CN110032413B - Desktop virtualization method, related equipment and computer storage medium - Google Patents

Desktop virtualization method, related equipment and computer storage medium Download PDF

Info

Publication number
CN110032413B
CN110032413B CN201910163257.1A CN201910163257A CN110032413B CN 110032413 B CN110032413 B CN 110032413B CN 201910163257 A CN201910163257 A CN 201910163257A CN 110032413 B CN110032413 B CN 110032413B
Authority
CN
China
Prior art keywords
user
container
server
service
virtual desktop
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910163257.1A
Other languages
Chinese (zh)
Other versions
CN110032413A (en
Inventor
施嘉洋
苏奎
王惠文
徐彩虹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201910163257.1A priority Critical patent/CN110032413B/en
Publication of CN110032413A publication Critical patent/CN110032413A/en
Priority to PCT/CN2020/070571 priority patent/WO2020177482A1/en
Application granted granted Critical
Publication of CN110032413B publication Critical patent/CN110032413B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/452Remote windowing, e.g. X-Window System, desktop virtualisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a desktop virtualization method and related equipment, wherein a server side runs a plurality of shared service containers, each shared service container runs a shared system service, and the shared system service run by at least one shared service container in the shared service containers is used by at least two virtual desktops; the server receives a target application identifier sent by a user terminal, and creates a user container group according to the target application identifier, wherein a user container is operated in the user container group; and the server provides the virtual desktop for the user terminal through a user container running in the user container group and a part or all of the shared service containers. The system services and the application programs of the virtual desktops are respectively packaged into containers, and the multiple virtual desktops of the server share the multiple shared service containers, so that the expandability of the virtual desktops can be improved, the resource overhead of the server is reduced, and the resource utilization rate is improved.

