CN104636678A - Method and system for controlling terminal device under cloud computing environment - Google Patents
Method and system for controlling terminal device under cloud computing environment Download PDFInfo
- Publication number
- CN104636678A CN104636678A CN201310573998.XA CN201310573998A CN104636678A CN 104636678 A CN104636678 A CN 104636678A CN 201310573998 A CN201310573998 A CN 201310573998A CN 104636678 A CN104636678 A CN 104636678A
- Authority
- CN
- China
- Prior art keywords
- terminal
- server
- information
- management
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and system for controlling a terminal device under a cloud computing environment. The method comprises the steps that after catching a start interrupt signal, a terminal downloads an XEN kernel from a server to a local memory so that execution can be conducted, and then an XEN virtual machine monitor is started and runs; the terminal sends user login information to the server; when the user login information passes the verification of the server, an operation system list and an application program list which are returned by the server are received, and the terminal conducts selection and sends the selected operation system and the selected application program to the server; after logging in successfully, the terminal sends collected hardware information and/or software information to the server. The method and system achieve the monitoring function and guarantee safety.
Description
Technical field
The present invention relates to computer realm, particularly relate to method and system terminal device being carried out under a kind of cloud computing environment to management and control.
Background technology
Along with the develop rapidly of information science technology, network and computing machine go deep into daily life, are that enterprise, government bodies or school all dispose increasing and use computing machine.In the face of these increasing IT assets, enterprise needs effectively to manage the hardware assets (number of units of machine and configuration) of these computing machines and software asset (kind of the software of installation and quantity).Meanwhile, owing to wishing that user can use these equipment safely and effectively, need when being necessary to exercise supervision to system running state and User Activity and control.Therefore, IT asset monitoring can how effectively be carried out and management is an important problem.
There is two problems in traditional monitoring and managing method:
The first, administration agent program work is inner in operating system, be easy to be subject to user consciously with unconscious destruction, be also easy to the attack being subject to the malicious virus software such as virus, worm.
The second, striding equipment, cross-platform monitoring function can not being provided, namely cannot supervising using the computing equipment of different operating system.
Summary of the invention
The abbreviation that the present invention relates to
EFI:Extensible Firmware Interface, Extensible Firmware Interface;
PXE:Pre-boot Execution Environment, pre-boot executing environment;
VMM:Virtual Machine Monitor, monitor of virtual machine;
ISCSI:Internet Small Computer System Interface, Internet Small Computer interface;
UDP:User Datagram Protocol, User Datagram Protoco (UDP).
In view of more than, the present invention proposes method and system terminal device being carried out under a kind of cloud computing environment to management and control.
According to an aspect of the present invention, propose the system of terminal device being carried out under a kind of cloud computing environment to management and control, comprise terminal, this terminal comprises hardware layer, firmware layer, VMM layer and operating system of user layer, wherein:
Firmware layer, captures after starting look-at-me, downloads XEN kernel and performs to local internal memory, and then start and run XEN monitor of virtual machine from server;
VMM layer, sends to server by user's logon information, and the operating system that reception server returns and the application list, issue server by the operating system of selection and application program, and the hardware information of collection and/or software information are issued server.
Further, VMM layer arranges resource management agent, and this resource management agent comprises transitory state storehouse, the first communication interface, user login services and agency service, wherein:
Transitory state storehouse, preserves the various software and hardware information of present terminal;
First communication interface, the software information that the hardware information obtain hardware information collection module and/or User reconstructed module obtain sends to server, and user login information is sent to server;
User login services, sends to server by user's logon information, the operating system that reception server returns and the application list, and the operating system of selection and the application list are issued server;
Agency service comprises hardware information collection module and User reconstructed module, wherein:
Hardware information collection module, acquisition hardware information;
User reconstructed module, acquisition software information.
Further, the XEN virtual machine monitor of VMM layer creates territory 0, and resource management agent operates in XEN territory 0.
Further, firmware layer adopts EFI firmware interface, catches startup look-at-me by this EFI interface.
Further, agency service also comprises configuration execution module, receives hardware and/or the software configuration information of server transmission, calls corresponding program and perform configuration operation according to this configuration information.
According to a further aspect of the invention, also propose the system of terminal device being carried out under a kind of cloud computing environment to management and control, comprise server, this server comprises and starts module, web-based management instrument and resource management center, wherein:
Start module, when terminal starts, carry out mutual with terminal and provide XEN kernel to download;
Web-based management instrument, terminal calls resource management center after starting;
Resource management center, user's logon information that receiving terminal sends, after being verified, returns operating system and the application list to terminal, receive terminal select operating system and application program, and receiving terminal gather hardware information and/or software information.
Further, resource management center comprises visual agency, management resource storehouse, user authentication service, management service and second communication interface, wherein:
Visual agency, for web administration instrument provides visual management information and configuration order;
Second communication interface, the hardware information that receiving terminal sends and/or software information;
The various data messages collected are carried out classified and stored and maintenance by management resource storehouse;
User authentication is served, and carried out the user login information of self terminal by second communication interface, whether this user of searching and managing resources bank certification possesses load right, as passed through certification, inquire about and return the spendable operating system of this user and the application list, otherwise, return login failure;
Management service comprises control of authority module, information collection module and performance monitoring module, wherein:
Control of authority module, authorizes different supervision scopes and Permission Levels;
Performance monitoring module, after control of authority module authorizes, sends other software and hardware information inquiring request various types of by second communication interface;
Information collection module, the hardware information send terminal and/or software information transfer to management resource storehouse to safeguard.
Further, management service also comprises configuration module, for visual agency provides unified calling interface to process the operation requests of other assemblies to terminal configuration information, after control of authority module authorizes, send hardware and/or software configuration information by second communication interface to terminal, perform corresponding operation to make terminal according to this configuration information.
According to a further aspect of the invention, also propose the system of terminal device being carried out under a kind of cloud computing environment to management and control, comprise above-mentioned arbitrary described terminal and above-mentioned arbitrary described server.
Further, terminal and server carry out communication by exchange resource management agreement message, and this protocol massages is transmitted by udp protocol, and each message is encapsulated in separately in UDP message bag.
According to a further aspect of the invention, a kind of method of terminal device being carried out under cloud computing environment to management and control is also proposed, wherein:
After capture terminal to startup look-at-me, download XEN kernel from server and perform to local internal memory, and then start and run XEN monitor of virtual machine;
User's logon information is sent to server by terminal;
When by after the checking of server, receive operating system and the application list that server returns, after terminal is selected, the operating system of selection and application program are issued server;
After successful log, the hardware information of collection and/or software information are issued server by terminal.
Further, when terminal receives hardware and/or the software configuration information of server transmission, call corresponding program and perform configuration operation according to this configuration information.
Further, terminal and server carry out communication by exchange resource management agreement message, and this protocol massages is transmitted by udp protocol, and each message is encapsulated in separately in UDP message bag.
According to a further aspect of the invention, a kind of method of terminal device being carried out under cloud computing environment to management and control is also proposed, wherein:
When terminal starts, server and terminal are carried out mutual and are provided XEN kernel to download;
After terminal starts, user's logon information that server receiving terminal sends, after being verified, returns operating system and the application list to terminal;
After terminal is selected, receive operating system and application program that terminal selected;
The hardware information that receiving terminal gathers and/or software information.
Further, server sends hardware and/or software configuration information to terminal, performs corresponding operation to make terminal according to this configuration information.
The present invention is based on the software and hardware resources management that virtual machine technique completes terminal device under cloud computing environment, meet monitoring function and ensure security.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, forms a part of the present invention, and schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Figure 1 shows that the structural representation of the system of terminal device being carried out under the cloud computing environment in one embodiment of the invention to management and control.
Figure 2 shows that the system architecture schematic diagram in another embodiment of the present invention.
Figure 3 shows that resource management protocols data packet format in the present invention.
Figure 4 shows that the interaction flow schematic diagram of resource management protocols in the present invention.
Figure 5 shows that method flow schematic diagram terminal device being carried out under a kind of cloud computing environment in one embodiment of the invention to management and control.
Figure 6 shows that method flow schematic diagram terminal device being carried out under a kind of cloud computing environment in another embodiment of the present invention to management and control.
Embodiment
Various exemplary embodiment of the present invention is described in detail now with reference to accompanying drawing.It should be noted that: unless specifically stated otherwise, otherwise the positioned opposite and numerical value of the parts of setting forth in these embodiments and step does not limit the scope of the invention.
Meanwhile, it should be understood that for convenience of description, the size of the various piece shown in accompanying drawing is not draw according to the proportionate relationship of reality.
Illustrative to the description only actually of at least one exemplary embodiment below, never as any restriction to the present invention and application or use.
May not discuss in detail for the known technology of person of ordinary skill in the relevant, method and apparatus, but in the appropriate case, described technology, method and apparatus should be regarded as a part of authorizing instructions.
In all examples with discussing shown here, any occurrence should be construed as merely exemplary, instead of as restriction.Therefore, other example of exemplary embodiment can have different values.
It should be noted that: represent similar terms in similar label and letter accompanying drawing below, therefore, once be defined in an a certain Xiang Yi accompanying drawing, then do not need to be further discussed it in accompanying drawing subsequently.
Cloud computing a kind ofly provides the calculating of service for user, and its target is when system provides service for user, allows user need not know computation process and service details, only need be concerned about that can system provide required service and service quality.The computation schema that cloud computing is shared as service, in system deployment, management maintenance and security etc., has the advantage that traditional calculations pattern is incomparable.
The present invention proposes method and system terminal device being carried out under a kind of cloud computing environment to management and control, is realize remote resource management based on virtual machine technique.For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in more detail.
Figure 1 shows that the structural representation of the system of terminal device being carried out under the cloud computing environment in one embodiment of the invention to management and control.This system comprises terminal and server.
After capture terminal to startup look-at-me, download XEN kernel from server and perform to local internal memory, and then start and run XEN monitor of virtual machine.User's logon information is sent to server by terminal, is verified by server, after being verified, such as, verifies according to username and password, and server returns operating system and the application list to terminal.Terminal is selected, and the operating system of selection and the application list are issued server.Wherein, operating system and application program are all the time at server, and client can use by iSCSI agreement the network storage be positioned on server.Now can by server for terminal provides data access service.Terminal acquisition hardware information and/or software information also issue server, carry out management and control by server to the information of terminal.
The structural representation of terminal also as shown in Figure 1.Terminal do not have operating system and on support facility and application program, do not need the second-level storages such as hard disk, only responsible computing and input and output.The operating system that terminal uses and application storage are in the server of distributed network, with administering and maintaining of being undertaken unifying by server, namely, operating system and the application resource of client are positioned at server all the time, so server knows the resource that terminal uses, and can Gains resources information easily.The function gradation structure of terminal is divided into hardware layer, firmware layer, monitor of virtual machine (VMM) layer and operating system of user layer from bottom to top.
When terminal starts, after the PXE agreement of premature cure in EFI captures and start look-at-me in firmware layer, download dynamic dispatching in XEN kernel to local internal memory and perform.Firmware layer utilizes EFI technology effectively can shield the otherness of hardware platform, for upper strata operating system provides open interface standard.By calling mainboard that EFI provides and operating system interface can carry out hardware controls.
The XEN VMM(XEN of VMM layer is open source code virtual machine monitor) territory 0 that creates can manage and dispatch other operating system of user and manage software and hardware resources and configure.Now, the resource management agent operated in XEN territory 0 brings into operation, and user's logon information is sent to server, the operating system that reception server returns and the application list, and the operating system of selection and the application list are issued server.After this, territory 0 by all for capturing operation system I/O request of access to local disk, by iSCSI agreement by I/O request forward to server, namely by the network storage equipment on iSCSI protocol access services device.Resource management agent acquisition hardware information and/or software information also issue server.
In the present invention, the operation of Information Monitoring occurs in territory 0, instead of within the operating system of user domain.In addition, terminal adopts EFI firmware interface, has more powerful function, can obtain more hardware state relative to traditional BIOS interface.
The structural representation of server also as shown in Figure 1.Server comprises startup module, web-based management instrument and resource management center.
Server is whole information processing and task scheduling center, is responsible for terminal and the two-part monitor and managment of server.When terminal starts, server is undertaken mutual by startup module and terminal and provides XEN kernel to download.After startup, call the software and hardware ruuning situation of resource management center assembly to terminal by web administration instrument and monitor and system configuration.Server is the store and management that storage resources supplier carries out the resource such as program and data, responsible response carrys out the request of data of self terminal, and the system that terminal is needed, instrument and application program exchange dynamically in the internal memory transferring to terminal and perform, and the evaluation work of not responsible user request.
The present invention passes through operated in by software and hardware resources management tool (i.e. resource management agent) in the VMM under the operating system of terminal device and do not operate in operating system of user space, thus the supervision of cross-platform cross equipment can be carried out, and can not be deleted by user as traditional management agent software by mistake or be destroyed by virus, wooden horse etc. and control.
Figure 2 shows that the system architecture schematic diagram in another embodiment of the present invention.This system has coordinated the function of resource management and control by the resource management agent be operated in terminal together with the resource management center on the server that works.
As shown in Figure 2, the VMM layer of terminal arranges resource management agent, and this resource management agent comprises transitory state storehouse, the first communication interface, user login services and agency service.
Transitory state storehouse is used for preserving the various software and hardware information of present terminal.
First communication interface is undertaken alternately by resource management protocols and server, sends user login information and software and hardware information, and receives the configuration order from server.
User's logon information is sent to server by user login services, the operating system that reception server returns and the application list, and the operating system of selection and the application list are issued server.After this, territory 0 by all for capturing operation system I/O request of access to local disk, by iSCSI agreement by I/O request forward to server.
Agency service is the core component of resource management agent, comprise hardware information collection module,
User reconstructed module, report processing module and configuration execution module.Wherein:
The acquisition of hardware information collection module in charge hardware information, calls the relevant interface service that EFI provides, and can obtain the real-time hardware configuration of current computing device and ruuning situation, as CPU, internal memory, voltage, temperature and rotating speed etc.
User reconstructed module adopts the method based on User reconstruct to reconstruct user file system view.Can obtain the content of the block level of user's virtual unit due to monitor of virtual machine, therefore User reconstructed module can reconstruct whole user file system by reading the content stored in user's virtual unit.User reconstructed module can the memory content that uses of calling party, the above-mentioned user file system reconstructed auxiliary under, User reconstructed module can the view of reconstructing user operating system memory.By the analysis to the process control block (PCB) in view, the current process situation run of user can be obtained, namely obtain software information.
After the software and hardware information collected carries out classifying and arrange by report processing module, the first communication interface is transferred to send to server.Report processing module can timed sending hardware and/or software information.Report processing module can judge whether to there is anomalous event according to the software and hardware information collected, if had, then sends exception reporting to server.Server receives exception reporting, has two class processing modes: 1, automatically send configuration-direct to client, call related functional components again complete configuration by the configuration execution module of client.2, server does not perform any operation, and points out existence abnormal to keeper, waits for that keeper solves.
Configuration execution module is the stand-alone program configuring a certain design parameter, can there is multiple configuration executive module.Receive hardware and/or the software configuration information of server transmission, configuration execution module calls corresponding program and performs configuration operation according to this configuration information.
As shown in Figure 2, the resource management center on server comprises visual agency, management resource storehouse, second communication interface, user authentication service and management service.
Visual agency is made up of a series of user API, for web administration instrument provides visual management information and configuration order.
The hardware information that second communication interface receives end sends and/or software information, concurrently send configuration order.
Management resource storehouse is the data center of management information, and the various data messages collected are carried out classified and stored and maintenance by it, and according to the needs of each functional module, for it provides required information resources.Management resource storehouse comprises three classes: (i) user profile, comprises group belonging to user name, user cipher, user, the list of user's spendable operating system, the service priority of user, user's current operating conditions and various customer attribute information.(ii) device hardware information, comprises cpu type, dominant frequency, temperature, memory size, internal memory usable levels, hard disk total amount, hard disk free value, network traffics, supply voltage etc.(iii) system software information, the system process etc. when comprising the OS Type of current use, the application program of installation and run.
User authentication service carrys out the user login information of self terminal by second communication interface, and whether this user of searching and managing resources bank certification possesses load right.As by certification, inquire about and return the spendable operating system of this user and the application list, otherwise, return login failure.
Management service, as the core component of resource management center, is responsible for multiple management role, is comprised control of authority module, information collection module, performance monitoring module, configuration module and Coordination module.Wherein, performance monitoring module, can by the first communication interface transmission inquiry request of second communication interface to terminal after control of authority module authorizes; When server will be configured terminal, configuration module, can by the first communication interface transmission configuration information of second communication interface to terminal after control of authority module authorizes.To be specifically described modules below.
Control of authority module authorizes different supervision scopes and Permission Levels.Control of authority comprises query resource state and Remote configuration two aspects.Client resource state is preserved at server, and control of authority module in charge checks whether the request of keeper has authority; Remote configuration can be sent to client executing after being then through control of authority module check and mandate.That is, when a new supervision request occurs, before this order is sent to network, the inspection through control of authority module and mandate is needed.
Performance monitoring module is responsible for regularly sending other software and hardware information inquiring request various types of.
The monitoring report that information collection module receiving terminal sends is analyzed, and comprises hardware information and/or software information, transfers to management resource storehouse to safeguard the data parsed.
The configuration information of configuration module office terminal, the read-write operation of all configuration informations all needs to be completed by configuration module, it provides unified calling interface to process the operation requests of other assemblies to terminal configuration information for visual agency, after control of authority module authorizes, send hardware and/or software configuration information by second communication interface to terminal, perform corresponding operation to make terminal according to this configuration information.
Coordination module is the scheduler of resource management center, is used for coordinating the processing procedure of modules, ensures that modules has coordinated the monitor and managment of paired terminal jointly by regulation flow process, ensures the safe handling of custom system and equipment.
In one embodiment of the present of invention, resource management agent and resource management center carry out communication by exchange resource management agreement message.In order to reduce protocol complexity and raise the efficiency, protocol massages is transmitted by udp protocol, and each message is encapsulated in separately in UDP message bag, Figure 3 shows that resource management protocols data packet format in the present invention.
Heading is the unified header structure of resource management protocols data cell, comprises the sender of message, recipient, type of message, message length etc.
Main body of the packet comprises hardware information, software information two parts, for describing the information of the management object transmitted in agreement, comprises the type of this management object, quantity, data length, data content etc.In order to improve the extensibility of agreement, do not specify the particular type of parameter, user can in conjunction with practical application custom parameter type.
This agreement supports Search, Ready, Register, Update, Set, Response, Trap seven kinds of message formats.Wherein, Search message is used for resource management agent and sends username and password to resource management center, and request connects and obtains operating system and the application list; Ready message be used for resource management center to resource management agent reply user can operating system and the application list; Register message is used for resource management agent and carries out selection confirmation to the operating system obtained and the application list; Update message is used for resource management agent and upgrades current real-time software and hardware status information to resource management center; Set message is used for the state of resource management center to terminal and arranges; Response message is used for resource management agent and resource management center responds the message received; Trap message is used for resource management agent and carries out exception reporting.
Figure 4 shows that the interaction flow schematic diagram of resource management protocols in the present invention.Comprise following interaction flow:
Request connects.After terminal powers up startup, the PXE agreement resided in advance in EFI will catch the startup look-at-me of terminal, and download XEN territory 0 and run in local internal memory.After user inputs log-on message, the resource management agent in territory 0 is packaged into Search message after user's logon information and terminal device information being encrypted, and sends to resource management center to carry out Sign-On authentication.
Checking.After resource management center receives user's connection request, the logon information received is verified.Be verified, operating system corresponding for user and the application list are encapsulated in Ready message and send it back terminal by resource management center.Otherwise, send authentication failed.
Confirm.Resource management agent receives Ready message, checks message content.If by certification, the operating system of selection and the application list are sent to resource management center by Register message by resource management agent, and resource management center uses iSCSI agreement to provide block DBMS access services for this terminal.If not by certification, again need log according to prompting.
Upgrade.After user's successful log, operate in the hardware information of the collection present terminal of the service interface timing that the resource management agent in territory 0 is provided by EFI, and utilize User reconstructed module to obtain system process table, and regularly send Update message to resource management center, the more facility information of new terminal and system information, i.e. software and hardware information.
Arrange.Set message can be sent to terminal when resource management center needs to arrange the software and hardware configuration of terminal.After terminal receives, first check in message, whether all setting operations can all complete.If of course, terminal performs and operates and send Response message accordingly; If can not, then terminal does not carry out any operation, only sends Response message to resource management center.
Report is abnormal.When resource management agent has detected that anomalous event occurs, send Trap message to resource management center and reported.
The present invention is applicable to the terminal based on XEN virtual machine and EFI firmware, can certainly be applicable to the terminal of the virtual machine based on other types.It will be understood by those skilled in the art that here just for citing, should not be construed as limitation of the present invention.
Resource management agent in the present invention operates in the VMM under operating system and does not operate in operating system of user space, therefore, it is possible to carry out the supervision of cross-platform cross equipment, and can not be deleted by user as traditional management agent software by mistake or be destroyed by virus, wooden horse etc. and control.
The present invention's resource management agent operated in virtual machine calls the relevant interface service that EFI provides, obtaining the real-time hardware configuration of current computing device and running status, reconstructing user file system view and current system process by adopting the method based on User reconstruct.
The present invention completes the data communication between resource management agent and resource management center by resource management protocols, the renewal of support user rs authentication, system state and setting.
Figure 5 shows that method flow schematic diagram terminal device being carried out under a kind of cloud computing environment in one embodiment of the invention to management and control.The method comprises the following steps:
Step 51, after capture terminal to startup look-at-me, downloads XEN kernel from server and performs to local internal memory, and then start and run XEN monitor of virtual machine.
Step 52, user's logon information is sent to server by terminal, is verified by server.
Step 53, when by after the checking of server, receives operating system and the application list that server returns, after terminal is selected, the operating system of selection and application program is issued server.
Step 54, after successful log, the hardware information of collection and/or software information are issued server by terminal, to carry out management and control by server to the information of terminal.
Wherein, when terminal receives hardware and/or the software configuration information of server transmission, call corresponding program and perform configuration operation according to this configuration information.
Figure 6 shows that method flow schematic diagram terminal device being carried out under a kind of cloud computing environment in another embodiment of the present invention to management and control.The method comprises the following steps:
Step 61, when terminal starts, server and terminal are carried out mutual and are provided XEN kernel to download.
Step 62, after terminal starts, user's logon information that server receiving terminal sends, after being verified, returns operating system and the application list to terminal.
Step 63, after terminal is selected, the operating system that receiving terminal has been selected and application program.
Step 64, the hardware information that receiving terminal sends and/or software information, to carry out management and control to the information of terminal.
Wherein, server sends hardware and/or software configuration information to terminal, performs corresponding operation to make terminal according to this configuration information.
Software and hardware resources management tool operates in the monitor of virtual machine under terminal device operating system and does not operate in operating system of user space by the present invention, completes the monitor and managment of the software and hardware resources to terminal device.Striding equipment, cross-platform monitoring function can being provided, namely can supervising using the computing equipment of different operating system.The attack of the malicious virus software such as virus, worm can not be subject to, and user consciously with unconscious destruction.
So far, the present invention is described in detail.In order to avoid covering design of the present invention, details more known in the field are not described.Those skilled in the art, according to description above, can understand how to implement technical scheme disclosed herein completely.
Method of the present invention and device may be realized in many ways.Such as, any combination by software, hardware, firmware or software, hardware, firmware realizes method of the present invention and device.Said sequence for the step of described method is only to be described, and the step of method of the present invention is not limited to above specifically described order, unless specifically stated otherwise.In addition, in certain embodiments, can be also record program in the recording medium by the invention process, these programs comprise the machine readable instructions for realizing according to method of the present invention.Thus, the present invention also covers the recording medium stored for performing the program according to method of the present invention.
Although be described in detail specific embodiments more of the present invention by example, it should be appreciated by those skilled in the art, above example is only to be described, instead of in order to limit the scope of the invention.It should be appreciated by those skilled in the art, can without departing from the scope and spirit of the present invention, above embodiment be modified.Scope of the present invention is limited by claims.
Claims (15)
1. under cloud computing environment, terminal device is carried out to a system for management and control, comprise terminal, this terminal comprises hardware layer, firmware layer, monitor of virtual machine (VMM) layer and operating system of user layer, it is characterized in that:
Firmware layer, captures after starting look-at-me, downloads XEN kernel and performs to local internal memory, and then start and run XEN monitor of virtual machine from server;
VMM layer, sends to server by user's logon information, and the operating system that reception server returns and the application list, issue server by the operating system of selection and application program, and the hardware information of collection and/or software information are issued server.
2. terminal device is carried out under cloud computing environment to the system of management and control according to claim 1, it is characterized in that:
VMM layer arranges resource management agent, and this resource management agent comprises transitory state storehouse, the first communication interface, user login services and agency service, wherein:
Transitory state storehouse, preserves the various software and hardware information of present terminal;
First communication interface, the software information that the hardware information obtain hardware information collection module and/or User reconstructed module obtain sends to server, and user login information is sent to server;
User login services, sends to server by user's logon information, the operating system that reception server returns and the application list, and the operating system of selection and the application list are issued server;
Agency service comprises hardware information collection module and User reconstructed module, wherein:
Hardware information collection module, acquisition hardware information;
User reconstructed module, acquisition software information.
3. terminal device is carried out under cloud computing environment to the system of management and control according to claim 2, it is characterized in that:
The XEN virtual machine monitor of VMM layer creates territory 0, and resource management agent operates in XEN territory 0.
4. terminal device is carried out under cloud computing environment to the system of management and control according to claim 1, it is characterized in that:
Firmware layer adopts EFI firmware interface, catches startup look-at-me by this EFI interface.
5. terminal device is carried out under cloud computing environment to the system of management and control according to claim 2, it is characterized in that:
Agency service also comprises configuration execution module, receives hardware and/or the software configuration information of server transmission, calls corresponding program and perform configuration operation according to this configuration information.
6. under cloud computing environment, terminal device is carried out to a system for management and control, comprise server, this server comprises startup module, web-based management instrument and resource management center, it is characterized in that:
Start module, when terminal starts, carry out mutual with terminal and provide XEN kernel to download;
Web-based management instrument, terminal calls resource management center after starting;
Resource management center, user's logon information that receiving terminal sends, after being verified, returns operating system and the application list to terminal, receive terminal select operating system and application program, and receiving terminal gather hardware information and/or software information.
7. terminal device is carried out under cloud computing environment to the system of management and control according to claim 6, it is characterized in that:
Resource management center comprises visual agency, management resource storehouse, user authentication service, management service and second communication interface, wherein:
Visual agency, for web administration instrument provides visual management information and configuration order;
Second communication interface, the hardware information that receiving terminal sends and/or software information;
The various data messages collected are carried out classified and stored and maintenance by management resource storehouse;
User authentication is served, and carried out the user login information of self terminal by second communication interface, whether this user of searching and managing resources bank certification possesses load right, as passed through certification, inquire about and return the spendable operating system of this user and the application list, otherwise, return login failure;
Management service comprises control of authority module, information collection module and performance monitoring module, wherein:
Control of authority module, authorizes different supervision scopes and Permission Levels;
Performance monitoring module, after control of authority module authorizes, sends other software and hardware information inquiring request various types of by second communication interface;
Information collection module, the hardware information send terminal and/or software information transfer to management resource storehouse to safeguard.
8. terminal device is carried out under cloud computing environment to the system of management and control according to claim 7, it is characterized in that:
Management service also comprises configuration module, for visual agency provides unified calling interface to process the operation requests of other assemblies to terminal configuration information, after control of authority module authorizes, send hardware and/or software configuration information by second communication interface to terminal, perform corresponding operation to make terminal according to this configuration information.
9. under cloud computing environment, terminal device is carried out to a system for management and control, it is characterized in that: comprise as arbitrary in claim 1 to 5 as described in terminal and as arbitrary in claim 6 to 8 as described in server.
10. terminal device is carried out under cloud computing environment to the system of management and control according to claim 9, it is characterized in that:
Terminal and server carry out communication by exchange resource management agreement message, and this protocol massages is transmitted by udp protocol, and each message is encapsulated in separately in UDP message bag.
Under 11. 1 kinds of cloud computing environments, terminal device is carried out to the method for management and control, it is characterized in that:
After capture terminal to startup look-at-me, download XEN kernel from server and perform to local internal memory, and then start and run XEN monitor of virtual machine;
User's logon information is sent to server by terminal;
When by after the checking of server, receive operating system and the application list that server returns, after terminal is selected, the operating system of selection and application program are issued server;
After successful log, the hardware information of collection and/or software information are issued server by terminal.
12., according to the method for under cloud computing environment described in claim 11, terminal device being carried out to management and control, is characterized in that:
When terminal receives hardware and/or the software configuration information of server transmission, call corresponding program and perform configuration operation according to this configuration information.
Under 13. cloud computing environments according to claim 11 or 12, terminal device is carried out to the method for management and control, it is characterized in that:
Terminal and server carry out communication by exchange resource management agreement message, and this protocol massages is transmitted by udp protocol, and each message is encapsulated in separately in UDP message bag.
Under 14. 1 kinds of cloud computing environments, terminal device is carried out to the method for management and control, it is characterized in that:
When terminal starts, server and terminal are carried out mutual and are provided XEN kernel to download;
After terminal starts, user's logon information that server receiving terminal sends, after being verified, returns operating system and the application list to terminal;
After terminal is selected, receive operating system and application program that terminal selected;
The hardware information that receiving terminal gathers and/or software information.
15., according to the method for under cloud computing environment described in claim 14, terminal device being carried out to management and control, is characterized in that:
Server sends hardware and/or software configuration information to terminal, performs corresponding operation to make terminal according to this configuration information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310573998.XA CN104636678B (en) | 2013-11-15 | 2013-11-15 | The method and system of management and control is carried out under a kind of cloud computing environment to terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310573998.XA CN104636678B (en) | 2013-11-15 | 2013-11-15 | The method and system of management and control is carried out under a kind of cloud computing environment to terminal device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104636678A true CN104636678A (en) | 2015-05-20 |
| CN104636678B CN104636678B (en) | 2017-11-10 |
Family
ID=53215414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310573998.XA Active CN104636678B (en) | 2013-11-15 | 2013-11-15 | The method and system of management and control is carried out under a kind of cloud computing environment to terminal device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104636678B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119732A (en) * | 2015-06-30 | 2015-12-02 | 中标软件有限公司 | Device and method for distributing hosts in cluster environment |
| CN105955798A (en) * | 2016-04-29 | 2016-09-21 | 北京奇虎科技有限公司 | Method, device and system for detecting abnormal state of virtual machine in cloud platform |
| CN106775929A (en) * | 2016-11-25 | 2017-05-31 | 中国科学院信息工程研究所 | A kind of virtual platform safety monitoring method and system |
| WO2017113359A1 (en) * | 2015-12-31 | 2017-07-06 | 华为技术有限公司 | Cloud operation interface sharing method, related device and system |
| CN107247615A (en) * | 2016-09-30 | 2017-10-13 | 郑州云海信息技术有限公司 | A kind of virtualized host storage system |
| CN107360165A (en) * | 2017-07-13 | 2017-11-17 | 北京元心科技有限公司 | Terminal device, cloud server and method and device for managing and controlling operating system |
| CN109995676A (en) * | 2017-12-29 | 2019-07-09 | 宁波方太厨具有限公司 | A kind of intelligent Qos method based on device talk agreement |
| CN111078305A (en) * | 2019-12-11 | 2020-04-28 | 秒针信息技术有限公司 | Information acquisition method and device, server and information management system |
| CN111095206A (en) * | 2017-09-20 | 2020-05-01 | 豪夫迈·罗氏有限公司 | Method for verifying medical application, end-user device and medical system |
| CN112969172A (en) * | 2021-02-01 | 2021-06-15 | 福建多多云科技有限公司 | Communication flow control method based on cloud mobile phone |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102081554A (en) * | 2011-01-30 | 2011-06-01 | 浪潮(北京)电子信息产业有限公司 | Cloud computing operating system as well as kernel control system and method thereof |
| CN102148841A (en) * | 2010-02-05 | 2011-08-10 | 中国长城计算机深圳股份有限公司 | Method for remotely monitoring multiple operating systems |
| WO2012112095A1 (en) * | 2011-02-18 | 2012-08-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Virtual machine supervision |
-
2013
- 2013-11-15 CN CN201310573998.XA patent/CN104636678B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102148841A (en) * | 2010-02-05 | 2011-08-10 | 中国长城计算机深圳股份有限公司 | Method for remotely monitoring multiple operating systems |
| CN102081554A (en) * | 2011-01-30 | 2011-06-01 | 浪潮(北京)电子信息产业有限公司 | Cloud computing operating system as well as kernel control system and method thereof |
| WO2012112095A1 (en) * | 2011-02-18 | 2012-08-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Virtual machine supervision |
Non-Patent Citations (3)
| Title |
|---|
| 朱团结等: "基于共享内存的Xen虚拟机间通信的研究", 《计算机技术与发展》 * |
| 李超: "SR-IOV虚拟化技术的研究与优化", 《中国优秀硕士学位论文全文数据库》 * |
| 薛海峰等: "XEN虚拟机分析", 《系统仿真学报》 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119732A (en) * | 2015-06-30 | 2015-12-02 | 中标软件有限公司 | Device and method for distributing hosts in cluster environment |
| US11075895B2 (en) | 2015-12-31 | 2021-07-27 | Huawei Technologies Co., Ltd. | Cloud operation interface sharing method, related device, and system |
| WO2017113359A1 (en) * | 2015-12-31 | 2017-07-06 | 华为技术有限公司 | Cloud operation interface sharing method, related device and system |
| CN105955798A (en) * | 2016-04-29 | 2016-09-21 | 北京奇虎科技有限公司 | Method, device and system for detecting abnormal state of virtual machine in cloud platform |
| CN107247615A (en) * | 2016-09-30 | 2017-10-13 | 郑州云海信息技术有限公司 | A kind of virtualized host storage system |
| CN106775929B (en) * | 2016-11-25 | 2019-11-26 | 中国科学院信息工程研究所 | A kind of virtual platform safety monitoring method and system |
| CN106775929A (en) * | 2016-11-25 | 2017-05-31 | 中国科学院信息工程研究所 | A kind of virtual platform safety monitoring method and system |
| CN107360165A (en) * | 2017-07-13 | 2017-11-17 | 北京元心科技有限公司 | Terminal device, cloud server and method and device for managing and controlling operating system |
| CN107360165B (en) * | 2017-07-13 | 2021-02-12 | 北京元心科技有限公司 | Terminal device, cloud server and method and device for managing and controlling operating system |
| CN111095206A (en) * | 2017-09-20 | 2020-05-01 | 豪夫迈·罗氏有限公司 | Method for verifying medical application, end-user device and medical system |
| CN111095206B (en) * | 2017-09-20 | 2023-12-08 | 豪夫迈·罗氏有限公司 | Method for verifying medical application program, end user device and medical system |
| CN109995676A (en) * | 2017-12-29 | 2019-07-09 | 宁波方太厨具有限公司 | A kind of intelligent Qos method based on device talk agreement |
| CN109995676B (en) * | 2017-12-29 | 2021-10-22 | 宁波方太厨具有限公司 | Intelligent Qos method based on equipment communication protocol |
| CN111078305A (en) * | 2019-12-11 | 2020-04-28 | 秒针信息技术有限公司 | Information acquisition method and device, server and information management system |
| CN112969172A (en) * | 2021-02-01 | 2021-06-15 | 福建多多云科技有限公司 | Communication flow control method based on cloud mobile phone |
| CN112969172B (en) * | 2021-02-01 | 2022-03-15 | 福建多多云科技有限公司 | Communication flow control method based on cloud mobile phone |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104636678B (en) | 2017-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104636678A (en) | Method and system for controlling terminal device under cloud computing environment | |
| EP3484125B1 (en) | Method and device for scheduling interface of hybrid cloud | |
| US10194321B2 (en) | Periodic mobile forensics | |
| JP6600156B2 (en) | A platform for building secure mobile collaborative applications that use dynamic presentation and data composition | |
| US20190354675A1 (en) | Automated virtual machine integrity checks | |
| CN108965480A (en) | Cloud desktop login management-control method, device and computer readable storage medium | |
| CN109800160B (en) | Cluster server fault testing method and related device in machine learning system | |
| WO2018014868A1 (en) | User management method and device for hybrid cloud | |
| CN106357609B (en) | A kind of method and system, public network server and private clound equipment creating user | |
| US10063429B2 (en) | Systems and methods for optimizing computer network operations | |
| US10135913B2 (en) | Impact analysis system and method | |
| US9922181B2 (en) | Security model for network information service | |
| CN105474225A (en) | Automating monitoring of computing resource in cloud-based data center | |
| KR102134491B1 (en) | Network based management of protected data sets | |
| EP3884405B1 (en) | Secure count in cloud computing networks | |
| CN111694743A (en) | Service system detection method and device | |
| CN102945337A (en) | On-line self-help management method and system of Subversion user password | |
| CN105933467A (en) | Client host information change periodic detection method | |
| US20210226929A1 (en) | Techniques for transferring data across air gaps | |
| CN114978649B (en) | Information security protection method, device, equipment and medium based on big data | |
| EP3794453B1 (en) | Extensible, secure and efficient monitoring & diagnostic pipeline for hybrid cloud architecture | |
| CN110808943B (en) | Client connection emergency management method, client and computer readable storage medium | |
| US20160381185A1 (en) | System and method for managing virtual environments in an infrastructure | |
| CN117081852B (en) | Public information security release method and device based on internal and external network isolation | |
| CN107608768A (en) | Resource access method, electronic equipment and storage medium based on command mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220127 Address after: 100007 room 205-32, floor 2, building 2, No. 1 and No. 3, qinglonghutong a, Dongcheng District, Beijing Patentee after: Tianyiyun Technology Co.,Ltd. Address before: No.31, Financial Street, Xicheng District, Beijing, 100033 Patentee before: CHINA TELECOM Corp.,Ltd. |