CN114244651A - Cloud desktop-based remote office implementation system and method - Google Patents
Cloud desktop-based remote office implementation system and method Download PDFInfo
- Publication number
- CN114244651A CN114244651A CN202111502078.XA CN202111502078A CN114244651A CN 114244651 A CN114244651 A CN 114244651A CN 202111502078 A CN202111502078 A CN 202111502078A CN 114244651 A CN114244651 A CN 114244651A
- Authority
- CN
- China
- Prior art keywords
- cloud desktop
- desktop
- cloud
- office
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 230000003068 static effect Effects 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 3
- 238000009434 installation Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 9
- 238000012550 audit Methods 0.000 abstract description 6
- 238000007726 management method Methods 0.000 description 38
- 238000005516 engineering process Methods 0.000 description 13
- 230000005540 biological transmission Effects 0.000 description 11
- 238000003860 storage Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 238000012544 monitoring process Methods 0.000 description 8
- 238000012423 maintenance Methods 0.000 description 6
- 230000002155 anti-virotic effect Effects 0.000 description 5
- 230000002093 peripheral effect Effects 0.000 description 5
- 230000003044 adaptive effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000013508 migration Methods 0.000 description 3
- 230000005012 migration Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000012384 transportation and delivery Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a remote office implementation system and method based on a cloud desktop, wherein the system comprises a client terminal and an office network cloud data center; the client terminal is connected to an office network through a VPN (virtual private network), a plurality of servers are deployed in a cloud data center of the office network, each server is connected to the office network, a plurality of desktop virtual machines are virtualized on each server respectively, cloud desktop connecting software is arranged on the client terminal, and the client terminal transmits desktop images through the cloud desktop connecting software and maps local equipment on the client terminal into the cloud desktop virtual machines. According to the cloud desktop virtual machine and the office network cloud data center, the problem that traditional data office is unsafe is solved, data do not fall to the ground in the mode and are all in an enterprise, the safety and experience effect of the data are improved, and the application safety audit fineness of a network is improved.
Description
Technical Field
The invention relates to the technical field of remote office, in particular to a remote office implementation system and method based on a cloud desktop.
Background
With the development of internet technology, remote office is increasingly popular. However, in the traditional remote office mode, the data security problem is a very serious work, and in the modern day of the continuous development of the internet technology, there are some security threats to the acquisition of various data information in the internet technology, such as the attack of some malicious websites or network interference activities may cause the data security to be violated. The statistical report of the development conditions of the Chinese Internet shows that as long as 12 months in 2017, the scale of Chinese netizens reaches 8.31 hundred million, the popularity rate of the Internet is 63.2 percent, the scale of mobile phone netizens reaches 6.95 hundred million, the percentage of the Chinese netizens is increased to 95.07 percent, and the increase is more than 10 percent in 3 continuous years. The data means that the national internet era has come, the popularization of mobile phones and computers completely exposes our lives and work to the internet, and some people who grasp the internet technology can carry out illegal data intrusion activities, so that the data security is greatly reduced, the data security threatens individuals, and the data security is very harmful to offices and even the interior of the whole enterprise.
In the existing remote office implementation, if a VPN account of an employee of an enterprise is acquired by a lawbreaker, the other party can access the office network through the VPN, thereby accessing all server resources. Particularly, in recent years, various times of unauthorized access to enterprise resources frequently occur, and huge losses are brought to enterprises. For such problems, hackers often adopt brute force cracking, library collision or social engineering to obtain user names and passwords, break through access permissions and achieve access of core resources.
Therefore, in the traditional remote office mode, the problem that the local computer is leaked randomly to cause unsafe data and the application safety of the network has insufficient audit fineness is easily caused, however, an effective prevention method can not be used for avoiding the problem at present.
Disclosure of Invention
In order to solve the defects of the prior art, the invention provides a remote office implementation system and method based on a cloud desktop, solves the problem that the traditional data office is not safe in the prior art, realizes that data does not fall to the ground in the remote office process, and improves the safety and experience effect of the data.
In a first aspect, the present disclosure provides a remote office implementation system based on a cloud desktop, including a client terminal and an office network cloud data center;
the client terminal is connected to an office network through a VPN (virtual private network), a plurality of servers are deployed in a cloud data center of the office network, each server is connected to the office network, a plurality of desktop virtual machines are virtualized on each server respectively, cloud desktop connecting software is arranged on the client terminal, and the client terminal transmits desktop images through the cloud desktop connecting software and maps local equipment on the client terminal into the cloud desktop virtual machines.
In a further technical scheme, the VPN connection adopts SSL VPN connection.
In a further technical scheme, the SSL VPN works under a firewall in an NAT mode, and the working modes provided by the SSL VPN comprise a Web mode and a tunnel mode.
In a further technical scheme, a cloud desktop management platform is deployed on the server, a cloud desktop agent program is deployed on the cloud desktop virtual machine, the cloud desktop agent program is an agent program used when the cloud desktop management platform manages the cloud desktop virtual machine, and the cloud desktop management platform is used for managing a virtualization platform, a desktop pool and cloud desktop users related to cloud desktop services.
In a further technical scheme, the server is provided with the virtualization platform, and the virtualization platform comprises a cloud resource management server and a cloud resource computing server.
According to the further technical scheme, when new software or updated software is deployed, the new software or the updated software can be used by the cloud desktop virtual machine after the cloud desktop virtual machine receives the software library by constructing a software library and distributing the software library to each cloud desktop virtual machine.
According to the further technical scheme, local users, domain users and user groups are authorized in batches through the cloud desktop management platform through the cloud desktop agent program, and unified management and centralized control of the virtual desktops of the cloud desktop virtual machines are conducted on the basis of the desktop pool.
According to the technical scheme, a cloud desktop monitoring program is also deployed on the cloud desktop virtual machine and used for monitoring the use condition of a user on the cloud desktop and determining whether the client terminal is safe or not according to the use condition.
According to the further technical scheme, when the number of times of downloading the files is higher than the set number of times, the cloud desktop monitoring program limits the connection of the client terminal.
In a second aspect, the present disclosure provides a method for implementing a remote office based on a cloud desktop, including the following steps:
step S01: the two ports of the firewall are respectively connected with the Internet and an office network, and the IP addresses are configured into an Internet public network IP and an office network fixed IP to complete line connection;
step S02: the firewall configures a default route and a static route;
step S03: configuring a VPN interface address and a VPN address pool;
step S04: creating an SSL VPN;
step S05: establishing a security domain and a policy;
step S06: adding account passwords to users, wherein each account is only used by one user;
step S07: and starting host detection and binding to complete the installation configuration of the remote office.
A computer readable storage medium having stored therein a plurality of instructions adapted to be loaded by a processor of a terminal device and to implement a cloud desktop based tele-office implementation system as described above.
A computer-readable storage medium characterized by: the cloud desktop-based remote office implementation system comprises a cloud desktop, a terminal device and a remote office, wherein a plurality of instructions are stored, and the instructions are suitable for being loaded by a processor of the terminal device and executing the cloud desktop-based remote office implementation system.
The above one or more technical solutions have the following beneficial effects:
the invention has proposed a teleworking implementation system and method based on cloud desktop, the system includes customer's terminal and cloud data center of the office network, the customer's terminal is connected to the office network through SSL VPN, dispose the multiple servers in the cloud data center of the office network, each server virtualizes the virtual machine of the multiple cloud desktop, dispose the cloud desktop connecting software on the customer's terminal, after the customer's terminal links SSL VPN, connect to the cloud desktop virtual machine of the office network through the cloud desktop connecting software, set up the connection with the office network on the basis of SSL VPN, and then connect the cloud desktop virtual machine in the enterprise data center through the cloud desktop connecting software on the local computer, realize teleworking;
according to the cloud desktop-based remote office implementation system and method, the cloud desktop virtual machine and the office network cloud data center are used, the problem that traditional data office is unsafe is solved, data are not fallen to the ground in the mode and are all in an enterprise, the safety and experience effect of the data are improved, and the application safety audit fineness of the network is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention.
Fig. 1 is a topology diagram of an SSL VPN network according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a cloud desktop-based teleworking implementation system according to an embodiment of the present invention;
fig. 3 is a flowchart of a cloud desktop-based telecommuting implementation method according to a second embodiment of the present invention.
Detailed Description
It is to be understood that the following detailed description is exemplary and is intended to provide further explanation of the invention as claimed. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
Example one
The embodiment provides a teleworking implementation system based on a cloud desktop, which comprises a client terminal and an office network cloud data center, wherein the client terminal is connected to an office network through a VPN (virtual private network), a plurality of servers are deployed in the office network cloud data center, each server is connected to the office network, and each server virtualizes a plurality of cloud desktop virtual machines.
In an embodiment, each server can virtualize up to 30 cloud desktop virtual machines.
A VPN, i.e., a virtual private network, is an extension of an enterprise network over a public network such as the internet. The VPN establishes a secure private connection through a private channel, and connects remote users, company branches, company business partners and the like with the enterprise network to form an extended company enterprise network.
Common VPN models include Access VPN, IPsec VPN, SSL VPN and the like, wherein the Access VPN belongs to a two-layer network tunnel technology, and the security and the function of the Access VPN cannot meet the requirements of company services; the IPsec VPN is a VPN technology of a network layer, and has high safety, but the difficulty is that a client needs to install complex software, and a user can master the corresponding technology only after receiving training; the SSL VPN protocol can meet the requirements of services in terms of functions and safety, and has the advantages of simple network structure, easy maintenance, no need of installing special software at a client, high cost performance and the like, so that the SSL VPN is selected and used, and the network topology diagram of the SSL VPN is shown in figure 1.
SSL VPN is a simple and secure remote tunnel access technique that is very simple to use. The SSL VPN adopts a public key encryption mode to ensure the safety of data in the transmission process, adopts a direct communication mode of a browser and a server, not only facilitates the use of a user, but also can ensure the safety of the data through an SSL protocol. The SSL protocol adopts an SSL/TLS integrated encryption mode to ensure data security. The SSL protocol can be divided into two layers from its use: the first layer is an SSL recording protocol which can provide basic functions of data compression, encryption and the like for data transmission; the second layer is an SSL handshake protocol which is mainly used for detecting whether the account password of the user is correct or not and carrying out authentication login. The SSL VPN has the characteristics of simple architecture, low operation cost, high processing speed and high safety performance, so that the SSL VPN is used in large scale in enterprise users.
The client terminal can be terminal equipment, a PC (personal computer), a thin terminal or any other equipment which can be connected to a network, cloud desktop connection software is deployed on the client terminal, and the client terminal is connected to a cloud desktop virtual machine of an office network through the cloud desktop connection software after being connected with the VPN. When the SSLVPN connection is established, the client terminal is connected with the Internet by using the local network, and when the application of the office network is involved, the client terminal is connected with the office network by using the local network and the office network, and occupies the bandwidth of the office network.
Desktop virtualization (vdi) (virtual Desktop infrastructure) is a computing model based on a server, and transfers Desktop components (including applications, operating systems, user settings, and the like) to an office network cloud data center for centralized management by using a server virtualization technology and combining a traditional thin client technology, and generates an independent Desktop operating system through a Desktop connection protocol, and sends the independent Desktop operating system to a client terminal for a user to use on the client terminal.
The cloud desktop virtual machine and the resources of the cloud data center of the office network are used, the problem that traditional data office is unsafe is solved, data do not fall to the ground in the mode and are all in an enterprise, and the safety and experience effect of the data are improved, so that the safety and experience effect of the data can be improved, and the application safety audit accuracy of the network is improved.
In this embodiment, as shown in fig. 2, a cloud desktop management platform is deployed on a server, and an administrator manages a virtualization platform, a desktop pool, cloud desktop users, and the like related to a cloud desktop service through the cloud desktop management platform. An administrator can host all virtualized desktops in an office network cloud data center through a virtual desktop management platform, and unified management and centralized control are performed. The user can obtain a similar use experience of a PC machine when using the virtualized desktop, and can access the desktop operating system residing on the server side through an application program or a browser by using a terminal device, a PC, a thin terminal or any other device capable of being connected to a network.
The cloud desktop connection software is a client program connected with the cloud desktop, and a client terminal of a user can efficiently transmit desktop images and map local equipment on the client terminal into the cloud desktop through the cloud desktop connection software.
In this embodiment, a cloud desktop agent is deployed on the cloud desktop virtual machine, and the cloud desktop agent is an agent used when the cloud desktop management platform manages the cloud desktop virtual machine, and can provide multiple virtual machine management capabilities for the cloud desktop management platform.
The server is provided with a virtualization platform, the virtualization platform comprises a cloud resource management server CVM and a cloud resource computing server CVK, and efficient, safe and stable virtual machine resources can be provided for the cloud desktop management platform.
A domain controller (i.e., a Microsoft Active Directory domain controller) is deployed on the server, and the domain controller is an optional component, provides LDAP-based Directory service, and provides functions of creating, managing and verifying users and domain management of a cloud desktop virtual machine for a cloud desktop management platform.
The remote office implementation system based on the cloud desktop has the advantages of simplicity and convenience in management, data safety, high deployment efficiency and the like. The management is simple and convenient through the following aspects: managing the authority by different domains and managing the resource access authority in a centralized way; distributing and managing the batch software; the desktop backup function is free; remotely assisting operation and maintenance by the desktop; the management is preposed, and a user self-service backups a desktop; and the user applies for opening an account by self. Data security is embodied by the following aspects: black and white lists of terminals/users/peripherals and read-only control of a USB flash disk; desktop watermarking, anti-candid shooting and anti-disclosure; screen recording and auditing, and recording illegal operation; terminal admission control based on the IP address field and the MAC; internet traffic is controlled and isolated from service network access flow, vLAN, ACL and QoS policy control. Deployment efficiency is manifested by the following aspects: deriving the templates in batches, and quickly generating hundreds of virtual desktops in 3 minutes; the new staff enters the job, and the user applies for the job by self and opens an account automatically; and renting the desktop, and automatically recovering the desktop after the desktop is expired.
The remote office implementation system based on the cloud desktop has the advantages of being high in experience, strong in safety, simple in management and intelligent in operation and maintenance.
Wherein, the high experience is embodied by the following aspects:
PC-like experience: the login, power-on and power-off habits of the user are not changed. The cloud desktop connection protocol VDP performs depth optimization on desktop image transmission, greatly improves desktop access experience, can realize second-level login of the desktop, and can be in butt joint with a Ukey and a fingerprint authentication system.
Perfect software compatibility: and (4) a complete software compatibility list is compatible with mainstream applications and antivirus software. The software compatibility of government industry is complete, the compatibility of C/S and B/S applications is good, and customized adaptation can be made for industrial applications.
Office peripherals are widely supported: the peripheral redirection core technology developed by the user independently keeps a bus channel as a PC, and the employee can use peripherals such as a printer, a scanner, a Ukey and the like as the PC.
Smooth video experience: the video redirection technology greatly improves the video experience of users, effectively reduces the resource overhead of video decoding on a server, and supports high-density video concurrent scenes.
Wherein, strong safety is embodied by the following aspects:
the cloud desktop product supports terminal access: binding the characteristics of an access terminal MAC or IP address and the like; black and white list control of peripheral equipment, software black list control, desktop watermarking, screen recording audit, read-only of storage equipment and the like.
The cloud desktop product supports integration with third-party antivirus software or safety software such as the sub-trusted safety and the like, provides a perfect safety protection solution under the virtualization environment, can protect the cloud desktop virtual machine without installing an agent in the virtual desktop, and realizes safety guarantee under the virtualization environment.
Wherein, the brief management is embodied by the following aspects:
(1) software distribution: when the software is deployed or updated, an administrator can independently create a software library and then directly distribute the software library to the cloud desktop virtual machine without updating the template. The software distribution function deployment speed is second level, when software is updated, different software libraries only need to be distributed to the cloud desktop virtual machine, and the cloud desktop virtual machine can be used after being restarted.
(2) Managing a desktop pool: through the cloud desktop management platform, an administrator can perform unified management and centralized control on the virtual desktops based on the desktop pool. The virtual desktops in the desktop pool can be deployed in batch, and local users, domain users and user groups can be authorized in batch. Through the static desktop pool, the user can share the virtual desktop independently, and the user can set the virtual desktop individually.
Through the manual desktop pool, an administrator can manually set the desktop pool restoration points as required and manually perform restoration operation when required.
And dynamic authorization of the virtual desktops can be performed in the floating desktop pool, the virtual desktops are randomly distributed from the dynamic pool when a user logs in, and the virtual desktops are automatically restored to a desktop initialization state after the user closes the virtual desktops.
In the static desktop pool, an administrator may import an existing cloud desktop virtual machine and may manually remove the cloud desktop virtual machine from the pool. For the manual desktop pool or the dynamic desktop pool, the cloud desktop virtual machine is released overtime after being disconnected, namely, the authorization relation is automatically released after the virtual desktop is disconnected for a certain time, and the virtual desktop can be applied for use by other authorized users in the pool.
(3) User management: an administrator can maintain local users, domain users and user groups through a user management module of the cloud desktop management platform, wherein the maintenance includes operations of adding, modifying, deleting, inquiring and the like, and can check virtual desktop information authorized by the users and the user groups. The LDAP domain user synchronization can be carried out manually or periodically, and the online user information is monitored. In addition, local authentication is supported, and a user only needs to be authenticated in the cloud desktop management platform when logging in, so that the logging-in speed is higher, and the management is more convenient and faster.
The intelligent operation and maintenance is embodied by the following aspects:
(1) operation and maintenance monitoring: the cloud desktop management platform realizes centralized management and unified monitoring of physical and virtual resources through a unified Web management console, can realize overview of cloud resources through a DashBoard interface, and realizes unified monitoring of resources such as a data center cluster, a host, storage, cloud desktop virtual machines and networks. At present, Top5 monitoring of a host CPU, a memory and the like, and Top5 monitoring of resources of a cloud desktop virtual machine CPU, a memory and the like are included.
(2) User self-service: a user can apply for cloud desktop resources through the self-service page, and can independently select OS types, vCPU, internal memory and disk resources. Or directly applying according to the virtual desktop specification predefined by an administrator. And when the user applies for the cloud desktop resources through the self-service page, the use duration of the virtual desktop can be set, the use permission of the user can be recovered when the desktop is overdue, and the user can also apply for postponing.
(3) The high-reliability framework is as follows: the H3C Cloud desktop cluster is based on a CAS server virtualization platform, can provide multiple system reliability guarantees such as HA, DRS and DPM for users, and effectively guarantees the stability of the Cloud desktop. The advantage of centralized management based on the cluster is that: by using the centralized management function, an administrator can organize, monitor and configure the whole IT environment through a unified interface, so that the management cost is reduced.
The cluster with the shared resource pool formed by the aggregation of a plurality of independent server hosts not only reduces the complexity of desktop pool management, but also has inherent high availability, and by monitoring all hosts under the cluster, once a certain host fails, the H3C CAS virtualization platform can immediately respond and restart the affected virtual desktop on another host in the cluster, and can also perform manual online virtual desktop migration, thereby providing a storage online migration function, supporting the online migration of the virtual desktop across different storage types and storage products of different manufacturers, and being capable of migrating the running virtual desktop from one storage position to another storage position in real time without interruption or shutdown, thereby providing an economic and effective solution for high availability of the cloud desktop for users.
(4) The protocol supports adaptive transmission: by means of self-adaptive transmission, the virtual channel can automatically respond to continuously changing network conditions, automatic switching between TCP and UDP is achieved, manual intervention is not needed, and the best experience of a user can be guaranteed.
The self-adaptive transmission is a new data transmission mechanism of the cloud desktop, the transmission speed is higher, the expansibility is higher, the interactivity of an application program is improved, and the interactivity is stronger in the connection of a challenging remote WAN and the Internet. Adaptive transport transmission maintains high server scalability and makes efficient use of bandwidth. With adaptive transmission, virtual channels can automatically respond to changing network conditions. They can intelligently switch the underlying protocol between protocol and TCP, already providing the best performance. This improves the data throughput of all virtual channels. The same settings apply for both LAN and WAN conditions.
When set as preferred, data transfer using local EDT first and back to TCP is required. By default, adaptive transmission is disabled (off) and TCP is always used. For testing purposes, a diagnostic mode may be set, in which case only EDT is applied and fallback to TCP is disabled.
(5) Providing application delivery container technology: the hierarchical management of the application is realized, an application delivery container technology is provided through AppLayering, and an administrator can take an application program, a system patch, antivirus software, a driver program and the like as application layers under the condition of not modifying a desktop mother mirror image, and the application layers are combined into different mirror images to be distributed to different users. Under the condition that the primary mirror image of the desktop is not modified, an administrator can take application programs, system patches, antivirus software, drivers and the like as application layers, combine the application programs, the system patches, the antivirus software, the drivers and the like into different mirror images and distribute the different mirror images to different users.
Preferably, the static desktop pool is provided with a desktop lock, the password of the desktop lock is set for the exclusive user, and when the password is input by the user for continuous and wrong setting times, the connection with the office network is automatically disconnected.
Preferably, a cloud desktop monitoring program is also deployed on the cloud desktop virtual machine, and the cloud desktop monitoring program is used for monitoring the use condition of the cloud desktop by the user and determining whether the client terminal is safe according to the use condition.
Preferably, when the client terminal connected to the office network is a strange address for first connection, the cloud desktop monitor limits the connection of the client terminal, uploads the information of the client terminal to an administrator, and the administrator manually confirms that the limitation on the client terminal is removed.
Preferably, when the number of times of downloading the secondary connection file is higher than a set number of times, the cloud desktop monitor limits the connection of the client terminal, uploads the client terminal information to an administrator, and the administrator manually confirms that the limitation on the client terminal is removed, wherein the set number of times is manually set by the administrator.
In conclusion, the cloud desktop virtual machine and the resources of the office network cloud data center are used, so that the problem that the traditional data office is unsafe is solved, the data do not fall to the ground in the mode and are all in an enterprise, and the safety and experience effect of the data are improved, so that the safety and experience effect of the data can be improved, and the application safety audit fineness of the network is improved.
Example two
The embodiment provides a remote office implementation method based on a cloud desktop, which comprises the following steps:
as shown in fig. 3, a method for implementing a remote office based on a cloud desktop is implemented based on the above system. The cloud desktop-based remote office implementation method provided by the embodiment comprises the following steps:
step S01: and the two ports of the firewall are respectively connected with the Internet and an office network, and the IP addresses are configured into an Internet public network IP and an office network fixed IP to finish line connection.
Step S02: the firewall configures a default route and a static route.
In this embodiment, the default route is an internet gateway, that is, the next hop of 0.0.0.0/0.0.0 is a gateway corresponding to the fixed IP of the internet; the static route is an address segment which needs to be accessed by the office network, and the next hop of the static route is an office network gateway;
step S03: and configuring a VPN interface address and a VPN address pool.
In this embodiment, a VPN interface address is configured as "172.16.1.1", and the interface address is also a gateway when a VPN user acquires a VPN address;
the VPN address pool is configured, and the new IP address allocated by the VPN address pool to the VPN user must not conflict with the existing address in the network, and in this embodiment, the VPN address pool is configured to be "172.16.1.10-172.16.1.100".
Step S04: an SSL VPN is created.
When creating SSL VPN, i.e. when creating tunnel interface, it needs to input a port number, which is defined by the user himself, as 4433; this port number is also the IP address port at which the user logs into the VPN.
Step S05: security domains and policies are created.
The SSL VPN and the interface are defined as a security domain (Trust) with three layers, the office network is defined as a buffer Domain (DMZ), the internet is defined as a non-security domain (Untrust), and a relative strategy is established, so that only access conforming to the regulations is allowed to pass through.
Step S06: account passwords are added to the users, and each account is only used by one user.
Step S07: and starting host detection and binding to complete the installation configuration of the remote office.
By detecting and binding the function of the host machine in the step S07, the application relation between the user name and the host machine ID is automatically added into the binding table when the user logs in for the first time, and a plurality of parameters of the user such as computer hardware, network card MAC address, operating system and the like are locked, so that the possibility of illegal intrusion is reduced.
The specific working process of the system is implemented in the manner of the first embodiment, and is not described herein again.
Those skilled in the art will appreciate that the modules or steps of the present invention described above can be implemented using general purpose computer means, or alternatively, they can be implemented using program code that is executable by computing means, such that they are stored in memory means for execution by the computing means, or they are separately fabricated into individual integrated circuit modules, or multiple modules or steps of them are fabricated into a single integrated circuit module. The present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.
Claims (10)
1. A teleworking implementation system based on cloud desktop, characterized by includes: the system comprises a client terminal and an office network cloud data center;
the client terminal is connected to an office network through a VPN (virtual private network), a plurality of servers are deployed in a cloud data center of the office network, each server is connected to the office network, a plurality of desktop virtual machines are virtualized on each server respectively, cloud desktop connecting software is arranged on the client terminal, and the client terminal transmits desktop images through the cloud desktop connecting software and maps local equipment on the client terminal into the cloud desktop virtual machines.
2. The cloud desktop based tele-office implementation system of claim 1, wherein said VPN connection is a SSL VPN connection.
3. The cloud desktop based tele-office implementation system of claim 2, wherein the SSL VPN operates under a NAT mode firewall and the SSL VPN provides modes of operation including a Web mode and a tunnel mode.
4. The cloud desktop-based tele-office implementation system of claim 1, wherein a cloud desktop management platform is deployed on the server, a cloud desktop agent is deployed on the cloud desktop virtual machine, the cloud desktop agent is an agent used when the cloud desktop management platform manages the cloud desktop virtual machine, and the cloud desktop management platform is configured to manage a virtualization platform, a desktop pool, and cloud desktop users related to cloud desktop services.
5. The cloud desktop based tele-office implementation system of claim 4, wherein the virtualization platform comprises a cloud resource management server and a cloud resource computing server.
6. The cloud desktop-based tele-office implementation system of claim 4, wherein when deploying new software or updated software, the cloud desktop virtual machines can use the new software or updated software by building a software library and distributing the software library to each of the cloud desktop virtual machines, and restarting the cloud desktop virtual machines after receiving the software library.
7. The cloud desktop based tele-office implementation system of claim 4, wherein local users, domain users and user groups are authorized in batch by the cloud desktop management platform through the cloud desktop agent, and unified management and centralized control of the cloud desktop virtual machine virtual desktops are performed based on the desktop pool.
8. The cloud desktop-based teleworking implementation system of claim 1, wherein a cloud desktop monitor is further deployed on the cloud desktop virtual machine, and the cloud desktop monitor is configured to monitor a usage of a cloud desktop by a user and determine whether the client terminal is safe according to the usage.
9. The cloud desktop-based telecommuting implementation system as claimed in claim 8, wherein the cloud desktop monitor limits the connection of the client terminal when the client terminal connected to the office network is connected to the file more frequently than a set number of times.
10. A remote office implementation method based on a cloud desktop is characterized by comprising the following steps:
step S01: the two ports of the firewall are respectively connected with the Internet and an office network, and the IP addresses are configured into an Internet public network IP and an office network fixed IP to complete line connection;
step S02: the firewall configures a default route and a static route;
step S03: configuring a VPN interface address and a VPN address pool;
step S04: creating an SSL VPN;
step S05: establishing a security domain and a policy;
step S06: adding account passwords to users, wherein each account is only used by one user;
step S07: and starting host detection and binding to complete the installation configuration of the remote office.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111502078.XA CN114244651A (en) | 2021-12-09 | 2021-12-09 | Cloud desktop-based remote office implementation system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111502078.XA CN114244651A (en) | 2021-12-09 | 2021-12-09 | Cloud desktop-based remote office implementation system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114244651A true CN114244651A (en) | 2022-03-25 |
Family
ID=80754446
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111502078.XA Pending CN114244651A (en) | 2021-12-09 | 2021-12-09 | Cloud desktop-based remote office implementation system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114244651A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115118720A (en) * | 2022-06-23 | 2022-09-27 | 中国民航信息网络股份有限公司 | Analysis assistance tool, data processing system, assistance analysis method and related equipment |
| CN115643109A (en) * | 2022-12-21 | 2023-01-24 | 四川汉科计算机信息技术有限公司 | Remote control method, system, equipment and medium based on virtualization platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140047081A1 (en) * | 2010-09-30 | 2014-02-13 | William Scott Edwards | Cloud-based virtual machines and offices |
| CN103986786A (en) * | 2014-06-05 | 2014-08-13 | 江苏路海物联网科技有限公司 | Remote cloud desktop operation system |
| US20160056975A1 (en) * | 2014-08-25 | 2016-02-25 | Conexlink, LLC | System and Method for Virtualizing an IT Infrastructure with Remotely Accessible Virtual Desktops |
| CN109889422A (en) * | 2019-03-07 | 2019-06-14 | 江苏省人民医院 | The method for realizing long-range radiotherapy planning in conjunction with virtualization desktop and SSL VPN |
| CN113395272A (en) * | 2021-06-09 | 2021-09-14 | 广东省城乡规划设计研究院有限责任公司 | Remote office system based on data security |
-
2021
- 2021-12-09 CN CN202111502078.XA patent/CN114244651A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140047081A1 (en) * | 2010-09-30 | 2014-02-13 | William Scott Edwards | Cloud-based virtual machines and offices |
| CN103986786A (en) * | 2014-06-05 | 2014-08-13 | 江苏路海物联网科技有限公司 | Remote cloud desktop operation system |
| US20160056975A1 (en) * | 2014-08-25 | 2016-02-25 | Conexlink, LLC | System and Method for Virtualizing an IT Infrastructure with Remotely Accessible Virtual Desktops |
| CN109889422A (en) * | 2019-03-07 | 2019-06-14 | 江苏省人民医院 | The method for realizing long-range radiotherapy planning in conjunction with virtualization desktop and SSL VPN |
| CN113395272A (en) * | 2021-06-09 | 2021-09-14 | 广东省城乡规划设计研究院有限责任公司 | Remote office system based on data security |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115118720A (en) * | 2022-06-23 | 2022-09-27 | 中国民航信息网络股份有限公司 | Analysis assistance tool, data processing system, assistance analysis method and related equipment |
| CN115118720B (en) * | 2022-06-23 | 2024-02-09 | 中国民航信息网络股份有限公司 | Analysis assistance tool, data processing system, assistance analysis method and related equipment |
| CN115643109A (en) * | 2022-12-21 | 2023-01-24 | 四川汉科计算机信息技术有限公司 | Remote control method, system, equipment and medium based on virtualization platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11604861B2 (en) | Systems and methods for providing real time security and access monitoring of a removable media device | |
| CN113395272B (en) | Remote office system based on data security | |
| US11991051B2 (en) | Providing mobile device management functionalities | |
| US20220046060A1 (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| US10999302B2 (en) | System and method for providing data and device security between external and host devices | |
| US8843998B2 (en) | Apparatus, systems and methods for secure and selective access to services in hybrid public-private infrastructures | |
| CN108847990B (en) | Method, device and medium for providing management function of mobile device | |
| CN113220398B (en) | Intelligent multi-framework fusion type safety desktop cloud system | |
| US20200329121A1 (en) | Remote provisioning and enrollment of enterprise devices with on-premises domain controllers | |
| US8108923B1 (en) | Assessing risk based on offline activity history | |
| AU2008325044A1 (en) | System and method for providing data and device security between external and host devices | |
| CN114244651A (en) | Cloud desktop-based remote office implementation system and method | |
| US11425139B2 (en) | Enforcing label-based rules on a per-user basis in a distributed network management system | |
| US11316857B2 (en) | Automated creation of dynamic privileged access resources | |
| CN113826075A (en) | Desktop virtualization with dedicated cellular network connection for client devices | |
| CN113330435A (en) | Tracking contaminated connection proxies | |
| Andersen | Changes to functionality in Microsoft Windows XP service pack 2 | |
| US11748505B2 (en) | Secure data processing in a third-party cloud environment | |
| Kralicek et al. | Home Networking | |
| Souppaya et al. | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist | |
| Scarfone et al. | Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist | |
| Infrastructure | Security Hardening | |
| Hoekstra-berry et al. | Consultancy Report for a secure Virtual Infrastructure | |
| Campbell et al. | {NT} Security in an Open Academic Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |