CN102685115A - Resource access method, resource management device and system - Google Patents

Resource access method, resource management device and system Download PDF

Info

Publication number
CN102685115A
CN102685115A CN2012101233832A CN201210123383A CN102685115A CN 102685115 A CN102685115 A CN 102685115A CN 2012101233832 A CN2012101233832 A CN 2012101233832A CN 201210123383 A CN201210123383 A CN 201210123383A CN 102685115 A CN102685115 A CN 102685115A
Authority
CN
China
Prior art keywords
management device
password
resource
equipment management
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012101233832A
Other languages
Chinese (zh)
Other versions
CN102685115B (en
Inventor
李春喜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201210123383.2A priority Critical patent/CN102685115B/en
Publication of CN102685115A publication Critical patent/CN102685115A/en
Application granted granted Critical
Publication of CN102685115B publication Critical patent/CN102685115B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the invention discloses a resource access method, a resource management device and a resource management system. The resource access method comprises the steps as follows: a resource applying request message sent by a terminal is received; an applied resource is distributed to the terminal, and a first password is generated for the resource that is applied according to the request message; then a password changing message is sent to an equipment manager, so as to indicate the equipment manager to change a preset password in the equipment manager into the first password; the first password is carried in the password changing message; if the preset password in the equipment manager is changed successfully, an external network IP (Internet Protocol) address of the applied resource is obtained; the external network IP address and the first password are returned to the terminal, so that the terminal can access the applied resource according to the external network IP address and the first password, and the security of the resource can be improved; and the resource access method is safe and reliable.

Description

A kind of access method of resource, asset management device and system
Technical field
The present invention relates to the communications field, relate in particular to a kind of access method, asset management device and system of resource.
Background technology
In cloud computing, resource management system need be managed a large amount of resources, and the zones of different of these resource distributions in physical machine or virtual machine can be used for installing different operating systems.Resource is managed the information such as CPU, internal memory, disk size and assignment record that to obtain each resource.The terminal need be through obtaining the access path of resource to resource management system application resource, the user can visit resource according to access path and access code, thereby can on physical machine or virtual machine, install, operation such as deployment software.Resource managed to stop unwarranted program or user that resource is conducted interviews.
Wherein, in order to guarantee the fail safe of resource, resource management system need carry out resource management and resource distribution; Resource distribution is that resource is distributed; To related resource the outer net IP address that can visit at the terminal is set, number of the account and access code need be passed through in the terminal, and the resource on remote access physical machine or the virtual machine is come in this IP address; Wherein, the remote access resource can be come through Telnet or SSH agreement in the terminal.
Wherein, Telnet and SSH are the standard agreement and the modes of the Internet remote access service.Telnet adopts the authentication mode of number of the account and access code; SSH supports two kinds of authentication modes: a kind of is the authentication mode that adopts number of the account and access code, and another kind is to adopt the right authentication mode of key.
Mainly be according to the type of operating system agreement number of the account and corresponding default access password in the prior art, and obtain pre-configured outer net IP address and visit resource.For example, the number of the account of Unix system is decided to be approximately: root can be decided to be the unification of initial access password approximately: 123456, and dispose corresponding outer net IP address respectively when resource distribution, for the resource in the resource management system.During the terminal to apply resource, resource management system can return to the user to the information such as outer net IP address, number of the account and access code of the resource of application according to strategy, and the terminal can access resources thus.
Inventor of the present invention finds in to the research of prior art and practice process; Access code of the prior art is given tacit consent to agreement according to number of the account; As long as the terminal obtains the outer net IP address of the resource of application, the terminal is easy to guess according to acquired outer net IP address and the resource that other are not assigned with, or distributed but the outer net IP address of the unmodified resource of access code; With this illegal gain access, threaten the distribution and the access rights of resource.
Summary of the invention
The embodiment of the invention provides a kind of access method, asset management device and system of resource, the fail safe that is used to improve resource.
A kind of access method of resource comprises:
The request message of the application resource that the asset management device receiving terminal sends;
Be the resource of said terminal distribution application, and generate first password for the resource of said application;
Send password to equipment management device and revise message, to indicate said equipment management device access code preset in the said equipment management device is revised as first password, said password is revised message and is carried said first password;
If access code preset in the said equipment management device is successfully revised, then obtain the outer net IP address of the resource of application;
The outer net IP address and first password are returned to the terminal, so that the terminal is according to the resource of the outer net IP address and the first cryptographic acess application.
Optional; Said password is revised in the message and is also carried second password; So that said equipment management device compares access code preset in said second password and the said equipment management device, said second password is the preset access code that stores in the said asset management device; When access code preset in said second password and the said equipment management device equates; Then receive the message that success that said equipment management device returns is revised as access code preset in the said equipment management device in first password; And the outer net IP address that obtains the resource of said application, the said outer net IP address and first password are returned to the terminal; When access code preset in said second password and the said equipment management device is unequal, then receives the application resource failure that said equipment management device returns, and said application resource failure is returned to the terminal.
Optional, before the request message of the application resource that said asset management device receiving terminal sends, also comprise: for each resource presets an outer net IP address, said terminal is through said outer net IP accessed resource.
Optional; After the outer net IP address of the said resource of obtaining said application; Also comprise: send binding message to said equipment management device; To indicate said equipment management device that the resource of said outer net IP address and said application is bound, said binding message carries said outer net IP address.
A kind of access method of resource comprises:
Equipment management device receives the password modification message that asset management device sends, and said password is revised message and carried first password;
Access code preset in the said equipment management device is revised as first password, with indicate said asset management device obtain application resource outer net IP address and the said outer net IP address and first password returned to the terminal.
Optional; Said password is revised in the message and is also carried second password; Said second password is the preset access code that stores in the said asset management device; Then said equipment management device receives the password of asset management device transmission and revises after the message, also comprises: access code preset in said second password and the said equipment management device is compared; When access code preset in said second password and the said equipment management device equates; Then access code preset in the said equipment management device is revised as first password, and the access code of in asset management device sends said equipment management device, presetting successfully is revised as the message of first password; When access code preset in said second password and the said equipment management device is unequal, then return application resource failure to asset management device, make said asset management device that affiliated application resource failure is returned to the terminal.
Optional, said access code preset in the said equipment management device is revised as after first password, also comprise: receive the binding message that asset management device sends, said binding message carries said outer net IP address; The resource of said outer net IP address and application is bound.
Optional, said processing unit also is used for sending binding message to said equipment management device, to indicate said equipment management device the resource of said outer net IP address and said application is bound, and said binding message carries said outer net IP address.
Optional; The password that said modification unit sends is revised message and is also carried second password, and said modification unit also indicates said equipment management device that access code preset in said second password and the said equipment management device is compared through said second password; Then said processing unit; Specifically be used for when said second password equates with the preset access code of said equipment management device; Receive the success that said equipment management device returns access code preset in the said equipment management device is revised as the message of first password, and obtain the outer net IP address of the resource of said application; When access code preset in said second password and the said equipment management device is unequal, receives the application resource failure that said equipment management device returns, and said application resource failure is returned to the terminal.
A kind of resource management system comprises: above-mentioned any asset management device and equipment management device;
Wherein, Said equipment management device is used to receive the password modification message that asset management device sends; And access code preset in the said equipment management device is revised as first password; With indicate said asset management device obtain application resource outer net IP address and the said outer net IP address and first password returned to the terminal, said password is revised message and is carried first password.
Can find out that from above technical scheme the embodiment of the invention has the following advantages:
Adopt the request message of the application resource of asset management device elder generation receiving terminal transmission in the embodiment of the invention; Be the resource of said terminal distribution application then, and be that the resource of being applied for generates first password, send password to equipment management device then and revise message; With the indicating equipment management devices access code preset in the said equipment management device is revised as first password; Password is revised message and is carried first password, if the successful modification of presetting in the equipment management device, the outer net IP address that then obtains the resource of application; And the outer net IP address and first password returned to the terminal, so that the terminal is according to the resource of the outer net IP address and the first cryptographic acess application.Because in the present embodiment because terminal can obtain first password when the application resource; And can access code preset in the equipment management device be revised as first password; Make the outer net IP address of the resource that the terminal can be through first password and the application that gets access to visit resource; Make the terminal can not obtain the access rights of resource according to the outer net IP address of conjecture, the fail safe that can improve resource is a kind of access method of safe and reliable resource.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention; The accompanying drawing of required use is done to introduce simply in will describing embodiment below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, to those skilled in the art; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of the embodiment of the invention one;
Fig. 2 is the flow chart of the embodiment of the invention two;
Fig. 3 is the flow chart of the embodiment of the invention three;
Fig. 4 is the flow chart of the embodiment of the invention four;
Fig. 5 is a structure chart of the embodiment of the invention five;
Fig. 6 is another structure chart of the embodiment of the invention five;
Fig. 7 is a structure chart of the embodiment of the invention six;
Fig. 8 is another structure chart of the embodiment of the invention six;
Fig. 9 is a structure chart of the embodiment of the invention seven.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those skilled in the art are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
The embodiment of the invention provides a kind of access method that can safe and reliable resource, the fail safe that can improve resource, and the embodiment of the invention also provides corresponding asset management device, equipment management device, and related system.Below specify respectively.Please from consulting Fig. 1 to Fig. 9:
Embodiment one
Present embodiment provides a kind of access method of resource, and present embodiment will be described from the angle of asset management device.What need explanation is specifically this asset management device not to be done qualification.Wherein, this asset management device can be accomplished the mutual of terminal and equipment management device, so that the resource in the terminal access resource management system.Wherein, the terminal in the present embodiment is a user side, for example, can be PC.
A kind of access method of resource comprises:
The request message of the application resource that asset management device elder generation receiving terminal sends; Be the resource of terminal distribution application then; And be that the resource of applying for generates first password; Send password to equipment management device then and revise message, with the indicating equipment management devices access code preset in the equipment management device is revised as first password, password is revised message and is carried first password; If access code preset in the equipment management device is successfully revised, then obtain the outer net IP address of the resource of application, and the outer net IP address and first password are returned to the terminal, so that the terminal is according to the resource of the outer net IP address and the first cryptographic acess application.
As shown in Figure 1, idiographic flow can be following:
101, the request message of the application resource of receiving terminal transmission;
Should be understood that resource management system is being managed a large amount of resources, these resources are pressed the type distribution of resource on physical machine or virtual machine.Wherein, resource can be by the various device of resource management system management, and on these equipment virtual come out can be by visit and the object that uses.
Should be understood that before the request message of application resource was sent at the terminal, resource management system can carry out resource distribution in advance.Wherein, comprising: an outer net IP address and Intranet IP address are set for each resource in the resource management system.What need explanation is, the terminal can only visit resource through outer net IP address, and Intranet IP address is used for that resource management system is inner to be used.In addition, also comprise: generate a preset access code, and physical machine is carried out the installation of operating system or virtual machine is created; Wherein, For convenience, this preset access code that generates is called second password, wherein; This second password generally is made up of 6~10 character strings, does not specifically do qualification.
Optional, the request message that send at the terminal can carry the type and the authentication mode of the resource of application.Promptly the type of the resource of application is the resource that is distributed on the physical machine, or is distributed in the resource on the virtual machine; Authentication mode is telnet authentication or SSH authentication.Below be elaborated respectively:
Optional; If resource distribution is on physical machine; Then carrying out resource distribution is specially: an installation message that is used for installing operating system can be sent to asset management device in the terminal; Asset management device receives and can generate a preset access code after this installation message and it is saved as second password, and this installation message that will receive sends to equipment management device, wherein; This installation message is carried various parameters such as second password, installation kit path, language form, time zone, subregion division; Equipment management device receives after the installation message and can second password that carry in the installation message be stored, as access code preset in the equipment management device, then according to the installation of access code complete operation system preset in the equipment management device.What need explanation is also can obtain this second password through the physical machine that operating system has been installed is carried out operating system initialization.In like manner; If resource distribution is on virtual machine; Then carrying out resource distribution is specially: an establishment message that is used to create virtual machine can be sent to asset management device in the terminal; Asset management device receives and generates a preset access code after this establishment message and it is saved as second password, and this installation message that will receive sends to equipment management device, wherein; This establishment message is carried various parameters such as second password, virtual machine image, Intel Virtualization Technology type, CPU size, memory size, storage size, network interface card quantity; Equipment management device receives to create and can will create second password that carries in the message after the message and store, as access code preset in the equipment management device, then according to the establishment of the access code complete operation virtual machine of presetting in the equipment management device.That is to say; Through resource distribution; Asset management device can generate a preset access code; I.e. second password, and can or create message through installation message this second password is sent to equipment management device makes second password that equipment management device will receive as access code preset in the equipment management device.What need explanation is; Under the normal condition; Access code preset in second password and the equipment management device equates; When the terminal had been changed preset access code that equipment management device stores or equipment management device privately and attacked, the access code that can cause presetting in second password and the equipment management device was unequal.
Optional, the authentication mode of the resource of application can be telnet authentication or SSH authentication.Wherein, when authentication mode is telnet authentication, promptly adopt the authentication of user account and user cipher; When authentication mode is the SHH authentication, promptly adopt user account and user cipher, and/or the right authentication of key; That is to say and when authentication mode is the SHH authentication, can adopt the authentication of user account and user cipher, or the right authentication of key; Can also be user account and user cipher, and the right authentication of key.Wherein, key is to comprising PKI and private key.Wherein, adopt the right authentication of key to be specially: it is right at first to create key, and PKI and private key are write respectively in the different files, and the right filename of key is specified in order line; Then PKI is announced to the user through network or other approach, whether the user just can use public-key the judgment data file in Network Transmission, unlawfully to be revised.
102, be the resource of terminal distribution application, and generate first password for the resource of terminal to apply;
Asset management device is behind the request message that receives the application resource of sending at the terminal; Can come to be the terminal distribution resource according to the resource that request message is applied for; And can generate a new access code at random; This access code can be used as the access code of terminal access resource, for convenience, in the present embodiment this access code that generates at random is described as first password.What need explanation is, first password that receives request message each time and generated has nothing in common with each other, and in order to guarantee the fail safe of access code, first password uses the ciphertext transmission in transport process.
103, send password to equipment management device and revise message, with the indicating equipment management devices access code preset in the equipment management device is revised as first password, password is revised message and is carried first password that generates in the step 102; For example, specifically can be following:
For the terminal can be conducted interviews according to the resource of the first newly-generated password to application, need access code preset in the equipment management device be revised as first password.
Preferably; The password of in equipment management device, visiting is revised as first password and specifically can realizes in the following manner: can be compared access code preset in second password and the equipment management device by equipment management device, whether have the modification authority with the checking asset management device.
For example; Specifically can carry second password through revising in the message at password; Let equipment management device that access code preset in second password and the equipment management device is compared; When access code preset in second password and the equipment management device equated, then equipment management device returned to the message that asset management device successfully has been revised as access code first password, execution in step 104, the outer net IP address that obtains the resource of application; When access code preset in second password and the equipment management device is unequal; Then equipment management device returns to asset management device application resource failure; Make asset management device will apply for that the resource failure returns to the terminal, the failure of expression terminal to apply resource.
104, if preset access code is successfully revised in the equipment management device, then obtain the outer net IP address of the resource of application;
Should be understood that before the request message of the application resource that receiving terminal sends, asset management device has been preset an outer net IP address for each resource, asset management device can obtain the outer net IP address of the resource of application automatically.
Optional, can send to the IP resource management by asset management device and obtain message and obtain outer net IP address, to obtain and carry the outer net IP type of appointing in the message, the IP resource management distributes outer net IP address according to obtaining the outer net IP type that message carries.Wherein, outer net IP type can be self-defined by the terminal, for example, can be the outer net IP type definition of the outer net IP address in 10.71.120.1~10.71.120.100 scope " PM-External ".
Optional, asset management device can also be bound this outer net IP address and the resource of being applied for, to improve the fail safe of resource after obtaining the outer net IP address of resource of application.Concrete; Can send binding message to equipment management device by asset management device; Wherein, this binding message carries outer net IP address, and asset management device can the indicating equipment management devices be bound the resource of outer net IP address and application to the binding message that equipment management device sends.Concrete, equipment management device can be with outer net IP address binding to the target network interface card of the resource of application.
105, first password that generates in outer net IP address that gets access in the step 104 and the step 102 is returned to the terminal.
The terminal can be according to existing user account, and the outer net IP address of being sent by asset management device that receives and first password resource that visits application.For example, when resource is conducted interviews, the password of can making amendment, newly-built user perhaps installs operations such as various application programs.
By on can know; Adopt the request message of the application resource of asset management device elder generation receiving terminal transmission in the embodiment of the invention; Be the resource of said terminal distribution application then, and be that the resource of being applied for generates first password, send password to equipment management device then and revise message; With the indicating equipment management devices access code preset in the said equipment management device is revised as first password; Password is revised message and is carried first password, if the successful modification of presetting in the equipment management device, the outer net IP address that then obtains the resource of application; And the outer net IP address and first password returned to the terminal, so that the terminal is according to the resource of the outer net IP address and the first cryptographic acess application.In the embodiment of the invention because terminal can obtain first password when the application resource; And can access code preset in the equipment management device be revised as first password; Make the outer net IP address of the resource that the terminal can be through first password and the application that gets access to visit resource; Make the terminal can not obtain the access rights of resource according to the outer net IP address of conjecture, the fail safe that can improve resource is a kind of access method of safe and reliable resource.And this first password is generated by asset management device, and is preserved voluntarily by the terminal, and the terminal carries out can not causing password inconsistent when password is revised, and is a kind of access method of safe and reliable resource.
Embodiment two
The access method of resource for a better understanding of the present invention, below the angle of slave unit management devices the embodiment of the invention is elaborated.What need explanation is specifically this equipment management device not to be done qualification.Wherein, this equipment management device can be mutual with equipment management device, makes the terminal to visit resource through asset management device.Wherein, the terminal in the present embodiment is a user side, for example, can be PC.
A kind of access method of resource comprises:
Equipment management device receives the password modification message that asset management device sends; Password is revised message and is carried first password; Then access code preset in the equipment management device is revised as first password, obtain with the indexed resource management equipment application resource outer net IP address and the outer net IP address and first password returned to the terminal.
As shown in Figure 2, idiographic flow can be following:
201, receive the password modification message that asset management device sends, password is revised message and is carried first password;
After asset management device has generated one first password; Can send a password to equipment management device and revise message; Equipment management device receives this password and revises message; According to circumstances access code preset in the equipment management device is revised as first password, wherein, this password is revised message and is carried first password.
Optional, this password is revised in the message and is also carried second password, and this second password is an access code preset in the asset management device, can carry out authentication to asset management device by the trigger equipment management devices.
Preferably, whether have the modification authority, can access code preset in second password and the equipment management device be compared in order to verify asset management device.When access code preset in second password and the equipment management device equates, explain that this asset management device has the modification authority, then execution in step 202, the access code of presetting in the equipment management device is revised as first close.When access code preset in second password and the equipment management device is unequal; Explain that this asset management device does not have the modification authority; Then return application resource failure, make asset management device that affiliated application resource failure is returned to the terminal to asset management device.
202, access code preset in the equipment management device is revised as first password.
If asset management device has the modification authority; Then equipment management device can be revised as first password with access code preset in the equipment management device; After access code is revised successfully; Can the indexed resource management equipment can the indexed resource management equipment obtain application resource outer net IP address and the outer net IP address and first password returned to the terminal, to proceed to apply for the flow process of resource.
In addition; In order to make each an outer net IP address and a unique resource pairing; After access code is revised as first password, can also bind this outer net IP address, specifically can: receive the binding message that asset management device sends; This binding message carries outer net IP address, then the resource of outer net IP address and application is bound.Wherein, can through with this outer net IP address binding to the target network interface card of the resource of being applied for.
Optional, password is revised type and the authentication mode that message also carries the resource of application, and wherein, the type of the resource of application is the resource that is distributed on the physical machine, or is distributed in the resource on the virtual machine, and authentication mode is telnet authentication or SSH authentication.
If the resource of application is the resource that is distributed on the physical machine; Then before the password that step 201, reception asset management device send is revised message; Also comprise: receive the installation message that is used for installing operating system that asset management device sends; Installation message is carried various parameters such as second password, installation kit path, language form, time zone, subregion division; And second password that will receive is as access code preset in the equipment management device, and according to the installation of access code complete operation system preset in the equipment management device; If the resource of application is the resource that is distributed on the virtual machine; Then before the password that step 201, reception asset management device send is revised message; Also comprise: receive the establishment message that asset management device sends; Create message and carry various parameters such as second password, virtual machine image, Intel Virtualization Technology type, CPU size, memory size, storage size, network interface card quantity; And with second password as access code preset in the equipment management device, and accomplish the establishment of virtual machine according to access code preset in the equipment management device.
What need explanation is that the practical implementation in the present embodiment can be repeated no more referring to embodiment one here.
By on can know; Equipment management device can receive the password modification message that asset management device sends in the embodiment of the invention; Password is revised message and is carried first password, then access code preset in the equipment management device is revised as first password, obtain with the indexed resource management equipment application resource outer net IP address and the outer net IP address and first password returned to the terminal; Make that the terminal can be according to first password and outer net IP accessed resource; Improved the fail safe of resource access, and equipment management device can be through binding the resource of outer net IP address and terminal to apply; Make a unique corresponding outer net IP address of resource, the fail safe that can improve resource.
Embodiment three
Be a concrete application examples of the present invention below, present embodiment will combine the terminal, and the angle of asset management device and equipment management device is described the present invention program jointly.Wherein, be stored on the physical machine with resource, the authentication that with the authentication mode is user account and user cipher is that example is described:
See also Fig. 3, specifically can be following:
301, the terminal is sent as the installation message of physical machine installing operating system to asset management device;
302, asset management device generates second password at random, and this second password is stored;
Wherein, second password is access code preset in the asset management device, and this second password is for generate at random.
303, asset management device sends the installation message of installing operating system to equipment management device; Wherein, this installation message is carried various parameters such as second password, installation kit path, language form, time zone, subregion division.
304, equipment management device receives the installation message of the installing operating system of asset management device transmission, and second password is stored as access code preset in the equipment management device, and the operating system of physical machine is installed;
After equipment management device received the installation message of asset management device, second password that carries according to this installation message carried out the installation of operating system.Wherein, mounted operating system has the user account of an acquiescence.For example, the number of the account of Unix system is decided to be approximately: root, second password that asset management device generates is unified to be decided to be approximately: 123456.Wherein, When carrying out the installation of operating system; Equipment management device can be discerned second password that installation message carries and store as access code preset in the equipment management device, then according to the installation of access code complete operation system preset in the equipment management device.
305, the request message of application resource is sent at the terminal to asset management device;
306, the request message of the application resource of asset management device receiving terminal transmission is the resource of terminal distribution application, and is that the terminal generates user cipher;
307, asset management device sends password to equipment management device and revises message, and this password is revised message and carried user cipher;
308, after equipment management device receives the password modification message of money management equipment transmission; Access code preset in second password and the equipment management device is compared; If second password equals access code preset in the equipment management device; Then access code preset in the equipment management device is revised as user cipher, this password is revised message and is carried the user cipher and second password;
Wherein, When access code preset in second password and the equipment management device equates; Then equipment management device is revised as user cipher with access code preset in the equipment management device; And the access code of in asset management device sends equipment management device, presetting successfully is revised as the message of user cipher, execution in step 309; When access code preset in second password and the equipment management device was unequal, equipment management device returned application resource failure to asset management device, the failure of terminal to apply resource, the flow process of end application resource.
309, asset management device receives the message that the access code with preset in the equipment management device that equipment management device sends successfully is revised as user cipher, the outer net IP address that obtains the resource of being applied for;
310, asset management device sends binding message to equipment management device, and this binding message carries outer net IP address;
311, equipment management device is bound the resource of outer net IP address and application, and will bind message of successful and return to asset management device;
312, the user cipher that generates of asset management device outer net IP address that step 309 is got access to and step 306 sends to the terminal;
313, the terminal visits resource according to outer net IP address and the user cipher that existing user account receives.
What need explanation is that the practical implementation of present embodiment can be repeated no more referring to previous embodiment here.
Embodiment four
Be another concrete application examples of the present invention below, present embodiment will combine the terminal, and the angle of asset management device and equipment management device is described the present invention program jointly.Wherein, being stored on the physical machine with resource, is that key is that example is described to authentication with the authentication mode:
See also Fig. 4, specifically can be following:
401, the terminal is sent as the installation message of physical machine installing operating system to asset management device;
402, asset management device generates second password at random, and this second password is stored;
Wherein, second password is access code preset in the asset management device, and this second password is for generate at random.
403, asset management device sends the message of installing operating system to equipment management device; Wherein, this installation message is carried various parameters such as second password, installation kit path, language form, time zone, subregion division.
404, equipment management device receives the installation message of the installing operating system of asset management device transmission, and second password is stored as access code preset in the equipment management device, and the operating system of physical machine is installed;
After equipment management device received the installation message of asset management device, second password that carries according to this installation message carried out the installation of operating system.Wherein, mounted operating system has the user account of an acquiescence.For example, the number of the account of Unix system is decided to be approximately: root, second password that asset management device generates is unified to be decided to be approximately: 123456.Wherein, When carrying out the installation of operating system; Equipment management device can be discerned second password that installation message carries and store as the preset access code in the equipment management device, then according to the installation of access code complete operation system preset in the equipment management device.
405, the request message of application resource is sent at the terminal to asset management device;
406, the request message of the application resource of asset management device receiving terminal transmission is the resource of terminal distribution application, and right for terminal generation key, and this key is to comprising PKI and private key;
407, asset management device sends password to equipment management device and revises message, and it is right that this password modification message is carried key;
408, after equipment management device receives the password modification message of money management equipment transmission; Access code preset in second password and the equipment management device is compared; If second password equals access code preset in the equipment management device; Then access code preset in the equipment management device is revised as PKI, this password is revised message and is carried the PKI and second password;
Wherein, When preset access code equates in second password and the equipment management device; Then equipment management device is revised as PKI with access code, and the access code of in asset management device sends equipment management device, presetting successfully is revised as the message of PKI, execution in step 409; When access code preset in second password and the equipment management device was unequal, equipment management device returned application resource failure to asset management device, the failure of terminal to apply resource, the flow process of end application resource.
409, asset management device receives the message that the access code with preset in the equipment management device that equipment management device sends successfully is revised as PKI, the outer net IP address that obtains the resource of being applied for;
410, asset management device sends binding message to equipment management device, and this binding message carries outer net IP address;
411, equipment management device is bound the resource of outer net IP address and application, and will bind message of successful and return to asset management device;
412, the private key that generates of asset management device outer net IP address that step 409 is got access to and step 406 sends to the terminal;
413, the terminal visits resource according to existing user account and the outer net IP address and the private key that receive.
What need explanation is that the practical implementation of present embodiment can be repeated no more referring to previous embodiment here.
Embodiment five
In order to implement above method better, the embodiment of the invention also provides a kind of asset management device, and is as shown in Figure 5, and this asset management device comprises: receiving element 501, generation unit 502, modification unit 503, processing unit 504 and transmitting element 505.
Receiving element 501 is used for the request message of the application resource that receiving terminal sends;
Generation unit 502 be used to the resource of terminal distribution application, and the resource that the request message that receives for receiving element 501 is applied for generates first password;
Revise unit 503; Be used for sending password and revise message to equipment management device; With the indicating equipment management devices access code preset in the equipment management device is revised as first password that generation unit 502 generates, password is revised message and is carried first password that generation unit 502 generates;
Processing unit 504 is used for successfully revising when revising the unit 503 indicating equipment management devices access code that equipment management device is preset, then obtains the outer net IP address of the resource of application;
Transmitting element 505, first password that outer net IP address that processing unit 504 is got access to and generation unit 502 generate returns to the terminal, so that the outer net IP address that the terminal gets access to according to processing unit 504 and the resource of the first cryptographic acess application.
Wherein, In order to make each an outer net IP address and a unique resource pairing, processing unit 504 also is used for sending binding message to equipment management device; With the indicating equipment management devices resource of outer net IP address and application is bound, binding message carries outer net IP address.
What need explanation is; The resource that the request message that receives according to receiving element 501 is applied for generates first password at random; When receiving request message each time, first password that generation unit 502 generates has nothing in common with each other, and first password uses ciphertext to transmit in transport process.
In addition, revise the password modification message of sending unit 503 and also carry second password, revise unit 503 and also access code preset in second password and the equipment management device is compared through the second password indicating equipment management devices;
So processing unit 504; Specifically can be used for when second password equates with the preset access code of equipment management device; The success that the receiving equipment management devices returns is revised as access code preset in the equipment management device message of first password; And the outer net IP address that obtains the resource of application, access code is revised as first password for access code preset in the equipment management device is revised as first password; When access code preset in second password and the equipment management device is unequal, specifically can be used for the application resource failure that the receiving equipment management devices returns, and will applies for that the resource failure returns to the terminal.
Optional, seeing also Fig. 6, present embodiment can also comprise: dispensing unit 506.
What need explanation is that the request message of the application resource that receiving element 501 receives also carries the type and the authentication mode of the resource of application; The type of the resource of application is the resource that is distributed on the physical machine, or is distributed in the resource on the virtual machine; Authentication mode is telnet authentication or SSH authentication.
When the resource of applying for is the resource that is distributed on the physical machine; Then dispensing unit 506; Be used for the installation message that is used for installing operating system that receiving terminal sends, generate preset access code, and preset access code is saved as second password; Send installation message to equipment management device; Installation message is carried second password, so that equipment management device receives second password and second password is saved as in the equipment management device preset access code, and according to the installation of access code complete operation system preset in the equipment management device; When the resource of applying for is the resource that is distributed on the virtual machine; Then dispensing unit 506; Be used for the establishment message that is used to create virtual machine that receiving terminal sends, generate preset access code, and preset access code is saved as second password; Send establishment message to equipment management device; Create message and carry second password,, and accomplish the establishment of virtual machine according to access code preset in the equipment management device so that equipment management device receives second password and second password is saved as access code preset in the equipment management device.
What need explanation is that the practical implementation in the present embodiment can be repeated no more referring to embodiment one here.
By on can know; Elder generation is by the request message of the application resource of receiving element 501 receiving terminals transmission in the present embodiment, and generation unit 502 is the resource of terminal distribution application then, and the resource of applying for for request message generates first password; Revise unit 503 then and send password modification message to equipment management device; With the indicating equipment management devices access code preset in the equipment management device is revised as first password, password is revised message and is carried first password, if preset access code is successfully revised in the equipment management device; Then processing unit 504 obtains the outer net IP address of the resource of application; Transmitting element 505 returns to the terminal with the outer net IP address and first password, makes the terminal to make the terminal can not obtain the access rights of resource according to the outer net IP address of conjecture according to the resource of the outer net IP address and the first cryptographic acess application; Can improve the fail safe of resource, improve the reliability of resource access.
Embodiment six
Accordingly, in order to implement above method better, the embodiment of the invention also provides a kind of equipment management device, and is as shown in Figure 7, and this asset management device comprises: receiving element 601 and modification unit 602.
Receiving element 601 is used to receive the password modification message that asset management device sends, and this password is revised message and carried first password;
Revise unit 602; Be used for after receiving element 601 receives password modification message; Access code preset in the equipment management device is revised as first password, and the indexed resource management equipment obtain application resource outer net IP address and the outer net IP address and first password returned to the terminal.
Optional; See also Fig. 8, revise unit 602, can also be used to receive the binding message that asset management device sends in order to make each an outer net IP address and a unique resource pairing; Binding message carries outer net IP address, and the resource of outer net IP address and application is bound.
Optional; The password that receiving element 601 receives is revised message and is also carried second password; Then revise unit 602, specifically be used for the access code that second password and equipment management device is preset and compare, when the access code of presetting in second password and the equipment management device equates; Then access code preset in the equipment management device is revised as first password, and the access code of in asset management device sends equipment management device, presetting successfully is revised as the message of first password; When access code preset in second password and the equipment management device is unequal, return application resource failure to asset management device, make asset management device that affiliated application resource failure is returned to the terminal.
Should be understood that the password that receiving element 601 receives is revised type and the authentication mode that message also carries the resource of application.The type of the resource of application is the resource that is distributed on the physical machine, or is distributed in the resource on the virtual machine; Authentication mode is telnet authentication or SSH authentication.
Optional, seeing also Fig. 8, present embodiment also comprises: dispensing unit 603.Wherein, if the resource of application is the resource that is distributed on the physical machine, then dispensing unit 603, are used to receive the installation message that is used for installing operating system that asset management device sends, and installation message is carried second password; Second password is saved as in the equipment management device preset access code, and according to the installation of access code complete operation system preset in the equipment management device; Wherein,, then be used to receive the establishment message of the establishment virtual machine that asset management device sends, create message and carry second password if the resource of application is the resource that is distributed on the virtual machine; Second password is saved as access code preset in the equipment management device, and accomplish the establishment of virtual machine according to access code preset in the equipment management device.
What need explanation is that the practical implementation in the present embodiment can be repeated no more referring to embodiment one here.
By on can know; Receive the password modification message that asset management device sends by receiving element 601 in the present embodiment, password is revised message and is carried first password, after receiving element 601 receives password modification message; By revising unit 602 access code preset in the equipment management device is revised as first password again; And the indexed resource management equipment obtain application resource outer net IP address and the outer net IP address and first password returned to the terminal, make that the terminal can be according to first password and outer net IP accessed resource, and; Equipment management device can be bound the resource of outer net IP address and terminal to apply; Make a unique corresponding outer net IP address of resource, the fail safe that has improved resource has improved the reliability of resource access.
Embodiment seven
Accordingly, the embodiment of the invention also provides resource management system, and this resource management system specifically can comprise: asset management device 701 and equipment management device 702.See also Fig. 9:
Wherein, This asset management device 701 is used for the request message of the application resource of receiving terminal transmission, and is the resource of terminal distribution application; And be that the resource of applying for generates first password; And send password to equipment management device 702 and revise message, with indicating equipment management devices 702 access code preset in the equipment management device 702 being revised as first password, password is revised message and is carried first password; If access code preset in the equipment management device 702 is successfully revised, then obtain the outer net IP address of the resource of application, and the outer net IP address and first password are returned to the terminal, so that the terminal is according to the resource of the outer net IP address and the first cryptographic acess application.
What need explanation is, the asset management device 701 in the present embodiment can be any asset management device among the embodiment five, and practical implementation can be repeated no more referring to embodiment five here.
Wherein, Equipment management device 702; Be used to receive the password modification message that asset management device 701 sends; And access code preset in the equipment management device 702 is revised as first password, obtain with indexed resource management equipment 701 application resource outer net IP address and the outer net IP address and first password returned to the terminal, password is revised message and is carried first password.
What need explanation is that the equipment management device 702 in the present embodiment can be any asset management device among the embodiment six, specifically can consult embodiment six, repeats no more here.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to accomplish through program; Program can be stored in a kind of computer-readable recording medium; The above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.
More than access method, asset management device and the system of a kind of resource provided by the present invention carried out detailed introduction; Used concrete example among this paper principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for those skilled in the art, according to the thought of the embodiment of the invention, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as limitation of the present invention.

Claims (11)

1. the access method of a resource is characterized in that, comprising:
The request message of the application resource that the asset management device receiving terminal sends;
Be the resource of said terminal distribution application, and generate first password for the resource of said application;
Send password to equipment management device and revise message, to indicate said equipment management device access code preset in the said equipment management device is revised as first password, said password is revised message and is carried said first password;
If access code preset in the said equipment management device is successfully revised, then obtain the outer net IP address of the resource of said application;
The said outer net IP address and first password are returned to the terminal, so that said terminal is according to the resource of said outer net IP address and the said application of first cryptographic acess.
2. the access method of resource according to claim 1 is characterized in that,
Said password is revised in the message and is also carried second password; So that said equipment management device compares access code preset in said second password and the said equipment management device, said second password is the preset access code that stores in the said asset management device;
When access code preset in said second password and the said equipment management device equates; Then receive the message that success that said equipment management device returns is revised as access code preset in the said equipment management device in first password; And the outer net IP address that obtains the resource of said application, the said outer net IP address and first password are returned to the terminal;
When access code preset in said second password and the said equipment management device is unequal, then receives the application resource failure that said equipment management device returns, and said application resource failure is returned to the terminal.
3. the access method of resource according to claim 1 is characterized in that, before the request message of the application resource that said asset management device receiving terminal sends, also comprises:
For each resource presets an outer net IP address, said terminal is through said outer net IP accessed resource.
4. according to the access method of arbitrary described resource in the claim 1 to 3, it is characterized in that, after the outer net IP address of the said resource of obtaining said application, also comprise:
Send binding message to said equipment management device, to indicate said equipment management device the resource of said outer net IP address and said application is bound, said binding message carries said outer net IP address.
5. the access method of a resource is characterized in that, comprising:
Equipment management device receives the password modification message that asset management device sends, and said password is revised message and carried first password;
Access code preset in the said equipment management device is revised as first password, with indicate said asset management device obtain application resource outer net IP address and the said outer net IP address and first password returned to the terminal.
6. the access method of resource according to claim 5 is characterized in that,
Said password is revised in the message and is also carried second password, and said second password is the preset access code that stores in the said asset management device, and then said equipment management device receives the password of asset management device transmission and revises after the message, also comprises:
Access code preset in said second password and the said equipment management device is compared;
When access code preset in said second password and the said equipment management device equates; Then access code preset in the said equipment management device is revised as first password, and the access code of in asset management device sends said equipment management device, presetting successfully is revised as the message of first password;
When access code preset in said second password and the said equipment management device is unequal, then return application resource failure to asset management device, make said asset management device that affiliated application resource failure is returned to the terminal.
7. according to the access method of claim 5 or 6 described resources, it is characterized in that, said access code preset in the said equipment management device be revised as after first password, also comprise:
Receive the binding message that asset management device sends, said binding message carries said outer net IP address;
The resource of said outer net IP address and application is bound.
8. an asset management device is characterized in that, comprising:
Receiving element is used for the request message of the application resource that receiving terminal sends;
Generation unit be used to the resource of said terminal distribution application, and the resource that the request message that receives for said receiving element is applied for generates first password;
Revise the unit; Be used for sending password and revise message to equipment management device; To indicate said equipment management device that access code preset in the said equipment management device is revised as first password that said generation unit generates, said password is revised message and is carried first password that said generation unit generates;
Processing unit is used for successfully revising when the said modification unit indicating equipment management devices access code that said equipment management device is preset, then obtains the outer net IP address of the resource of said application;
Transmitting element, first password that outer net IP address that said processing unit is got access to and said generation unit generate returns to the terminal, so that the outer net IP address that said terminal gets access to according to said processing unit and the resource of the said application of first cryptographic acess.
9. asset management device according to claim 8 is characterized in that,
Said processing unit also is used for sending binding message to said equipment management device, to indicate said equipment management device the resource of said outer net IP address and said application is bound, and said binding message carries said outer net IP address.
10. according to Claim 8 or 9 described asset management devices, it is characterized in that,
The password that said modification unit sends is revised message and is also carried second password, and said modification unit also indicates said equipment management device that access code preset in said second password and the said equipment management device is compared through said second password;
Then said processing unit; Specifically be used for when said second password equates with the preset access code of said equipment management device; Receive the success that said equipment management device returns access code preset in the said equipment management device is revised as the message of first password, and obtain the outer net IP address of the resource of said application; When access code preset in said second password and the said equipment management device is unequal, receives the application resource failure that said equipment management device returns, and said application resource failure is returned to the terminal.
11. a resource management system is characterized in that, comprises equipment management device and like each described asset management device in the claim 8 to 10;
Said equipment management device is used to receive the password modification message that asset management device sends; And access code preset in the said equipment management device is revised as first password; With indicate said asset management device obtain application resource outer net IP address and the said outer net IP address and first password returned to the terminal, said password is revised message and is carried first password.
CN201210123383.2A 2012-04-24 2012-04-24 Resource access method, resource management device and system Active CN102685115B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210123383.2A CN102685115B (en) 2012-04-24 2012-04-24 Resource access method, resource management device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210123383.2A CN102685115B (en) 2012-04-24 2012-04-24 Resource access method, resource management device and system

Publications (2)

Publication Number Publication Date
CN102685115A true CN102685115A (en) 2012-09-19
CN102685115B CN102685115B (en) 2015-05-27

Family

ID=46816478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210123383.2A Active CN102685115B (en) 2012-04-24 2012-04-24 Resource access method, resource management device and system

Country Status (1)

Country Link
CN (1) CN102685115B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731308A (en) * 2013-12-29 2014-04-16 国云科技股份有限公司 Virtual machine public network management method
CN103870748A (en) * 2012-12-17 2014-06-18 华为技术有限公司 Method and device for safety processing of virtual machine
CN107577516A (en) * 2017-07-28 2018-01-12 华为技术有限公司 Virtual machine password remapping method, device and system
CN111405006A (en) * 2020-03-06 2020-07-10 北京奇艺世纪科技有限公司 Method and device for processing remote login failure and remote login system
CN112713999A (en) * 2020-12-28 2021-04-27 北京航空航天大学 Networked automobile safety remote updating method based on bidirectional identity authentication

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102130893A (en) * 2010-01-18 2011-07-20 上海启电信息科技有限公司 Safety protection method and system for network accounts

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102130893A (en) * 2010-01-18 2011-07-20 上海启电信息科技有限公司 Safety protection method and system for network accounts

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王平建,荆继武,王琼霄,王展: "云存储中的访问控制技术研究", 《第26次全国计算机安全学术交流会》, no. 09, 15 January 2012 (2012-01-15) *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103870748A (en) * 2012-12-17 2014-06-18 华为技术有限公司 Method and device for safety processing of virtual machine
CN103870748B (en) * 2012-12-17 2017-10-10 华为技术有限公司 The security processing and device of virtual machine
CN103731308A (en) * 2013-12-29 2014-04-16 国云科技股份有限公司 Virtual machine public network management method
CN107577516A (en) * 2017-07-28 2018-01-12 华为技术有限公司 Virtual machine password remapping method, device and system
US11714669B2 (en) 2017-07-28 2023-08-01 Huawei Cloud Computing Technologies Co., Ltd. Virtual machine password reset method, apparatus, and system
CN111405006A (en) * 2020-03-06 2020-07-10 北京奇艺世纪科技有限公司 Method and device for processing remote login failure and remote login system
CN111405006B (en) * 2020-03-06 2022-07-12 北京奇艺世纪科技有限公司 Method and device for processing remote login failure and remote login system
CN112713999A (en) * 2020-12-28 2021-04-27 北京航空航天大学 Networked automobile safety remote updating method based on bidirectional identity authentication
CN112713999B (en) * 2020-12-28 2021-10-19 北京航空航天大学 Networked automobile safety remote updating method based on bidirectional identity authentication

Also Published As

Publication number Publication date
CN102685115B (en) 2015-05-27

Similar Documents

Publication Publication Date Title
US10547710B2 (en) Device gateway
US11122023B2 (en) Device communication environment
US11716390B2 (en) Systems and methods for remote management of appliances
US10958648B2 (en) Device communication environment
US10523537B2 (en) Device state management
US8543799B2 (en) Client authentication during network boot
JP5747981B2 (en) System and method for remote maintenance of multiple clients in an electronic network using virtual machines
CN105164633B (en) The configuration and verifying carried out by trusted provider
CN108540433B (en) User identity verification method and device
CN110390184B (en) Method, apparatus and computer program product for executing applications in the cloud
CN111224952B (en) Network resource acquisition method and device for directional flow and storage medium
CN102404326B (en) Method, system and device for validating safety of messages
CN102685115A (en) Resource access method, resource management device and system
CN111431957B (en) File processing method, device, equipment and system
CN115658221A (en) State detection method, service virtual machine, equipment and medium
CN113784354B (en) Request conversion method and device based on gateway
US9823944B2 (en) Deployment control device and deployment control method for deploying virtual machine for allowing access
CN111046383B (en) Terminal attack defense method and device, terminal and cloud server
WO2017004251A1 (en) Method and system for function and service discovery
CN111491298A (en) Authentication method and system based on EMQTT server access, server and client
KR102190044B1 (en) Firmware Update System, Application Server, Communicational Terminal, Firmware and Data Control Method, and Resource Assignment Method for Data Upload and Firmware Update
CN115396165B (en) File management method and device, electronic equipment and storage medium
WO2023246287A1 (en) Secure-channel establishment method and system, and storage medium
CN105404795A (en) Cloud computing based software installation permission control method and apparatuses
CN117076046A (en) Cloud container multi-level access method and device, storage medium and chip

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200207

Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd.

Address before: 210012 HUAWEI Nanjing base, 101 software Avenue, Yuhuatai District, Jiangsu, Nanjing

Patentee before: Huawei Technologies Co.,Ltd.