FR2906958A1 - Connecting method for thin client, involves assigning Internet protocol address to terminal via virtual protocol network, downloading kernel of operating system to terminal from server and executing kernel in terminal - Google Patents

Abstract

The method involves connecting a terminal to a computing network and initiating a virtual protocol network (VPN) after identifying and controlling hardware of the terminal when the terminal is powered. An Internet protocol (IP) address is assigned to the terminal via the VPN using a dynamic host configuration protocol (DHCP) by a server. A kernel of an operating system is downloaded to the terminal from the server and is executed in the terminal. An independent claim is also included for a terminal connected to a server.

Description

The present invention is in the field of managing a network of

  communication, in particular in the connection of a terminal to a computer type network. In an architecture with a client / server type relationship, such a terminal is commonly referred to as a so-called thin client. A thin client serves as an interface between a user and at least one application running on a so-called application server, the connection between the client and the server being carried out via a communication network, preferably a type network. computer science. For reasons of cost and implementation, a thin client therefore comprises the minimum of peripherals, namely a screen, a keyboard and a mouse, and a minimum of integrated hardware, as well as the software necessary for the operation of said peripherals and said device. hardware, also called driver. Such a terminal also comprises storage means, generally of the hard disk type, for backing up the data relating to said software and the like. As mentioned above, the application is executed remotely on the application server. Data is generally processed through said application and the result of this processing is transmitted, through the network, to the terminal that displays or executes locally. Through said terminal, a user intervenes on this result and sends back actions to be executed or data to be processed to the server. However, a state-of-the-art thin-client terminal has the disadvantage of requiring the installation of an operating system and / or a software layer for the local execution of data and results transmitted by the server. A long and expensive phase of deployment and maintenance of the terminals, in particular upgrades of the software layer, is therefore necessary. In addition, an incident on a station requires the local intervention of a technician, the time required for the detection of the anomaly and the restoration of said terminal.

Another disadvantage lies in the security vulnerabilities of such a terminal. Indeed, a terminal generally stores locally all or part of the information transmitted by said server, in particular in the form of 5 temporary files or the like. Access to sensitive data through said terminal is thus facilitated. Remote data transfer also poses a security problem that is often solved by encryption and access to a secure connection. However, these methods do not allow perfect security because of the first data exchanges that are generally unencrypted. In addition, each terminal generally includes a hardware structure defined for a specific type of operating system that is installed by default. The change of the operating system of the terminal therefore implies a local maintenance operation on each terminal which has the aforementioned defects. The object of the invention is to overcome the drawbacks of the state of the art by proposing a thin client-type terminal capable of adapting to any type of operating system through remote downloading from a server. application. Thus, said terminal is designed capable of establishing a remote connection with a server and in a secure manner as soon as the first data is transferred. This terminal therefore locally echoes the remote execution of applications on the server. In addition, such a terminal does not need to be updated since no update locally is necessary and its maintenance is greatly facilitated through its simple replacement in case of a problem. The invention relates to a thin-client terminal and its method of connection to a remote application server. Other features and advantages of the invention will emerge from the following detailed description of non-limiting embodiments of the invention.

The present invention relates to the connection of a terminal to a server through a communication network, in particular of the computer type. Preferably, said terminal is a so-called lightweight client connected to an application server. The terminal is then a remote execution interface of at least one application, said application being executed remotely on said application server. In this regard, the computer network considered may be a local network, such as an intranet, including or not said server. Preferably, this server may be remotely connected via an external communication or computer network, such as the Internet or the like, through at least the TCP / IP network protocol, Transmission Control Protocol and Internet Protocol. An innovation of the invention resides in the fact that said terminal does not have an operating system installed in a so-called dead memory, such as a hard disk or the like, and which is launched at startup, commonly at 20 boot operation. Conversely, the kernel of the operating system is downloaded to said terminal, through said network, from the remote server. To do this, the terminal comprises means for recognizing and controlling the constituent material elements. These means are generally in the form of BIOS software, for Basic Input / Output System, firmware or the like. When powering on said terminal, the BIOS recognizes the hardware and connects said terminal to said network, in particular through connection means. Preferably, these connection means may be in the form of a modem card and / or a network card. It should be noted that the connection of the terminal is made through DHCP for Dynamic Host Configuration Protocol, which automatically allocates to clients an IP address and other network parameters, in the opposite of addressing. static. The principle is based on the sending by a client of a request called DHCP on the network to which the DHCP server will automatically return an IP address, therefore assigned to said client.

In addition, the method according to the invention is characterized by the fact that it creates a Virtual Private Network VPN acronym for Virtual Private Network between at least one terminal and the server. The use of a VPN provides greater privacy and security of data transmission. The terminal 10 thus comprises means capable of generating a VPN before any operating system is executed locally. Therefore, the first transmitted data packets are encrypted or encrypted. During the connection, the terminal sends a DHCP request to the network that is received by the server. This request includes a MAC address declaration for Media Access Control, which corresponds to the unique physical address of the connection means, the modem or the network card. In response, the server allocates an IP address to be used later by said terminal. The response contains, in addition to said IP address, an address corresponding to the kernel of the operating system to be executed on said terminal. Indeed, the system according to the invention uses a so-called PXE boot for Pre-boot eXecution Environment, which allows a workstation to boot through the network an operating system present on the server. Once the IP address allocated to said terminal, the latter sends a kernel request to said server which then initiates the download of said kernel, the kernel request comprising in particular said kernel address. Note that a kernel includes the software layer necessary for the execution of at least one application. This kernel is preferably the core of an operating system. The server thus presents itself as means of management, on the one hand, of the assignment of the IP addresses to the terminals of the network but, on the other hand, to the assignment and distribution of the cores. This server can therefore be an application server and / or a dedicated server. This server may be local, directly connected to said network, or accessible remotely through previously described communication means. The management means are considered as managers of the customers that are the terminals connected to the network. After downloading the operating system kernel, the operating system kernel is executed locally on the terminal so as to allow the user to launch one or more applications that are remotely executed on the application server, in the manner of a classic thin client. The execution of the kernel is performed in a so-called RAM memory, such as RAM, which is equipped with said terminal. After the execution of said kernel, said terminal behaves like a conventional thin client, namely that it transmits the data and commands of the user to the application server which sends back to it the result of the execution of these data. and orders. This data transfer can be done through the network file system access protocol, such as NFS for Network File System or the like. Another advantage results from the fact that the execution is carried out remotely at the server, allowing, in case of malfunction or power failure, the recovery by the user of his work at the precise moment when the cut 25 s' is produced. In addition, no data is stored locally, for example in a permanent memory such as a hard disk or so-called ROM, or in the case of temporary file. In the case of a power failure of the terminal, no data will be present in the latter, thus preventing any information leakage by recovery of the equipment. It should be noted that a server can be connected to several terminals and takes care of their entire management, delivering them specific kernels to each. Preferably, each kernel is defined according to the terminal 2906958 6 and / or the user holding the latter. Indeed, the user's function determines the applications and access he needs to work. Thus, the parameters of a user can define the characteristics of the kernel that will be downloaded to his terminal (operating system required, software and applications used, etc.). To define a user, said terminal may comprise means capable of identifying said user. In particular, these identification means may be in the form of a chip-type card reader, a magnetic tape reader or the like, or a biometric reader. These identification means may be physically incorporated into or connected to the terminal.

The terminal management means comprise the data specific to each user, in particular the kernel of the operating system or systems used. User management is therefore greatly facilitated and fully controlled by an administrator.

These identification means allow a user to use either a terminal without going through a manual identification procedure, including the disadvantage of storing and entering an identifier and a password. In addition, the identification means implemented 25 offer increased security because of the difficulty of falsifying them. User data can therefore be embedded in the DHCP request along with the MAC address.

In the preferred embodiment, the terminal comprises a modem card connected to a CPU card, for Central Processing Unit. This CPU board can be PC / 104 type. On the one hand, the purpose of the modem card is to authorize a connection to said network, preferably the Internet through an Asymmetrical Digital Connection (RNA) or an asymmetric digital link, such as ADSL. It should be noted that the care can also support voice over IP (VOIP). On the other hand, it manages the creation of the VPN and is configured to allow a PXE boot. On the other hand, it communicates with the CPU card through Ethernet 5 and PXE protocols. When the terminal is turned on, its startup first triggers its configuration (component, peripherals, hardware, etc.) and then connects the terminal to the network, notably the Internet Service Provider (ISP).

Next, the VPN is established in order to secure the subsequent transmission of data, namely the sending of the kernel and the subsequent exchange of data. The invention also has the advantages of reducing the costs of deployment, operation, maintenance of a network or computer park while improving the reliability and security of information exchanges. The invention also prevents any hacking or intrusion of viruses at the terminal. Of course, the invention is not limited to the examples illustrated and described above which may have variants and modifications without departing from the scope of the invention.

Claims (3)

  1. A method of connecting a terminal to a remote server through a computer network, wherein: - when powering said terminal, after recognition and control of the constituent hardware elements, said terminal connects to said network and initiates a VPN connection; said server assigns an IP address to said terminal through said VPN using a DHCP protocol; and at least one operating system kernel is downloaded from said server to said terminal and executed locally on said terminal.   2. Method according to claim 1, characterized in that the assignment through the DHCP protocol is to send on the network a request comprising at least the MAC address of said terminal; sensing said request by said server and sending a response comprising at least the IP address of said terminal and the address of said core.   3. Terminal connected to a server through the method according to any one of claims 1 or 2, characterized in that it comprises a modem card combined with a CPU card and comprising means capable of setting up a VPN, assigning an IP address through a DHCP protocol and initiating the download of an operating system kernel from said server to said terminal. 8