Description

Desktop virtualization method, related equipment and computer storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method for providing a virtual desktop, a related device, and a computer storage medium.
Background
A Virtual Desktop Infrastructure (VDI) is mainly a remote desktop based on a computer-side operating system such as Windows and Linux, and under the background of large-scale application of current mobile devices, desktop virtualization of a mobile operating system such as an android system has more and more market demands. The current method for implementing desktop virtualization of a mobile operating system includes running the mobile operating system in a Virtual Machine (VM) environment of a server, or running the mobile operating system by using a Linux container (LXC) -based container technology, thereby implementing virtual desktop service for a user.
However, in the two desktop virtualization methods, the server side provides services using the operating system as the granularity, which causes inconvenience in updating the application, and the virtual desktop has low expandability, and meanwhile, using the operating system as the granularity causes redundancy of the underlying system services, which results in low resource utilization rate.
Disclosure of Invention
The embodiment of the invention discloses a method for providing a virtual desktop, which encapsulates system services and application programs of the virtual desktop into containers respectively, and the virtual desktop of a server can share part of the system services, thereby improving the expandability of the virtual desktop, reducing the resource expense of the server and improving the resource utilization rate.
In a first aspect, an embodiment of the present application provides a method for providing a virtual desktop, where the method includes:
the server side runs a plurality of shared service containers, each shared service container is used for running shared system services, and shared system services run by at least one shared service container in the plurality of shared service containers are commonly used by at least two virtual desktops;
the server receives a target application identification ID sent by a user terminal, and creates a user container group according to the target application ID, wherein a user container is operated in the user container group;
and the server receives a virtual desktop access request sent by the user terminal, and provides the virtual desktop for the user terminal through a user container running in the user container group and a part or all of shared service containers.
In a possible embodiment, the target application ID includes an application ID, and at least one user container operating in the user container group operates an application corresponding to the application ID; and/or
The target application ID comprises an exclusive system service ID, and at least one user container running in the user container group runs an exclusive system service corresponding to the exclusive system service ID.
In a possible embodiment, the server stores the corresponding relationship between the user identifier and each user container in the user container group;
the method further comprises the following steps:
the server receives a virtual desktop operation request sent by the user terminal;
and the server calls a second user container in the user container group through a first user container running in the user container group according to the virtual desktop operation request.
In a possible embodiment, the server allocates a user data volume to the user container group, and the user data volume is used for storing user data corresponding to the user container group.
According to the desktop virtualization method provided by the embodiment of the application, system services which can be commonly used by a plurality of users are packaged into a shared service container to be commonly used by all virtual desktops of the virtual desktop service end, and exclusive system services and application programs which are independently used by each user are packaged into mutually isolated containers, so that the maintainability and the expandability of the system can be improved, the redundancy of bottom layer system services when the desktop virtualization is realized by taking an operating system as granularity is overcome, the resource expense of the service end is reduced, and the resource utilization rate is improved.
In a second aspect, an embodiment of the present application provides an apparatus for providing a virtual desktop, where the apparatus includes:
the processing unit is used for operating a plurality of shared service containers, each shared service container is used for operating a shared system service, and the shared system service operated by at least one shared service container in the plurality of shared service containers is commonly used by at least two virtual desktops;
the communication unit is used for receiving a target application identification ID sent by a user terminal, and creating a user container group according to the target application ID, wherein a user container is operated in the user container group;
the communication unit is further configured to receive a virtual desktop access request sent by the user terminal;
the processing unit is further configured to run the user container and a part or all of the shared service containers in the user container group to provide the virtual desktop to the user terminal after receiving the virtual desktop access request.
In a possible embodiment, the target application ID includes an application ID, and at least one user container operating in the user container group operates an application corresponding to the application ID; and/or
The target application ID comprises an exclusive system service ID, and at least one user container running in the user container group runs an exclusive system service corresponding to the exclusive system service ID.
In a possible embodiment, the apparatus further includes a storage unit, where the storage unit is configured to store a correspondence between the user identifier and each user container in the user container group;
the communication unit is further configured to receive, by the server, a virtual desktop operation request sent by the user terminal;
the processing unit is further configured to call a second user container in the user container group through a first user container running in the user container group according to the virtual desktop operation request.
In a possible embodiment, the apparatus further includes a user data volume, where the user data volume is used to store user data corresponding to the user container group.
In a third aspect, an embodiment of the present application provides a network device, including a processor, an input/output device, and a memory; the memory is configured to store instructions, the processor is configured to execute the instructions, and the input-output device is configured to communicate with other devices under control of the processor; wherein the processor, when executing the instructions, performs the method of the first aspect.
In a fourth aspect, embodiments of the present application provide a non-transitory computer storage medium storing a computer program that, when executed by a processor, implements the method according to the first aspect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram illustrating deployment of a virtual desktop based on a virtual machine technology according to an embodiment of the present application;
FIG. 2 is a schematic diagram of deploying a virtual desktop based on a container technology according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating a desktop virtualization method according to an embodiment of the present application;
fig. 4 is a schematic diagram of container deployment in which a containerization technique is used to implement a virtual desktop according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a desktop virtualization apparatus according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a network device according to an embodiment of the present application;
fig. 7 is a schematic diagram of a virtual desktop service system according to an embodiment of the present application.
Detailed Description
A Virtual Desktop Infrastructure (VDI) refers to a virtual machine that runs a desktop system through a virtual desktop server, and virtualizes a desktop of a user, so that the user can establish a connection with the virtual desktop server through any client to access the desktop system of the user.
The virtualization technology can meet the requirements of centralized management of user data and data security. In the context of large-scale application of current mobile devices, there is an increasing market demand for virtualization of a mobile operating system (e.g., an android system), which is accompanied by a demand for mobile desktop virtualization based on a mobile operating system virtualization technology, where, compared to a conventional VDI, mobile operating system desktop virtualization refers to Virtual Mobile Infrastructure (VMI) to deliver a desktop of an entire mobile operating system to a user. In the embodiment of the present application, a mobile operating system is taken as an android operating system as an example, and a desktop virtualization method in the embodiment of the present application is introduced. It is understood that the mobile operating system may also be a symbian (symbian) system, an ios system, a blackberry system, or the like. The current method for realizing android desktop virtualization comprises the following two methods:
the first is to implement an android virtual desktop in the server's virtual machine environment. A Virtual Machine (VM) refers to a complete virtual computer system that has a complete hardware system function and runs in a completely isolated environment through software simulation. As shown in fig. 1, the virtualization technology may add a Hypervisor (Hypervisor) layer on an operating system of a server, where the Hypervisor is an intermediate software layer running between a physical server and the operating system, and may virtualize hardware resources, such as a Central Processing Unit (CPU), a hard disk, memory resources, and the like, and then install a target operating system required by a user on the virtualized resources, so as to generate a complete virtual image of the target operating system in a virtual machine through the virtualization technology. The target operating system has the same functions as the real operating system, can independently install running software, save data and the like in the virtual machine, and cannot generate any influence on the operating system of the server for installing the virtual machine, namely the virtual machine is a complete virtualization server, the virtual machine is provided with an own operating system, a device driver, an application program, a configuration file and the like, and a plurality of different virtual machines can be created in one server through a Hypervisor layer.
As shown in fig. 1, fig. 1 is a schematic view of deploying an android virtual desktop based on a virtual machine technology, according to an embodiment of the present application, after a user obtains a user account and a user password through registration and authentication, a server creates a virtual machine corresponding to the user account, the android operating system is installed in the virtual machine, the user can select the application program needed to be used, the server installs the application program selected to be used by the user in the virtual machine corresponding to the user, the user can log in the user account of the user in any user terminal, send a virtual desktop access request to the server, after receiving the virtual desktop access request, the server starts a virtual machine corresponding to the user account, and the display of the android virtual desktop on the user terminal and the redirection of user input are realized through a remote communication protocol.
However, in the method for implementing the android virtual desktop based on the virtual machine technology, each virtual machine can only be used by one user, and each virtual machine has a complete set of android operating system, device driver, application program, configuration file, and the like. For example, if n in fig. 1 is 20, that is, virtual desktops corresponding to 20 users are deployed on the Liunx server, 20 virtual machines need to be created on the Liunx server, 21 Linux instances need to be run using CPU and memory resources, where 1 Linux instance is a Linux system running in the server, 20 Linux instances are Linux systems running in the virtual machines, and the Liunx server needs to allocate physical resources to each virtual machine, for example, allocate 2 CPUs, 8 gigabytes (gigabytes, GB) of memory, 500GB of disk to the virtual machine 1, allocate 4 CPUs, 16GB of memory, 100GB of disk to the virtual machine 2, and the like. Therefore, a virtual machine with resources such as a complete operating system occupies a large space, which generally exceeds 1GB, and if the android virtual desktop is realized by adopting a virtual machine technology, the resource overhead is large during large-scale deployment.
The second way is to implement the android virtual desktop by using a container technology, such as a Linux container (LXC), as shown in fig. 2, where fig. 2 is a schematic diagram of deploying the android virtual desktop based on the container technology provided in the embodiment of the present application. When the android virtual desktop is implemented by using a container technology, since all containers of the server can share a kernel, a driver, a configuration file, and the like of an operating system of the server, for example, n is 20 in fig. 1, that is, a virtual desktop corresponding to 20 users is deployed on a Liunx server, 20 containers need to be created on the Liunx server, although 20 containers are located on the server, only one Linux kernel and one set of shared libraries are needed on the server, where the shared libraries include the driver, the configuration file, and the like shared by the server and the 20 containers, for example, each container can share an audio driver, a graphics processing driver, and the like with the server, and each container includes only an application and all class libraries, configuration files, and the like needed to run the application, and therefore, with respect to the virtual machine in fig. 1, the space occupied by each container in fig. 2 is smaller than that occupied by the virtual machine, a container typically takes up only tens of megabytes of space.
However, in the first and second manners, the server provides the virtual desktop service using the android operating system as the granularity, which causes inconvenience in updating the application, and meanwhile, the server uses the operating system as the granularity, which causes redundancy of the underlying system service, and thus the resource utilization rate is low.
In view of the above problems, an embodiment of the present application provides a desktop virtualization method, and before introducing the desktop virtualization method provided in the embodiment of the present application, first, a system service and an application program and the like related in the embodiment of the present application are introduced, where the system service and the application program in the embodiment of the present application both run in a container of a server to provide a virtual desktop service to a user. The server side can comprise one or more servers, one or more virtual desktops run in each server, and containers included in each virtual desktop run in the same server.
In the embodiment of the application, the application program refers to a program which needs to be actively triggered by a user to run at a server and quits running when the application program is not used within a preset time after being started, and the application program cannot run at the server when the user does not need triggering. The application programs are usually released by an application store and installed in a server after the user selects to use, such as video playing software, audio playing software, instant messaging software and the like.
The system service is a program or a process that executes a designated system function, is an Application Programming Interface (API) that can provide a specific function, is managed by the ServiceManager, and runs in the SystemServer. Such as window management services, bluetooth management services, storage management services, battery management services, location services, network services, and the like. The system service can run for a long time at the server after a user logs in the virtual desktop, or run for a long time at the server after being called and started by the application program, and even if the application program starting the system service is logged out, the system service still runs at the server.
In the embodiment of the application, the system services are divided into dedicated system services and shared system services. Wherein the shared system service is a system service that does not involve user personal data when running or when called by an application. Such as time services, window management services, CPU scheduling services, and battery management services. Taking time service as an example, the time service provides current time for different user terminals, and does not relate to personal data of users; for example, the window management service of the android system is used to complete respective window management in different user terminals, such as adding, deleting, and updating views (views). The shared system service can be commonly used by a plurality of users.
