CN101964029B - The method of online switching between multiple subdata processing systems - Google Patents
The method of online switching between multiple subdata processing systems Download PDFInfo
- Publication number
- CN101964029B CN101964029B CN201010217607.7A CN201010217607A CN101964029B CN 101964029 B CN101964029 B CN 101964029B CN 201010217607 A CN201010217607 A CN 201010217607A CN 101964029 B CN101964029 B CN 101964029B
- Authority
- CN
- China
- Prior art keywords
- data handling
- switching
- handling system
- processing system
- mainboard
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
A kind of for many height according to the method for switching online between processing system, by sending incision/switching out signal, notice host computer system preserves/resumes work scene, user can in the course of the work or directly be switched under duty between multiple subdata processing systems, in effect, ' equivalent ' in running multiple subdata processing system under same data handling system simultaneously, so that many height share the software and hardware resources of former data handling system according to processing system timesharing;Invention also provides data handling system based on this online changing method, can provide multiple physics or virtual subdata processing system under same data handling system interface, each subdata processing system has been used for different application;Mutual security isolation between different subdata processing systems, with the application of the satisfied different demands different requirements to safety;Can online (Online) switching as TV " channel " between subsystems.
Description
Division explanation
Original bill title: there is data handling system and the method for multiple subsystem
Original bill application number: the 200510132889X original bill applying date: on December 29th, 2005
Earlier application number: 200410102989.3 earlier application days: on December 31st, 2004
Art
Type of the present invention relates to data handling system and safe practice, by integrated many under same data handling system interface
Individual physics or virtual subdata processing system, makes data handling system (such as computer system) disclosure satisfy that user is to difference
The different safety need of task, and avoid the potential safety hazard between different tasks to transmit mutually.Simultaneously on affecting data
The firmware (Firmware) of processing system safety, such as basic input/output (BIOS), it is provided that protection and the method for inspection.
Background technology
Along with the development of information technology, increasing work can be by data handling system (such as department of computer science
System) and network carry out, this is greatly accelerated efficiency undoubtedly, facilitates user.
But, as the definition of data handling system, it considers at the beginning of occurring that most is that the process of data is (such as meter
The title of calculation machine derives from its quick computing capability), and do not consider safety factors, thus, cause data handling system safety
The problem of aspect becomes increasingly conspicuous, particularly in electronic transaction, and information privacy, individual privacy etc. field, bring because of safety
Lose increasing, and this " disaster " generation increasingly easier, geocentric predisposition is more and more obvious.
In addition to the potential safety hazard of data handling system itself, the use habit of user itself and demand are also to cause safety
One of reason that problem occurs, many times, user causes safety to start a leak because have accessed unsafe website, and then lets out
Having revealed its important account and password, caused economic loss, such example is of common occurrence.
In other words, user has multiple demand, and the safety requirements between various demands is different, such as: daily
News, amusement, the requirement to safety is the lowest, and for electronic transaction, its safety requirements is the highest, when these two tasks are positioned at same
Time among one data handling system, " leak " is it is possible to from the low task of safety requirements " infection " to the high task of safety requirements.
Certainly, this has been considered by existing data handling system, such as the browser of Microsoft (Microsoft)
Safety is just divided into the ranks such as high, medium and low by (Internet Explorer), and to control different use environment, but this can not
Tackle the problem at its root, because: 1.IE inherently leak the more, and also has the trend constantly occurred;2.Windows operates
System be also leak the more;3. the technology of couple user requires the highest.Exactly because these factors, make people feel on network and get over
Come the most dangerous.
The alternatively possible method solving this problem is, provides single data to process system each application
System.Owing to expense is the highest, efficiency is the lowest, it is clear that do not have practical value widely.
Simultaneously, although the destruction currently for BIOS is only limitted to virus CIH, and CIH is also only to carry out BIOS system
Destroy, the most do not utilize BIOS system to propagate, but this is not to say that virus can not utilize BIOS to propagate, it practice, the biggest portion
Point mainboard, display card, SCSI card, network interface card etc. BIOS system owing to employing FLASH memory in a large number, default the most do not write
Protection, and have the opportunity to acquisition system control, this can be propagated by BIOS with regard to providing rogue program theoretically
With the possibility that data handling system is destroyed, and this destruction, threaten often bigger than existing virus.
CSS (Core System Software) BIOS or EFI (Extensible is occurred in that after even if
Firmware Interface) BIOS, same safety problem still exists, it addition, because they also need to most basic
BIOS system loads them, adds dangerous link on the contrary.
Summary of the invention:
In order to solve the problems referred to above, the present invention provides the virtual method of a kind of data handling system and a kind of data to process system
System, can provide multiple physics or virtual subdata processing system under same data handling system interface, be used for
Different tasks, between subsystems can as the switching TV " channel ", and different subdata processing systems it
Between can mutual security isolation, be independent of each other;For guaranteeing the basic security of data handling system, also carry supplied simultaneously new to base
The method that this input/output (BIOS) carries out write-protect and verification.
It addition, the invention allows for for data handling system being carried out virtual switching device and a kind of for this
The master board device of the bright described data handling system with multiple subsystem.
Technical scheme:
The virtual method of a kind of data handling system, processes for a data handling system invents multiple subdata
System, it is characterised in that:
The plurality of virtual subnet data handling system has respective operating system or an application system, described operating system or
Application system can be identical, it is also possible to different;
The plurality of virtual subnet former data processing system resources of data handling system time-sharing multiplex;
Whenever, share in multiple virtual subnet data handling systems of same processor unit and at most can only have a void
Intending subdata processing system and be in running status, the virtual subnet data handling system being in running status is exactly working as in user's eye
Front based on this processor unit " truly " data handling system;Described processor unit can include a CPU, it is also possible to
Including one group of multiple CPU, each CPU can be single kernel, it is also possible to be many kernels.
User selects the current virtual subnet data handling system run by switching device;
The virtual method of data handling system of the present invention, also includes described different virtual subnet data handling systems
The external memory method that carries out security isolation, described partition method can be any one or more of of following methods or it
Combination in any:
A., multiple physically independent external memory is set so that different virtual subnet data handling systems uses not
Same physics external memory;
B. the memory space of single external memory is carried out virtual partition so that different virtual subnet data handling systems makes
With the different virtual subnet memorizer of this external memory;
C. the external memory memory space to the virtual subnet data handling system of off working state carries out the side of read/write protection
Method;As virtual subnet data handling system shared the situation of the different subregions of same external memory, this method can be used;
D. the method unwanted external memory of virtual subnet data handling system of duty disabled;
E. the virtual subnet data handling system unwanted external memory memory space of duty is carried out read/write protection
Method;
F. other possible method;
By the memory space of external memory is carried out mutually isolated, can effectively control different virtual subnet data and process
Possible unsafe factor between system transmits mutually.
Online (Online) switching or off-line (Offline) can be carried out between the plurality of virtual subnet data handling system
Switching;Generally online (Online) switching refers generally to not shut down the switching in the case of (or not closing power supply), and off-line
(Offline) switching in the case of switching refers to shutdown (or closing power supply);
A kind of between multiple virtual subnet data handling systems of shared same processor unit, carry out online (Online)
The method of switching comprises the steps:
A. user sends virtual subnet data handling system handover request to switching device;
B. switching device sends system switching out signal to current virtual subdata processing system;
C. current virtual subdata processing system preserves the working site that it is relevant;
D. the resource needed for switching device arranges new virtual subnet data handling system, and send system switching in signal;
The newest virtual subnet data handling system obtains control, recovers the working site of its original preservation or restarts
Or the mode specified by user starts, restart and cut mainly for system first or other does not exist the work of original preservation
On-the-spot situation, the mode that user specifies start refer to user specified switching after duty set up mode;
A kind of method at preservation/scene of resuming work, it is characterised in that:
The method of described preservation working site comprises the following steps:
A. operating system sends " preservation working site " notice to current running all tasks;
The work space of the most current running task cleaning oneself and resource;
C. operating system clears up work space and the resource of oneself;
D. preserve and can reconstruct the most basic system information needed for current operating environment;
E. the state of its equipment used all is preserved;
The described method resuming work scene comprises the following steps:
A. load the state of its equipment used all of Locale Holding to be resumed work, and relevant device shape is set with this
State;
B. all most basic system informations that can reconstruct current operating environment of Locale Holding to be resumed work are loaded,
And reconstruct working environment at that time;
C. the work space of operating system recovery oneself and resource;
D. operating system sends " scene of resuming work " notice to current running all tasks;
The work space of current running task recovery oneself and resource;
The method that between described virtual subnet data handling system, off-line (Offline) switches comprises the steps:
A. data handling system is closed;
B. switching device is switched to new virtual subnet data handling system hardware;
C. data handling system is restarted;
The virtual method of any of the above described a kind of data handling system of the present invention, it is characterised in that also include virtual
The method for building up of the duty of subdata processing system, the method for building up of the duty of described virtual subnet data handling system
Can be following any one or more of:
A. recover (Resume), refer to recover from any one previously saved working site, this also means that virtual subnumber
A working site whenever can be preserved according to processing system;
B. restart (Reboot/Restart), refer to restart virtual subnet data handling system;
C. original rest (Original Reset), resets to the most original installment state also by virtual subnet data handling system
Start;
D. install/refitting (Install/Reinstall), install or reinstall and start virtual subnet data process system
System;
The foundation of described duty can be carried out, also in the case of current virtual subdata processing system obtains control
Can specify by user when virtual subnet data handling system switches over, described appointment is for the virtual subnet data being cut into
Processing system.
A kind of data handling system, it is characterised in that at least include two or more subdata processing system;
The processor unit of the plurality of subdata processing system is physically located in same cabinet;
Any one subdata processing system described, can have the processor unit of physics independence, it is also possible to be shared
The virtual subnet data handling system of processor unit;
Described processor unit can include a CPU, it is also possible to includes that one group of multiple CPU, each CPU can be single interior
Core, it is also possible to be many kernels.
The plurality of subdata processing system completely or partially shares at least one display device or at least one input sets
Standby;
Data handling system of the present invention, it is characterised in that also include a switching device (600), is used for selecting to use
Family currently used or operation subdata processing system;
Described switching can be off-line (Offline) switching in the case of shutdown (or closing power supply), it is also possible to be to be not related to
Online (Online) switching in the case of machine (or not closing power supply);
By this device, described subdata processing system can share input-output apparatus to greatest extent, as display sets
Standby, keyboard, mouse etc., and user can be allowed to carry out relevant operation under the most consistent operating environment, i.e. save
Expense, in turn simplify operation.
Data handling system of the present invention, it is characterised in that described different subdata processing system is fixed for
The external memory of System guides be different external memorys or same external memory by the different son storages of virtual partition
Device;Described " being fixed for the external memory of System guides " refers to non-transitory, is relatively fixed, normal working line in a period of time
The external memory for guiding under for, generally hard disk or electric board.
Data handling system of the present invention, it is characterised in that for the reprogrammable of described subdata processing system
And can obtain this subdata processing system processor unit perform chance firmware (Firmware) device, this device is permissible
It is write-protected or partial write protection, or this firmware (Firmware) content itself can be verified by tamper by non-.Institute
The firmware (Firmware) stated, is common in basic input output system (BIOS) or other is between hardware and operating system
For operating one group of service routine of hardware.
A kind of selection switching device (601), for supporting the virtual of data handling system, it is characterised in that including:
One controls input interface (701), for accepting the selection signal from user, and the character of this interface and television set
Channel interface is similar, and, select content the most single, so, this interface can be mechanical, it is also possible to is electronics, can
Being wired, it is also possible to be wireless, can be coding signal, it is also possible to be directly to select signal;
One control unit (700), for the selection signal according to user, controls cutting of different virtual subnet data handling system
Changing, owing to function is relatively easy, this unit utilogic circuit, microcontroller or discrete component/integrated circuit complete;
One HPI (703), is used for and data handling system main-machine communication, owing to control unit (700) is led to main frame
Letter content is considerably less, and simply, such as: send out " system cuts out ", receives " system has cut out ", send out " system incision ", so this interface
Can be arbitrary universal or special interface, such as ISA, PCI, USB, RS232, parallel port, 1394 interfaces, I2C and other is each
Plant special or general-purpose interface;
One controls output interface (702), is used for providing miscellaneous equipment institute in virtual subnet data handling system handoff procedure
The selection signal needed, such as the selection switching signal of multiple hard disks, this signal is produced according to the selection signal of user by control unit
Raw, can be mechanical, it is also possible to be electronics, can be wired, it is also possible to be wireless, can be coding signal, also
Can be directly to select signal;
Described control unit (700) and control input interface (701), control output interface (702), HPI (703)
The most connected;
Described control input interface (701), control output interface (702), HPI (703) can partly or entirely be answered
Use same interface bus, it is also possible to use different interfaces respectively, go for this as I2C bus is widely used in household electrical appliances;
Described selection switching device (601) can be integrated on mainboard, thus forms the mainboard supporting virtual functions, institute
The mainboard stating support virtual functions refers to that the data handling system built with this mainboard can be invented multiple subdata and process system
System.
A kind of multiple-unit mainboard, including the sub-board unit at least two or plural physical significance, every height
Board unit may be used for building the data handling system main frame of a physics, and described every sub-board unit can be common main
Plate, it is also possible to be the mainboard with virtual functions, multiple-unit mainboard has the data handling system of multiple subsystem for building,
It is characterized in that, also include a selection device (602), described selection device is used for supporting subsystem to select and switching, described choosing
Select device (602) to include:
One controls input interface (711), and for accepting the selection signal from user, this interface can be mechanical, also
Can be electronics, can be wired, it is also possible to be wireless, can be coding signal, it is also possible to be directly to select letter
Number;
One shares interface switch unit (710), for according to the selection signal of user, to sharing same equipment or interface
One or more interfaces carry out selecting switching, and the interface of described selected switching can be the interface provided on mainboard, it is also possible to
It is the interface extending out by expansion card, owing to the described switching that selects is all based on the selection of physical signalling passage and cuts
Change, thus described interface can be the wired or wireless interface of any kind;
Described shared interface switch unit at least have a shared display output interface or at least have one share
Input equipment interface;
Multiple-unit mainboard of the present invention, it is characterised in that also include a control output interface (712), be used for providing
The selection signal that other sub-board unit or equipment are required in subsystem handoff procedure, such as, be tool for sub-board unit
Having the mainboard of virtual functions, it i.e. needs this selection signal;This interface can be mechanical, it is also possible to is electronics, Ke Yishi
Wired, it is also possible to it is wireless, can be coding signal, it is also possible to be directly to select signal;
Described control output interface (712) can be with the same interface bus of multiplexing with control input interface (711), it is also possible to point
Do not use different interfaces;
The Interface User that described shared interface switch unit (710) is switched can be arranged and adjust, i.e. user can determine
Which interface fixed can be not selected switching (not sharing), and this setting can be carried out by BIOS or jumper switch.
The method of controlling security of a kind of basic input/output (BIOS), including write-protected method, its feature exists
Herein below is included in, write-protected method:
A. the space to BIOS carries out the step of function division;
B. the function interval divided is respectively provided with the step of write protector;
Described write protector must be by user locally located or have to pass through user and authorize and just can be configured
Typically, BIOS may be divided into multiple space, as present mainboard BIOS potentially includes program area and ESCD data
District, and program area includes BOOT (8K or 16K) district and other program, the existing write-protect switch to BIOS is for BIOS
Whole, once write-protect switch is opened, and ESCD district cannot be written and read, and even, the type of computer BIOS chip is all
Can not judge, such write-protect is to sacrifice computing power as cost.
And the writing protection function (write-protect as to BOOT district) in BIOS chip is controlled by computer chipset, change
Word is said, its protection is simply for preventing from disturbing signal or maloperation, rather than prevents virus.
Method of the present invention arranges protection switch respectively to above-mentioned different district, can solve this problem.And this
A little write-protect switch have to pass through user and authorize and just can be configured;
The method of controlling security of a kind of basic input/output (BIOS), including write-protected method, its feature exists
In, the method also including the information in BIOS is verified;
The method of described verification includes herein below:
A. the step of BIOS information verification access interface is set up;
B. the step that selection check is interval;
C. to selecting the interval step verified by verification interface;
D. step safety or the clean BIOS of check results with same version compared;
Verification can use any algorithm, such as CRC8/16/32/64, and the various algorithm such as MD5, SHA256/384/512, very
To all the elements can be read completely, directly compare.
The method verifying the information in BIOS of the present invention, is not to be loaded under state at BIOS itself
OK;This way it is possible to avoid the rogue program in infected BIOS controls computer, being normally carried out of impact verification.If
Carrying out in the case of BIOS has loaded, the virus in BIOS can be after oneself loads, the content in recovery BIOS, and
Re-infection before shutdown, so, the result of verification is the most nonsensical.
Beneficial effect
The method of the invention and system, for different tasks, it is provided that different task run environment, to reach to control
Different safety requirements, owing to can accomplish preferable security isolation between different tasks, thus is avoided that unsafe factor
Propagation between different applications, safety is preferably ensured, has the most universal Practical significance.
Furthermore, it is possible to make computer system electrification of domestic, on the basis of keeping original function and occupation mode, it is also possible to as making
With household electrical appliances (such as TV), use computer, switch different tasks by simple channel of changing, it is also possible to less
Cost obtain and be similar to picture-in-picture (PIP) function of TV.
The non-rain of method of controlling security of basic input/outputs based on computer system and various parts (BIOS)
First silk fabric, for the form of current safety, it is proposed that is controlled following possible destruction and attack approach, further ensures
The safety of computer system.
By selecting switching device (601), in that context it may be convenient to transform existing mainboard, be allowed to support the virtual of data system,
And multiple-unit mainboard has provided the user the data handling system implementation based on multiple subsystem of integration especially.
Accompanying drawing illustrates:
Fig. 1: the data with multiple physics subdata processing system and multiple virtual subnet data handling system process
System;
In figure: 201 is the part that physics subdata processing system is positioned at cabinet (200), and they have single external memory
Storage unit (hard disk) and processor unit (being positioned at mainboard), 202 are positioned at cabinet (200) for virtual subnet data handling system
Part, they are shared and are positioned at the processor unit on physics mainboard (80) and the multiple virtual subnets gone out by hard disk (81) virtual partition
Hard disk;Multiple subdata processing systems share the display (100) required for respective subsystem, key by switching device (600)
All or part of among dish (300), CD-ROM drive (10), mouse (20) and Modem (30).
Fig. 2: there is a physics subdata processing system and the data handling system of multiple virtual subnet data handling system;
This figure is with the difference of Fig. 1, and physics subdata processing system number is different, is multiple in Fig. 1, and this figure is 1,
Other is essentially identical;
Fig. 3: there is the data handling system of four virtual subnet data handling systems;
This figure is with the difference of Fig. 2, and in this figure, four sub-data handling systems are all virtual subnet data handling systems, nothing
Physics subdata processing system, four virtual subnet data handling systems share and are positioned at the processor unit on physics mainboard (80),
But there is independent hard disk respectively;
Fig. 4: there is the data handling system of multiple physics subdata processing system;
This figure is with the difference of Fig. 1, and in this figure, four sub-data handling systems are all physics subdata processing systems, nothing
Virtual subnet data handling system, four physics subdatas process and have the most independent mainboard and hard disk;
(being represented by dashed line virtual in above-mentioned accompanying drawing, same section does not do repeat specification)
Fig. 5: selection switching device structure composition frame chart, in figure, 701: control input interface, 702: control output interface,
700: control unit, 703: HPI;
Fig. 6: selection switching device (602) structural representation on multiple-unit mainboard, in figure, 711: control input interface,
712: control output interface, 710: shared interface switch unit, 602: select switching device;
101: sharing display interface, 40 is the display interface from sub-board unit;
301: sharing keyboard interface, 50 is the keyboard interface from sub-board unit;
121: sharing USB interface, 60 is the USB interface from sub-board unit;
Below in conjunction with embodiment, the present invention is further described.
Specific embodiment
The virtual method of a kind of data handling system, can so implement:
According to the purposes of data handling system, it is divided into multiple virtual subnet data handling system, at each subdata
Reason system has been used for a kind of purposes.As to for work, amusement, Email and the data handling system of finance, four can be divided
Individual virtual subnet data handling system, is called working channel, new entertainment channel, Email channel and finance channel;
By the method arranging frequency channel-selection assembly (virtual subnet data handling system switching device), realize different frequencies
Switching between road.
Four channels share usual data handling system whole hardware in addition to a hard disk, and (yes, and that this channel needs is hard
Part), such as mainboard, internal memory, video card, network interface card, sound card, display, keyboard, mouse, CD-ROM drive, Modem etc.;
Setting up of hard disk can use any one or more of of following method or their combination in any:
1. use the hard disk (this example needs virtual 4 sub-hard disks) with virtual partition device;Each virtual sub-hard disk supplies
One channel uses, and " channel " that select device to be controlled by data handling system of virtual subnet hard disk selects device;
2. using multiple physical hard disks, each hard disk is used for a channel, and multiple hard disks are controlled by hard disk switching device
" channel " in data handling system selects device (switching device);
3. using same hard disk, arrange four different subregions, each subregion is for a channel.The method needs BIOS
The support of system, the channel number that BIOS system selects device to arrange by reading " channel " of data handling system determines from which
Individual subregion guides (can hide as required or not hide other subregion), and the method safety is not so good as method 1 and 2;
4. other method, such as: use the different spaces (needing BIOS to support) of same hard disk, use the identical of same hard disk
Subregion, different configuration boot entries, share part hard disk identical subregion etc.;
The BIOS of described needs supports, can be completed by amendment BIOS system;
For the present embodiment, for providing optimal safety and optimal performance ratio, it is proposed that use and there is virtual partition dress
The hard disk put or multiple electronic hard disc.
For different channels, any one or more of its duty of setting up of following methods can be used:
1./refitting (Install/Reinstall) is installed, refers to reinstall at certain channel and start this channel (for the first time
In installation is also included within), first customer acceptance basic status after every time installing, we term it original installment state;Institute
State basic status and refer to be satisfied with the most basic software system environment of this channel;
2. original rest (Original Reset), refers to certain channel resets to the most original installment state and starts;Original
Installment state can be i.e. first accreditation basic status after user installation, it is also possible to be the primal system state directly obtained
(such as: banking system can by its special transaction system by electronic hard disc for user, now, in electronic hard disc be
System is original installment state for a user);
3. restart (Reboot/Restart), refer to restart certain channel;
4. recover (Resume), refer to recover from any one previously saved working site, so-called working site, refer to user
Oneself preserves, or all working environment of a certain operation time preserved during system switching;
Certainly, on a kind of any of the above described method, we can change certain channel by installing/delete or configuring
Hardware environment and duty.
Described original rest (Original Reset), is referred to the demand of ghost software and hand-held device
Hard reset goes to understand and realize.
Channel switching mechanism described in foregoing invention method, for all software and hardwares required for work at present channel
Environment associates with current channel, and current user operation interface is corresponding with this channel.Described switching can use machinery,
The various possible mode such as electronics or software mark.
The method that off-line (Offline) switches is very simple, and by shutdown, switching channels switchs new channel, turns back on
Startup can complete.Though which is simple, but switching needs switching on and shutting down every time, and the time is longer, and each working site is all
Re-establish, be not suitable for frequently " channel " switching.
(Online) switches more complicated online, in addition to hardware exchange, the working site of current channel to be preserved and
Recover the working site before new channel.To this, we are referred to the principle that CPU interrupts, and whole data handling system are worked as
Make a huge virtual cpu, and by resource all of in data handling system, including real CPU, internal memory, mainboard, and
All relevant device states are as the attribute of this huge virtual cpu, as long as then by all genus of this huge virtual cpu
Property preserve, be equal to save working site, in external memory, load all properties of the virtual cpu of preservation, be equal to extensive
Answer scene.This refers to relevant technology in game amendment software (DOS version, such as GameMaster or GameBaster), and
The relevant technology of debugging software (such as softice).
Another kind of method is made by operating system, now preserves/resume work the function at scene at operating system interior-excess.
Following is a possible relevant step preserving working site optimized:
A. operating system sends " channel swaps out " notice to current running all tasks;
The work space of the most current running task cleaning oneself and resource, and be allowed to minimize;
C. the unwanted all devices of operating system release itself and memory headroom;
If D. there being the exchange page, then refresh the exchange page;
E. all minimum system information that can reconstruct needed for current operating environment is preserved;
F. the state of its equipment used all is preserved;
The relevant step at the scene of resuming work of another correspondence is:
A. the state of its equipment used all of last Locale Holding is loaded
B. load last Locale Holding all can reconstruct current operating environment minimum required software system informations and
Structure;;
C. current operating environment is reconstructed;
D. " channel changes to " notice is sent to current running all tasks
The work space of the most current running task recovery oneself and resource, and it is allowed to normalization;;
Communication between channel switching mechanism and current channel (subdata processing system) can pass through serial ports or other leads to
With/special purpose interface, use interrupt mode or inquiry, it is proposed that be applied in combination interrupt mode and query mode.
After channel switching mechanism receives the complete signal of working site preservation that current channel sends, new frequency will be switched to
Road (hardware and operation interface), and system incision mark is set, then reset system, system bios adapter control, when it is examined
After measuring system incision mark, hardware detection will be skipped, directly or indirectly to in-situ FTIR spectroelectrochemitry service routine, return to new channel
Previous duty.(amendment BIOS need to being correlated with, to read incision mark)
Typically, first sector of boot partition is system start-up sector, for the startup of conventional system, 2-63 sector
For blank sector, not using, we can set the 2nd sector and cut boot sector as channel, cut for system (channel)
Enter, BIOS directly guides the 2nd sector.It is of course also possible to determined by judgement in the first conventional sector be
Conventional guiding or system (channel) incision guiding.
In the present embodiment, for entertainment channel, owing to security requirement ratio is relatively low, we use Windows XP and
IE;
For Email channel, safety ratio is more important, and we use windows2000 and Foxmail, and use special
Fire wall, only allows Foxmail to use specific port;Meanwhile, all unwanted controls and merit on windows2000 is closed
Energy;Use FireFox browser (under safe mode), if necessary.
For finance channel, safety is extremely important, and we use the transaction system on the Linux of customization, this transaction system
System be served only for support electronic transaction, Web bank etc., there is extremely strong network security measures, do not provide other any function (as
Can not be used for seeing news and carrying out amusement etc.);
For working channel, owing to relating to information privacy, forbidding online, we can be with under unloaded operation environmental operation system
Network-driven, and forbid all network functions;
The security isolation of the present embodiment is controlled by the direct access path of software between thoroughly isolation different channel,
Method particularly includes: use and there is the hard disk of virtual partition function or multiple electronic hard disc, make different channels to access and belong to
The sub-hard disk of oneself or electronic hard disc, it is impossible to destroy or affect sub-hard disk or the electronic hard disc of other channel;Data are processed system
The BIOS about parts that unites verifies, and after no problem, the program area to all BIOS is protected by.The CMOS district of system and
The ESCD district of BIOS is owing to for special data area, can not be used for transmitted virus, and certainly, user can also select to write ESCD district
Protection.
By method of the present invention, we can obtain for work by a data handling system, entertains,
Four virtual subnet data handling systems that four kinds of different demands for security of Email and finance are applied, furthermore, it is possible to accomplish as making electricity consumption
Depending on equally using computer, i.e. any switching laws between each task above-mentioned, such as: work is tired, wants to entertain, directly switches
To entertainment channel, it is seen that entertain message well, want to tell friend, the most directly can be switched to Email channel, send email, then
Finance channel can also be arrived and see the Bank Account Number of oneself, be then return to working channel and work on, now, the shape of working channel
State is as when leaving.The switching of channel, as using TV, can be i.e. the channel adjustment device of machinery, it is also possible to be
Electronics or remote control.Computer is used by method of the present invention, the most convenient, safety again, there is bigger social valency
Value.
The method of controlling security of basic input/output of the present invention (BIOS) is in above-mentioned data handling system
Have also been obtained application in the embodiment of virtual method, it can so be implemented: the verification mouth of setting can be passed through interface line
Cause on cabinet or front panel, use other equipment to verify, by this interface can access this BIOS chip type and
Any content in chip.Certainly, the verification mouth of setting can also be the special purpose interface between certain device of the machine, by this
Device can complete verification, such as the BIOS system to mainboard.And BIOS and CPU on mainboard can come school by EBI
Test other such as SCSI or the BIOS system of network interface card.
Guard method to the different data field in Write-protection method, is to carry out by being compared to writing address
, the write-protect switch of section belonging to this comparative result and this address determines whether the operation of corresponding write BIOS is allowed to,
This compares logic circuit can be used to carry out, and the range of definition of section is if it is desirable, can arrange and change.
For carrying out online (Online) between multiple virtual subnet data handling systems of shared same processor unit
The method of switching can so be implemented, and the handover request of user can be by the channel switch of machinery or the remote switch of electronics
Sending, switching device receives the handover request of user, sends " system cuts out " signal, this letter to current subdata processing system
Number suggestion uses interrupt mode to drive, and after current subdata processing system receives this interrupt signal, notifies operation system thereon
System, operating system calls preservation working site routine, returns one " system has cut out " signal of switching device after completing, then when
Front subsystem cuts out successfully.
If switching device does not receive this signal within the time of regulation, then resend " system cuts out " signal,
After the number of times failure of regulation, can be according to prior setting, decision is to switch that to be also to maintain improper front state constant by force.
After having cut out (or after failure user selects be switching by force), then the subdata that switching device switching is new processes
The switching of the resource required for system, mainly hard disk storage units and the setting of some systems are (as shielded some hardware or setting
Put some hardware and arrive particular state etc.), then, switching device sets " system incision " signal, and (this signal is advised in switching device
Arrange a level signal to realize), by system reset (warm startup), give BIOS system control.
BIOS obtains control, and " system incision " signal that inquiry switching device sets, when it detects system incision letter
Number mark after, hardware detection will be skipped, directly or indirectly to in-situ FTIR spectroelectrochemitry service routine, return to the work that new channel is previous
State.
Typically, first sector of boot partition is system start-up sector, for the startup of conventional system, 2-63 sector
For blank sector, not using, we can set the 2nd sector and cut boot sector as channel, cut for system (channel)
Enter, BIOS directly guides the 2nd sector.It is of course also possible to determined by judgement in the first conventional sector be
Conventional guiding or system (channel) incision guiding.
Scene of resuming work completes, new subdata processing system work, and it can be selectively to switching device transmission
One " system has been cut " signal, this step is simply for constituting complete question and answer, not necessarily.
More than need BIOS system to coordinate, can be completed by the amendment that BIOS is correlated with.
Switching device can be carried out by arbitrary interface channel with communicating of data system.
The method preserving/resume work scene can so be implemented, and arranges a set of system functions in operating system aspect,
I.e. preserve working site to call and scene of resuming work is called, wherein, preserve working site and call and sent by switching device
" system cuts out " signal activation, after this has called, operating system typically can reply switching device one " system has cut out "
Signal, then oneself is shut down or is in circular wait;Resume work scene call then by bootstrap " system incision " believe
Call under number, complete back operation system and can send " system a has been cut " signal to switching device.
Fig. 2 is data handling system most preferred embodiment schematic diagram of the present invention, at the data described in presently preferred embodiment
Reason system includes 1 physics subdata processing system and multiple virtual subnet data handling system, in other words, empty in the present embodiment
The number intending subdata processing system can change, and this depends on that the hard disk with virtual partition that system uses can carry
Minimum between the channel selection number-1 that the maximum sub-hard disk number of confession and the switching device (600) of the present embodiment can be provided by
Person.Such design is the needs in order to meet reality.
The present embodiment includes two set mainboards (often overlap and comprise a processor unit) and corresponding board, wherein one applies mechanically
In physics subdata processing system, other set is shared for multiple virtual subnet data handling systems, physics subdata processing system
Can use arbitrary external memory device (hard disk A), virtual subnet data handling system uses the hard disk with virtual partition function
(81) (hard disk B).Mainboard for physics subdata processing system selects the epistasis energy mainboard (mainboard A) of current trend, and uses
Mainboard in virtual subnet data handling system selects safety, such as: the VIA Nano-ITX mainboard (mainboard B) of Weisheng, size
Only 12cm × 12cm, it provides multinomial safety measure on hardware, and economic electricity, such that making is two pieces of mainboards, it is possible to
To use common power supply.Can support.
Physics subdata processing system be used for daily game, browse, safety is not required or wants by amusement etc.
Asking the highest task, virtual subnet data handling system to be used for the aspect that safety requirements is higher, each virtual subnet data process
System be used for one or a generic task, such as: email, the credit card, bank card, paying card, electronic transaction, membership service etc., very
Extremely, different bank services can use different virtual subnet data handling systems to complete, so, and will not be because of any carelessness
And cause all accounts impaired, there is high safety.Owing to virtual subnet data handling system can increase at any time, facilitate
User's setting to new demand.
Owing to having two set mainboards, they can work simultaneously, the most just means this, when physics subdata processing system under
When carrying a bigger film, user can be switched to certain virtual subnet data handling system and checks email or check silver
Row account.This has, with the picture-in-picture (PIP) in TV, the effect played the same tune on different musical instruments.
All subdata processing systems share display, keyboard, mouse;
CD-ROM drive, the equipment such as Modem determines as required, and for CD-ROM drive, typically no necessity uses simultaneously, can share;
Modem is if routing mode, then by switch, two set mainboards are the most accessible, if dial mode, it is necessary to user is certainly
Determine whether to be necessary to share;
And for the parallel port/serial ports/USB interface etc. of two set mainboards, can decide whether to allow switching device as required
(600) public port being switched on panel is up.
Software system configures as required, can be general-purpose system, it is also possible to be dedicated system.
Switching device (600) uses below table to carry out equipment switching:
| Subsystem 1 | Subsystem 2 | Subsystem 3 | ……… | Subsystem n | |
| Display | -> mainboard A | -> mainboard B | -> mainboard B | ……… | -> mainboard B |
| Keyboard | -> mainboard A | -> mainboard B | -> mainboard B | ……… | -> mainboard B |
| Mouse | -> mainboard A | -> mainboard B | -> mainboard B | ……… | -> mainboard B |
| CD-ROM drive | -> mainboard A | -> mainboard B | -> mainboard B | ……… | -> mainboard B |
| Public USB interface | -> mainboard A | -> mainboard B | -> mainboard B | ……… | -> mainboard B |
| Printer | -> mainboard A | -> mainboard B | -> mainboard B | ……… | -> mainboard B |
| Modem | User determines | User determines | User determines | ……… | User determines |
| Hard disk A | -> mainboard A | - | - | ……… | - |
| Hard disk B-1 | - | -> mainboard B | - | ……… | - |
| Hard disk B-2 | - | - | -> mainboard B | ……… | |
| Hard disk B-(n-1) | - | - | - | ……… | -> mainboard B |
| Duty | Constant | Cut/cut out | Cut/cut out | Cut/cut out | Cut/cut out |
That switching device (600) can use machinery or electronics method above-mentioned needs equipment to switch.Cutting of equipment room
Changing primitive form is 2 to select 1 (such as: display) or n to select 1 (such as: have the hard disk of virtual partition function), the simply reality of distinct interface
Border heart yearn number is different, and these are simple technology.
For the online switching between the virtual subnet data handling system of shared same processor unit, need to be on-the-spot guarantor
Protecting and recover, in the virtual method according to data handling system of the present invention, relevant step is carried out, required switching dress
Control part in putting can use circuit, logic circuit or microcontroller etc. to realize.
And for processing online switching, virtual subnumber between the virtual subnet data handling system of shared different processor unit
Switch online according between switching online between processing system and physics subdata processing system and physics subdata processing system,
Because the subsystem work cut/cut out is in physics mainboard respectively and hard disk, typically need not do scene protection and recovery.
When such a, being i.e. virtual subnet data handling system when the new subsystem of incision, and this is new
Virtual subnet data handling system is not the most at the upper current virtual subnet data run in its place physics mainboard (containing processor unit)
Reason system, now, it is also desirable to carrying out scene protection and recovery, simply the object of scene protection is not the subsystem finally cut out,
But the current virtual subnet data handling system run on new virtual subnet data handling system place physics mainboard.
In another embodiment, the physics subdata processing system 1 (201) in above-described embodiment can also be carried out by we
Virtual process, thus form the data handling system with two groups of virtual subnet data handling systems.Obviously, by physics subdata
The hard disk that reason system 1 is used is changed to the hard disk with virtual partition function, then switching device redesigns (definition)
?.
4 sub-data handling systems that data handling system in embodiment shown in Fig. 3 comprises are entirely virtual subnumber
According to processing system, but each virtual subnet data handling system uses single electronic hard disc, coordinates card insert type electronic hard disc to select
Device (may be included in switching device), for the dedicated system that security requirement is higher, owing to card insert type electronic hard disc is permissible
Change at any time, even if so only 4 sub-data handling systems, by changing electronic hard disc at any time, can expand to countless
Actual application.
4 sub-data handling systems that data handling system in embodiment shown in Fig. 4 comprises are entirely physics subnumber
According to processing system, for the occasion needing special multi-task parallel to run.
The embodiment of above-mentioned data handling system, when shutdown, needs to close the subsystem of all of current operation successively
Machine, then could cut out main power.Specifically can be implemented:
1. it is switched to the subsystem of each current operation, closes, finally close main power;
2. sent to switching device by any one subsystem " shutdown " signal, this signal is transmitted to by switching device again
The subsystem of all of current operation;
And for start, it should be noted that for non-mouse both and the keyboard i.e. inserted, if multiple physics subsystem
Starting shooting simultaneously, and system only shares a set of mouse and keyboard, some subsystem will necessarily be caused to can't detect them, result is
After startup, mouse and keyboard can not be used, and this problem can so solve:
1. use the mouse and keyboard both i.e. inserted, such as mouse and the keyboard of USB;
2. set power-on operation only the subsystem of active user's selection to be carried out, say, that unless needed for using certain son
System, just starts it, the most not powered, i.e. solves the problems referred to above, has saved again the energy;
One embodiment of selection switching device (601) of the present invention can so be implemented, and designs one and has
The plug-in card of pci interface, i.e. HPI (703) is pci interface, and by pci interface, main frame can with selection switching device (601)
With intercommunication, controlling input interface and use selection aspect, the selection switching device of the present embodiment supports 8 " channel ",
Thus, select the band switch (being positioned on user's cabinet panel, be equivalent to the channel adjustment device of TV) of 1 by 1, this is set
Signal, band switch is by 9 (including 1 ground wire) lead-in wire Access Control input interface (701), Low level effective.
And control unit (700) uses a simple 8 8-digit microcontrollers such as 89C51 and corresponding peripheral circuit to come real
Existing.Idiographic flow is discussed in detail in the method for the present invention, is not repeated herein.
It is definable that control output interface (702) is designed as user in the present embodiment, gets final product user and sets selection output
For coded system or use line selection aspect, for line selection aspect, user can also define high level effectively or
Low level effective, as such, it is possible to adapt to more equipment choice.
To controlling the setting of output interface (702) and redefining, can be completed by the microcontroller in control unit (700).
Another embodiment selecting switching device (601) can use USB interface and main-machine communication, and control input and connect
Mouth (701) uses infrared interface, coordinates user to use remote controller operation.The present embodiment can also be designed as controlling input interface
(701) supporting infrared interface and addressable port, the former corresponding remote controller, the latter's correspondence digital keys adjusting means (is positioned at simultaneously
On panel).
BIOS required for above-mentioned two embodiment supports, can be supplied by the BIOS module and calling interface that provide standard
User adds in the BIOS of its required mainboard.
The further embodiment selecting switching device (601) is to have the mainboard of selection switching device (601), i.e. at mainboard
In be directly integrated this device, the HPI (703) of this embodiment uses internal proprietary interface to realize, it is provided that control input interface
(701) and control output interface (702) adapter.Owing to being integrated on mainboard, it is possible to be directly provided with in BIOS
Close option and directly support virtual functions.Whole unit uses special IC to realize.Control input in the present embodiment
Interface (701) and control output interface (702) are advised multiplexing I2C bus and use coded system transmission information (signal).
Or can define in the future is specifically designed to virtual interface standard.
The most preferred embodiment of multiple-unit mainboard is one piece comprises the mainboard of two sub-board unit, one of them sub-mainboard list
Unit is for having the mainboard (sub-mainboard B) that virtual functions is supported, this sub-mainboard is by VIA Nano-ITX mainboard integrated selection switching dress
Put (601) to form.Another sub-board unit can be currently a popular epistasis energy mainboard (sub-mainboard A).
Multiple-unit mainboard described in the present embodiment is for providing integrated hardware support to the data handling system shown in Fig. 2.
The control input interface (711) selecting switching device (602) selects signal for " channel " that accept user, shares
Interface switch unit (710) is for switching (above-mentioned to shown in Fig. 2 by shared equipment or interface between sub-mainboard A and sub-mainboard B
Embodiment in have associated description), control the control of selection switching device (601) on output interface (712) connexon mainboard B
Input interface (701), selects the control output interface (702) of switching device (601) to connect the hard disk selection device needed for sub-mainboard B
Input.
Owing to selecting switching device (601) and selecting switching device (602) on the big mainboard of same, realize so actual
Time can merge into same device, it might even be possible to use same special chip to realize.
In the present embodiment, the physics subdata processing system that our definition is made up of sub-mainboard A is 1#, by sub-mainboard B
The multiple virtual subnet data handling systems constituted are 2# ... n#, then the selection 1# of user ... N# enters from controlling input interface (711)
Enter, share interface switch unit (71O) and 2#--N# is selected signal except selecting to be connected to shared equipment and interface mainboard B
Outward, in addition it is also necessary to by 2# ... n# signal passes to select the control input of switching device (601) to connect by controlling output interface (712)
Mouth (701), 2# now ... that n# is corresponding is virtual subnet data handling system 1#--(N-1) # on sub-mainboard B, at this time, it may be necessary to
Processing unit (700) makees a simple conversion, it is of course also possible to do this conversion in any one link of above-mentioned passage.
In the present embodiment, sub-mainboard A is not generally integrated video card, and the video card of sub-mainboard B is integrated, this kind of situation
Under, the display output interface of sub-mainboard B can directly by wiring be connected to share interface switch unit (710) son display connect
Mouthful, such as son display interface 2 (40), and the video card of sub-mainboard A can be accessed by a patchcord and share interface switch unit
(710) son display interface, such as son display interface 1 (40).
It is to say, interface integrated on mainboard, can be routed directly to share interface switch unit (710), and
The interface of plug-in card, then need to be accessed by patchcord to share interface switch unit (710).
Relevant setting, can be carried out, such as: user may select the switching scope of shared interface in the setting options of BIOS,
And can allow or forbid the switching of some shared interface.
Finally, the external memory with virtual partition function that the present invention relates to and external memory storage space
Virtual partition, if reader does not obtain enough data in the range of this specification, refer to relevant invention (such as: China
Invention 00114264.X or patent application: 200410087209).
Claims (10)
1. a changing method, online for carrying out between multiple subdata processing systems of shared same processor unit
(Online) switching, it is characterised in that including:
A. user sends subdata processing system handover request to switching device;
B. switching device sends system switching out signal to current sub-data processing system;
C. current sub-data processing system preserves its working site;
D. the resource needed for switching device arranges new subdata processing system, and send system switching in signal;
The newest subdata processing system obtains control, recovers the working site that its original preserves;
Described online switching, does not include that the operating system of the subdata processing system before and after switching is positioned in internal memory simultaneously.
2. the method for claim 1, it is characterised in that its working site of described preservation includes:
A. operating system sends " preservation working site " notice to current running task;
The work space of the most current running task cleaning oneself and resource;
C. operating system clears up work space and the resource of oneself;
D. preserve and can reconstruct the most basic system information needed for current operating environment;
E. the state of its equipment used all is preserved.
3. the method for claim 1, it is characterised in that the working site that described recovery its original preserves includes:
The state of its equipment used the most all preserved during being A. enclosed in " preservation working site ", and phase is set with this
Close equipment state;
B. all most basic systems that can reconstruct working environment at that time preserved during being enclosed in " preservation working site "
Information, and reconstruct working environment at that time;
C. the work space of operating system recovery oneself and resource;
D. operating system sends " scene of resuming work " notice to current running task;
The work space of the most current running task recovery oneself and resource.
4. the method for claim 1, it is characterised in that described switching device uses the switching side between television channel
Formula.
5. the method for claim 1, it is characterised in that step E is: new virtual subnet data handling system obtains and controls
Power, carries out starting (boot) or restarts (reboot) or reset (reset) or mode that user specifies starts.
6. the method as described in claim 1,2,3,4 or 5, it is characterised in that described data handling system is computer system.
7. a data handling system, including multiple subdata processing systems and a switching of sharing this data processing system resources
Device, it is characterised in that use the method described in claim 1 to switch between multiple subdata processing systems.
8. system as claimed in claim 7, it is characterised in that between the plurality of subdata processing system mutually safety every
From.
9. system as claimed in claim 8, it is characterised in that outside described security isolation is to different subdata processing systems
Memorizer carries out security isolation.
10. the system as described in claim 7,8 or 9, it is characterised in that described data handling system is computer system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010217607.7A CN101964029B (en) | 2004-12-31 | 2005-12-29 | The method of online switching between multiple subdata processing systems |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410102989.3 | 2004-12-31 | ||
| CN2004101029893 | 2004-12-31 | ||
| CN200410102989 | 2004-12-31 | ||
| CN201010217607.7A CN101964029B (en) | 2004-12-31 | 2005-12-29 | The method of online switching between multiple subdata processing systems |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510132889 Division CN1825285A (en) | 2004-12-31 | 2005-12-29 | data processing system with multiple subsystems and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101964029A CN101964029A (en) | 2011-02-02 |
| CN101964029B true CN101964029B (en) | 2016-12-14 |
Family
ID=
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1264078A (en) * | 1999-02-19 | 2000-08-23 | 株式会社日立制作所 | Computer for executing multiple operation systems |
| US6578140B1 (en) * | 2000-04-13 | 2003-06-10 | Claude M Policard | Personal computer having a master computer system and an internet computer system and monitoring a condition of said master and internet computer systems |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1264078A (en) * | 1999-02-19 | 2000-08-23 | 株式会社日立制作所 | Computer for executing multiple operation systems |
| US6578140B1 (en) * | 2000-04-13 | 2003-06-10 | Claude M Policard | Personal computer having a master computer system and an internet computer system and monitoring a condition of said master and internet computer systems |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101963929B (en) | The method preserving/resume work scene | |
| CN102110023B (en) | Control method, system and computer for parallel running of multi-user operating system | |
| CN101142553B (en) | OS agnostic resource sharing across multiple computing platforms | |
| CN101482832B (en) | System and method for supporting metered clients with manycore | |
| US8775782B2 (en) | Network system, method of controlling access to storage device, administration server, storage device, log-in control method, network boot system, and method of accessing individual storage unit | |
| EP1379944B1 (en) | Method and apparatus to power off and/or reboot logical partitions in a data processing system | |
| CN100361083C (en) | Information processing system, information processing method, and program | |
| CN101436165B (en) | System and method for management of an IOV adapter | |
| US8032883B2 (en) | Controlling access from the virtual machine to a file | |
| CN101171577B (en) | Delegating universal serial bus functionality | |
| US20110307639A1 (en) | Virtual serial port management system and method | |
| CN1954297A (en) | Isolated multiplexed multi-dimensional processing in a virtual processing space having virus, spyware, and hacker protection features | |
| CN105302248A (en) | Chip set and server system | |
| CN101083070A (en) | Dynamic multiple display configuration | |
| CN105245523A (en) | Storage service platform applied to desktop virtual scene and implementing method thereof | |
| CN104067223B (en) | For the method by providing the blunt input/output abstract reduction platform boot time | |
| US20030188115A1 (en) | System and method for backing up data from a quiesced storage device | |
| CN1825285A (en) | data processing system with multiple subsystems and method | |
| CN101964029B (en) | The method of online switching between multiple subdata processing systems | |
| CN113031857A (en) | Data writing method, device, server and storage medium | |
| CN105589659B (en) | Data processing system with multiple subsystems and method | |
| US10320577B2 (en) | Disregarding input in wake-on-LAN boot | |
| CN102736908A (en) | System, device and method for remotely setting CMOS (Complementary Metal-Oxide-Semiconductor Transistor) parameters | |
| KR101108078B1 (en) | Network switching system of multi-user computer | |
| KR20070091882A (en) | Variable method for source path of operating system and the computer system for it |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |