user, moves the whole process of returning to client to application example.Concrete steps are as follows:
Step 201, user sends application request (user asks application, comprises IP, port, protocol etc.), and the application request is here service request,, such as creating a lamp, request resource;
Step 202, judges that whether user is by Certificate Authority, if pass through, request transfers to 203, otherwise request transfers to 201;
Step 203, request arrives stream session manager, stream session manager is a request session of generation (session), accesses identity manager, obtain a stream session identity (streaming session ID), stream session identity is deposited in a record of the words form that fails to be convened for lack of a quorum;
Step 204, stream session manager will be asked and flow session identity (streaming session ID) and will be transferred to the proxy server as virtual server (fake server), and keep TCP/UDP to connect, the object that keeps this connection is for request being transferred to control signal process, realize effective control of request, route, and quality of service guarantee etc., about proxy server, can regard go-between or broker between user and resource as, proxy server can be identified user's request, and request is transferred to treatment system below, will in Fig. 4, describe in detail,
Step 205, proxy server accesses identity manager, solve service by relation, obtain the virtual application identity being associated with above-mentioned stream session identity, to ask and flow simultaneously session identity (streaming session ID) and send to control session manager, here whole system is regarded as to an application program of the request of execution, request is regarded as to the application request (APP) that user sends to application program, request is sent by user, while arriving proxy server, application request is now the user oriented application of user profile, also be referred to as virtual application request,
Step 206, controlling session manager is that request creates a relevant control session (controlling session) according to the words that fail to be convened for lack of a quorum, and accesses identity manager, solve service by relation, obtain the control session identity (Controlling session ID) relevant to stream session identity;
Step 207, control session manager and call service bus, service bus is converted into application program by the multiple ISPs that are attached thereto by virtual applications, control request trend, control session and transmit between ISP by service bus, route requests in the property server of resource center simultaneously;
Step 208, the execution of the resource management management application request on server, is obtained and is carried out the required resource of application request by accesses identity manager;
Step 209, judges whether resource is ready to, if resource all set, is transferred to step 211, otherwise is transferred to step 210;
Step 210, waits for, until resource all set;
Step 211, carries out request, generates an application example (APP INSTANT);
Step 212, the payload of the words manager administration operation that fails to be convened for lack of a quorum, and disconnection and proxy server is being connected with TCP/UDP of this request foundation;
Step 213, the result that request is carried out directly returns to client by being redirected (redirect), after conversation end, discharges associated resource information.
Fig. 3 is the words plane graph that fails to be convened for lack of a quorum in the resource access system based on identity and session according to an embodiment of the invention, has embodied the communication resource and computational resource protocol stack that client's load need to pass through.Fail to be convened for lack of a quorum words plane in, first the execution of client's load 38 needs computational resource, under virtualized environment, computational resource can be divided into virtual computational resource and physical computing resource.Virtual computational resource is exactly our usually said empty machine, specifically provides in the mode of empty machine file.In protocol stack in local logical calculated work stack 37.Local logical calculated work stack 37 is management and the empty machine manager VMM 36 that controls empty machine below, VMM 36 provides exchange and the arbitration of computational resource, and local logic working stack 37 is shone upon to (map) to local physical computing work stack 35, it is physical resource on server, can be specifically the CPU on server, memory, disk, the equipment such as I/O.Certainly, also local physical computing work stack 35 can be shone upon to (map) to local logic working stack 37.Client's load 38 has obtained physical resource and just can really move.Between load, need alternately, transmission, the Internet resources that at this moment just need to be used for communicating by letter, comprise local network port resource and IO link circuit resource.First communication between load communicate by local port resource and TCP/UDP port 34, according to the level of communication protocol stack, successively be mapped to the network service of the IP layer 33 in IO link, the data link communication of data link layer 32, until the transmission of the physical media 31 of the bottom has now just completed whole communication process.And operation result is turned back to client, communication process is managed by stream session manager, thereby has ensured operation and the service quality of the network example of client's load.These words planes (signaling network) that fail to be convened for lack of a quorum can separate physical resource and dynamic resource demand, realize the supply as required of resource.
Fig. 4 be in the resource access system based on identity and session according to an embodiment of the invention proxy server with control the mutual of session management, and control the block diagram of session manager.Stream session manager 41 (or application delivery controller) generates the words that fail to be convened for lack of a quorum, the address of stream in session manager 41 and the server pools required resource of words that can dynamic-configuration fails to be convened for lack of a quorum, in the request (user oriented application request) of sending due to user, be some application messages that user pays close attention to, such as IP, port, protocol etc., these information can not provide the application of resourceoriented to describe exactly, stream session manager 41 cannot route requests on concrete server and carry out according to these information, so first request is turned to a virtual server (fake server), it is proxy server 42.Proxy server 42 is equivalent to the broker between user and resource, wherein comprises an application container 421, and the application message of user's request is deposited in the inside, i.e. virtual application, from virtual application 1 to virtual application n.Here whole system is regarded as to an application program of the request of execution, request is regarded as to the application request (APP) that user sends to application program, request is sent by user, while arriving proxy server, application request is now the user oriented application of user profile, is also referred to as virtual application; In the time that request arrives resource through ISP's processing, application request will become the application of the resourceoriented of describing resource requirement, is also referred to as application.Proxy server 42 is forwarded to request to control session manager 43 (controlling the trend of request), the conversation controller 431 of controlling in session manager 43 is talked about relevant control session for this request creates and fails to be convened for lack of a quorum, communication between the ISP of negotiation execution user request, and the life cycle of managing conversation.Control the communication protocol stack formation control signaling plane 432 between the ISP who participates in conversation procedure, ISP can be separated with resource provider, any dynamic combined of ISP is provided as required, dynamically generate multiple ISP's planes, from ISP's plane 4321, ISP's plane 4322, to ISP's plane 432n.Control session manager 43 and be connected with service bus 44, service bus 44 is by middleware architecture technology realization, by event-driven and message engine, and the structure of the software architecture providing for Enterprise SOA.In the present invention, each ISP that ISP gathers in 441 is connected with service bus 44, and in service bus 44 times registration, mutual between these ISPs of service bus 44 control and managements, service routing, protocol conversion etc.User's request and session identity are propagated between ISP by service bus.The ISP is here multiple functional modules that application service is provided of supporting and optimizing resource access, as service enabler, and service factory; The functional module of virtual resource management, as empty machine manager 4411, storage manager 4412, network manager 4413 etc.; And the functional module of some improving performances, as monitor, NMS etc.Controlling session manager 43 operates on a central server.ISP's access is realized by agency 45, on each ISP, there is agency (agent) 45, agency 45 monitors request, after just request being dispatched, request is sent to corresponding ISP, by acting on behalf of 45 processing that can realize concurrency request.By ISP's processing (process) and certain strategy, finally route requests to the property server in resource center, property server is for proxy server above.
Fig. 5 is proxy server and the mutual flow chart of controlling session manager in the resource access system based on identity and session according to an embodiment of the invention.Detailed process is as follows:
Step 501, request is sent to proxy server by stream session manager;
Step 502, judges whether by Certificate Authority, if by Certificate Authority, be transferred to step 503, judges otherwise return to step 502;
Step 503, judges whether it is the request of concurrency, is if so, transferred to step 504, otherwise is transferred to step 505;
Step 504, the application container in proxy server is dispatched request;
Step 505, this request is dealt into control session manager by proxy server;
Step 506, conversation controller is that this request creates one and talks about relevant control session with failing to be convened for lack of a quorum;
Step 507, control session identity (Controlling session ID) and transmit between multiple ISPs (service provider) by service bus, thus formation control signaling plane (service provider plane);
Step 508, judges whether that multiple requests ask to use a service (service) simultaneously, is if so, transferred to step 510, otherwise is transferred to step 509;
Step 509, service bus is request distribution services supplier (service provider);
Step 510, the agency (agent) on the ISP who registers under service bus (service provider) is request distribution services (service).By this process, can route requests in property server and carry out, even the real physical resource of request access.
Fig. 6 is the part storage organization of the conversation database of store session relation in the resource access system based on identity and session according to an embodiment of the invention.In conversation database 6, storage is multiple sessions (session) related tables, by the words form 61 that fails to be convened for lack of a quorum, controls session form 62, user conversation form 63, and session relationship form 64 forms.User sends application request, and in the present invention, the application of user's request is resource, in order to realize the corresponding multiple requests of user, resource multiplexing, service (service) multiplexing, the session of user's request is separated into the words that fail to be convened for lack of a quorum, controls session, user conversation.The network address and the network addressing identity information that fail to be convened for lack of a quorum the words main storage flow session of form 61 and bind together with the words that fail to be convened for lack of a quorum, specifically there is stream session identity (streaming session ID), network identity (Network ID), input/output port identity (I/O ID), wherein ID obtains by accesses identity manager.Network ID comprises network equipment switch, the identity of router etc., and I/O ID refers to the identity of port, can find the address of these resources by identity.The words that fail to be convened for lack of a quorum form is corresponding to the I/O link circuit resource and the local network port resource part that fail to be convened for lack of a quorum in words plane.Controlling session is the session about control plane, control the main storage of session form 62 and control session and the ISP's identity information together with controlling binding session, specifically have controlling session ID and multiple service provider ID, its ID is provided by identity manager.Control session form corresponding to control signal plane.User conversation is the session (session) that user asks application (app), has represented the relation between user (user) and application (app), and the component relation of application (app).The identity information of main these objects of storage of user conversation form 63, specifically has User session ID, User ID, App ID, vApp ID, Domain ID, Component ID, VM ID, Server ID, Storage ID.Relation is therebetween dynamic relationship.These ID obtain by identity manager, and represent relation wherein by the handle system in identity manager, will in the figure below, describe in detail.The words that fail to be convened for lack of a quorum, control session, and user conversation is three aspects of a request, between have contact closely, at this moment just need session relationship forms (session relationship table) 64 represent the relation between them.Because we can consider that the application (app) that user asks is service request, therefore the major key using service conversation identity (service session ID) as relation table, other attribute field has User session Id, streaming session ID, controlling session ID, these attributes are all the major keys of several forms above, thereby the session of these separation (session) is associated in a request.In the time creating session (session), the relevant deposit data of session (session) is at conversation database (Session Store), in the time completing a session of termination (session), need to discharge corresponding resource.Session identity (Session ID) is interim establishment, other resource identity (ID), comprise that data center's resource and ISP's identity (ID) are all constant, in the time that a session (session) finishes, need to delete the session (session) in temporary table, and discharge corresponding resource, this process is equivalent to subscribe to, subscribe to and finish, releasing resource.
Fig. 7 is the structured flowchart of identity manager in the resource access system based on identity and session according to an embodiment of the invention.The core of identity manager 7 is handle solving systems 71 and deposits identity information and the ID warehouse of various managing configuration information (ID store) 72, identity accords with mark, wherein constant object is as resource, ISP has a unique constant identity symbol, and dynamic object accords with as session etc. has an interim identity.Consistency (persistence) is ensured by handle solving system (handle resolution system) 71.Handle solving system (Handle resolution system) 71 is by quoting enforcement (reference Implementation) 711, agreement (protocol) 712, NameSpace (Namaspace) 713,714 4 part compositions of management service (Administrative Service), wherein quote enforcement (Reference Implementation) the 711st, the core of handle solving system (handle resolution system) 71, provides the service of solving and distributed classification service.Distributed classification service 7113 receives dissimilar concurrency request, according to the type of request, to request being mail to after request scheduling, address solves service (Address Resolution service) 7111 or relation solves service (Relationship resolution service) 7112.Address solves the tree structure that has address relationship in service (Address Resolution Service) 7111, finds the position of resource by this structural relation according to resource identity.Relation solves service (Relationship Resolution Service) 7112 and solves service by relation, there is the structure of relation between user (User), application (app), resource (resource), session (session) etc. the inside, and these objects are coupled together effectively; Due to Relationship Comparison complexity therebetween, often there is the relationship map of multi-to-multi, can adopt tree, the various structures such as figure are described.In the time of solving in user's access system (resolution) or management process (Administrative process), just need to use 712 couples of clients of agreement (Protocol) and authenticate.NameSpace (Namespace) the 713rd, the type name of a large amount of dissimilar identity symbols, also comprise the grammatical norm for concrete object name, can divide different NameSpaces according to type, under each NameSpace 713 territories, have multiple different concrete names.The various configuration admin service that management service (Administrative service) 714 provides in system.ID warehouse (ID Store) the 72nd, deposits identity information in identity manager 7, the memory of the various information such as managing configuration information, and various resources, process, application, the identity of service etc. is all stored in ID warehouse 72.In one or more preferred embodiments of the present invention, identity manager provides identity service for session manager and explorer, and relation solves service and address solves service, and for solving the relation between each object, searching resource location provides support.Identity manager operates on an ID server.
Fig. 8 is that the relation in the identity manager of Fig. 7 solves the description block diagram that service (Relationship Resolution Service) is implemented.Relation of the present invention solves execution mode 81 by object identity symbol 811, object factory 812 and solves 813 3 parts of service and forms.What wherein object identity symbol 811 represented is the identity of object, the object here can be both the resource of data center, as empty machine, server etc., also can be application (app), territory (domain), the application relation of user's requests such as assembly (component) etc., can also be various sessions (session), can be also the hypervisor (also can be referred to as ISP) in system.What object factory 812 was explained is the attribute to each object, the description of feature etc.Solve service 813 by data type (Data type) 8131, structural elements data (structural metadata) 8132, and meta object (Meta-objects) 8133 compositions, structural elements data 8132 have been described the structural relation between each object, because relation is very complicated, there is the situation of multi-to-multi, as a user can use multiple application (app) simultaneously, an application (app) can be used by multiple users simultaneously, thereby adopt graph structure to represent, can ensure like this from object reference above to object below, also adduction relationship that can be from object reference below to the multi-to-multi of object above.Metadata refers to the object about object, and data type is the classification to data.In 82, list the main object that need to solve, comprise user (user) 821, application (app) 822, territory (domain) 823, assembly (component) 824, virtual resource (virtual resource) 825, physical resource (physical resource) 826 etc.Relation between these objects is also a user conversation (session) relation, in a user conversation, a user 821 can use multiple application (app) 822 simultaneously, an application (app) can be used by multiple users 821 simultaneously, an application (app) 822 corresponding territories (domain) 823, a territory (domain) 823 is made up of multiple assemblies (component) 824, due to assembly (component) the 824th, only comprise the special territory (domain) 823 of an empty machine example (VM instance), the corresponding empty machine VM in a territory (component) 823, an empty machine VM can be quoted by multiple territories (component) 823, the corresponding multiple physical resources of VM, as cpu, memory, nic etc.In VM, have two ID, one is Vm self, and another is Reference ID, points to assembly 824 above, the identity corresponding relation between foundation and assembly 824.83 is that a user asks to move needed Main Resources, comprises VM 831, LUN 832, and Raid 833, vswitch 834, the relation between Nic 835 these resources such as grade identifies by ID.
Fig. 9 is the relation statement figure of the address resolution (Address Resolution) in the identity manager in Fig. 7.In identity manager, each resource is carried out to unique identity marks, each resource has unique identity marks symbol, there is a variable logic identity (logical ID) simultaneously, to set up the logical relation between resource, be different from domain name system here, domain name system is corresponding with IP, and each ID is unique constant, so no matter where resource moves to, can find it by ID.Address solves by tree structure and realizes, and is the inheritance from root to leaf in identity.Taking data center as example, a data center 91 can be divided into multiple groups 92, a group has multiple main frames 93 for 92 times, on a main frame 93, there are multiple empty machines 94, in an empty machine 94, use vCPU 951, vMemory 952, vNic 953, VHBA 954 resources such as virtual hardware such as grade, virtual hardware resource is mapped to corresponding physical hardware resources CPU 971 by empty machine manager VMM, Memory 972, Nic 973, HBA974, physical hardware devices can corresponding multiple virtual hardware equipment, wherein, vNic 953 is connected to the vSwitch 96 in empty machine manager VMM, in VMM, can there be one or more vSwitch 96, a vSwitch 96 connects multiple vnic 953, vswitch 953 is connected to physics Nic 973, be connected to again on Switch (switch) 98 by Nic 973, a Switch (switch) 98 can connect multiple Nic 973, that is multiple main frames 93, can also be connected to shared storage (shared storage) 99 by Switch 98.For bottom, resource on main frame, use Tap Bridge to set up the identity corresponding relation of empty machine 94 and the various virtual resources on it, on an empty machine, can there be multiple vSwitch 96, divide and don't bother about different vlan, the virtual machine being connected on different vswitch is divided in different vlan, and a vswitch can connect the different virtual machine on different main frames.In the time passing through the address of ID request resource of resource, request arrival address solves service, and address solves serves the position that solves resource place by the identity of resource.
Figure 10 is the flow chart that uses identity manager in the resource access system based on identity and session according to an embodiment of the invention.Specifically comprise following step:
Step 1001, client is sent request, and is transferred to step 1002;
Step 1002, request arrives identity manager, and is transferred to step 1003;
Step 1003, whether the object that judgement is asked is registered in identity manager, if registration is transferred to step 1004, otherwise is transferred to step 1008;
Step 1004 is inquired about handle solving system according to ID, and is transferred to step 1005 in identity manager;
Step 1005, judges whether query resource address, is if so, transferred to step 1006, otherwise is transferred to step 1010;
Step 1006, solves service by address and finds the position of resource, and is transferred to step 1007;
Step 1007, returns to requesting party by positional information, finishes;
Step 1008, is used Register registry object, and is transferred to step 1009;
Step 1009, maker is this Object Creation deletion identity symbol ID according to object type and character string rule, and is transferred to step 1004;
Step 1010, solves service by relation and finds the object of relation, and is transferred to step 1011;
Step 1011, returns to requesting party by relationship object information, finishes.
Resource access system based on identity and session of the present invention can be under the network example environment of data center, the thought that ISP in conventional telecommunications is separated with resource provider is incorporated in the access of enterprise data center's resource, realize load and control separating of session, and adopting identity management method to manage the identity of these resources.
Above-described embodiment is available to be familiar with person in the art and to realize or use of the present invention; those skilled in the art can be without departing from the present invention in the case of the inventive idea; above-described embodiment is made to various modifications or variation; thereby protection scope of the present invention do not limit by above-described embodiment, and it should be the maximum magnitude that meets the inventive features that claims mention.

Claims (13)

1. the resource access system based on identity and session, is characterized in that, comprising:
Client, client sends service request and the needed resource information of this service request is carried out in definition;
Session management center, receive the service request that described client is sent, create to fail to be convened for lack of a quorum according to this service request and talk about and according to stream conversation establishing control session, consult to fail to be convened for lack of a quorum and talk about required resource and the required ISP of control session, and route requests to resource center;
Resource center, comprise property server, network and memory, in described property server, move one or more empty machines, resource center receives described service request, and the operation of management request, described empty machine move described service request and by the result feedback of operation to client;
Identity manager, with session administrative center and resource center's communication connection, the identity information of identity manager management object, wherein object comprises resource, ISP, session and application, identity manager is also managed the life cycle of described identity information.
2. the resource access system based on identity and session as claimed in claim 1, is characterized in that, described session management center comprises:
Stream session manager, receives the service request that described client sends, and creates to fail to be convened for lack of a quorum talk about and consult to fail to be convened for lack of a quorum the required resource of words according to this service request, and stream session manager forwards described service request;
Proxy server, with the communication connection of stream session manager, proxy server receives the service request being forwarded by stream session manager and keeps connecting, and proxy server obtains the frame stream conversation information that stream session manager creates, and proxy server is dispatched concurrent service request;
Control session manager, be connected with proxy server communication, obtain frame stream conversation information and create and control session and consult to control the required ISP of session according to frame stream conversation information from proxy server, control session manager and forward described service request;
Service bus, is connected to described control session manager, and is connected with multiple ISPs, transmits request and control session identity information between ISP;
Conversation database, preserves service request and is sent to the empty machine operation of resource center and the result of operation from client and feeds back to the words that fail to be convened for lack of a quorum, control session and the user session information the process of client from resource center.
3. the resource access system based on identity and session as claimed in claim 2, is characterized in that, described stream session manager comprises:
The words that fail to be convened for lack of a quorum maker, for the service request that receives creates the life cycle of fail to be convened for lack of a quorum words management flow session, the words that the fail to be convened for lack of a quorum maker needed resource of words of also consulting to fail to be convened for lack of a quorum;
Stream signaling plane module, with the words maker communication connection that fails to be convened for lack of a quorum, the communication protocol stack between the resource participating in stream conversation procedure forms stream signaling plane module, for separating of the physical resource in described resource and dynamic resource.
4. the resource access system based on identity and session as claimed in claim 2, is characterized in that, described proxy server comprises:
Application container, preserves the solicited message relevant to described service request, comprises IP address, port numbers and agreement.
5. the resource access system based on identity and session as claimed in claim 2, is characterized in that, described control session manager comprises:
Conversation controller, according to the life cycle of described stream conversation establishing control session management control session, conversation controller also consults to carry out the needed ISP of this control session;
Control signal plane module, controls the communication protocol stack formation control signaling plane module between the ISP who participates in conversation procedure, and control signal plane module separates ISP with resource provider.
6. the resource access system based on identity and session as claimed in claim 1, is characterized in that,
Described property server comprises server resource management device, empty machine manager and several empty machine, the operation of described server resource management management service request on empty machine, empty machine described in empty machine manager administration;
Described network packet includes network explorer, network resource manager network resource administration also carries out networking to the empty machine in property server;
Described memory comprises SRM device, SRM management storage resources.
7. the resource access system based on identity and session as claimed in claim 1, is characterized in that, described identity manager comprises:
Handle solving system, solves the relation between position and the each object that service request relates to of determining resource by tree structure and graphic structure;
Maker, for resource and the ISP of each definition generate unique identity information, is each session and application generation identity information;
Register, for each object is registered to identity manager, it is that object generates identity that Register calls maker;
Identity store, stores the identity information of various objects, comprises session, ISP, resource and application.
8. the resource access method based on identity and session, is characterized in that, described method comprises:
A upstream flow session manager receives the resource request of client;
This stream session manager is that request creates one for consulting to carry out the words that fail to be convened for lack of a quorum of client's load resource requirement, and accesses identity manager, obtains stream session identity, and request and frame stream conversation information are sent to upstream agent server;
This proxy server is acted on behalf of multiple requests as transfer, and accesses identity manager, solves service by relation, obtains the virtual application identity being associated with above-mentioned stream session identity, and request and frame stream conversation information are mail to upstream control session manager;
This control session manager be this request generate one with above-mentioned fail to be convened for lack of a quorum talk about be associated for consulting the ISP's who controls service request control session, and accesses identity manager, solve service by relation, obtain the control session identity being associated with above-mentioned stream session identity;
Control session manager and upstream service bus mutual, service bus is connected with multiple ISPs, request and control session identity information exchange are crossed service bus and are transmitted between multiple ISPs, and route requests to the property server at downstream sources center by ISP, wherein each ISP registers and obtains a unique identity in identity manager;
In property server, there are one or more empty machines, the operation of resource management management request on empty machine, empty machine operation described request and by the result feedback of operation to client, wherein a unique identity is registered and obtained to each empty machine in identity manager, and can be solved service and found according to the identity of empty machine the position of empty machine by address.
9. the resource access method based on identity and session as claimed in claim 8, is characterized in that, described method further comprises:
Proxy server receives after the request and frame stream conversation information of stream conversation controller transmission, continues to keep the TCP/UDP between stream conversation controller to be connected;
After on the empty machine of request in the property server of resource center, operation is got up, the TCP/UDP disconnecting between proxy server and stream conversation controller is connected, and directly operation result is returned to client by being redirected.
10. the resource access method based on identity and session as claimed in claim 8, is characterized in that, described method further comprises:
Stream session manager creates the words that fail to be convened for lack of a quorum, and generates stream signaling plane, separates physical resource and dynamic resource demand, and controls the logic core net generating as required.
11. resource access methods based on identity and session according to claim 8, is characterized in that, described method further comprises:
Control session manager and create control session, generate and control session plane, need to carry out any dynamic combined to ISP according to request, generate multiple ISP's planes.
12. resource access methods based on identity and session according to claim 8, is characterized in that, described method further comprises:
Use bridge joint to set up the identity corresponding relation of empty machine and the various virtual resources on it.
13. resource access methods based on identity and session according to claim 8, is characterized in that, described method further comprises:
For empty machine arranges two identity, one is empty machine self, and another is to quote identity, points to the assembly in the main object solving, and sets up the identity corresponding relation of empty machine and inter-module.
CN201110369727.3A 2011-11-18 2011-11-18 Resource access system and method based on identity and session Expired - Fee Related CN102347959B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110369727.3A CN102347959B (en) 2011-11-18 2011-11-18 Resource access system and method based on identity and session
PCT/CN2012/084810 WO2013071890A1 (en) 2011-11-18 2012-11-19 Resource access system and method based on identity and session

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110369727.3A CN102347959B (en) 2011-11-18 2011-11-18 Resource access system and method based on identity and session

Publications (2)

Publication Number Publication Date
CN102347959A CN102347959A (en) 2012-02-08
CN102347959B true CN102347959B (en) 2014-07-23

Family

ID=45546247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110369727.3A Expired - Fee Related CN102347959B (en) 2011-11-18 2011-11-18 Resource access system and method based on identity and session

Country Status (2)

Country Link
CN (1) CN102347959B (en)
WO (1) WO2013071890A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610827A (en) * 2015-12-25 2016-05-25 广东威创视讯科技股份有限公司 Signal interaction control method and system for mosaic wall control system

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102347959B (en) * 2011-11-18 2014-07-23 运软网络科技(上海)有限公司 Resource access system and method based on identity and session
US9038083B2 (en) * 2012-02-09 2015-05-19 Citrix Systems, Inc. Virtual machine provisioning based on tagged physical resources in a cloud computing environment
CN103828326B (en) * 2012-09-07 2016-08-17 运软网络科技(上海)有限公司 Based on real time resources supply chain control system and the method for paying point
CN102917254B (en) * 2012-10-08 2016-06-29 青岛海信传媒网络技术有限公司 Program broadcasting method and system based on NGOD
CN106921721A (en) * 2015-12-28 2017-07-04 华为软件技术有限公司 A kind of server, conversation managing method and system
WO2021028052A1 (en) * 2019-08-14 2021-02-18 Huawei Technologies Co., Ltd. Method and apparatus for cloud-based console service in a cloud network
US11546335B2 (en) * 2019-09-27 2023-01-03 Amazon Technologies, Inc. Managing permissions to cloud-based resources with session-specific attributes
CN112948313B (en) * 2021-03-01 2023-11-21 杭州迪普科技股份有限公司 Session data management method and device
CN113872933B (en) * 2021-08-20 2023-05-26 上海云盾信息技术有限公司 Method, system, device, equipment and storage medium for hiding source station
CN114844672B (en) * 2022-03-22 2023-08-22 华为技术有限公司 Method, management unit and equipment for confirming application trusted identity
CN116055497A (en) * 2023-01-18 2023-05-02 紫光云技术有限公司 Method for realizing load balancing LB multi-activity oversized cluster

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1989486A (en) * 2004-05-20 2007-06-27 Sap股份公司 Sharing objects in runtime systems
CN101102265A (en) * 2006-07-06 2008-01-09 华为技术有限公司 Control and carrier separation system and implementation method for multi-service access
CN101969391A (en) * 2010-10-27 2011-02-09 北京邮电大学 Cloud platform supporting fusion network service and operating method thereof

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7886038B2 (en) * 2008-05-27 2011-02-08 Red Hat, Inc. Methods and systems for user identity management in cloud-based networks
US8984621B2 (en) * 2010-02-27 2015-03-17 Novell, Inc. Techniques for secure access management in virtual environments
CN101969475A (en) * 2010-11-15 2011-02-09 张军 Business data controllable distribution and fusion application system based on cloud computing
CN102103518B (en) * 2011-02-23 2013-11-13 运软网络科技(上海)有限公司 System for managing resources in virtual environment and implementation method thereof
CN102347959B (en) * 2011-11-18 2014-07-23 运软网络科技(上海)有限公司 Resource access system and method based on identity and session

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1989486A (en) * 2004-05-20 2007-06-27 Sap股份公司 Sharing objects in runtime systems
CN101102265A (en) * 2006-07-06 2008-01-09 华为技术有限公司 Control and carrier separation system and implementation method for multi-service access
CN101969391A (en) * 2010-10-27 2011-02-09 北京邮电大学 Cloud platform supporting fusion network service and operating method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610827A (en) * 2015-12-25 2016-05-25 广东威创视讯科技股份有限公司 Signal interaction control method and system for mosaic wall control system
CN105610827B (en) * 2015-12-25 2019-01-29 广东威创视讯科技股份有限公司 Spell wall control system signal interaction control method and system

Also Published As

Publication number Publication date
WO2013071890A1 (en) 2013-05-23
CN102347959A (en) 2012-02-08

Similar Documents

Publication Publication Date Title
CN102347959B (en) Resource access system and method based on identity and session
CN102124449B (en) Method and system for low-overhead data transfer
CN109547349B (en) Virtual routing-based traffic management method, device, terminal and storage medium
Wang et al. Towards network-aware service composition in the cloud
CN108780410A (en) The network virtualization of container in computing system
CN103403683A (en) Capabilities based routing of virtual data center service request
CN108494835B (en) Method and system for realizing distributed dynamic routing based on Raft algorithm
EP3138003A1 (en) System and method for supporting a bypass-domain model and a proxy model and updating service information for across-domain messaging in a transactional middleware machine environment
CN109462511B (en) Network establishing method and device
CN104486103A (en) Message transmission method and equipment
WO2013152565A1 (en) Capability aggregation and exposure method and system
CN104780221A (en) Intellectual property comprehensive service platform system for middle and small-sized enterprises
CN113810205A (en) Method for reporting and receiving service computing power information, server and data center gateway
CN101808051A (en) Application integration gateway and control method thereof
Yin et al. JTangCSB: A cloud service bus for cloud and enterprise application integration
Thorpe et al. G-lambda and EnLIGHTened: wrapped in middleware co-allocating compute and network resources across Japan and the US
CN109104368A (en) A kind of request connection method, device, server and computer readable storage medium
EP2517408A2 (en) Fault tolerant and scalable load distribution of resources
CN112929206B (en) Method and device for configuring cloud physical machine in cloud network environment
CN116668191B (en) Internet of things application virtual gateway with data encryption convergence function
CN104378411A (en) Service exchange system
CN115665026A (en) Cluster networking method and device
CN102843424B (en) A kind of heterogeneous distributed cloud computing system and method
JP5190921B2 (en) Community communication network, communication control method, community management server, community management method, and program
Tao Application service provider model: Perspectives and challenges

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140723

Termination date: 20201118

CF01 Termination of patent right due to non-payment of annual fee