CN111367617A - Computing resource trusted management linkage system and method - Google Patents

Computing resource trusted management linkage system and method Download PDF

Info

Publication number
CN111367617A
CN111367617A CN202010132973.6A CN202010132973A CN111367617A CN 111367617 A CN111367617 A CN 111367617A CN 202010132973 A CN202010132973 A CN 202010132973A CN 111367617 A CN111367617 A CN 111367617A
Authority
CN
China
Prior art keywords
trusted
management
linkage
terminal
management terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010132973.6A
Other languages
Chinese (zh)
Inventor
尹欣薇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202010132973.6A priority Critical patent/CN111367617A/en
Publication of CN111367617A publication Critical patent/CN111367617A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application discloses a system and a method for computing resource trusted management linkage, wherein the system comprises: the system comprises a trusted agent end, a trusted management end and a virtualization software management end. The trusted management end and the trusted agent end are in asynchronous communication connection based on the RabbitMQ, the virtualized software management end and the trusted management end are in communication connection through an API (application programming interface), the authentication module is in communication connection with the identity verification API, and the trusted linkage Restful API is in communication connection with the trusted state API. The method mainly comprises two processes: sending a linkage request to a target management terminal for identity verification; after the identity authentication is passed, platform linkage is carried out between the trusted management terminal and the virtualization software management terminal through an API (application programming interface). By the method and the device, two platform linkage modes of active pushing of the trusted management terminal and passive calling of the trusted management terminal can be realized, the method for calculating the trusted state of the node is higher in flexibility, and the improvement of the running stability of a virtual machine system is facilitated.

Description

Computing resource trusted management linkage system and method
Technical Field
The application relates to the technical field of virtual machine trusted management, in particular to a computing resource trusted management linkage system and method.
Background
In the field of virtual machine trusted management, in order to ensure the stability of the whole virtual machine system, a virtualization software management end needs to acquire the trusted states of a host and a virtual machine on the host in a current trusted computing node in time.
At present, a method for acquiring a trusted state of a host machine in a trusted computing node and a virtual machine on the host machine by a virtualized software management end generally includes that the virtualized software management end requests the trusted computing node for verification, and after the verification is passed, the trusted computing node sends the trusted state to the virtualized software management end.
However, in the existing method for acquiring the trusted state of the computing node by the virtualized software management end, because only one way of sending a request to the computing node by the virtualized software end is adopted, once the virtualized software end fails, the trusted state of the current trusted computing node cannot be acquired in time. Therefore, the current method for acquiring the trusted state of the computing node has poor flexibility, and the running stability of the virtual machine system is poor.
Disclosure of Invention
The application provides a computing resource trusted management linkage system and method, and aims to solve the problems that in the prior art, a method for acquiring a computing node trusted state is poor in flexibility and running stability of a virtual machine system is poor.
In order to solve the technical problem, the embodiment of the application discloses the following technical scheme:
a computing resource trusted management linkage system, the system comprising: the trusted agent terminal, the trusted management terminal and the virtualization software management terminal are in asynchronous communication connection based on RabbitMQ, the virtualization software management terminal and the trusted management terminal are in communication connection through an Application Program Interface (API) Interface, an authentication module and a trusted linkage Restful API Interface are arranged in the virtualization software management terminal, an identity verification API Interface and a trusted state API Interface are arranged in the trusted management terminal, the authentication module is in communication connection with the identity verification API Interface, and the trusted linkage Restful API Interface is in communication connection with the trusted state API Interface;
the trusted agent terminal is used for measuring the information of the computing node when the computing node where the trusted agent terminal is located is started, reporting the information of the computing node to the trusted management terminal, measuring the information of the virtual machine when the virtual machine of the computing node where the trusted agent terminal is located is started, and reporting the information of the virtual machine to the trusted management terminal;
the trusted management terminal is used for managing the trusted policy of the trusted agent terminal and monitoring the trusted state of the trusted agent terminal according to the computing node information and the virtual machine information of the trusted agent terminal;
the authentication module is used for performing identity verification between the trusted management terminal and the virtualized software management terminal according to the linkage request;
and the virtualization software management end is used for managing the computing nodes of the trusted agent end through linkage with the platform of the trusted management end.
Optionally, the trusted agent is disposed in a plurality of computing nodes, and any of the computing nodes includes: the host machine and a plurality of virtual machines running on the host machine, and the trusted agent end comprises: the host machine trusted agent end is arranged on a host machine of any one of the computing nodes, and the virtual machine trusted agent end is arranged on any one of virtual machines of any one of the computing nodes.
Optionally, the trusted agent includes: the system comprises a service layer, a first business layer and a trusted boot and support software layer;
the service layer is used for analyzing the data issued by the trusted management terminal and calling a corresponding module to process the service request of the trusted management terminal according to the analysis result;
the first service layer is configured to process a specific service, where the specific service includes: basic function service, strategy configuration service, remote certification service and log management service;
the trusted boot and support software layer is used for providing trusted boot and startup and trusted service support.
Optionally, the trusted management side includes: the system comprises a platform linkage module and a trusted monitoring and remote certification module;
the platform linkage module is used for carrying out credible linkage identity authentication and calling a credible state API (application program interface) to send a credible report when the identity authentication is qualified;
the trusted monitoring and remote certification module is used for monitoring the trusted state of the trusted agent end and providing remote certification according to the trusted state of the trusted agent end.
Optionally, according to a top-down hierarchical structure, the trusted management side includes: a UI layer, a second service layer and a data layer;
the UI layer is used for providing an operation interaction interface for a user through a web page;
the second service layer is used for providing a service processing calling interface for the UI layer by adopting a Restfull API mode, and performing trusted monitoring, log management, platform linkage, policy management, resource management and system management;
and the data layer is used for managing data, storing data and carrying out message communication with the trusted agent terminal.
A method for linking trusted management of computing resources is applied to a system for linking trusted management of computing resources, and the system comprises: the method comprises the following steps that a trusted agent end, a trusted management end and a virtualization software management end are connected through asynchronous communication based on RabbitMQ, the virtualization software management end is connected with the trusted management end through API (application program interface) communication, an authentication module and a trusted linkage Restful API (application program interface) interface are arranged in the virtualization software management end, an identity verification API interface and a trusted state API interface are arranged in the trusted management end, the authentication module is connected with the identity verification API interface in communication, and the trusted linkage Restful API interface is connected with the trusted state API interface in communication, and the method comprises the following steps:
sending a linkage request to a target management end for identity verification, wherein the target management end is as follows: the platform linkage request comprises a trusted management end or a virtualization software management end, wherein the platform linkage request comprises: a timestamp, a username, and a user password;
and when the identity authentication is qualified, the trusted management terminal and the virtualization software management terminal are in platform linkage through the API interface.
Optionally, the sending of the linkage request to the target management terminal for identity verification includes:
the trusted management terminal sends a platform linkage request to the virtualized software management terminal;
the virtualization software management terminal judges whether the platform linkage request is legal or not through the authentication module;
if so, the virtualized software management end returns the first token information to the trusted management end.
Optionally, the platform linkage is performed between the trusted management side and the virtualized software management side through an API interface, including:
the trusted management terminal calls a trusted linkage Restful API interface according to the first token information and pushes the whole trusted report of the computing node managed by the trusted management terminal to the virtualization software management terminal;
and the virtualized software management end returns response information to the trusted management end according to the trusted report.
Optionally, the sending of the linkage request to the target management terminal for identity verification includes:
the virtualization software management end sends a platform linkage request to the trusted management end;
the trusted management terminal judges whether the platform linkage request is legal in identity;
if so, the trusted management end returns the second token information to the virtualization software management end.
Optionally, the platform linkage is performed between the trusted management side and the virtualized software management side through an API interface, including:
the virtualization software management end sends a trusted request of a designated computing node to the trusted management end;
the trusted management terminal queries a trusted report related to the trusted request according to the trusted request;
and the trusted management terminal returns the trusted report to the virtualization software management terminal by using the trusted state API interface.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
the utility model provides a computing resource trusted management linkage system, the system mainly includes three parts of trusted agent end, trusted management end and virtualization software management end, adopts asynchronous communication connection based on RabbitMQ between trusted management end and the trusted agent end to realize real-time asynchronous message communication between trusted management end and the trusted agent end. The virtualized software management end and the trusted management end are in communication connection through an API (application program interface) interface, so that platform linkage is realized between the virtualized software management end and the trusted management end. In the embodiment, an authentication module and a trusted linked Restful API interface are arranged in a virtualized software management end, an identity verification API interface and a trusted state API interface are arranged in the trusted management end, and a connection relationship between different interfaces is set, so that the system can push the trusted state of a computing node managed by the trusted management end to the virtualized software management end by calling the trusted linked Restful API interface of the virtualized software management end, thereby implementing a platform linkage manner in which the trusted management end actively pushes; and an external trusted state API interface can be provided through the trusted management terminal, the virtualized software management terminal obtains the trusted state of the computing node through the external trusted state API interface, a platform linkage mode of passive calling of the trusted management terminal is realized, the flexibility of the whole system is improved, and the running stability of the virtual machine system is further improved.
The application also provides a linkage method for trusted management of computing resources, which mainly comprises two processes: sending a linkage request to a target management terminal for identity verification; after the identity authentication is passed, platform linkage is carried out between the trusted management terminal and the virtualization software management terminal through an API (application programming interface). In this embodiment, the target management end may be a trusted management end or a virtualized software management end. When the target management end is a virtualization software management end, a platform linkage mode of active pushing of a trusted management end is adopted; and when the target management end is a trusted management end, adopting a platform linkage mode passively called by the trusted management end. Therefore, the platform linkage mode in the embodiment is more flexible, and the method can be applied to different application scenes, and is beneficial to improving the stability of the virtualization system.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a trusted computing resource management linkage system according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a framework structure between a trusted agent and a trusted manager in an embodiment of the present application;
FIG. 3 is a flowchart illustrating a method for linking trusted management of computing resources according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram illustrating a principle of a platform linkage manner of active push by a trusted management side in an embodiment of the present application;
fig. 5 is a schematic diagram illustrating a principle of a platform linkage manner passively invoked by the trusted management terminal in an embodiment of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
For a better understanding of the present application, embodiments of the present application are explained in detail below with reference to the accompanying drawings.
Example one
Referring to fig. 1, fig. 1 is a schematic structural diagram of a computing resource trusted management linkage system according to an embodiment of the present disclosure. As can be seen from fig. 1, the computing resource trusted management linkage system in this embodiment mainly includes: the system comprises a trusted agent end, a trusted management end and a virtualization software management end. The trusted agent terminal is in asynchronous communication connection with the trusted management terminal based on the RabbitMQ, the virtualized software management terminal is in communication connection with the trusted management terminal through an API (application program interface), an authentication module and a trusted linkage Restful API (application program interface) are arranged in the virtualized software management terminal, an identity verification API (application program interface) and a trusted state API (application program interface) are arranged in the trusted management terminal, the authentication module is in communication connection with the identity verification API, and the trusted linkage Restful API is in communication connection with the trusted state API.
The trusted agent end is arranged in a plurality of computing nodes, and any computing node comprises: the system comprises a host machine and a plurality of virtual machines running on the host machine. And the trusted agent side comprises: the host machine trusted agent end is arranged on a host machine of any one computing node, and the virtual machine trusted agent end is arranged on any one virtual machine of any one computing node. The trusted agent terminal is used for measuring the information of the computing node when the computing node where the trusted agent terminal is located is started, reporting the information of the computing node to the trusted management terminal, measuring the information of the virtual machine when the virtual machine of the computing node where the trusted agent terminal is located is started, and reporting the information of the virtual machine to the trusted management terminal. The computing node information includes: a compute node kernel, a compute node file, integrity of a hardware system in a compute node platform, and a metric report of the compute node platform. The virtual machine information includes: virtual machine kernel, virtual machine core program, virtual machine files, integrity of the virtual machine and its operating system, and virtual machine metrics reports.
The trusted agent side in the embodiment includes: the host machine trusted agent terminal and the virtual machine trusted agent terminal. The host trusted agent end is positioned above the host of the computing node, and has the main functions of: when the computing node where the trusted agent end is located is started, the trusted agent end is used for measuring the computing node kernel, the computing node core program and the computing node file, detecting the integrity of a node platform, wherein the node platform is server hardware and a host system, and reporting a platform measurement report to the trusted management end. The virtual machine trusted agent end is positioned on a virtual machine running in the trusted computing node, and has the main functions of: the method is used for measuring a virtual machine kernel, a virtual machine kernel program and a virtual machine file when the virtual machine is started, and detecting the integrity of the virtual machine, wherein the virtual machine comprises: and the virtual machine industry and the virtual machine operating system are also used for reporting the measurement report of the virtual machine to the trusted management terminal.
Further, in this embodiment, the trusted agent side adopts a layered modular structure, and may be divided into: the system comprises a service layer, a first business layer and a trusted boot and support software layer.
The service layer is used for analyzing the data issued by the trusted management terminal and calling the corresponding module to process the service request of the trusted management terminal according to the analysis result. The service layer mainly comprises a service management module and a service maintenance module, wherein the service management module mainly comprises: a business engine and component manager; the service maintenance module mainly comprises: a service agent tool and a local maintenance tool.
The first service layer is used for processing specific services, and the specific services include: basic function service, strategy configuration service, remote certification service and log management service. In this embodiment, the first service layer is a plug-in service layer, that is, the first service layer is implemented in a plug-in manner, and this structural design facilitates expansion and maintenance, and is beneficial to improving the compatibility and flexibility of the entire system.
And the trusted boot and support software layer is used for providing trusted boot and start and trusted service support.
As can be seen from fig. 1, the system of this embodiment further includes a trusted management end, and a connection manner between the trusted management end and the trusted agent end is as follows: based on asynchronous communication connection of RabbitMQ, the connection mode can realize asynchronous message communication between the trusted management end and the trusted agent end, and the stability of the whole system is improved.
And the trusted management terminal is used for managing the trusted policy of the trusted agent terminal and monitoring the trusted state of the trusted agent terminal according to the computing node information and the virtual machine information of the trusted agent terminal. The trusted management end in the implementation comprises: the system comprises a platform linkage module and a trusted monitoring and remote certification module. The platform linkage module is used for carrying out credible linkage identity authentication and calling a credible state API (application program interface) to send a credible report when the identity authentication is qualified; and the trusted monitoring and remote certification module is used for monitoring the trusted state of the trusted agent end and providing remote certification according to the trusted state of the trusted agent end.
Further, the platform linkage module of the embodiment is provided with an identity authentication API interface and a trusted status API interface. When a platform linkage mode of active pushing of the trusted management terminal is adopted, the identity verification API interface module can send a platform linkage request to the virtualization software management terminal and receive token information returned by the virtualization software management terminal. When a platform linkage mode called passively by the trusted management terminal is adopted, the identity verification API interface module can be used for receiving a platform linkage request sent by the virtualization software management terminal and returning token information to the virtualization software management terminal. When a platform linkage mode of active pushing of the trusted management terminal is adopted, the trusted state API interface can communicate with the trusted linkage Restful API interface of the virtualization software management terminal and receive response information returned by the virtualization software management terminal. When a platform linkage mode passively called by the trusted management terminal is adopted, the trusted state API interface can be used for receiving a trusted request sent by the virtualized software management terminal and returning a trusted report to the virtualized software management terminal.
Further, according to a top-down hierarchical structure, the trusted management end in this embodiment includes: a UI layer, a second service layer and a data layer.
The UI layer is used for providing an operation interaction interface for a user through a web page.
And the second service layer is used for providing a service processing calling interface for the UI layer by adopting a Restfull API mode, and performing trusted monitoring, log management, platform linkage, policy management, resource management and system management. The policy management main functions are as follows: basic policies, metric policies, whitelist policies, advanced policies, and template management. The system management mainly comprises task management, account management, a log server, system setting and authorization management.
The data layer is used for managing data, storing data and carrying out message communication with the trusted agent terminal. The data layer realizes management and storage of data.
In this embodiment, the trusted agent and the trusted manager are generally called as computing resource trusted management supporting software, and a framework structure between the trusted agent and the trusted manager can be seen in fig. 2.
As can be seen from fig. 1, the system of this embodiment further includes a virtualized software management end, where the virtualized software management end is configured to manage the computing nodes of the trusted agent end through linkage with a platform of the trusted management end. The virtualized software management end is in communication connection with the trusted management end through an API interface. And an authentication module and a trusted linkage Restful API interface are arranged in the virtualization software management end. And the authentication module is used for performing identity verification between the trusted management terminal and the virtualized software management terminal according to the linkage request. When a platform linkage mode of active pushing of the trusted management terminal is adopted, the trusted linkage restful api interface is used for acquiring a trusted report pushed by the trusted management terminal in full, and returning response information to the trusted management terminal. When a platform linkage mode passively called by the trusted management terminal is adopted, the trusted linkage Restful API interface is used for sending a trusted request to the trusted management terminal and receiving a trusted report from the trusted management terminal.
In summary, in this embodiment, by setting a connection relationship between different interfaces between the virtualized software management end and the trusted management end, the system can push the trusted state of the computing node managed by the trusted management end to the virtualized software management end by calling the trusted linked Restful API interface of the virtualized software management end, so as to implement a platform linkage manner in which the trusted management end actively pushes; and an external trusted state API interface can be provided through the trusted management terminal, the virtualized software management terminal obtains the trusted state of the computing node through the external trusted state API interface, a platform linkage mode of passive calling of the trusted management terminal is realized, the flexibility of the whole system is improved, and the running stability of the virtual machine system is further improved.
Example two
Referring to fig. 3 on the basis of the embodiments shown in fig. 1 and fig. 2, fig. 3 is a schematic flowchart of a method for linking trusted management of computing resources according to an embodiment of the present application. As can be seen from fig. 3, the method for linking trusted management of computing resources in this embodiment mainly includes the following steps:
s1: and sending a linkage request to a target management terminal for identity verification. Wherein, the target management end is: trusted management end or virtualization software management end, platform linkage request includes: a timestamp, a username, and a user password.
When the target management end is a trusted management end, a platform linkage mode passively called by the trusted management end is adopted; and when the target management end is a virtualization software management end, adopting a platform linkage mode of active pushing of a trusted management end.
S2: and when the identity authentication is qualified, the trusted management terminal and the virtualization software management terminal are in platform linkage through the API interface.
When the identity authentication is unqualified, platform linkage is not performed between the two. In order to prevent brute force attack on the platform linkage account, in this embodiment, when the same account is used for platform linkage, the account is locked for a period of time due to the fact that identity authentication fails within a specified number of consecutive times. The specific appointed times are set according to the requirements of users. The method is beneficial to improving the safety of the trusted management linkage method of the computing resources and the stability of the whole virtual machine system.
The method in the embodiment is applied to a computing resource trusted management linkage system, and the system comprises: the trusted agent terminal is in asynchronous communication connection with the trusted agent terminal based on RabbitMQ, the virtualized software management terminal is in communication connection with the trusted management terminal through an API (application program interface), the virtualized software management terminal is internally provided with an authentication module and a trusted linkage Restful API (application program interface), the trusted management terminal is internally provided with an identity verification API (application program interface) and a trusted state API interface, the authentication module is in communication connection with the identity verification API interface, and the trusted linkage Restful API interface is in communication connection with the trusted state API interface.
According to the above steps S1 and S2, when the target management end is the virtualized software management end, a platform linkage manner actively pushed by the trusted management end is adopted, and this platform linkage manner can be referred to fig. 4. As can be seen from fig. 4 and fig. 3, the platform linkage manner of the active push of the trusted management end in this embodiment includes the following processes:
s101: and the trusted management terminal sends a platform linkage request to the virtualized software management terminal.
S102: the virtualization software management end judges whether the platform linkage request is legal or not through the authentication module.
If the platform linkage request identity is legal, executing step S103: and the virtualization software management end returns the first token information to the trusted management end. Otherwise, the virtualization software management terminal does not return the first token information.
The trusted management side judges whether the identity authentication is qualified according to the returned first information, and if the identity authentication is judged to be qualified, the step S201 is executed: and the trusted management terminal calls a trusted linkage Restful API interface according to the first token information and pushes the whole trusted report of the computing node managed by the trusted management terminal to the virtualization software management terminal.
S202: and the virtualization software management terminal returns response information to the trusted management terminal according to the trusted report.
When the target management end is a trusted management end, a platform linkage mode passively called by the trusted management end is adopted, and the platform linkage mode can be seen in fig. 5. As can be seen from fig. 5 and fig. 3, the platform linkage manner passively invoked by the trusted management end in this embodiment includes the following processes:
s111: and the virtualization software management end sends a platform linkage request to the trusted management end.
S112: and the trusted management terminal judges whether the platform linkage request is legal in identity.
If the platform linkage request identity is legal, executing step S113: and the trusted management terminal returns the second token information to the virtualization software management terminal. Otherwise, the trusted management terminal does not return the second token information.
The virtualized software management end judges whether the identity authentication is qualified according to the second token information, and when the identity authentication is judged to be qualified, the step S211 is executed: and the virtualization software management end sends a trusted request of the appointed computing node to the trusted management end.
S212: and the trusted management terminal queries a trusted report related to the trusted request according to the trusted request.
S213: and the trusted management terminal returns the trusted report to the virtualization software management terminal by using the trusted state API interface.
For parts not described in detail in this embodiment, reference may be made to the first embodiment shown in fig. 1 and fig. 2, and the two embodiments may be referred to each other, which is not described herein again.
The above description is merely exemplary of the present application and is presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A linkage system for trusted management of computing resources, said system comprising: the trusted agent terminal, the trusted management terminal and the virtualization software management terminal are in asynchronous communication connection based on RabbitMQ, the virtualization software management terminal and the trusted management terminal are in communication connection through an API (application program interface), an authentication module and a trusted linkage Restful API (application program interface) interface are arranged in the virtualization software management terminal, an identity verification API interface and a trusted state API interface are arranged in the trusted management terminal, the authentication module is in communication connection with the identity verification API interface, and the trusted linkage Restful API interface is in communication connection with the trusted state API interface;
the trusted agent terminal is used for measuring the information of the computing node when the computing node where the trusted agent terminal is located is started, reporting the information of the computing node to the trusted management terminal, measuring the information of the virtual machine when the virtual machine of the computing node where the trusted agent terminal is located is started, and reporting the information of the virtual machine to the trusted management terminal;
the trusted management terminal is used for managing the trusted policy of the trusted agent terminal and monitoring the trusted state of the trusted agent terminal according to the computing node information and the virtual machine information of the trusted agent terminal;
the authentication module is used for performing identity verification between the trusted management terminal and the virtualized software management terminal according to the linkage request;
and the virtualization software management end is used for managing the computing nodes of the trusted agent end through linkage with the platform of the trusted management end.
2. The linkage system for trusted management of computing resources according to claim 1, wherein said trusted agent is disposed in a plurality of computing nodes, and any of said computing nodes comprises: the host machine and a plurality of virtual machines running on the host machine, and the trusted agent end comprises: the host machine trusted agent end is arranged on a host machine of any one of the computing nodes, and the virtual machine trusted agent end is arranged on any one of virtual machines of any one of the computing nodes.
3. The linkage system for trusted management of computing resources according to claim 1, wherein said trusted agent comprises: the system comprises a service layer, a first business layer and a trusted boot and support software layer;
the service layer is used for analyzing the data issued by the trusted management terminal and calling a corresponding module to process the service request of the trusted management terminal according to the analysis result;
the first service layer is configured to process a specific service, where the specific service includes: basic function service, strategy configuration service, remote certification service and log management service;
the trusted boot and support software layer is used for providing trusted boot and startup and trusted service support.
4. The linkage system for trusted management of computing resources according to claim 1, wherein said trusted management side comprises: the system comprises a platform linkage module and a trusted monitoring and remote certification module;
the platform linkage module is used for carrying out credible linkage identity authentication and calling a credible state API (application program interface) to send a credible report when the identity authentication is qualified;
the trusted monitoring and remote certification module is used for monitoring the trusted state of the trusted agent end and providing remote certification according to the trusted state of the trusted agent end.
5. The linkage system for trusted management of computing resources according to claim 1, wherein said trusted management side comprises, in a top-down hierarchical structure: a UI layer, a second service layer and a data layer;
the UI layer is used for providing an operation interaction interface for a user through a web page;
the second service layer is used for providing a service processing calling interface for the UI layer by adopting a restfullAPI mode, and performing trusted monitoring, log management, platform linkage, policy management, resource management and system management;
and the data layer is used for managing data, storing data and carrying out message communication with the trusted agent terminal.
6. A linkage method for trusted management of computing resources is applied to a linkage system for trusted management of computing resources, and the system comprises: the method comprises the following steps that a trusted agent end, a trusted management end and a virtualization software management end are connected through asynchronous communication based on RabbitMQ, the virtualization software management end is connected with the trusted management end through API (application program interface) communication, an authentication module and a trusted linkage Restful API (application program interface) interface are arranged in the virtualization software management end, an identity verification API interface and a trusted state API interface are arranged in the trusted management end, the authentication module is connected with the identity verification API interface in communication, and the trusted linkage Restful API interface is connected with the trusted state API interface in communication, and the method comprises the following steps:
sending a linkage request to a target management end for identity verification, wherein the target management end is as follows: the platform linkage request comprises a trusted management end or a virtualization software management end, wherein the platform linkage request comprises: a timestamp, a username, and a user password;
and when the identity authentication is qualified, the trusted management terminal and the virtualization software management terminal are in platform linkage through the API interface.
7. The linkage method for trusted management of computing resources according to claim 6, wherein the sending of the linkage request to the target management terminal for authentication comprises:
the trusted management terminal sends a platform linkage request to the virtualized software management terminal;
the virtualization software management terminal judges whether the platform linkage request is legal or not through the authentication module;
if so, the virtualized software management end returns the first token information to the trusted management end.
8. The method for linking the trusted management of computing resources according to claim 7, wherein the platform linking between the trusted management side and the virtualized software management side is performed through an API interface, and the method comprises:
the trusted management terminal calls a trusted linkage Restful API interface according to the first token information and pushes the whole trusted report of the computing node managed by the trusted management terminal to the virtualization software management terminal;
and the virtualized software management end returns response information to the trusted management end according to the trusted report.
9. The linkage method for trusted management of computing resources according to claim 6, wherein the sending of the linkage request to the target management terminal for authentication comprises:
the virtualization software management end sends a platform linkage request to the trusted management end;
the trusted management terminal judges whether the platform linkage request is legal in identity;
if so, the trusted management end returns the second token information to the virtualization software management end.
10. The method for linking the trusted management of computing resources according to claim 9, wherein the platform linking between the trusted management side and the virtualized software management side is performed through an API interface, and the method comprises:
the virtualization software management end sends a trusted request of a designated computing node to the trusted management end;
the trusted management terminal queries a trusted report related to the trusted request according to the trusted request;
and the trusted management terminal returns the trusted report to the virtualization software management terminal by using the trusted state API interface.
CN202010132973.6A 2020-02-29 2020-02-29 Computing resource trusted management linkage system and method Withdrawn CN111367617A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010132973.6A CN111367617A (en) 2020-02-29 2020-02-29 Computing resource trusted management linkage system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010132973.6A CN111367617A (en) 2020-02-29 2020-02-29 Computing resource trusted management linkage system and method

Publications (1)

Publication Number Publication Date
CN111367617A true CN111367617A (en) 2020-07-03

Family

ID=71206517

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010132973.6A Withdrawn CN111367617A (en) 2020-02-29 2020-02-29 Computing resource trusted management linkage system and method

Country Status (1)

Country Link
CN (1) CN111367617A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023179102A1 (en) * 2022-03-22 2023-09-28 华为技术有限公司 Method for determining trusted identity of application, and management unit and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023179102A1 (en) * 2022-03-22 2023-09-28 华为技术有限公司 Method for determining trusted identity of application, and management unit and device

Similar Documents

Publication Publication Date Title
CN108549580B (en) Method for automatically deploying Kubernets slave nodes and terminal equipment
CN103038788B (en) Providing multiple network resources
US20220075653A1 (en) Scheduling method and apparatus, and related device
EP3313023B1 (en) Life cycle management method and apparatus
Aiftimiei et al. Design and implementation of the gLite CREAM job management service
JP2013522795A (en) System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines
US10817327B2 (en) Network-accessible volume creation and leasing
KR102134491B1 (en) Network based management of protected data sets
CN103488526A (en) System and method for locking business resource in distributed system
CN106533961B (en) Flow control method and device
US11656902B2 (en) Distributed container image construction scheduling system and method
CN108037978A (en) A kind of managing computing resources method based on virtualization technology
CN113221093A (en) Single sign-on system, method, equipment and product based on block chain
CN114553912A (en) Health file sharing method, system, equipment and storage medium based on block chain
US20240118935A1 (en) Pod deployment method and apparatus
CN111367617A (en) Computing resource trusted management linkage system and method
US20170180389A1 (en) Securing services and intra-service communications
Zou et al. Building Automated Trust Negotiation architecture in virtual computing environment
CN111381921B (en) Front-end and back-end separation system and method based on Ambari
CN115834075A (en) Multi-tenant management-based password service and computing service integration method and device
CN115220871A (en) Virtual machine cloning method, device and storage medium
CN111327447A (en) Distributed system, arbitration method, node device and storage medium
JP6205013B1 (en) Application usage system
Schmieders et al. Architectural runtime models for privacy checks of cloud applications
CN109582464B (en) Method and device for managing multiple virtualization platforms by cloud platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20200703

WW01 Invention patent application withdrawn after publication