The dedicated system service refers to a system service that involves the user's personal data while running or when invoked by an application. For example, a location service, a camera service, a telephone service, an alarm service, and the like, taking the location service as an example, when a user needs to use the location service in an application, the application may send a location request to the location service, and after determining location information of the user, the location service returns the location information to the application, so that the location service includes personal privacy data of the user. In order to prevent privacy of users from being revealed, each user needs to correspond to a group of dedicated system services, and each dedicated system service can only be called by an application program used by the corresponding user and cannot be commonly used by a plurality of users.
As shown in fig. 3, fig. 3 is a schematic flowchart of a desktop virtualization method provided in the present application, where the method includes:
s102, the server side runs a plurality of shared service containers.
Wherein each shared service container is used for running a shared system service, and the shared system service run by at least one shared service container in the plurality of shared service containers is commonly used by at least two virtual desktops.
In this embodiment of the application, as shown in fig. 4, fig. 4 is a container deployment schematic diagram that provides virtual desktops by using a containerization technique, where the server creates and runs a plurality of shared service containers, each shared service container in the plurality of shared service containers runs one shared system service, and the shared service container is a container that can be used by all virtual desktops in a server where the plurality of shared service containers are located, that is, no matter how many virtual desktops are deployed by the server, all virtual desktops deployed in the server use the shared system service in the plurality of shared service containers.
S104, the server receives the target application identification sent by the user terminal, and a user container group is created according to the target application identification.
In the embodiment of the application, before using the virtual desktop, a user needs to send a registration request to the server through a user terminal, where the registration request is used to request the server to use the virtual desktop service, and the registration request includes a user account and a user password. After the server passes the registration request, a user can log in the user account through any user terminal, select an application program and/or an exclusive system service to be used, and send a virtual desktop creating request to the server, where the virtual desktop creating request includes the target application identifier (identification, ID), and optionally, the virtual desktop creating request may also carry a user identifier. The user identifier may be the user account. And the server side creates a user container group corresponding to the user identification according to the target application ID, wherein the user container group comprises one or more user containers.
In an embodiment of the application, the target application ID includes an application ID and/or an exclusive system service ID, the server searches for an application corresponding to the application ID in a container mirror resource pool according to the application ID, creates a user container for running the application at the server, and/or searches for an exclusive system service corresponding to the exclusive system service ID in a container mirror resource pool according to the exclusive system service ID, and creates a user container for running the exclusive system service at the server. The dedicated system service belongs to a system service of an android operating system, and relative to the shared system service, the dedicated system service relates to personal data of a user when running or providing the service, such as a camera service, when the user requests to start a camera in any application program, the camera can shoot the user or the surrounding environment of the user, and in order to prevent leakage of personal information of the user, each virtual desktop of the service end needs one camera service. Therefore, each virtual desktop of the server needs a group of dedicated system containers to package dedicated system services for each user to use individually.
As shown in fig. 4, the one or more user containers in the user container group include application containers, and each application container encloses one or more application programs selected by a user for use. The application program needs to be actively started and run by a user after the user logs in the virtual desktop, and when the user does not need to use the application program, the user can select to quit the application program, and the application program is finished running and does not run in a system background. For example, a music player belongs to an application program, if a target application selected by a user includes the music player, the server may package the music player into an application container, and after the user logs in a virtual desktop using a user terminal, an application icon of the music player is displayed on a display interface of the user terminal. If the user wants to enjoy songs, the application icon can be clicked to open the music player to select the songs desired to be enjoyed, the server determines that the user clicks the music player according to a redirection technology after receiving the click of the user, and then the server runs the application container corresponding to the music player. And if the user does not want to enjoy the song any more, the user needs to select to quit the music player, the server ends the operation of the application container corresponding to the music player, and ends the operation of the application program of the music player.
As shown in fig. 4, one or more user containers in the user container group may further include an exclusive service container (exclusive service container), and each of the exclusive service containers encapsulates one or more exclusive system services selected by a user for use. In the embodiment of the application, the exclusive system service can be selected by a user to be installed and used, if the user does not select a certain system service, the virtual desktop of the user does not have the system service function, and an exclusive service container corresponding to the exclusive system service is not created in the user container group corresponding to the user. For example, in the users using the alarm clock service, the alarm clock time setting of each user is different, and therefore, in the embodiment of the present application, the alarm clock service belongs to a dedicated system service. In a terminal using the android operating system currently, all system services include alarm clock services, but since a user does not need to set an alarm clock, the alarm clock services can be unselected, and the server does not create an exclusive service container corresponding to the alarm clock services in a user container group corresponding to the user, so that the expenditure of server resources can be reduced.
In the embodiment of the present application, the virtual desktop that the user identification corresponds includes user's container group and a plurality of shared service containers, promptly only have a set of shared service container in every server of server, the virtual desktop that a user identification corresponds include user's container group and a plurality of shared service containers, a plurality of shared service containers with the interaction of one or more user's container in the user's container group and the user's container with the interaction of exclusive system service container all is based on binder mechanism and realizes, is managed by android's service management mechanism ServiceManager.
In a possible implementation, as shown in fig. 4, each of the one or more user containers encapsulates only one application program or dedicated system service that is selected by a user, that is, each application container encapsulates only one application program that is selected by a user, each dedicated service container encapsulates only one dedicated system service, and each system service and each application program are encapsulated into a separate container, so that the virtual desktop service is fully micro-serviced, application upgrade and update can be more convenient, and maintainability and extensibility of the system are improved.
S106, the server receives a virtual desktop access request sent by the user terminal, and provides the virtual desktop for the user terminal through a user container running in the user container group and a part or all of shared service containers.
After the server creates the multiple shared service containers and the user container group according to the target application ID, the virtual desktop corresponding to the user identifier is successfully constructed, namely the virtual desktop corresponding to the user identifier comprises the multiple shared system containers and the user container group corresponding to the user identifier.
In the embodiment of the application, when a user needs to use the virtual desktop, the virtual desktop service function of the client can be opened on any user terminal, displaying a virtual desktop connection interface on the user terminal, wherein the virtual desktop connection interface comprises a user information input window, and the user inputs a user account and a user password in the user information input window, the virtual desktop access request can be sent to the server, and after receiving the virtual desktop access request, according to the user identification (i.e. user account) in the virtual desktop access request, starting part or all of the shared service container and the user container in the user container group corresponding to the user identification, and the user terminal and the server finish the display of the virtual desktop on the user terminal through a remote communication protocol. The user can operate the application program displayed on the user terminal, the user terminal sends the user operation to the server through the remote communication protocol, the server redirects the received operation input by the user to operate the corresponding container in the server, and returns the operation execution result to the user terminal. The remote communication protocol may be a simple for independent computing environment (SPICE), a Remote Display Protocol (RDP), or a Virtual Network Controller (VNC) protocol, which is not specifically limited in the embodiment of the present application.
According to the desktop virtualization method provided by the embodiment of the application, system services which can be commonly used by a plurality of virtual desktops are packaged into a shared service container to be commonly used by all the virtual desktops in each server, and exclusive system services and application programs which are independently used by each user are packaged into containers which are mutually isolated, so that the maintainability and the expandability of the system can be improved, the redundancy of bottom layer system services when the desktop virtualization is realized by taking an operating system as granularity is reduced, the resource expense of a server side is reduced, and the resource utilization rate is improved. Furthermore, each system service and each application program of the mobile operating system can be packaged into an independent container, so that the virtual desktop service is completely micro-serviced, the application can be updated and updated more conveniently, and the maintainability and the expandability of the system are further improved.
In the embodiment of the application, all system services (including shared system services and exclusive system services) and application programs of the virtual desktop formed by the server are packaged in the container for deployment, and different user container groups belong to different users, so that the different user container groups need to be isolated, so that the server can identify the container groups to which different processes belong. Specifically, when the server establishes the user container group, the server configures a unique container group identifier for the user container group, that is, configures the same container group identifier for each user container in the same user container group, where the user containers having the same container group identifier belong to the same user container group. For example, after the server receives a virtual desktop creation request sent by a user with user identifier abc, the server configures a container group identifier group _ i for each user container in a user container group corresponding to the user identifier, and if n user container groups are created by the server together, the container group identifiers of the n user container groups may be group _0 to group _ n, respectively. Therefore, a container group identifier may be added to the task _ struct structure of the process descriptor of each process of the server, so that the server determines the user container group to which each process belongs according to the container group identifier carried by the task _ struct structure in each process, determines a target container in the user container group corresponding to each process according to a Process Identifier (PID) and a namespace (namespace), and further allocates corresponding resources and data to the target container.
In the embodiment of the application, the server stores the corresponding relationship between the user identifier and the identifier of the container group, that is, the corresponding relationship between the user identifier and each user container in the user container group. After receiving a virtual desktop operation request sent by a user terminal, the server may determine a user container group corresponding to the virtual desktop operation request according to a user identifier in the virtual desktop operation request, and further execute an operation corresponding to the virtual desktop operation request on a container in the corresponding user container group. For example, the virtual desktop operation request is to start a music player, and after receiving the virtual desktop operation request, the server determines a user container group corresponding to the virtual desktop operation request according to a user identifier in the virtual desktop operation request, and starts an application container corresponding to the music player in the user container group.
In this embodiment of the application, the virtual desktop operation request may be that an application a needs to invoke another application b or an exclusive system service c, and after receiving the virtual desktop operation request, the server needs to invoke a second user container in the user container group through a first user container corresponding to the application a. In order to prevent direct communication between containers in different user container groups, the second user container needs to verify whether a first container group identifier in the virtual desktop operation request sent by the first user container is consistent with a second container group identifier of the second user container. Therefore, the user container of the server needs to have a container group identification recognition mechanism. Specifically, the communication between containers is implemented based on a binder mechanism, and in order to ensure that containers in different container groups cannot communicate directly, a container group identification function needs to be added to a client and a server of the binder, that is, a container group identification function is configured for each container, where the client and the server of the binder refer to two containers interacting based on the binder mechanism.
For example, a user opens an album application on a user terminal, the user terminal sends a first operation request to a server, and the server determines, according to a user identifier in the first operation request, that a first user container in a user container group _0 of the server corresponds to the album application, and then the server starts the first user container in the group _ 0. If a user needs to share a photo in the photo album application to a friend through an instant messaging application, the user needs to call the instant messaging application through the photo album application, a first user container corresponding to the photo album application sends a call request to a second user container corresponding to the instant messaging application, specifically, the server determines a user container group to which a first user container sending the call request belongs according to a first container group identifier of the first user container carried in the call request, and then sends the call request to the second user container in the same user container group according to the first container group identifier. After receiving the call request, the second user container firstly identifies whether a first container group identifier in the call request is consistent with a second container group identifier of the second user container, if so, the second user container is started, the instant messaging application is opened, and a user interface of the instant messaging application is displayed on the user terminal, so that the user can select friends. For another example, if a positioning function is used in an application a, a container a corresponding to the application a needs to send a positioning request to a container B packaged with a positioning service, where the positioning request includes a container group identifier of the container a, and after receiving the positioning request, the container B identifies the container group identifier in the positioning request, and if the container group identifier in the positioning request is the same as the container group identifier of the container group in which the container B is located, the container B executes the positioning function and returns a positioning result to the container a, and if the container group identifier in the positioning request is different from the container group identifier of the container group in which the container B is located, the container B does not respond to the positioning request.
It can be understood that, since an exclusive system service in the system services belongs to a service shared by each virtual desktop, and a shared system service is a service used by all desktop systems together, before the server performs containerization on the system services, it is necessary to determine whether the system services belong to a shared system service or an exclusive system service, and for an exclusive system service, when the server performs containerization on the exclusive system service, an identifier of a container encapsulating the exclusive system service is configured to be the same as a container group identifier of a user container group to which the exclusive system service belongs; for a shared system service, the identity of the container that encapsulates the shared system service is configured to be empty.
In the embodiment of the application, data of different virtual desktops (namely data of different users) need to have different data storage areas, and since the android virtual desktop of each user is deployed at a server in a user container group manner, an independent storage area must be configured for each user container group to ensure data isolation among different users. Specifically, a root file system rootfs of the host is copied and used as a shared data volume to be mounted on each container in the user container group one by one, so that file system sharing among multiple containers is realized. Then, different data volumes are respectively created for different user container groups and mounted to the corresponding user container groups, so that different data storage areas are allocated to each user container group (namely, virtual desktop), and data storage isolation among the user container groups is realized.
In the embodiment of the application, before the user container group corresponding to the user identifier is created according to the user identifier, the server may further create a container mirror resource pool, where the container mirror resource pool includes an application container set and an exclusive service container set, the application container set includes a plurality of application containers, and the exclusive service container set includes a plurality of exclusive service containers. The server side firstly encapsulates the container mirror image resource pool into an application market view and sends the application market view to the user terminal, so that the user can select application programs and/or exclusive system services which need to be used from the application market; and then the user terminal sends the application program identifier and/or the exclusive system service identifier selected by the user and the user identifier of the user to the server.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a desktop virtualization apparatus according to an embodiment of the present application, and as shown in fig. 5, the network device 200 at least includes: a processing unit 210 and a communication unit 220. Wherein the content of the first and second substances,
the processing unit 210 is configured to run a plurality of shared service containers, each shared service container is configured to run a shared system service, and a shared system service run by at least one shared service container in the plurality of shared service containers is commonly used by at least two virtual desktops;
a communication unit 220, configured to receive a target application identifier ID sent by a user terminal;
the processing unit 210 is further configured to create a user container group according to the target application ID, where a user container is operated in the user container group;
the communication connection unit 220 is further configured to receive a virtual desktop access request sent by the user terminal;
the processing unit 210 is further configured to run the user container and a part or all of the shared service containers in the user container group to provide the virtual desktop to the user terminal after receiving the virtual desktop access request.
The apparatus further comprises a storage unit 230, configured to store a correspondence between the user identifier and each user container in the user container group;
the communication unit is further configured to receive, by the server, a virtual desktop operation request sent by the user terminal;
the processing unit is further configured to invoke a second user container in the user container group or a first shared service container in the multiple shared service containers according to the virtual desktop operation request through a first user container running in the user container group.
In this embodiment of the application, the communication unit 220 is configured to enable the desktop virtualization device to interact with a user terminal, for example, receive a registration request sent by the user terminal and receive a virtual desktop creation request of the user terminal before creating a virtual desktop corresponding to a user in S104; or after the virtual desktop is created as in S106, the virtual desktop is sent to the corresponding user terminal, or after an operation instruction sent by the user through the user terminal is received, a service requested by the operation instruction is sent to the user terminal, and the like. The processing unit 210 is configured to create a virtual desktop corresponding to the user identifier in the desktop virtualization apparatus, and implement other operations that are described in the foregoing method embodiment and take a server as an execution subject.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a network device according to an embodiment of the present application, where the network device 300 at least includes: a processor 310, a communication interface 320, and a memory 330, the processor 310, the input output device 320, and the memory 330 being interconnected by a bus 340, wherein,
the processor 310 may be a Central Processing Unit (CPU) or a combination of a CPU and a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
The communication interface 320 may be a wired interface (e.g., an ethernet interface) or a wireless interface (e.g., a cellular network interface or using a wireless local area network interface) for communicating with other modules or devices. For example, in S104, before the virtual desktop corresponding to the user is created, the registration request sent by the user terminal and the virtual desktop creation request of the user terminal are received; or after the virtual desktop is created as in S106, the virtual desktop is sent to the corresponding user terminal, or after an operation instruction sent by the user through the user terminal is received, a service requested by the operation instruction is sent to the user terminal, and the like.
The memory 330 includes, but is not limited to, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or a flash memory, and the memory 330 is used to store program codes and data and can transmit the stored data to the processor 310.
The bus 340 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus 340 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 6, but this is not intended to represent only one bus or type of bus.
The processor 310 in the network device 300 is configured to read the relevant instructions in the memory 330 to perform the following operations:
the processor 310 runs a plurality of shared service containers, each shared service container is used for running a shared system service, and the shared system service run by at least one shared service container in the plurality of shared service containers is commonly used by at least two virtual desktops;
the processor 310 controls the communication interface 320 to receive the target application identification ID sent by the user terminal;
the processor 310 is further configured to create a user container group according to the target application ID, where a user container is operated in the user container group;
the processor 310 controls the communication interface 320 to receive a virtual desktop access request sent by the user terminal;
the processing unit 310 is further configured to, after receiving the virtual desktop access request, run the user container and a part or all of the shared service containers in the user container group to provide the virtual desktop to the user terminal.
Through the above steps, the network device may create a group of shared service containers and one or more user container groups shown in fig. 4 in the network device to provide virtual desktop services to multiple users, as shown in fig. 7, the network device is applied to the virtual desktop service system shown in fig. 7, the system shown in fig. 7 includes a user terminal cluster formed by multiple user terminals and a server cluster formed by multiple servers, and the server cluster shown in fig. 7 may provide virtual desktop services based on cloud services to users. After receiving a virtual desktop creation request of a user terminal, any one server in the server cluster creates a user container group corresponding to the user identifier in the server according to the user identifier and a target application identifier sent by the user terminal, the user container group and a plurality of shared service containers created in the server jointly form a virtual desktop corresponding to the user identifier, and the server and the user terminal are in communication connection through a remote communication protocol to provide virtual desktop service for users.
Specifically, the specific implementation of the various operations executed by the network device 300 may refer to the specific operations of the method embodiments, and will not be described herein again.
Embodiments of the present application further provide a non-transitory computer storage medium, which stores instructions that, when executed on a processor, perform steps S102, S104, and S106 described above in fig. 3 and/or other steps performed by the server in the embodiments of the method of the present application.
In the above embodiments, all or part may be implemented by software, hardware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The foregoing detailed description of the embodiments of the present application has been presented to illustrate the principles and implementations of the present application, and the above description of the embodiments is only provided to help understand the method and the core concept of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A method of providing a virtual desktop, the method comprising:
the server side runs a plurality of shared service containers, each shared service container is used for running shared system services, and shared system services run by at least one shared service container in the plurality of shared service containers are commonly used by at least two virtual desktops;
the server receives a target application identification ID sent by a user terminal, and creates a user container group according to the target application ID, wherein a user container is operated in the user container group;
and the server receives a virtual desktop access request sent by the user terminal, and provides the virtual desktop for the user terminal through a user container running in the user container group and a part or all of shared service containers.
2. The method of claim 1,
the target application ID comprises an application program ID, and at least one user container operated in the user container group operates an application program corresponding to the application program ID; and/or
The target application ID comprises an exclusive system service ID, and at least one user container running in the user container group runs an exclusive system service corresponding to the exclusive system service ID.
3. The method of claim 2,
the server stores the corresponding relation between the user identification and each user container in the user container group;
the method further comprises the following steps:
the server receives a virtual desktop operation request sent by the user terminal, wherein the virtual desktop operation request carries the user identifier;
and the server calls a second user container in the user container group through a first user container running in the user container group according to the virtual desktop operation request.
4. The method according to any one of claims 1 to 3, further comprising:
and the server allocates a user data volume for the user container group, and the user data volume is used for storing user data corresponding to the user container group.
5. An apparatus for providing a virtual desktop, the apparatus comprising:
the processing unit is used for operating a plurality of shared service containers, each shared service container is used for operating a shared system service, and the shared system service operated by at least one shared service container in the plurality of shared service containers is commonly used by at least two virtual desktops;
the communication unit is used for receiving a target application identification ID sent by a user terminal;
the processing unit is further configured to create a user container group according to the target application ID, where a user container is operated in the user container group;
the communication unit is further configured to receive a virtual desktop access request sent by the user terminal;
the processing unit is further configured to run the user container and a part or all of the shared service containers in the user container group to provide the virtual desktop to the user terminal after receiving the virtual desktop access request.
6. The apparatus of claim 5,
the target application ID comprises an application program ID, and at least one user container operated in the user container group operates an application program corresponding to the application program ID; and/or
The target application ID comprises an exclusive system service ID, and at least one user container running in the user container group runs an exclusive system service corresponding to the exclusive system service ID.
7. The apparatus of claim 6,
the device also comprises a storage unit, wherein the storage unit is used for storing the corresponding relation between the user identification and each user container in the user container group;
the communication unit is further configured to receive, by the server, a virtual desktop operation request sent by the user terminal;
the processing unit is further configured to call a second user container in the user container group through a first user container running in the user container group according to the virtual desktop operation request.
8. The apparatus according to any one of claims 5 to 7,
the device also comprises a user data volume, and the user data volume is used for storing the user data corresponding to the user container group.
9. A network device comprising a processor, a communication interface, and a memory; the memory is configured to store instructions, the processor is configured to execute the instructions, and the communication interface is configured to communicate with other devices under control of the processor; wherein the processor, when executing the instructions, performs the method of any of claims 1 to 4.
10. A non-transitory computer storage medium, wherein the computer storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 4.
CN201910163257.1A 2019-03-05 2019-03-05 Desktop virtualization method, related equipment and computer storage medium Active CN110032413B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910163257.1A CN110032413B (en) 2019-03-05 2019-03-05 Desktop virtualization method, related equipment and computer storage medium
PCT/CN2020/070571 WO2020177482A1 (en) 2019-03-05 2020-01-07 Desktop virtualization method, related device and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910163257.1A CN110032413B (en) 2019-03-05 2019-03-05 Desktop virtualization method, related equipment and computer storage medium

Publications (2)

Publication Number Publication Date
CN110032413A CN110032413A (en) 2019-07-19
CN110032413B true CN110032413B (en) 2021-08-31

Family

ID=67235810

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910163257.1A Active CN110032413B (en) 2019-03-05 2019-03-05 Desktop virtualization method, related equipment and computer storage medium

Country Status (2)

Country Link
CN (1) CN110032413B (en)
WO (1) WO2020177482A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032413B (en) * 2019-03-05 2021-08-31 华为技术有限公司 Desktop virtualization method, related equipment and computer storage medium
CN110515667B (en) * 2019-08-26 2023-04-11 武汉蓝星科技股份有限公司 Terminal dual-system display switching method based on linux kernel and terminal dual-system
CN110659095B (en) * 2019-09-16 2023-11-21 兰州立云信息科技有限公司 Desktop virtualization system and method for desktop virtualization
CN111061534B (en) * 2019-12-20 2023-07-25 浪潮软件科技有限公司 Tax service system based on cloud service
CN111290815B (en) * 2020-01-21 2022-08-02 湖南麒麟信安科技股份有限公司 Method and system for fusing multi-mode virtual desktop of shared user environment, container and virtual machine
CN111339541B (en) * 2020-02-20 2022-08-02 Oppo广东移动通信有限公司 Multiplex method and device for inter-process communication IPC mechanism based on binder drive
CN112114916B (en) * 2020-08-31 2021-06-08 北京技德系统技术有限公司 Method and device for compatibly running Android application on Linux operating system
CN112528333A (en) * 2020-12-15 2021-03-19 中国联合网络通信集团有限公司 User privacy protection method, MEC server, terminal, device and medium
CN113687888B (en) * 2021-05-18 2023-08-08 麒麟软件有限公司 File sharing method compatible with Android application running on Linux system
CN113900754B (en) * 2021-10-09 2023-10-31 深圳技德智能科技研究院有限公司 Shared desktop method, shared desktop device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951694A (en) * 2014-03-24 2015-09-30 华为技术有限公司 Isolation method and apparatus for management virtual machine
CN106959882A (en) * 2016-01-12 2017-07-18 深圳市深信服电子科技有限公司 Virtual desktop implementation method and device
CN108388460A (en) * 2018-02-05 2018-08-10 中国人民解放军战略支援部队航天工程大学 Long-range real-time rendering platform construction method based on graphics cluster
CN109388454A (en) * 2018-09-14 2019-02-26 珠海国芯云科技有限公司 Virtual desktop method and system based on container

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9760234B2 (en) * 2008-10-14 2017-09-12 International Business Machines Corporation Desktop icon management and grouping using desktop containers
US20130055255A1 (en) * 2011-08-31 2013-02-28 Rovi Technologies Corporation Systems and methods for common application platforms utilizing shared services
US9807077B2 (en) * 2015-03-10 2017-10-31 Polyverse Corporation Systems and methods for containerized data security
CN105099706A (en) * 2015-08-25 2015-11-25 华为技术有限公司 Data communication method, user equipment and server
CN108021425B (en) * 2017-12-28 2020-11-03 南开大学 Virtual desktop system integrating multiple application graphic windows and operation method
CN110032413B (en) * 2019-03-05 2021-08-31 华为技术有限公司 Desktop virtualization method, related equipment and computer storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951694A (en) * 2014-03-24 2015-09-30 华为技术有限公司 Isolation method and apparatus for management virtual machine
CN106959882A (en) * 2016-01-12 2017-07-18 深圳市深信服电子科技有限公司 Virtual desktop implementation method and device
CN108388460A (en) * 2018-02-05 2018-08-10 中国人民解放军战略支援部队航天工程大学 Long-range real-time rendering platform construction method based on graphics cluster
CN109388454A (en) * 2018-09-14 2019-02-26 珠海国芯云科技有限公司 Virtual desktop method and system based on container

Also Published As

Publication number Publication date
CN110032413A (en) 2019-07-19
WO2020177482A1 (en) 2020-09-10

Similar Documents

Publication Publication Date Title
CN110032413B (en) Desktop virtualization method, related equipment and computer storage medium
US9720668B2 (en) Creating and maintaining multi-tenant applications in a platform-as-a-service (PaaS) environment of a cloud computing system
US9489227B2 (en) Apparatus and method for virtual desktop service
US9304752B2 (en) Software deployment in a distributed virtual machine environment
US9116735B2 (en) Offline provisioning of virtual machines
US9380456B1 (en) System, method and computer program product for dynamically switching operating systems in a virtual mobile device platform
US9207989B2 (en) System and method for providing virtual device
US20170163553A1 (en) Methods and systems for providing software applications
US20130227635A1 (en) Mechanism for Applying Security Category Labels to Multi-Tenant Applications of a Node in a Platform-as-a-Service (PaaS) Environment
US11210132B2 (en) Virtual machine migration in virtualization environment having different virtualization systems
US10447656B2 (en) Enforcing per-application VPN policies for applications delivered in virtualized computing environments
US9558021B2 (en) System and method for cross-platform application execution and display
JP2022522643A (en) Launching a secure guest using the initial program loading mechanism
CN113296950A (en) Processing method, processing device, electronic equipment and readable storage medium
CN114691300A (en) Hot migration method of virtual machine instance
CN113079702A (en) Provisioning virtual machines using a single identification and caching virtual disk
EP3890376A1 (en) Managing connections between a user device and peripheral devices
US11263039B2 (en) High performance attachable writeable volumes in VDI desktops
US20150381766A1 (en) Application transfer system, application transfer method, terminal, and program
US11847611B2 (en) Orchestrating and automating product deployment flow and lifecycle management
US11635970B2 (en) Integrated network boot operating system installation leveraging hyperconverged storage
US11196799B2 (en) Redirection of USB devices from hardware isolated virtual desktop infrastructure clients
US10862757B2 (en) Isolating a redirected biometric device to a remote session
CN114168254A (en) Data processing method, device and equipment
US20160191617A1 (en) Relocating an embedded cloud for fast configuration of a cloud computing environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220208

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Patentee after: Huawei Cloud Computing Technology Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.