CN102215265B - System and method for realizing uniform management and monitoring of remote virtual desktop access - Google Patents
System and method for realizing uniform management and monitoring of remote virtual desktop access Download PDFInfo
- Publication number
- CN102215265B CN102215265B CN 201110159393 CN201110159393A CN102215265B CN 102215265 B CN102215265 B CN 102215265B CN 201110159393 CN201110159393 CN 201110159393 CN 201110159393 A CN201110159393 A CN 201110159393A CN 102215265 B CN102215265 B CN 102215265B
- Authority
- CN
- China
- Prior art keywords
- module
- rdp
- virtual
- server end
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a system and method for realizing uniform management and monitoring of remote virtual desktop access, and the system comprises an RDP (remote desktop protocol) virtual server module, an RDP virtual client module, a VNC (virtual network computer) virtual client module and an X11 virtual client module. An agreement conversion process module replicates an unencrypted unpacked data stream to deliver to an RDP agreement data stream formatting module, the RDP agreement data stream formatting module analyzes the graphical information contained in the unencrypted unpacked data stream and creates two duplicates, one duplicate is sent to a real-time monitoring video stream for output and the other duplicate is saved in a retrospection and replay database. According to the invention, the daily workload for maintainers can be greatly reduced, so the maintainers do not need to install various tools for satisfying different accesses of RDP, VNC and X11, to record various server addresses and to record the maintenance account number and the password used in each server. The invention also realizes a function of real-time monitoring for operations of maintainers.
Description
Technical field
The invention belongs to remote dummy desktop access protocol technology field, specifically relate to a kind of system and method for realizing the unified management of remote dummy desktop access and monitoring.
Background technology
The remote dummy desktop is a kind of patterned remote access mode that various graphical user interfaces provide to the network management personnel, by remote dummy desktop network management personnel can as the operation local computer the operating remote server, for people's maintenance server provides a great convenience.The remote dummy desktop access agreement of main flow comprises remote desktop host-host protocol (Remote Desktop Protocol, RDP), VNC agreement and the X11 agreement that Microsoft provides, and they all belong to the application layer of network protocol suite.
Carry out the remote dummy desktop access if use these three kinds of agreements, must and start corresponding service routine in the server installation, the attendant need to (for example install three kinds of corresponding clients on the work station of oneself simultaneously, access the server that has started the VNC service, the client that just needs to install VNC).And, in a catenet, an attendant often needs to safeguard dozens or even hundreds of station server, he also needs to record the network address of these servers and their user name password so, and for the attendant, this is a hard work.
If the remote dummy desktop is unified to Access Management Access, at first should unify their access tool, unified management and supervisory control system can be converted to the RDP agreement to VNC and X11 and be transmitted on procotol.Doing like this is because the windows system of often installing on PC has carried the windows remote desktop client of supporting the RDP agreement, does not need to install separately other instruments again.The attendant only need to utilize windows remote desktop client login unified management and supervisory control system and carry out authentication, system can be exported to the attendant by a visual menu by the RDP agreement, next the attendant just can select oneself to need the server of access directly to access in visual menu, and what no matter on server, start is RDP service routine, VNC service routine or X11 service routine.Consider the fail safe of convenience and the server of selection simultaneously, server does not show with the IP address but shows with predefined server name, and this server of safeguarding lack of competence access also can't see, the attendant can see the server that oneself has authority to access more intuitively like this.
Summary of the invention
The present invention solves the existing technical problem of above-mentioned prior art, and a kind of system and method for realizing the unified management of remote dummy desktop access and monitoring is provided.
The said monitoring of the present invention has comprised two levels, one is check in the mode of video flowing in real time and can block in time ongoing remote graphics operation, and another one can reviewed the behavior operated in the mode of video flowing afterwards equally.Because three kinds of remote dummy desktop access agreements are all patterned operating protocols, therefore in order to guarantee, in band-limited situation, use glibly, all adopted the mode of compression transmission to save bandwidth, for example the RDP agreement carries out by a transmission of graphical changing unit with to the transmission packet method that mppc compresses two kinds of compressions; Simultaneously, in order to ensure remote-operated fail safe, three kinds of remote dummy desktop access agreements are all encrypted the transmission data, and three kinds of agreements all adopt diverse ways to compression and the encryption of data.Like this when needs are monitored the remote access operation, the mode that captures packet by bypass commonly used can't therefrom obtain valid data, in order to reach the purpose of monitoring, must decompress to the packet of agreement and anti-deciphering, just because of the unified management above having had only need to be monitored and get final product the RDP protocol data-flow towards client; Real-time monitoring module is except sending to monitor client real-time monitor data, can also receive the blocking-up instruction that monitor client sends simultaneously, when needs are blocked ongoing remote graphics operation, receive by real-time monitoring module the blocking-up instruction that monitor client sends, real-time monitoring module finishes this thread to corresponding protocol translation processing threads transmitted signal, to reach the remote access purpose of blocking-up.
Above-mentioned technical problem of the present invention is mainly solved by following technical proposals: a kind of system that realizes the unified management of remote dummy desktop access and monitoring, described system comprises RDP virtual server end module, RDP virtual client module, VNC virtual client module and X11 virtual client module, the mutual ciphered compressed data of RDP virtual server end module and RDP client modules, the mutual ciphered compressed data of RDP virtual client module and RDP server end module, VNC virtual client module and VNC server end module interaction data, X11 virtual client module and X11 server end module interaction data, RDP virtual server end module and RDP virtual client module, set up the protocol translation processing module between VNC virtual client module and X11 virtual client module, the protocol translation processing module copies portion by non-encrypted unpacked data stream and gives RDP protocol data-flow formatting module and do further processing.RDP protocol data-flow formatting module parses and copies two parts by the graphical information comprised in non-encrypted unpacked data stream, and portion is transferred to real-time monitoring video flow output, and another part is stored in the retrospective playback database.
The implementation method of the unified management of remote dummy desktop access and supervisory control system is: RDP virtual server end deciphering decompress(ion) is from the ciphered compressed data of RDP client, transfer to the protocol translation processing module and be converted into the RDP agreement, the non-encrypted unpacked data of VNC agreement or X11 agreement, and by the protocol translation processing module, this non-encrypted unpacked data is transferred to corresponding RDP virtual client module, VNC virtual client module or X11 virtual client module, RDP virtual client module, VNC virtual client module and X11 virtual client module are according to the characteristics of self agreement, this non-encrypted unpacked data is compressed and encrypted again mutual to corresponding RDP server end module, VNC server end module and X11 server end module, otherwise be the ciphered compressed data of RDP virtual client deciphering decompress(ion) from the RDP server end, or VNC virtual client deciphering decompress(ion) is from the ciphered compressed data of VNC server end, or X11 virtual client deciphering decompress(ion) is from the ciphered compressed data of X11 server end, transfer to the non-encrypted unpacked data that the protocol translation processing module is converted into the RDP agreement, and by the protocol translation processing module, this non-encrypted unpacked data is transferred to RDP virtual server end module, RDP virtual server end module is according to the characteristics of self agreement, this non-encrypted unpacked data is compressed and encrypted again alternately to the RDP client modules, the protocol translation processing module copies portion by this non-encrypted unpacked data stream and gives RDP protocol data-flow formatting module simultaneously, RDP protocol data-flow formatting module parses and copies two parts by the graphical information comprised in this non-encrypted unpacked data stream, portion is transferred to real-time monitoring video flow output, and another part is stored in the retrospective playback database, in real time at first the monitoring video flow output module be take each remote dummy desktop session and is set up a binary search tree as node, and be the virtual screen in internal memory of each remote dummy desktop session unlatching, once the monitoring video flow output module receives graphical information in real time, just in binary search tree, find corresponding session node, and graphical information is plotted on the memory virtual screen of session, upgrade memory virtual screen, then the screen of renewal is transferred to monitoring interface, monitoring interface also upgrades automatically, has so just realized the function of real-time monitoring attendant operation, according to being recorded in the data flow in the retrospective playback database, the graphical information of utilizing RDP protocol data-flow formatting module to store, be pushed into the front end playback interfaces before memory virtual screen is drawn and just realized reviewing the function operated with the playback attendant.
The purpose that three kinds of remote dummy desktop access modes are carried out to unified management is greatly to alleviate attendant's routine work amount, at first the attendant can install various instruments and meets the different access to RDP, VNC and X11, secondly attendant can record various server address, the third dimension protect personnel can needn't record fully on each server, use safeguard account and password.The present invention, under three kinds of remote dummy desktop access mode prerequisites of unified management, has also realized the function of real-time monitoring attendant operation, and operation is simple for whole system.
The accompanying drawing explanation
Fig. 1 is a kind of theory structure schematic diagram of the present invention.
Embodiment
Below by embodiment, and by reference to the accompanying drawings, technical scheme of the present invention is described in further detail.
Embodiment: referring to Fig. 1, the present invention includes RDP virtual server end module, RDP virtual client module, VNC virtual client module and X11 virtual client module, the mutual ciphered compressed data of RDP virtual server end module and RDP client modules, the mutual ciphered compressed data of RDP virtual client module and RDP server end module, VNC virtual client module and VNC server end module interaction data, X11 virtual client module and X11 server end module interaction data, RDP virtual server end module and RDP virtual client module, set up the protocol translation processing module between VNC virtual client module and X11 virtual client module.Wherein RDP virtual server end deciphering decompress(ion) is from the ciphered compressed data of RDP client, transfer to the protocol translation processing module and be converted into the RDP agreement, the non-encrypted unpacked data of VNC agreement or X11 agreement, and by the protocol translation processing module, this non-encrypted unpacked data is transferred to corresponding RDP virtual client module, VNC virtual client module or X11 virtual client module, RDP virtual client module, VNC virtual client module and X11 virtual client module are according to the characteristics of self agreement, this non-encrypted unpacked data is compressed and encrypted again mutual to corresponding RDP server end module, VNC server end module and X11 server end module, otherwise be the ciphered compressed data of RDP virtual client deciphering decompress(ion) from the RDP server end, or VNC virtual client deciphering decompress(ion) is from the ciphered compressed data of VNC server end, or X11 virtual client deciphering decompress(ion) is from the ciphered compressed data of X11 server end, transfer to the non-encrypted unpacked data that the protocol translation processing module is converted into the RDP agreement, and by the protocol translation processing module, this non-encrypted unpacked data is transferred to RDP virtual server end module, RDP virtual server end module is according to the characteristics of self agreement, this non-encrypted unpacked data is compressed and encrypted again alternately to the RDP client modules, the protocol translation processing module copies portion by this non-encrypted unpacked data stream and gives RDP protocol data-flow formatting module simultaneously, RDP protocol data-flow formatting module parses and copies two parts by the graphical information comprised in this non-encrypted unpacked data stream, portion is transferred to real-time monitoring video flow output, and another part is stored in the retrospective playback database, in real time at first the monitoring video flow output module be take each remote dummy desktop session and is set up a binary search tree as node, and be the virtual screen in internal memory of each remote dummy desktop session unlatching, once the monitoring video flow output module receives graphical information in real time, just in binary search tree, find corresponding session node, and graphical information is plotted on the memory virtual screen of session, upgrade memory virtual screen, then the screen of renewal is transferred to monitoring interface, monitoring interface also upgrades automatically, has so just realized the function of real-time monitoring attendant operation, according to being recorded in the data flow in the retrospective playback database, the graphical information of utilizing RDP protocol data-flow formatting module to store, be pushed into the front end playback interfaces before memory virtual screen is drawn and just realized reviewing the function operated with the playback attendant.
The basis that remote dummy desktop of the present invention is monitored realization in real time is to come from RDP protocol data-flow formatting module to submit next graphical information, owing to may a plurality of sessions connect simultaneously, therefore in real time at first the monitoring video flow output module can take each remote dummy desktop session and set up a binary search tree (purpose is to find rapidly corresponding session when receiving graphical information after) as node, and is the virtual screen in internal memory of each remote dummy desktop session unlatching.Because the screen resolution of remote dummy desktop is to define with interactive mode when connecting, and can not change in the whole process connected, therefore when connecting, at first determine the resolution of screen, and then establish memory virtual screen.When real-time monitoring video flow output module receives graphical information, the monitoring video flow output module can find corresponding session node in binary search tree in real time, and graphical information is plotted on the memory virtual screen of session.When the monitor staff need to monitor in real time to certain session, only need to send request to real-time monitoring video flow output module by the interface of system, module can be transferred to monitoring interface by the picture in current memory virtual screen, after this only need to be when graphical information receives, at first upgrade memory virtual screen, then the screen of renewal is transferred to monitoring interface, monitoring interface also upgrades automatically, has so just completed the function of real-time monitoring.
Review and the playback of remote dummy desktop is to rely on the data flow be recorded in the retrospective playback database to realize, the basis of realization is to come from the graphical information that RDP protocol data-flow formatting module stores.According to top real-time monitoring realize that principle is known, be pushed into the front end playback interfaces before the function that only need to draw memory virtual screen and just can realize having reviewed with playback.Here said database is not relevant database in general sense, but a database formed by a plurality of binary files of depositing in a organized way, and each binary file correspondence a session that has completed access.The method of file record is that file header has comprised screen resolution mutual while connecting, and back is followed by the graphic message data bag in all transmitting procedures.In order to guarantee the authenticity of playback, recorded the interval time that packet occurs at that time between each packet, so just can be according to carrying out playback this interval time when playback, reach reduction fully and present on-the-spot effect, the operation that the auditor also can carry out F.F. and put slowly as required certainly.At the playback interfaces end, at first playback interfaces opens the session file that playback is wanted in selection, and reads file header, according to the screen resolution information in file header, sets up and is ready to this locality true screen in (asking the client of playback) foreground and memory virtual screen; Then constantly from the retrospective playback database, graphical information is read, and first in memory virtual screen, carry out the memory virtual screen drafting, after drafting has operated each time, memory virtual screen is exchanged in the true screen in foreground.So just realized retrospective playback function, and, due to the means that adopted two screen exchanges, can not allow the personnel that check playback that the screen flicker sense is arranged.
Finally, it should be pointed out that above embodiment is only the more representational example of the present invention.Obviously, technical scheme of the present invention is not limited to above-described embodiment, and many distortion can also be arranged.All distortion that those of ordinary skill in the art can directly derive or associate from content disclosed by the invention, all should think protection scope of the present invention.
Claims (1)
1. a system that realizes the unified management of remote dummy desktop access and monitoring is characterized in that:
Described system comprises RDP virtual server end module, RDP virtual client module, VNC virtual client module, X11 virtual client module, RDP client modules, RDP server end module, VNC server end module, X11 server end module, protocol translation processing module and RDP protocol data-flow formatting module, mutual ciphered compressed data of RDP virtual server end module and RDP client modules wherein, the mutual ciphered compressed data of RDP virtual client module and RDP server end module, VNC virtual client module and VNC server end module interaction data, X11 virtual client module and X11 server end module interaction data, RDP virtual server end module and RDP virtual client module, set up the protocol translation processing module between VNC virtual client module and X11 virtual client module, the protocol translation processing module copies portion by non-encrypted unpacked data stream and gives RDP protocol data-flow formatting module and do further processing,
The implementation method of described system is: RDP virtual server end deciphering decompress(ion) is from the ciphered compressed data of RDP client, transfer to the protocol translation processing module and be converted into the RDP agreement, the non-encrypted unpacked data of VNC agreement or X11 agreement, and by the protocol translation processing module, this non-encrypted unpacked data is transferred to corresponding RDP virtual client module, VNC virtual client module or X11 virtual client module, RDP virtual client module, VNC virtual client module and X11 virtual client module are according to the characteristics of self agreement, this non-encrypted unpacked data is compressed and encrypted again mutual to corresponding RDP server end module, VNC server end module and X11 server end module, otherwise be the ciphered compressed data of RDP virtual client deciphering decompress(ion) from the RDP server end, or VNC virtual client deciphering decompress(ion) is from the ciphered compressed data of VNC server end, or X11 virtual client deciphering decompress(ion) is from the ciphered compressed data of X11 server end, transfer to the non-encrypted unpacked data that the protocol translation processing module is converted into the RDP agreement, and by the protocol translation processing module, this non-encrypted unpacked data is transferred to RDP virtual server end module, RDP virtual server end module is according to the characteristics of self agreement, this non-encrypted unpacked data is compressed and encrypted again alternately to the RDP client modules, the protocol translation processing module copies portion by this non-encrypted unpacked data stream and gives RDP protocol data-flow formatting module simultaneously, RDP protocol data-flow formatting module parses and copies two parts by the graphical information comprised in this non-encrypted unpacked data stream, portion is transferred to real-time monitoring video flow output, and another part is stored in the retrospective playback database, in real time at first the monitoring video flow output module be take each remote dummy desktop session and is set up a binary search tree as node, and be the virtual screen in internal memory of each remote dummy desktop session unlatching, once the monitoring video flow output module receives graphical information in real time, just in binary search tree, find corresponding session node, and graphical information is plotted on the memory virtual screen of session, upgrade memory virtual screen, then the screen of renewal is transferred to monitoring interface, monitoring interface also upgrades automatically, has so just realized the function of real-time monitoring attendant operation, according to being recorded in the data flow in the retrospective playback database, the graphical information of utilizing RDP protocol data-flow formatting module to store, be pushed into the front end playback interfaces before memory virtual screen is drawn and just realized reviewing the function operated with the playback attendant.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110159393 CN102215265B (en) | 2011-06-14 | 2011-06-14 | System and method for realizing uniform management and monitoring of remote virtual desktop access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110159393 CN102215265B (en) | 2011-06-14 | 2011-06-14 | System and method for realizing uniform management and monitoring of remote virtual desktop access |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102215265A CN102215265A (en) | 2011-10-12 |
| CN102215265B true CN102215265B (en) | 2013-12-18 |
Family
ID=44746392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110159393 Active CN102215265B (en) | 2011-06-14 | 2011-06-14 | System and method for realizing uniform management and monitoring of remote virtual desktop access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102215265B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102495711B (en) * | 2011-11-15 | 2017-05-17 | 中兴通讯股份有限公司 | Virtual multi-screen implementation method and device |
| US8681813B2 (en) * | 2011-11-29 | 2014-03-25 | Wyse Technology L.L.C. | Bandwidth optimization for remote desktop protocol |
| CN102566910B (en) * | 2011-12-14 | 2015-02-04 | 广州杰赛科技股份有限公司 | Virtual desktop system and method for refreshing on-screen display of virtual desktop client |
| CN103793321B (en) * | 2012-11-01 | 2017-11-21 | 腾讯科技(深圳)有限公司 | application program detection method and system |
| CN103036897A (en) * | 2012-12-20 | 2013-04-10 | 曙光云计算技术有限公司 | Communication method based on long distance desktop connection between thin client-side and server-side |
| US9537779B2 (en) | 2013-10-11 | 2017-01-03 | Huawei Technologies Co., Ltd. | System and method for real-time traffic delivery |
| US10268492B2 (en) * | 2014-05-20 | 2019-04-23 | Amazon Technologies, Inc. | Low latency connections to workspaces in a cloud computing environment |
| CN105592121B (en) * | 2014-10-31 | 2018-10-02 | 中国科学院声学研究所 | A kind of RDP data acquisition devices and method |
| CN107770219A (en) * | 2016-08-19 | 2018-03-06 | 中兴通讯股份有限公司 | A kind of sharing method, gateway server and the system of form window |
| CN106936936B (en) * | 2017-05-10 | 2019-12-03 | 浙江云巢科技有限公司 | A kind of virtual desktop telecommunication system |
| CN108234627A (en) * | 2017-12-29 | 2018-06-29 | 上海上讯信息技术股份有限公司 | A kind of method of the remote desktop proxy video video recording based on RDP agreements |
| CN111367753B (en) * | 2018-12-26 | 2023-03-14 | 中兴通讯股份有限公司 | Cloud desktop screen recording method and device based on network communication engine ICE architecture |
| CN110515689B (en) * | 2019-08-28 | 2022-05-31 | 成都安恒信息技术有限公司 | Graphical user interface implementation system and method for fortress machine RDP CS operation and maintenance |
| CN114697407A (en) * | 2022-03-28 | 2022-07-01 | 杭州安恒信息技术股份有限公司 | Data processing method and device based on RDP (remote desktop protocol), electronic device and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964798A (en) * | 2010-10-15 | 2011-02-02 | 德讯科技股份有限公司 | Multi-graphic protocol unified proxy system based on remote desktop protocol |
-
2011
- 2011-06-14 CN CN 201110159393 patent/CN102215265B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964798A (en) * | 2010-10-15 | 2011-02-02 | 德讯科技股份有限公司 | Multi-graphic protocol unified proxy system based on remote desktop protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102215265A (en) | 2011-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102215265B (en) | System and method for realizing uniform management and monitoring of remote virtual desktop access | |
| CN102571773B (en) | Information security comprehensive audit system and method | |
| CN103685215B (en) | Electric communication operation and maintenance mobile system and electric communication operation and maintenance method | |
| CN103973781B (en) | A kind of screen monitor method and its system based on proxy server | |
| CN107911362A (en) | The system and method for the internet video gateway security access of lightweight | |
| CN102497427B (en) | Method and device for realizing data acquisition services of renewable energy source monitoring system | |
| CN102857520B (en) | Telnet protocol security access system and method for character terminal | |
| CN101827082B (en) | Method and device for recording and playing back desktop operating information of user | |
| CN103812829B (en) | A kind of method, remote desktop server and system for improving remote desktop security | |
| WO2012146094A1 (en) | Remote control method and server | |
| CN102215133A (en) | Audit data positioning playback system and method based on RDP remote protocol board-jumping machine | |
| CN102438173A (en) | Method and system for remotely controlling set top box (STB) | |
| WO2008057730A2 (en) | Optimized video data transfer | |
| CN110163484A (en) | Suporting structure intelligence operation management system Internet-based and method | |
| CN103475865A (en) | HD video monitoring and managing system based on cloud computing | |
| CN109831681A (en) | Display screen monitoring system and monitoring method | |
| JP6391823B2 (en) | RDP data collection apparatus and method | |
| CN101291246A (en) | Control method for information service system of terminal equipment | |
| CN106302699B (en) | Method for processing decryption tasks of PC (personal computer) ends of multiple decryptors | |
| CN103516558A (en) | Monitoring platform and method for monitoring applications in servers | |
| CN103338382A (en) | Method and device for remotely monitoring digital television terminal and digital television system | |
| CN113965376B (en) | Cloud host remote data communication method based on data isolation platform | |
| CN101478571A (en) | Network video monitoring system and system user authentication method thereof | |
| CN102546838B (en) | Data transmission system and data transmission method based on transmission and transformation project evaluation system | |
| CN201114328Y (en) | Terminal equipment information service system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |