CN102110217A - Method for automatic repairing through virtual machine station rotation - Google Patents
Method for automatic repairing through virtual machine station rotation Download PDFInfo
- Publication number
- CN102110217A CN102110217A CN2009102442547A CN200910244254A CN102110217A CN 102110217 A CN102110217 A CN 102110217A CN 2009102442547 A CN2009102442547 A CN 2009102442547A CN 200910244254 A CN200910244254 A CN 200910244254A CN 102110217 A CN102110217 A CN 102110217A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- foreground
- virtual
- backstage
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method for automatic repairing through virtual machine station rotation. The method comprises steps as follows: automatic station rotation of a plurality of virtual machines with identical functions and different systems is adopted to provide external service; simple and direct switching station rotation is adopted to so as to switch to the route of a next virtual machine and then to the next virtue machine; and cluster technology is adopted to switch task under conversation state. The invention solves the problems of the prior art that password rotation log-on is easy to crack, manual switching safety equipment is poor in safety, and reliance on human is high.
Description
Technical field
The present invention relates to unmanned safety monitoring technology, security response self-repair technology, cluster, system reducing technology, particularly a kind of method that realizes automatic reparation by the virtual machine job rotation.
Background technology
The wide range that the security system security response is contained both can comprise the blocking-up attack, review the source, also can comprise automatic reparation, self-perfection, even can comprise active defense, active counterattack etc.
The security response autonomous repair technology is to the further developing of unmanned safety monitoring technology, and still is in the research Qualify Phase at present, and small-scale application is only arranged in the laboratory.The unmanned safety monitoring technology drops to very low degree to the dependence to the people, and automatically response technology is more advanced, can active process major part safety problem, served as system manager's role by computing machine, and need not manual intervention.
Computer virus, worm already with reproducible, can propagate, the self-viability that fact proved software of scalable (distortion, hide detection), and virtual machine, cluster are sophisticated system more, intelligent degree and dirigibility are all higher.Virtual machine itself is just supported functions such as clone, migration, recovery, also widespread uses in network of function such as system upgrade, patch reparation, condition monitoring.
Security response self-repairing system technology commonly used mainly contains two kinds at present: login mode by turns 1, accesses to your password; 2, by the artificial mode of changing safety equipment.Simply be described below:
Prior art one: alternative password login mode
Principle: the time that delays to invade attack with a plurality of passwords.
Shortcoming:, perhaps walk around password authentification and also can realize invasion by other leak as long as the assailant has time enough just can break through.
Prior art two: manually change safety equipment
Shortcoming: can't accomplish to switch in 5 minutes once, to people's dependence height all, security can't be with comparing by turns automatically.
In sum, the security response self-repair technology easy crack of prior art has the time enough intrusion system for the assailant, and security is not high.
Summary of the invention
The safety equipment device of a kind of job rotation formula of using the virtual machine structure that the embodiment of the invention provides in order to solve easily being broken of existing safe self-repair technology, the response time is long, big to people's dependence, realize invasion and the low problem of security by other leaks.
A kind of method of safety equipment of the job rotation formula of using virtual machine structure comprises:
The post task that a plurality of functions are identical, the discrepant virtual machine of system is born safety equipment jointly, the same time has and has only a virtual machine that external service is provided on the foreground, and all the other virtual machines are on the backstage.The system reducing of backstage virtual machine, the operate as normal that operation can not influence the foreground virtual machine such as restart.
In the time of job rotation, adopt simply to be directly switch to the network route of next virtual machine, get on thereby change to another virtual machine.
A kind of device of safety equipment of the job rotation formula of using virtual machine structure comprises:
System has been divided into two-layer, is respectively the operation layer of virtual machine composition and the supporting layer that virtual machine carrier (real equipment) is formed.Supporting layer is responsible for moving the virtual machine of operation layer, externally provides service by operation layer.
A plurality of virtual machines are arranged in the operation layer, all are same functions, but dummy machine system can be different, and system's setting also can be different.The same time has only a virtual machine on the foreground, and all the other virtual machines are automaticallyed switch by virtual router on the backstage.Switch to the virtual machine on foreground, route communicates with external network, and the virtual machine on backstage is then obstructed toward outside network.
The closing of backstage virtual machine, system reducing, reboot operation can not have influence on the normal operation of foreground virtual machine.Virtual machine carries out above-mentioned a series of selfreparing operation after the foreground falls back on the backstage, become a brand-new system, and then wheel gains the foreground.
The safety equipment device post task that a plurality of functions are identical by using, the discrepant virtual machine of system is born safety equipment jointly of the job rotation formula of the use virtual machine structure that the embodiment of the invention realized, the same time has and has only a virtual machine that external service is provided on the foreground, and all the other virtual machines are on the backstage.The system reducing of backstage virtual machine, the operate as normal that operation can not influence the foreground virtual machine such as restart, in the time of job rotation, adopt the mode of the network route that simply is directly switch to next virtual machine to switch on another virtual machine, realized the automatic switchover of safety equipment brand-new in certain rotation time, shortened assailant's the time utilized, the possibility that the reduction system is broken, the security that has improved system.
A kind of method that realizes automatic reparation by the virtual machine job rotation
Description of drawings
The system schematic of Fig. 1 for realizing by the virtual machine job rotation repairing automatically;
Fig. 2 is the running synoptic diagram of system shown in Figure 1;
Fig. 3 is the control flow synoptic diagram of the present invention to the virtual machine carrier.
Embodiment
The infringement that is caused at existing security attack mainly concentrates on the destruction of software and data aspect and causes systemic breakdown, communication blocking, service disconnection etc., and it is more rare to the destruction of hardware device, and existing selfreparing design easy crack, the time enough intrusion system is arranged for the assailant, security is not high and big to people's dependence, the embodiment of the invention adopts a plurality of functions identical, the discrepant virtual machine of system is on duty by turns, bear the method for the post task of safety equipment jointly, system is divided into two-layer, supporting layer is responsible for moving the virtual machine of operation layer, operation layer externally provides service, shorten effective attack of assailant, the security response selfreparing of realization system, maintaining system safety.
As shown in Figure 1, the safety equipment device that the embodiment of the invention provides mainly has been divided into two-layer, is respectively the operation layer of virtual machine composition and the supporting layer that the virtual machine carrier is formed:
Supporting layer is responsible for moving the virtual machine of operation layer.
Operation layer externally provides service, and a plurality of virtual machines are wherein arranged, and all is same function, but dummy machine system can be different, and system and device also can be different.The same time has only a virtual machine on the foreground, and all the other virtual machines have virtual router to automatically switch on the backstage.Switch to the virtual machine on foreground, route communicates with external network, and the virtual machine on backstage is then obstructed toward outside network.
The closing of backstage virtual machine, system reducing, reboot operation can not have influence on the normal operation of foreground virtual machine.Virtual machine carries out above-mentioned a series of selfreparing operation after the foreground falls back on the backstage, become a brand-new system, and then wheel gains the foreground.
As shown in Figure 2, the virtual machine that the embodiment of the invention provides rotates that each virtual machine has three kinds of states in the system: operation, reduction and ready, and wherein running status requires virtual machine to be in the foreground, and reduction, ready state then require virtual machine to be in the backstage.Each virtual machine is all in this periodically circulation change between state in 3:
1. when virtual machine is in the foreground, be run mode, service externally is provided.
2. virtual machine falls back on the backstage from the foreground, and state also just becomes reduction from operation, needs through shutdown, system reducing, operation such as restarts.
3. after virtual machine is restarted successfully, recover to become a brand-new system.It can normally provide the virtual machine carrier sense after the service, will be in the state that just needs, and waits at any time and is rotated to the foreground.
4. to the interval time of rotating automatically, the virtual machine carrier just switches to the foreground to it by virtual router, again externally service.
Controlling professional virtual machine and virtual router by the virtual machine carrier unification of supporting layer, finishing the rotating of a plurality of virtual machines, reduce, restart, work such as foreground switching.And the selection of the detection of virtual machine state and virtual router is also all finished by this virtual machine carrier.
As shown in Figure 3, the virtual machine that the embodiment of the invention provides is rotated in the system, and the control flow of virtual machine carrier is divided into following a few step:
1. when arriving rotation time, system starts j+1 platform virtual machine automatically, and this moment, the j+1 virtual machine was in running status.
2. i+1 platform virtual machine forced shutdown.
3. use standby system to recover i+1 platform virtual machine.
4. i+1 platform virtual machine restarts.
5. send request of access to i+1 platform virtual machine, judge whether the visit result overtime phenomenon normally or not occurs.
6. the situation that overtime or access exception do not occur then becomes ready state with i+1 platform virtual machine, and wait rotation time i+1 platform virtual machine by turns provides service to the foreground.
7. if the situation of overtime or access exception occurs, then jump to step 4, restart i+1 platform virtual machine.
The virtual machine carrier is just chosen the virtual machine under the ready state circularly every certain cycle (for example 5 minutes), by virtual router it is switched to the foreground, changes original foreground virtual machine simultaneously, allows it finish the process of system reducing on the backstage.
Reduction and restart after virtual machine, need detection through the virtual machine carrier, can normally externally serve just and can enter ready state.
The same time only has the virtual machine of a running status, and the virtual machine under other state is not limit.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (5)
1. one kind is passed through the method that the virtual machine job rotation is realized repairing automatically, it is characterized in that this method comprises:
System is divided into two-layer, the supporting layer formed of operation layer of forming by virtual machine and virtual machine carrier (real equipment) respectively;
Supporting layer is responsible for moving the virtual machine of operation layer, externally provides service by operation layer.
Many the virtual machines that function is identical are wherein arranged in the operation layer, but the system of virtual machine can be different, the setting of system also can be different; The same time has only a virtual machine on the foreground, and all the other virtual machines are on the backstage.
Automatically switch by router between the virtual machine;
Switch to the virtual machine on foreground, route is identical with external network, the then different net external networks of the virtual machine on backstage.
2. the method for claim 1 is characterized in that, the operation of backstage virtual machine can not have influence on the normal operation of foreground virtual machine;
Virtual machine is shifted the backstage onto from the foreground, closes, system reducing, the operation of a series of self-regenerations such as restarts, and becomes a brand-new system, gains the foreground at wheel then.
3. as right 2 described methods, it is characterized in that, control professional virtual machine and virtual router, finish the rotating of a plurality of virtual machines, reduce, restart, work such as foreground switching by the virtual machine carrier unification of supporting layer;
The detection of virtual machine state and the Route Selection of router also all are to be finished by the virtual machine carrier of this supporting layer.
4. as right 3 described methods, it is characterized in that, the state of each virtual machine is divided into 3 kinds: all periodic circulation changes between this three state of operation, reduction and ready, each virtual machine;
Running status requires virtual machine to be in the foreground;
Reduction, ready state then require virtual machine to be in the backstage.
5. as right 4 described methods, it is characterized in that each certain cycle of virtual machine carrier, just choose the virtual machine under the ready state circularly, by virtual router he is switched to the foreground, change original foreground virtual machine simultaneously, allow it finish the process of system reducing on the backstage;
Reduction and restart after virtual machine, need detection through the virtual machine carrier, can normally externally serve just and can enter ready state;
The same time only has the virtual machine of a running status, and the virtual machine under other states is not limit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102442547A CN102110217B (en) | 2009-12-28 | 2009-12-28 | Method for automatic repairing through virtual machine station rotation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102442547A CN102110217B (en) | 2009-12-28 | 2009-12-28 | Method for automatic repairing through virtual machine station rotation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102110217A true CN102110217A (en) | 2011-06-29 |
| CN102110217B CN102110217B (en) | 2013-07-24 |
Family
ID=44174371
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102442547A Active CN102110217B (en) | 2009-12-28 | 2009-12-28 | Method for automatic repairing through virtual machine station rotation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102110217B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254312A (en) * | 2016-07-15 | 2016-12-21 | 浙江宇视科技有限公司 | A kind of method and device being realized server attack protection by virtual machine isomery |
| WO2017092539A1 (en) * | 2015-11-30 | 2017-06-08 | 中兴通讯股份有限公司 | Virtual machine repairing method, virtual machine device, system, and service functional network element |
| CN107003891A (en) * | 2016-08-31 | 2017-08-01 | 深圳前海达闼云端智能科技有限公司 | Virtual machine switching method, device, electronic equipment and computer program product |
| CN112398850A (en) * | 2020-11-13 | 2021-02-23 | 国网冀北电力有限公司张家口供电公司 | Dynamic defense method based on heterogeneous server platform |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7424709B2 (en) * | 2003-09-15 | 2008-09-09 | Intel Corporation | Use of multiple virtual machine monitors to handle privileged events |
| US20060143517A1 (en) * | 2004-12-22 | 2006-06-29 | Microsoft Corporation | Replicated virtual machine |
| US8621459B2 (en) * | 2006-12-22 | 2013-12-31 | Intel Corporation | Method and apparatus for multithreaded guest operating system execution through a multithreaded host virtual machine monitor |
| CN101408853B (en) * | 2008-10-27 | 2010-10-13 | 中国科学院计算技术研究所 | Apparatus and method for scheduling virtual machine |
| CN101436966B (en) * | 2008-12-23 | 2011-06-01 | 北京航空航天大学 | Network monitoring and analysis system under virtual machine circumstance |
-
2009
- 2009-12-28 CN CN2009102442547A patent/CN102110217B/en active Active
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017092539A1 (en) * | 2015-11-30 | 2017-06-08 | 中兴通讯股份有限公司 | Virtual machine repairing method, virtual machine device, system, and service functional network element |
| CN106254312A (en) * | 2016-07-15 | 2016-12-21 | 浙江宇视科技有限公司 | A kind of method and device being realized server attack protection by virtual machine isomery |
| CN106254312B (en) * | 2016-07-15 | 2019-12-13 | 浙江宇视科技有限公司 | method and device for achieving server attack prevention through virtual machine heterogeneous |
| CN107003891A (en) * | 2016-08-31 | 2017-08-01 | 深圳前海达闼云端智能科技有限公司 | Virtual machine switching method, device, electronic equipment and computer program product |
| WO2018039967A1 (en) * | 2016-08-31 | 2018-03-08 | 深圳前海达闼云端智能科技有限公司 | Virtual machine switching method and apparatus, electronic device, and computer program product |
| CN112398850A (en) * | 2020-11-13 | 2021-02-23 | 国网冀北电力有限公司张家口供电公司 | Dynamic defense method based on heterogeneous server platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102110217B (en) | 2013-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110024356B (en) | Apparatus, system, method for offloading computing services | |
| CN101583144B (en) | Wireless controller service information backup method and equipment | |
| US20150050922A1 (en) | Mobile device security system | |
| CN102110217B (en) | Method for automatic repairing through virtual machine station rotation | |
| US10694402B2 (en) | Security orchestration and network immune system deployment framework | |
| US9532359B2 (en) | Resource allocation method and device | |
| WO2010032249A2 (en) | System and method for emulating a computing device | |
| WO2016058307A1 (en) | Fault handling method and apparatus for resource | |
| US20110154475A1 (en) | Modem and method for conserving power consumption of an electronic device | |
| CN107003891A (en) | Virtual machine switching method, device, electronic equipment and computer program product | |
| CN110149231B (en) | Method, device, storage medium and equipment for updating virtual switch | |
| CN104375869A (en) | Self-starting application control method and device | |
| US9572034B1 (en) | Systems and methods for securing wireless networks | |
| CN102026222A (en) | Ping-pong reselection control method, device and system | |
| US10158705B2 (en) | Migration of hosts | |
| CN103679007A (en) | Method and device for managing application program permission and mobile device | |
| CN104809400A (en) | Process protection method and device | |
| CN104539716A (en) | Cloud desktop management system desktop virtual machine dispatching control system and method | |
| US9329790B2 (en) | Method and system for managing a storage network to reduce power consumption | |
| CN105487917B (en) | A kind of virtual machine realizes the method and device that verification code system is repaired | |
| WO2017219897A1 (en) | Network registration method and apparatus for mobile terminal, and mobile terminal | |
| CN110798459A (en) | Multi-safety-node linkage defense method based on safety function virtualization | |
| CN102547665A (en) | Communication processing method and communication processing device | |
| CN104598309A (en) | Multi-mode OS (operating system) based on OS virtualization and creating and switching method thereof | |
| US20160328006A1 (en) | Distributed power management with partial suspend mode for distributed storage systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Beijing Safe-Code Technology Co., Ltd. Document name: the First Notification of an Office Action |
|
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100082, building 1, building 32, 612 North Main Street, Haidian District, Beijing, Xizhimen Applicant after: Beijing Safe-Code Technology Co., Ltd. Address before: 100876 No. 34 South College Road, Beijing, Haidian District Applicant before: Beijing Safe-Code Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Wang Binyan Inventor after: Xu Qin Inventor after: Du Xiaofeng Inventor after: Bao Yibing Inventor before: Wang Binyan Inventor before: Xin Yang Inventor before: Du Xiaofeng Inventor before: Bao Yibing |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: WANG BINYAN XIN YANG DU XIAOFENG BAO YIBING TO: WANG BINYAN XU QIN DU XIAOFENG BAO YIBING |