CN103179104B - A kind of access method of remote service, system and equipment thereof - Google Patents
A kind of access method of remote service, system and equipment thereof Download PDFInfo
- Publication number
- CN103179104B CN103179104B CN201110444777.3A CN201110444777A CN103179104B CN 103179104 B CN103179104 B CN 103179104B CN 201110444777 A CN201110444777 A CN 201110444777A CN 103179104 B CN103179104 B CN 103179104B
- Authority
- CN
- China
- Prior art keywords
- control appliance
- remote service
- order control
- client
- service request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of access method of remote service, system and equipment thereof, the method comprises: the first order control appliance in first network receives the remote service request that client sends, and described remote service request is informed to external system, utilize described remote service request to be described client determination intranet server by described external system; Second level control appliance in second network receives the information of described intranet server that described external system sends, and is connected by the information of described intranet server and described intranet server; Described second level control appliance utilizes described connection to obtain remote service from described intranet server, and described remote service is returned to described first order control appliance; Described remote service is returned to described client by described first order control appliance.The fail safe of remote service access is improve in the present invention.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of access method of remote service, system and equipment thereof.
Background technology
In actual applications, need remote access or control one or more equipment other to finish the work.In prior art, VNC (VirtualNetworkComputing, Virtual network computer) or remote desktop mode under Windows operating system, can be adopted to realize remote access or control; SSH (SecureShell, Secure Shell) or VNC mode can be adopted under Unix operating system to realize remote access or control.
(1) SSH mode, as shown in Figure 1, is the workflow schematic diagram between long-range SSH server and local ssh client, comprises: ssh client request connects SSH server; SSH server checks whether ssh client passes through safety verification; If by safety verification, SSH server sends key to ssh client; Key is transmitted back to SSH server by the remote server finger daemon of ssh client this locality.
(2) VNC mode, the screen of controlled terminal is made image by a, screen control principle: VNC, after overcompression, be sent to control end; And after the control information (as mouse message) of control end is sent to controlled terminal, enter message queue; Above-mentioned control procedure is based on TCP (TransmissionControlProtocol, transmission control protocol)/IP agreement.B, screenshotss mode: using hook automatically to report needs the region of screenshotss or a certain region of poll (as foreground window); Send after using certain compression algorithm to compress after screenshotss.C, transmission means: it comprises RFB agreement (RemoteFrameBuffer, Remote Frame Buffer) transmission or X windows system agreement (X protocol) transmission.
(3) remote desktop mode, when certain opening of device after Remote desk process function, namely can control this equipment at the other end of network, by this equipment of operation that remote desktop function can be real-time; Such as, by this remote desktop function, the equipment of the control unit that network manager can be safe at home.
Realizing in process of the present invention, inventor finds at least there is following problem in prior art:
In VNC mode and remote desktop mode, based on ICP/IP protocol, need the mapping of setting up outer net and interior network entity, for user provides the username and password of accessed equipment (passing through plaintext transmission on network), this mode is not only loaded down with trivial details but also dangerous, brings trouble to user and service provider.In SSH mode, SSH can not protect completely online for remote access provides, and can not block the whole leaks (comprising NFS (NetworkFileSystem, NFS) to attack) on every other port.
Summary of the invention
The embodiment of the present invention provides a kind of access method of remote service, system and equipment thereof, to improve the fail safe of remote service access.
In order to achieve the above object, the embodiment of the present invention provides a kind of access method of remote service, comprising:
First order control appliance in first network receives the remote service request that client sends, and described remote service request is informed to external system, utilizes described remote service request to be described client determination intranet server by described external system;
Second level control appliance in second network receives the information of described intranet server that described external system sends, and is connected by the information of described intranet server and described intranet server;
Described second level control appliance utilizes described connection to obtain remote service from described intranet server, and described remote service is returned to described first order control appliance;
Described remote service is returned to described client by described first order control appliance.
The embodiment of the present invention provides a kind of access system of remote service, comprising: the first order control appliance in first network and the second level control appliance in second network; Wherein:
Described first order control appliance, for receiving the remote service request that client sends, and informs to external system by described remote service request, utilizes described remote service request to be described client determination intranet server by described external system;
And the remote service from described second level control appliance is returned to described client;
Described second level control appliance, for receiving the information of described intranet server that described external system sends, and is connected by the information of described intranet server and described intranet server;
And utilize described connection to obtain remote service from described intranet server, and described remote service is returned to described first order control appliance.
The embodiment of the present invention provides a kind of access equipment of remote service, and this equipment is the first order control appliance being positioned at first network, and this equipment comprises:
First receiver module, for receiving the remote service request that client sends;
First sending module, for described remote service request is informed to external system, utilizes described remote service request to be described client determination intranet server by described external system.
Second receiver module, its remote service obtained from intranet server that the second level control appliance for receiving in second network returns;
Second sending module, for returning to described client by described remote service.
The embodiment of the present invention provides a kind of access equipment of remote service, and this equipment is the second level control appliance being positioned at second network, and this equipment comprises:
Receiver module, for receiving the information of the intranet server that external system sends;
Processing module, for being connected by the information of described intranet server and described intranet server, and utilizes described connection to obtain remote service from described intranet server;
Sending module, for returning to the first order control appliance in first network by described remote service.
Compared with prior art; the embodiment of the present invention at least has the following advantages: protect by adopting two-step evolution mechanism the intranet server providing remote service; by client with truly provide the intranet server of service to separate, thus improve remote service access fail safe.
Accompanying drawing explanation
In order to be illustrated more clearly in technical scheme of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the workflow schematic diagram between prior art medium-long range SSH server and local ssh client;
Fig. 2 is the application scenarios schematic diagram of the access method of the remote service that the embodiment of the present invention one provides;
Fig. 3 is the access method schematic flow sheet of a kind of remote service that the embodiment of the present invention one provides;
Fig. 4 and Fig. 5 is the high-level schematic functional block diagram of the first order control appliance that the embodiment of the present invention one provides and the high-level schematic functional block diagram of second level control appliance respectively;
Fig. 6 is the access device structure schematic diagram of a kind of remote service that the embodiment of the present invention three provides;
Fig. 7 is the access device structure schematic diagram of a kind of remote service that the embodiment of the present invention four provides.
Embodiment
Below in conjunction with the accompanying drawing in the present invention, be clearly and completely described the technical scheme in the present invention, obviously, described embodiment is only a part of embodiment of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Embodiment one
The embodiment of the present invention one provides a kind of access method of remote service, take Fig. 2 as embodiment of the present invention application scenarios schematic diagram, the method is applied to and comprises the client being arranged in public network, the intranet server being positioned at Intranet, be positioned at the first order control appliance of the first network of separation net and be positioned at the system of second level control appliance of second network of separation net; Multiple first order control appliance can be there is in resource pool in first network, and multiple second level control appliance can be there is in the resource pool in second network.
Based on above-mentioned application scenarios, as shown in Figure 3, the access method of this remote service comprises the following steps:
Step 301, client sends remote service request at public network, and this remote service request is the service request (as applied for the request of desktop services) based on Long-distance Control.
The content of carrying in this remote service request includes but not limited to: client-side information (IP address, port etc. as client), the session (session) that this time remote service request is corresponding identify, the descriptor (as providing the configuration required for intranet server of resource) etc. of remote service resource requirement.
In the embodiment of the present invention, based on different remote controlled manner, client can send remote service request based on different modes; Such as, remote service request is sent based on SSH mode; Or, send remote service request based on VNC mode; Or, send remote service request based on RDP (RemoteDesktopProtocol, RDP) mode.
Step 302, the first order control appliance in first network receives the remote service request that client sends.Wherein, can there is multiple first order control appliance in the resource pool in first network, for the remote service request from client, some first order control appliances can receive this remote service request.
It should be noted that before first order control appliance receives the remote service request from client, first client needs remote service request to be sent to service reception system; Such as, when the remote service request of client needs to carry out the process such as certification to WEB Verification System, then client needs remote service request to be sent to WEB Verification System, by WEB Verification System to the remote service request of client carry out certification (as judge the remote service request that receives whether send by Intranet client), if by certification, then determine remote service request to be sent to first order control appliance; Otherwise, determine remote service request to be sent to first order control appliance.
If remote service request can be sent to first order control appliance, then remote service request directly can be sent to first order control appliance by service reception system, also can notify that remote service request is sent to first order control appliance (such as, the remote service request of client is redirected to first order control appliance by WEB Verification System) by client.
In the embodiment of the present invention, owing to carrying client-side information and session identification in remote service request, therefore first order control appliance is after receiving the remote service request that client sends, can directly utilize the information of carrying in remote service request to set up mapping relations table, this mapping relations table is for recording the corresponding relation between session identification and client-side information carried in remote service request.
Step 303, remote service request is informed to external system by first order control appliance, utilizes remote service request to be client determination intranet server by external system.This external system (i.e. existing various information management system or door etc.) attainable function includes but not limited to: authentication functions, service request flow management function, server account password application function etc.
In the embodiment of the present invention, owing to carrying the descriptor (as the configuration required for the intranet server providing resource) of remote service resource requirement in remote service request, therefore external system utilizes service request flow management function, can be client determination intranet server.Such as, provide required for the intranet server of resource be configured to memory configurations require, CPU configuration requirement time, then external system can select the content server meeting memory configurations and CPU configuration requirement from intranet server.Concrete, can there is multiple intranet server in Intranet for client provides related service, and external system determines an intranet server by providing the client that is configured to required for the intranet server of resource.
In the embodiment of the present invention, before remote service request is informed to external system by first order control appliance, the authentication information of the authentication information of client and/or first order control appliance can also be informed to external system by this first order control appliance; Therefore external system is by authentication functions, and utilizes the authentication information of client and/or the authentication information of first order control appliance to carry out authentication to client and/or first order control appliance; After authentication is passed through, remote service request, to first order control appliance, is informed to external system by first order control appliance by the message notice that authentication can be passed through by external system; After authentication is not passed through, external system by unsanctioned for authentication message notice to first order control appliance, can abandon remote service request by first order control appliance.
In the embodiment of the present invention, at first order control appliance, remote service request is informed in the process of external system, the descriptor of self can also be informed to external system by this first order control appliance together with remote service request, and the descriptor of this first order control appliance includes but not limited to the address information of first order control appliance and link information corresponding to remote service request.
The process of high-level schematic functional block diagram to first order control appliance below in conjunction with the first order control appliance shown in Fig. 4 is further described.This first order control appliance comprises: user conversation administration module, service management module, link management and forwarding module; This user conversation administration module is used for carrying out state maintenance and management to all kinds of contents of the remote service request of client, authentication information and communication; This service management module is used for carrying out Classification Management to the service of all clients, and the corresponding relation between maintain sessions mark and client-side information; This link management and forwarding module are used for forwarding remote service request.
Concrete, the authentication information (self can obtain) of the authentication information of client (carrying in remote service request) and/or first order control appliance, after receiving the remote service request from client, can be informed to external system by user conversation administration module; And after client and/or first order control appliance pass through authentication, remote service request is sent to service management module by user conversation administration module.
Service management module is after receiving the remote service request from user conversation administration module, utilize the information of carrying in remote service request to set up mapping relations table, this mapping relations table is for recording the corresponding relation between session identification and client-side information carried in remote service request; After mapping relations table has been set up, remote service request has been sent to link management and forwarding module by service management module.
Link management and forwarding module are after receiving the remote service request from service management module, remote service request is sent to external system, utilizes service request flow management function to perform service request flow process (namely determining intranet server) by external system; And the descriptor of first order control appliance is informed to external system together with remote service request, the descriptor of this first order control appliance includes but not limited to the address information of first order control appliance and link information corresponding to remote service request.
Step 304, the second level control appliance in second network receives the information (IP address and port, CA certificate information (as information such as account number ciphers) etc. as intranet server) of the intranet server that external system sends.Concrete, external system, after determining intranet server for client, can obtain the information of intranet server, and the information of intranet server is sent to second level control appliance; Wherein, can there is multiple second level control appliance in the resource pool in second network, according to the situation of reality, external system can select arbitrarily a second level control appliance, the message notice of intranet server to be given the second level control appliance selected.
In the embodiment of the present invention, external system is after receiving the descriptor from first order control appliance, and this external system also needs the descriptor of first order control appliance to inform to second level control appliance; Based on this, second level control appliance can receive the information of intranet server and the descriptor of first order control appliance that external system sends, and the descriptor of this first order control appliance includes but not limited to the address information of first order control appliance and link information corresponding to remote service request.
Step 305, second level control appliance is connected by the information of intranet server and intranet server.Information due to intranet server comprises IP address and the port of intranet server, and therefore second level control appliance can directly be connected by the IP address of intranet server and port and intranet server.
Concrete, based on different remote controlled manner, second level control appliance can set up the connection based on SSH or VNC or RDP with intranet server according to demand, and the connection keeping these to set up, thus these connections of setting up can be utilized to obtain remote service from intranet server.Wherein, when client sends remote service request based on SSH mode, then second level control appliance can be set up SSH with intranet server and is connected; When client sends remote service request based on VNC mode, then second level control appliance can be set up VNC with intranet server and is connected; When client sends remote service request based on RDP mode, then second level control appliance can be set up RDP with intranet server and is connected.
It should be noted that in the process connected at second level control appliance and intranet server, intranet server can also require that second level control appliance carries out certification.Concrete, second level control appliance, can the information such as account number cipher of externally system application intranet server before connecting with intranet server; (be about to provide the information such as the account number cipher of the intranet server of service to be all stored on certain server of outer net system because external system has server account password application function, thus the information such as account number cipher can be provided to second level control appliance), therefore the information such as account number cipher corresponding for intranet server can be returned to second level control appliance by external system, are utilized the information such as this account number cipher and intranet server to connect by second level control appliance.
The process of high-level schematic functional block diagram to second level control appliance below in conjunction with the second level control appliance shown in Fig. 5 is further described.Second level control appliance comprises: chaining service interface module, authentication module, service physical link administration module; This chaining service interface module be used for all links are accessed, monitor and managment; This authentication module is used for the account number cipher dynamically applying for server resource according to LI(link interface) service; This service physical link administration module is used for connecting with intranet server.
Concrete, chaining service interface module is after receiving from the information of the intranet server of external system and the descriptor of first order control appliance, externally the service request workflow management of system sends and confirms request, and confirming after current application is effective service request, to send the request needing to obtain remote service from intranet server to authentication module.
Authentication module, after receiving the request from chaining service interface module, obtains available resource from the server account password application mechanism of external system; And when obtaining the account number cipher of available resources, send to service physical link administration module the request needing to obtain remote service from intranet server.
Service physical link administration module is after receiving the request from authentication module, the connection based on SSH or VNC or RDP is set up according to demand with the intranet server of entity, and the connection keeping these to set up, thus these connections of setting up can be utilized to obtain remote service from intranet server.
It should be noted that, second level control appliance shields the information of intranet server, and in default situations, each intranet server is all complete disconnection, and user only knows that this intranet server can employ, but detail not knowing; And after turning off service and connecting, client again ask connect time not necessarily or before intranet server service is provided, if provide the intranet server of service before needing to continue access, then client needs to get across according to the session identification of last time self is whom, makes second level control appliance to distribute to client.
Step 306, second level control appliance utilizes the connection of setting up to obtain remote service (as desktop services etc.) from intranet server.
Step 307, remote service is returned to first order control appliance by second level control appliance.
Concrete, owing to receiving the descriptor of first order control appliance before the control appliance of the second level, and the descriptor of first order control appliance includes but not limited to the address information of first order control appliance and link information corresponding to remote service request; Therefore, second level control appliance is after acquisition remote service, the link information that can directly utilize remote service request corresponding is determined to need remote service to return to first order control appliance, and further by the address information of first order control appliance, remote service is returned to first order control appliance.
Step 308, remote service is returned to client by first order control appliance.
Concrete, owing to having set up the mapping relations table for recording the corresponding relation between session identification and client-side information carried in remote service request before first order control appliance, therefore first order control appliance is after acquisition remote service, (second level control appliance sends in the remote service of first order control appliance can carry this session identification can to obtain session identification corresponding to this remote service, it is identical with the session identification carried in remote service request), and the corresponding relation recorded in this session identification query mappings relation table can be utilized, to obtain client-side information, and by client-side information, remote service is returned to client.
In sum, provide two-step evolution mechanism (realizing relevant treatment by first order control appliance and second level control appliance respectively) in the embodiment of the present invention, two-step evolution mechanism all can adopt the mode of cluster independently arrange and run; The mode of two-step evolution mechanism refers to the controlling mechanism (processing procedure namely between second level control appliance and intranet server) of apparatus interconnection between outer net to the controlling mechanism (processing procedure namely between client and first order control appliance) and Intranet of Intranet; Wherein, outer net is be internal address by the address maps of outer net to the controlling mechanism of Intranet, is the channel entering Intranet access; Between Intranet, the controlling mechanism of apparatus interconnection is all stored on certain server by the account number cipher etc. of the intranet server providing service, can directly access the intranet server providing service by the controlling mechanism of apparatus interconnection between Intranet.
Compared with prior art, the embodiment of the present invention at least has the following advantages: on the basis of SSH mode, VNC mode or remote desktop mode, add two class protection mechanism; First order protection mechanism is the controlling mechanism from outer net to Intranet, by first order protection mechanism, outer net address access request obtains the licence entering Intranet, the operation of request service can be initiated to the intranet server in Intranet, thus the reliability of outer net visitor is verified, stop wooden horse, the malicious network attacks such as hacker; Second level protection mechanism is the controlling mechanism of apparatus interconnection between Intranet; safeguard protection can provide the intranet server of service; and the speed that access provides the intranet server of service can be improved; in the large scale system of heavy traffic, can walk abreast and set up multiple second level protection mechanism to promote the efficiency of service.
Further, in the embodiment of the present invention, long-distance tabletop control is converted into a kind of service and is supplied to client (by remote access and control as a service providing client), convenient and swift; And without the need to information such as user's recording user name passwords in access process, simple and convenient; And adopt two-step evolution mechanism to protect the intranet server providing remote service, shield the bottom-up information (as information such as real IP address) of these intranet server, without the need to informing the information of client intranet server bottom, protection provides the intranet server of service, improves fail safe; And two-step evolution mechanism Combined Treatment, can raise the efficiency.
Embodiment two
Based on the inventive concept same with said method, the embodiment of the present invention two provides a kind of access system of remote service, and this system comprises the first order control appliance in first network and the second level control appliance in second network; Wherein:
Described first order control appliance, for receiving the remote service request that client sends, and informs to external system by described remote service request, utilizes described remote service request to be described client determination intranet server by described external system; And the remote service from described second level control appliance is returned to described client;
Described second level control appliance, for receiving the information of described intranet server that described external system sends, and is connected by the information of described intranet server and described intranet server; And utilize described connection to obtain remote service from described intranet server, and described remote service is returned to described first order control appliance.
In the embodiment of the present invention, described first order control appliance, also for after receiving the remote service request that described client sends, sets up the corresponding relation between session identification and client-side information carried in described remote service request; And be further used for obtaining session identification corresponding to described remote service, utilize described session identification to inquire about described corresponding relation and obtain client-side information, and by described client-side information, described remote service is returned to described client.
In the embodiment of the present invention, described first order control appliance, be further used for the authentication information of the authentication information of described client and/or described first order control appliance to inform to described external system, utilize the authentication information of the authentication information of described client and/or described first order control appliance to carry out authentication to described client and/or described first order control appliance by described external system; And after authentication is passed through, described remote service request is informed to described external system.
In the embodiment of the present invention, described first order control appliance, is further used for described remote service request and the descriptor of self to inform to described external system;
Described second level control appliance, is further used for the information of described intranet server and the descriptor of described first order control appliance that receive the transmission of described external system.
In the embodiment of the present invention, the descriptor of described first order control appliance comprises the address information of described first order control appliance and link information corresponding to described remote service request; Described second level control appliance, be further used for utilizing link information corresponding to described remote service request to determine to need described remote service to return to described first order control appliance, and by the address information of described first order control appliance, described remote service returned to described first order control appliance.
Embodiment three
Based on the inventive concept same with said method, the embodiment of the present invention three additionally provides a kind of access equipment of remote service, and this equipment is the first order control appliance being positioned at first network, and as shown in Figure 6, this first order control appliance comprises:
First receiver module 11, for receiving the remote service request that client sends;
First sending module 12, for described remote service request is informed to external system, utilizes described remote service request to be described client determination intranet server by described external system;
Second receiver module 13, its remote service obtained from intranet server that the second level control appliance for receiving in second network returns;
Second sending module 14, for returning to described client by described remote service.
Described second sending module 14, specifically for after receiving the remote service request that described client sends, sets up the corresponding relation between session identification and client-side information carried in described remote service request; And obtaining session identification corresponding to described remote service, described session identification is inquired about described corresponding relation and is obtained client-side information, by described client-side information, described remote service is returned to described client.
Described first sending module 12, specifically for the authentication information of the authentication information of described client and/or first order control appliance is informed to described external system, the authentication information of the authentication information of described client and/or first order control appliance is utilized to carry out authentication to described client and/or first order control appliance by described external system; And after authentication is passed through, described remote service request is informed to described external system.
Described first sending module 12, specifically for informing to described external system by described remote service request and the descriptor of self; The descriptor of described first order control appliance comprises the address information of described first order control appliance and link information corresponding to described remote service request.
Wherein, the modules of apparatus of the present invention can be integrated in one, and also can be separated deployment.Above-mentioned module can merge into a module, also can split into multiple submodule further.
Embodiment four
Based on the inventive concept same with said method, the embodiment of the present invention four provides a kind of access equipment of remote service, and this equipment is the second level control appliance being positioned at second network, and as shown in Figure 7, this second level control appliance comprises:
Receiver module 21, for receiving the information of the intranet server that external system sends;
Processing module 22, for being connected by the information of described intranet server and described intranet server, and utilizes described connection to obtain remote service from described intranet server;
Sending module 23, for returning to the first order control appliance in first network by described remote service.
Described receiver module 21, specifically for receiving the information of described intranet server and the descriptor of described first order control appliance of the transmission of described external system.
The descriptor of described first order control appliance comprises the address information of described first order control appliance and link information corresponding to described remote service request; Described sending module 23, determine specifically for utilizing link information corresponding to described remote service request to need described remote service to return to described first order control appliance, and by the address information of described first order control appliance, described remote service is returned to described first order control appliance.
Wherein, the modules of apparatus of the present invention can be integrated in one, and also can be separated deployment.Above-mentioned module can merge into a module, also can split into multiple submodule further.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required general hardware platform by software and realize, and can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform method described in each embodiment of the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device in embodiment can carry out being distributed in the device of embodiment according to embodiment description, also can carry out respective change and be arranged in the one or more devices being different from the present embodiment.The module of above-described embodiment can merge into a module, also can split into multiple submodule further.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
Be only several specific embodiment of the present invention above, but the present invention is not limited thereto, the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.
Claims (17)
1. an access method for remote service, is characterized in that, comprising:
First order control appliance in first network receives the remote service request that client sends, and described remote service request is informed to external system, utilizes described remote service request to be described client determination intranet server by described external system;
Second level control appliance in second network receives the information of described intranet server that described external system sends, and is connected by the information of described intranet server and described intranet server;
Described second level control appliance utilizes described connection to obtain remote service from described intranet server, and described remote service is returned to described first order control appliance;
Described remote service is returned to described client by described first order control appliance.
2. the method for claim 1, is characterized in that, described first order control appliance, after receiving the remote service request that described client sends, sets up the corresponding relation between session identification and client-side information carried in described remote service request;
Described remote service is returned to described client by described first order control appliance, comprise: described first order control appliance obtains session identification corresponding to described remote service, utilize described session identification to inquire about described corresponding relation and obtain client-side information, and by described client-side information, described remote service is returned to described client.
3. the method for claim 1, is characterized in that, described remote service request is informed to external system by described first order control appliance, comprising:
The authentication information of the authentication information of described client and/or described first order control appliance is informed to described external system by described first order control appliance, utilizes the authentication information of the authentication information of described client and/or described first order control appliance to carry out authentication to described client and/or described first order control appliance by described external system; And after authentication is passed through, described remote service request is informed to described external system by described first order control appliance.
4. the method for claim 1, it is characterized in that, described remote service request is informed to external system by described first order control appliance, comprising: described remote service request and the descriptor of self are informed to described external system by described first order control appliance;
Described second level control appliance receives the information of the described intranet server that described external system sends, and comprising: described second level control appliance receives the information of described intranet server and the descriptor of described first order control appliance of the transmission of described external system.
5. method as claimed in claim 4, is characterized in that, the descriptor of described first order control appliance comprises the address information of described first order control appliance and link information corresponding to described remote service request; Described remote service is returned to described first order control appliance and comprises by described second level control appliance:
Described second level control appliance utilizes link information corresponding to described remote service request to determine to need described remote service to return to described first order control appliance, and by the address information of described first order control appliance, described remote service is returned to described first order control appliance.
6. an access system for remote service, is characterized in that, comprising: the first order control appliance in first network and the second level control appliance in second network; Wherein:
Described first order control appliance, for receiving the remote service request that client sends, and informs to external system by described remote service request, utilizes described remote service request to be described client determination intranet server by described external system;
And the remote service from described second level control appliance is returned to described client;
Described second level control appliance, for receiving the information of described intranet server that described external system sends, and is connected by the information of described intranet server and described intranet server;
And utilize described connection to obtain remote service from described intranet server, and described remote service is returned to described first order control appliance.
7. system as claimed in claim 6, is characterized in that,
Described first order control appliance, also for after receiving the remote service request that described client sends, sets up the corresponding relation between session identification and client-side information carried in described remote service request;
And be further used for obtaining session identification corresponding to described remote service, utilize described session identification to inquire about described corresponding relation and obtain client-side information, and by described client-side information, described remote service is returned to described client.
8. system as claimed in claim 6, is characterized in that,
Described first order control appliance, be further used for the authentication information of the authentication information of described client and/or described first order control appliance to inform to described external system, utilize the authentication information of the authentication information of described client and/or described first order control appliance to carry out authentication to described client and/or described first order control appliance by described external system; And after authentication is passed through, described remote service request is informed to described external system.
9. system as claimed in claim 6, is characterized in that,
Described first order control appliance, is further used for described remote service request and the descriptor of self to inform to described external system;
Described second level control appliance, is further used for the information of described intranet server and the descriptor of described first order control appliance that receive the transmission of described external system.
10. system as claimed in claim 9, is characterized in that, the descriptor of described first order control appliance comprises the address information of described first order control appliance and link information corresponding to described remote service request;
Described second level control appliance, be further used for utilizing link information corresponding to described remote service request to determine to need described remote service to return to described first order control appliance, and by the address information of described first order control appliance, described remote service returned to described first order control appliance.
The access equipment of 11. 1 kinds of remote service, is characterized in that, this equipment is the first order control appliance being positioned at first network, and this equipment comprises:
First receiver module, for receiving the remote service request that client sends;
First sending module, for described remote service request is informed to external system, utilizes described remote service request to be described client determination intranet server by described external system;
Second receiver module, its remote service obtained from intranet server that the second level control appliance for receiving in second network returns;
Second sending module, for returning to described client by described remote service.
12. equipment as claimed in claim 11, is characterized in that,
Described second sending module, specifically for after receiving the remote service request that described client sends, sets up the corresponding relation between session identification and client-side information carried in described remote service request;
And obtaining session identification corresponding to described remote service, described session identification is inquired about described corresponding relation and is obtained client-side information, by described client-side information, described remote service is returned to described client.
13. equipment as claimed in claim 11, is characterized in that,
Described first sending module, specifically for the authentication information of the authentication information of described client and/or first order control appliance is informed to described external system, the authentication information of the authentication information of described client and/or first order control appliance is utilized to carry out authentication to described client and/or first order control appliance by described external system; And after authentication is passed through, described remote service request is informed to described external system.
14. equipment as claimed in claim 11, is characterized in that,
Described first sending module, specifically for informing to described external system by described remote service request and the descriptor of self; The descriptor of described first order control appliance comprises the address information of described first order control appliance and link information corresponding to described remote service request.
The access equipment of 15. 1 kinds of remote service, is characterized in that, this equipment is the second level control appliance being positioned at second network, and this equipment comprises:
Receiver module, for receiving the information of the intranet server that external system sends;
Processing module, for being connected by the information of described intranet server and described intranet server, and utilizes described connection to obtain remote service from described intranet server;
Sending module, for returning to the first order control appliance in first network by described remote service.
16. equipment as claimed in claim 15, is characterized in that,
Described receiver module, specifically for receiving the information of described intranet server and the descriptor of described first order control appliance of the transmission of described external system.
17. equipment as claimed in claim 16, is characterized in that, the descriptor of described first order control appliance comprises the address information of described first order control appliance and link information corresponding to described remote service request;
Described sending module, determine specifically for utilizing link information corresponding to described remote service request to need described remote service to return to described first order control appliance, and by the address information of described first order control appliance, described remote service is returned to described first order control appliance.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110444777.3A CN103179104B (en) | 2011-12-23 | 2011-12-23 | A kind of access method of remote service, system and equipment thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110444777.3A CN103179104B (en) | 2011-12-23 | 2011-12-23 | A kind of access method of remote service, system and equipment thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103179104A CN103179104A (en) | 2013-06-26 |
| CN103179104B true CN103179104B (en) | 2016-04-27 |
Family
ID=48638730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110444777.3A Active CN103179104B (en) | 2011-12-23 | 2011-12-23 | A kind of access method of remote service, system and equipment thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103179104B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282258B (en) * | 2015-11-10 | 2019-03-19 | 福建星网视易信息系统有限公司 | Control the method and system of remote desktop |
| CN109257392B (en) * | 2018-11-30 | 2021-09-17 | 广州市百果园信息技术有限公司 | Command processing method, device, server and storage medium |
| CN110311970B (en) * | 2019-06-27 | 2022-05-10 | 乐安县云智易联科技有限公司 | Remote debugging system and method thereof |
| CN112039849B (en) * | 2020-08-06 | 2022-03-29 | 成都安恒信息技术有限公司 | SSH-based dual-network safety synchronization system and method |
| CN114268459A (en) * | 2021-11-23 | 2022-04-01 | 贵州电网有限责任公司 | Data security access method based on service side |
| CN114615248A (en) * | 2022-02-25 | 2022-06-10 | 大唐软件技术股份有限公司 | Remote operation control method and device, electronic equipment and storage medium |
| CN114629889B (en) * | 2022-03-15 | 2024-03-15 | 北京天融信网络安全技术有限公司 | Remote control link establishment method, device, equipment and medium |
| CN115643109B (en) * | 2022-12-21 | 2023-03-14 | 四川汉科计算机信息技术有限公司 | Remote control method, system, equipment and medium based on virtualization platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780219A (en) * | 2004-11-22 | 2006-05-31 | 株式会社东芝 | Information terminal remote operation system and method, gateway server, information terminal, information terminal control apparatus, information terminal apparatus |
| CN101361082A (en) * | 2005-12-15 | 2009-02-04 | 雷曼兄弟有限公司 | System and method for secure remote desktop access |
| CN101473628A (en) * | 2006-04-12 | 2009-07-01 | 思杰系统有限公司 | Systems and methods for accelerating delivery of a computing environment to remote user |
| CN101626292A (en) * | 2008-07-09 | 2010-01-13 | 上海格尔软件股份有限公司 | Linux log-on protection method |
| CN102217243A (en) * | 2008-11-17 | 2011-10-12 | 高通股份有限公司 | Remote access to local network |
-
2011
- 2011-12-23 CN CN201110444777.3A patent/CN103179104B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780219A (en) * | 2004-11-22 | 2006-05-31 | 株式会社东芝 | Information terminal remote operation system and method, gateway server, information terminal, information terminal control apparatus, information terminal apparatus |
| CN101361082A (en) * | 2005-12-15 | 2009-02-04 | 雷曼兄弟有限公司 | System and method for secure remote desktop access |
| CN101473628A (en) * | 2006-04-12 | 2009-07-01 | 思杰系统有限公司 | Systems and methods for accelerating delivery of a computing environment to remote user |
| CN101626292A (en) * | 2008-07-09 | 2010-01-13 | 上海格尔软件股份有限公司 | Linux log-on protection method |
| CN102217243A (en) * | 2008-11-17 | 2011-10-12 | 高通股份有限公司 | Remote access to local network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103179104A (en) | 2013-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103179104B (en) | A kind of access method of remote service, system and equipment thereof | |
| CN109936547A (en) | Identity identifying method, system and calculating equipment | |
| CN111193698B (en) | Data processing method, device, terminal and storage medium | |
| CN107113319B (en) | Method, device and system for responding in virtual network computing authentication and proxy server | |
| US9344417B2 (en) | Authentication method and system | |
| CN107426339A (en) | A kind of cut-in method, the apparatus and system of data interface channel | |
| CN103200215A (en) | Method achieving XenServer virtual machine remote control on https | |
| JP2005509977A5 (en) | ||
| CN101361082A (en) | System and method for secure remote desktop access | |
| KR20080053298A (en) | Creating secure interactive connections with remote resources | |
| WO2022247751A1 (en) | Method, system and apparatus for remotely accessing application, device, and storage medium | |
| CN111194035B (en) | Network connection method, device and storage medium | |
| CN104363245A (en) | Remote login system and method based on telnet protocol | |
| CN104270334A (en) | SSH (Secure Shell) network security access protocol monitoring method | |
| CN107395642A (en) | The method and system for the Docker containers for starting TLS certifications are accessed based on Websocket | |
| CN104580553A (en) | Identification method and device for network address translation device | |
| CN105516061A (en) | Remote server access method and web server | |
| CN111818034A (en) | Network access control method, device, electronic equipment and medium | |
| CN106302369A (en) | Long-range Activiation method, device and the remote activation system of a kind of network monitoring device | |
| CN105518693A (en) | Safety protection method and device | |
| CN109040225A (en) | A kind of dynamic port desktop access management method and system | |
| CN107770219A (en) | A kind of sharing method, gateway server and the system of form window | |
| CN107547680A (en) | A kind of data processing method and device | |
| EP1530343A1 (en) | Method and system for creating authentication stacks in communication networks | |
| CN109450887B (en) | Data transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |