Disclosure of Invention
The invention provides a remote management system and a remote management method for an embedded server based on a domestic processor, overcomes the defects of the prior art, and can effectively solve the problem that the remote management of the server can not be realized based on the domestic processor in the prior art that the remote management of the server can only be realized based on a board card of a foreign BMC chip.
One of the technical schemes of the invention is realized by the following measures: a remote management system of an embedded server based on a domestic processor comprises a management board card, a KVM over IP function module and an IMedia function module, wherein the management board card comprises a general domestic processor, an embedded operating system and a trusted computing function module;
the KVM over IP function module is used for remotely controlling the BIOS of the server and the embedded operating system of the remote control server;
the IMedia functional module is used for virtually mounting the external equipment on the server through the NBD technology;
and the trusted computing function module is used for realizing the measurement of the server firmware and the call of the server embedded operating system to trusted computing.
The following are further optimization or/and improvement on the technical scheme of the invention:
the KVM over IP function module comprises a BIOS remote control function module and an operating system remote control module;
the BIOS remote control function module is arranged on the terminal and used for enabling BIOS serial port information to be interacted between the terminal and the server management board card through an SOL technology so as to realize that the terminal remotely controls the server BIOS;
the remote control module of the operating system comprises remote desktop client software deployed in the embedded operating system and a remote desktop server deployed in the server BMC, and remote login of the embedded operating system of the server is realized by accessing the BMC, so that remote control of the embedded operating system of the server is realized.
The server management board card comprises a management interface setting module and a remote state monitoring module;
the management interface module is used for realizing the support of IPMI2.0 standard and can be connected with a sensor of the server;
and the remote state monitoring module is used for acquiring the data of the server sensor through the management interface module.
The server management board card further comprises a remote power supply management module for managing and controlling the power switch and the electrification of the server.
One of the technical schemes of the invention is realized by the following measures: a remote management method for an embedded server based on a domestic processor comprises the following steps:
the terminal is connected with the management board card, and the embedded operating system of the server is started remotely;
the terminal remotely controls the server BIOS and the server embedded operating system through a corresponding interface;
the terminal and the management board card judge the server remote operation required to be carried out, and carry out corresponding remote operation according to the required operation type;
and the terminal remotely closes the server.
The following is further optimization or/and improvement of the technical scheme of the invention:
the remote operation of the server required by the judgment of the terminal and the management board card comprises
The management board card judges the operation required to be performed by the server and performs remote operation according to the type of the required operation;
and the terminal judges the content of the server to be checked and carries out remote operation according to the judgment result.
The process of judging the operation needed by the server by the management board card and performing remote operation according to the needed operation type comprises the following steps:
the management board card monitors whether the external equipment is remotely mounted or not, and responds that the external equipment is virtually mounted on the server based on the IMedia functional module;
the management board card judges whether the trusted computing support is needed or not, and responds that the embedded operating system accesses the trusted computing function module to perform the trusted computing support.
The terminal judges whether the sensor information needs to be checked, and responds that the embedded operating system provides the sensor information through the management interface module.
The terminal is connected with the management board card, and the process of remotely starting the embedded operating system of the server comprises the following steps:
the server is powered on to run, the management board card completes initialization and enters a working mode;
the management board card carries out credibility measurement on key software and hardware of the server, judges whether the credibility measurement passes or not, responds to the passing, and then enters a monitoring state to wait for connection of the terminal;
and logging in a Web interface through a terminal, and remotely starting the embedded operating system of the server.
Under a high-safety environment, the remote management requirement on the server is realized based on a domestic processor, the polar plate scheme of a foreign BMC chip is effectively replaced, the remote management function of the server supported by the BMC is localized, and the requirement of localization of a server computer is met.
Detailed Description
The present invention is not limited by the following examples, and specific embodiments may be determined according to the technical solutions and practical situations of the present invention.
The invention is further described with reference to the following examples and figures:
example 1: as shown in fig. 1, the embedded server remote management system based on a domestic processor comprises a management board card, a KVM over IP function module and an IMedia function module, wherein the management board card comprises a general domestic processor, an embedded operating system and a trusted computing function module;
the KVM over IP function module is used for remotely controlling the BIOS of the server and the embedded operating system of the remote control server;
the IMedia functional module is used for virtually mounting the external equipment on the server through the NBD technology; the external equipment comprises a U disk, a USB disk and the like;
and the trusted computing function module is used for realizing the measurement of the server firmware and the call of the server embedded operating system to trusted computing.
The IMedia function module is mainly implemented by NBD (Network Block Device) technology. First, an NBD Server is installed on a terminal so that it can access a certain block device or device image through a network. Next, the NBD Client is implemented in the embedded operating system, and this service mainly aims to obtain the content to be remotely loaded from the remote NBD server. And finally, realizing virtual USB equipment drive in the embedded operating system, wherein the management board card is physically connected with the host end through a USB, the management board card provides an OTG-type USB controller as a slave device to be connected to the host end, and virtual USB equipment such as a U disk, a USB optical disk and the like is realized in the management board card.
Through such a series of operations, the management board can acquire an ISO image or a disk device on the client terminal, read the content of the device through NBD service, transmit the device information to the management board, and then guide the information to the host through virtual USB service, so that the remote IMedia function can be realized.
The above trusted computing function module may be a trusted chip embedded on the management board card, or trusted computing software embedded in the embedded operating system. After the server is powered on, the management board card performs credibility measurement on the server BIOS to ensure the safety of the server BIOS, and on the basis, the management board card can perform safety verification on the identity, key hardware and core software of a user according to a safety function interface provided by a credible chip or credible computing software to ensure a safe starting operation environment of the computer. Meanwhile, after the embedded operating system of the server is started, a functional interface of a trusted chip or trusted computing software can be called to complete safety functions such as identity verification, trusted measurement, trusted storage and the like.
Under a high-safety environment, the remote management requirement on the server is met based on a domestic processor, the polar plate scheme of a foreign BMC chip is effectively replaced, and the remote management function of the server supported by the BMC is localized.
The following is further optimization or/and improvement of the technical scheme of the invention:
as shown in fig. 1, the KVM over IP function module includes a BIOS remote control function module and an operating system remote control module;
the BIOS remote control function module is arranged on the terminal and used for enabling BIOS serial port information to be interacted between the terminal and the server management board card through an SOL technology so as to realize that the terminal remotely controls the server BIOS;
the remote control module of the operating system comprises remote desktop client software deployed in the embedded operating system and a remote desktop server deployed in the server BMC, and remote login of the embedded operating system of the server is realized by accessing the BMC, so that remote control of the embedded operating system of the server is realized.
Because the universal domestic processor does not have a customized video compression module in the BMC chip, the video stream of the server is difficult to be directly compressed by hardware and sent to the terminal. Therefore, when a server remote management system is built based on a universal domestic processor, on the basis of the existing hardware characteristics, serial port information needs to be sent to a terminal through a network, and a manager of the terminal carries out remote BIOS configuration. The mechanism mainly completes the interaction with a server management board card through SOL (Serial over LAN), namely, a serial port is redirected to a network port, serial port information is sent to a terminal, and the remote operation of a corresponding administrator keyboard and a mouse is completed.
The function of the serial port console is realized in the BIOS, the input and the output of the BIOS are re-transmitted to the serial port console, so that the configuration interface and the shell command line of the BIOS can be displayed through the serial port output, and the input operation of the BIOS can be performed through the serial port.
In summary, the BIOS remote control function module can redirect the serial port of the BIOS to a management board (for replacing the board embedded with the BM chip) through the SOL technology, and when the SOL function is activated, any data coming out of the system serial controller is encapsulated into the management board and sent to the remote-controlled LAN packet. On the contrary, any character data sent from the LAN to the system serial port controller is first extracted by the BMC and then transmitted to the system serial port controller through the management board UART. Therefore, the terminal can access the server BIOS through the remote SOL operation, and the KVM function of the BIOS stage is realized.
The remote control module of the operating system is used for deploying remote desktop client software in the embedded operating system of the server and can be automatically operated when the server is started. Meanwhile, a remote desktop Server (such as a VNC Server) is placed inside the BMC. When a user accesses the BMC, the embedded operating system of the server side can be remotely logged in through the VNC, and remote control over the operating system is achieved.
As shown in fig. 1, the server management board card includes a setting management interface module and a remote status monitoring module;
the management interface module is used for realizing the support of IPMI2.0 standard and can be connected with a sensor of the server;
and the remote state monitoring module is used for acquiring the data of the server sensor through the management interface module.
The management interface module can be an IPMI2.0 interface, an IPMI protocol stack is transplanted in an embedded operating system, so that the IPMI2.0 is supported, and meanwhile, the management interface module is connected with a sensor of a server through an external circuit of a management board card, so that data of the sensor is acquired.
The remote state monitoring module acquires sensor data through the management interface module, manages the running state of the sensor data by compiling corresponding software programs and can realize remote state monitoring of the server, wherein the sensor data comprises sensor data such as the fan rotating speed, the CPU temperature, the PSU voltage and the like of the embedded operating system.
As shown in fig. 1, the server management board further includes a remote power management module, which is configured to manage and control power switches and power-on of the server.
The remote power management module can transplant the Web server in the embedded operating system, so that an administrator can log in a Web interface in the server management board card to realize the management and control of power switch and electrification of the server.
Example 2: as shown in fig. 2, the remote management method for the embedded server based on the domestic processor includes the following steps:
s1, connecting the terminal with the management board card, and remotely starting the embedded operating system of the server;
s2, the terminal controls the server BIOS and the server embedded operating system through the corresponding interface; the BIOS of the server is remotely controlled through a BIOS remote control interface of the terminal, and the embedded operating system of the server is controlled through a host operating system interface of the terminal;
s3, the terminal and the management board card judge the server remote operation needed, and corresponding remote operation is carried out according to the needed operation type;
and S4, the terminal remotely closes the server.
The following is further optimization or/and improvement of the technical scheme of the invention:
as shown in fig. 2 and 3, the operation that the terminal and the management board determine to be performed includes
S31, the management board card judges the operation needed by the server and carries out remote operation according to the needed operation type;
and S32, the terminal judges the server content needing to be checked and carries out remote operation according to the judgment result.
As shown in fig. 2 and 4, the process of determining, by the management board, an operation that needs to be performed by the server and performing a remote operation according to a required operation type includes:
s311, the management board monitors whether the external equipment is remotely mounted, and in response, the server is virtually mounted on the external equipment based on the IMedia function module; responding to the judgment, and the management board card continues to monitor whether the external equipment is mounted remotely;
and S312, the management board card judges whether the trusted computing support is needed, responds to the judgment, the embedded operating system accesses the trusted computing function module to carry out the trusted computing support, and responds to the judgment, the management board card continues to judge whether the trusted computing support is needed.
As shown in fig. 1 and 2, the terminal determines whether the sensor information needs to be checked, and in response, the embedded operating system provides the sensor information through the management interface module. Meanwhile, an administrator can remotely check the sensor information of the server through a management board Web interface of the terminal.
As shown in fig. 2 and 5, the terminal is connected to the management board, and the process of remotely starting the server embedded operating system includes:
s11, electrifying the server to run, completing initialization of the management board card, and entering a working mode;
s12, the management board card carries out credibility measurement on key software and hardware of the server, judges whether the credibility measurement passes or not, responds to the passing, the management board card enters a monitoring state, and waits for terminal connection;
and S13, logging in a Web interface through the terminal, and remotely starting the embedded operating system of the server.
The above technical features constitute the best embodiment of the present invention, which has strong adaptability and best implementation effect, and unnecessary technical features can be increased or decreased according to actual needs to meet the requirements of different situations.