CN102487380A - Desktop virtual terminal entrusting method and system - Google Patents
Desktop virtual terminal entrusting method and system Download PDFInfo
- Publication number
- CN102487380A CN102487380A CN201010569636XA CN201010569636A CN102487380A CN 102487380 A CN102487380 A CN 102487380A CN 201010569636X A CN201010569636X A CN 201010569636XA CN 201010569636 A CN201010569636 A CN 201010569636A CN 102487380 A CN102487380 A CN 102487380A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- network equipment
- virtual
- authentication
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
- Mobile Radio Communication Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a desktop virtual terminal entrusting method and a system. The method comprises the following steps that: network equipment receives a first login request from a user equipment (UE) and authenticates the UE; after the authentication passes, the network equipment distributes at least one virtual machine to the UE, wherein the virtual machine adopts a virtual machine identity (ID) identification; the UE and the virtual machine which corresponds to the virtual machine ID redirect the equipment; and the UE performs virtual desktop operation on the virtual machine. Through the scheme provided by the invention, desktop virtualization in which a terminal takes part in is safer, and the effects of storage ability and scheduling capability are improved.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of desktop virtual terminal trustship method and system.
Background technology
Desktop virtual is a kind of in the technical desktop trusteeship service that grows up of remote desktop, and this technology is placed on server side fully with the calculating at terminal, storage carries out, and terminal itself is an input-output equipment.In virtual desktop technology; The operating system desktop that client can the complete operation server end provides, and realize that at existing virtual desktop the client USB device can be redirected to server side in the product; Inserting a USB device in client computer will be presented in the remote desktop of server side; Such as inserting a USB hard disk, will find this hard disk on the remote dummy desktop, and generate the drive supply with operation.This makes the remote dummy desktop can obtain the approaching user experience of local desktop.
Current virtual desktop technology is mainly used in the hosts applications of the office PC of enterprise; Main application provider combines itself and server Intel Virtualization Technology; For the client distributes virtual machine but not physical machine, thereby make a large amount of virtual desktop client of support become possibility.
The inventor finds in the above-mentioned correlation technique; The solution of above-mentioned enterprise-level directly is used in communication network and realizes that also there is following problem in the trustship of communication terminal: 1) generally adopt Active Directory (Active Directory) this type enterprise-class tools administrative mechanism, the virtual desktop technology can't combine with the existing authentification of user of communication network, mandate system.2) operator provides the virtual desktop trusteeship service; Can't provide according to the signatory virtual desktop that provides of user and calculate; The support and the dispatching of storage capacity relatively poor (as the enterprise-level desktop virtual, only provide the thousands of orders of magnitude other scheduling virtual machine ability, and city of the virtual desktop trustship of communication terminal with regard to needs problems such as other virtual machines of tens of and even millions of level).
Simultaneously, under the current telecom operation pattern, the innovative service major part that operator releases all needs the upgrading support at terminal; Such as IP Multimedia System (IP multimediasubsystem; Abbreviate IMS as) and relevant new business, move and use shop etc., this makes operator must persuade customer upgrade, and provides and be given to the user and buy the terminal; And the customer upgrade cycle is very long, and this makes that promote the early stage of new business very long and with high costs in cycle.
Summary of the invention
In correlation technique; The virtual desktop technology can't be carried out authentication with the existing user of communication network; Problems such as the support of storage capacity and dispatching are relatively poor, the present invention provides a kind of desktop virtual terminal trustship method and system, one of to address the above problem at least.
According to an aspect of the present invention, a kind of desktop virtual terminal trustship method is provided, comprises: network equipment receives and comes from first of subscriber equipment (User Equipment the abbreviates UE as) request of landing and UE is carried out authentication; After authentication was passed through, network equipment distributed at least one virtual machine to give above-mentioned UE, and wherein, above-mentioned virtual machine adopts virtual machine ID sign; Above-mentioned UE and above-mentioned virtual machine ID corresponding virtual machine carry out being redirected of equipment; Above-mentioned UE carries out virtual desktop operated to virtual machine.
According to another aspect of the present invention, a kind of desktop virtual terminal mandatory system is provided, comprises: UE and network equipment, wherein, above-mentioned UE comprises: sending module is used for sending first to network equipment and lands request; First redirection module is used for the input equipment of UE side is redirected to the virtual machine that network equipment distributes; Executive Module is used for after the virtual machine of UE and network equipment distribution carries out device redirection, carrying out virtual desktop operated; Above-mentioned network equipment comprises: receiver module is used to receive and comes from first of UE and land request; Authentication module is used for according to first request of landing UE being carried out authentication; Distribution module is used for after authentication is passed through, and distributes at least one virtual machine to give UE, and wherein, virtual machine adopts virtual machine ID sign; Second redirection module is used for the output equipment of network side is redirected to UE.
The present invention; Terminal trustship through terminal and network equipment realization desktop virtual adds authentication mechanism simultaneously in whole implement process, solved in the correlation technique; The virtual desktop technology can't be carried out authentication with the existing user of communication network; Relatively poor and the current terminal staging cycle length of the support of storage capacity and dispatching, cost are than problems such as height, and then it is safer to have reached the desktop virtual that the terminal is participated in, and improves the effect of storage capacity and dispatching.
Other features and advantages of the present invention will be set forth in specification subsequently, and, partly from specification, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in the specification of being write, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the desktop virtual terminal mandatory system structured flowchart according to the embodiment of the invention;
Fig. 2 is desktop virtual terminal mandatory system structural representation according to the preferred embodiment of the invention;
Fig. 3 is the desktop virtual terminal mandatory system structural representation of the instance according to the present invention;
Fig. 4 manages the internal structure sketch map of machine for the virtual machine mediocre person in embodiment illustrated in fig. 3;
Fig. 5 is the desktop virtual terminal trustship method flow diagram according to the embodiment of the invention;
Fig. 6 is the schematic flow sheet of the first access network of remote desktop client of combination Fig. 3 embodiment;
Fig. 7 is for combining the schematic flow sheet of the follow-up login access network of remote desktop client embodiment illustrated in fig. 3;
Fig. 8 nullifies the schematic flow sheet of virtual desktop for combining UE embodiment illustrated in fig. 3 from network.
Embodiment
Hereinafter will and combine embodiment to specify the present invention with reference to accompanying drawing.Need to prove that under the situation of not conflicting, embodiment and the characteristic among the embodiment among the application can make up each other.
Fig. 1 is the desktop virtual terminal mandatory system structured flowchart according to the embodiment of the invention, and as shown in Figure 1, this system comprises: user equipment (UE) (User Equipment abbreviates UE as) 10 and network equipment 12.
Above-mentioned UE 10 comprises:
Sending module 102 is used for sending first to above-mentioned network equipment 12 and lands request.
First redirection module 104 is used for the input equipment of above-mentioned UE 10 sides is redirected to the virtual machine that distributes with said network equipment 12.In concrete application process, this first redirection module 104 is redirected to the virtual machine that network equipment 12 distributes with input equipments such as keyboard, mouse, recording, SIM, USB inputs.
Said network equipment 12 comprises:
In concrete application process, this mandatory system is through being provided with the logging request that special IAD receives client, and the existing certificate server of IAD and communication network is mutual, accomplishes authentification of user.
Preferably, above-mentioned certificate server can be the home subscribed services device HSS among the mobile network, and this HSS comprises: authentication server functions entity and subscribed services device functional entity.
In preferred implementation process, above-mentioned receiver module 122 also is used to receive and comes from second of above-mentioned UE 10 and land request; Above-mentioned authentication module 124 also is used for according to second of above-mentioned UE10 the request of landing above-mentioned UE 10 is carried out authentication; Above-mentioned distribution module 126 also is used for after authentication is passed through, and the virtual machine ID corresponding virtual machine that memory module 130 is preserved is redistributed to above-mentioned UE 10.
Second redirection module 128, the output equipment that is used for just said network side is redirected to above-mentioned UE 10.In concrete application process, above-mentioned second redirection module 128 is redirected to UE 10 with outputs such as screen, sound card playback, USB outputs from network equipment 12.
The foregoing description; Realized that the desktop virtual that the terminal is participated in is safer, improved the effect of storage capacity and dispatching, simultaneously for telecom operators and user; The desktop virtual system that also can utilize the terminal to participate in shortens the cycle of terminal staging and reduces upgrade cost.
Preferably, as shown in Figure 2, above-mentioned network equipment 12 can also comprise:
In preferred implementation process, above-mentioned receiver module 122 also is used to receive the de-registration request of above-mentioned UE 10; Correspondingly, above-mentioned network equipment 12 can also comprise: nullify module 134, be used for discharging and above-mentioned virtual machine ID corresponding virtual machine according to above-mentioned de-registration request.
Preferably, as shown in Figure 2, above-mentioned network equipment 12 can also comprise: accounting module 132, be used for when said UE carries out virtual desktop operated, and report the visit charge information of said UE to accounting server.
Can find out that through the foregoing description operator can make up the virtual terminal mandatory system that can run according to the foregoing description, it all has interests for user, operator, and is specific as follows:
For the user, can adopt the mode that pays for the hire as required to obtain the network virtual machine of a general head and shoulders above handset capability, memory space, reduced the disposable purchase cost at terminal; Because the versatility of VME operating system makes the client can not receive the restriction of original mobile phone operating system, the more application software of horn of plenty is installed simultaneously, obtains better customer experience.
For operator, can hire out calculating, storage capacity to the end user, obtained the extra channel outside the common communication service; And because virtual machine is controlled by operator, carry out when needing and can unify to upgrade to support new Network to the virtual machine of trustship fast in business, this makes the cycle that appears on the market of new business shorten greatly.
Fig. 3 is the desktop virtual terminal mandatory system structural representation of the instance according to the present invention, and as shown in Figure 3, this system comprises:
UE 10, are the terminal of client that virtual desktop is installed, and the client that is used to above-mentioned virtual desktop provides carrier.
IAD 302 is used to handle the authentication request of above-mentioned UE 10;
Certificate server 304 is used to store user's authentication security data;
In concrete application process, this mandatory system receives the logging request of above-mentioned client through the IAD 302 that is provided with, and the existing certificate server of this IAD 302 and communication network 304 is mutual, accomplishes authentification of user.This shows, be equivalent to the combining of IAD 302 and certificate server 304 authentication module 124 in embodiment illustrated in fig. 2.
Scheduling virtual machine device 306 is used for collecting the state of virtual machine pond 308 virtual machines, and the distribution, release, migration of virtual machine etc. carried out in the request of accepting to use;
Virtual machine pond 308 is made up of a plurality of physical machines, and each physical machine is equipped with virtual machine manager 306 and some virtual machines, comprises virtual desktop related software in virtual machine manager 306 and the virtual machine, particularly, and can be with reference to Fig. 4.Fig. 4 is the internal structure sketch map that the virtual machine mediocre person in the present embodiment manages machine, and as shown in Figure 4, this physical machine 40 comprises: virtual machine manager 402, some virtual machine VM 404.
Above-mentioned virtual machine manager 402, be used for this physical machine virtual machine creating, cancel and dispatch.Wherein, Above-mentioned virtual machine manager 402 comprises: be carried in the user access control module 4044 in this virtual machine manager 402; Be used for the message of receiving is carried out the legitimacy verification of secondary, verification through after just be reported to the communication module of virtual machine manager to handle; Desktop virtual unit layer 4022 is at the virtual input-output equipment corresponding with remote desktop that comes out of network side, for example demonstration, mouse, keyboard, sound and USB device etc.;
Above-mentioned virtual machine 404 comprises: the operating system OS 4046 in the virtual machine; Virtual desktop is acted on behalf of VDA 4044, is used to handle the virtual desktop function relevant with operating system 4046, includes but not limited to virtual unit driving, desktop figure compression optimization etc.; The application software 4042 of UE in the virtual machine.
Can learn that from the description of Fig. 4 above-mentioned virtual machine pond 308 comprises a plurality of virtual machines,, independently operating system and application are arranged, comprise and realize the necessary software of virtual desktop.
Subscribed services device 310, it is provided with subscribed database, is used to store user's the relevant subscription data of virtual desktop, like signatory CPU quantity, memory size, disk limit, priority, software arrangements etc.In the preferred implementation process, this subscribed services device 310 also can be an expansion of existing communication user-subscribed database, such as on the basis of HSS (HomeSubscriber Server, home subscribed database), expanding;
Can find out from above description; The function that above-mentioned scheduling virtual machine device 306 is realized; Comprise the function that middle receiver module 122 embodiment illustrated in fig. 2, distribution module 126 and second redirection module 128 realize, then can comprise receiver module 122 and distribution module 126 on the hardware.Wherein, the function that realizes herein of receiver module 122 comprises being used to receive and comes from first of above-mentioned UE 10 request of landing and second and land request.
It is to be noted; Above-mentioned certificate server 304 can close in actual deployment with subscribed services device 310 and establish; Such as adopting the HSS (Home SubscriberServer, home subscribed services device) among the existing mobile network just to comprise certificate server and two kinds of functional entitys of subscribed services device.
Fig. 5 is the desktop virtual terminal trustship method flow diagram according to the embodiment of the invention.As shown in Figure 5, this flow process comprises:
Step S502, network equipment receive and come from first of the user equipment (UE) request of landing and above-mentioned UE is carried out authentication;
Preferably, above-mentioned network equipment comprises: IAD, above-mentioned network equipment carry out authentication to above-mentioned UE can be realized in the following manner: above-mentioned IAD receives the request of landing that comes from said UE; This IAD and certificate server carry out alternately, accomplish the authentication to said UE.
In preferred implementation process, above-mentioned certificate server is the home subscribed services device HSS among the mobile network, and this HSS comprises: authentication server functions entity and subscribed services device functional entity.
Step S504, after authentication was passed through, above-mentioned network equipment distributed at least one virtual machine to give said UE, and wherein, said virtual machine adopts virtual machine ID sign; Be that said virtual machine distributes a unique ID to identify when concrete the application;
In preferred implementation process; Above-mentioned network equipment distributes at least one virtual machine to give said UE according to the CAMEL-Subscription-Information of user at the service provider place; Wherein, above-mentioned CAMEL-Subscription-Information can comprise following one of at least: information such as above-mentioned virtual machine CPU quantity, memory size, disk limit and service priority.
Step S506, above-mentioned UE and above-mentioned virtual machine carry out the device redirection operation;
Step S508, above-mentioned UE carries out virtual desktop operated to above-mentioned virtual machine.
Preferably, when above-mentioned UE carried out virtual desktop operated, said method can also comprise following processing: above-mentioned virtual machine reports the visit charge information of said UE to accounting server.Preferably, above-mentioned charge information includes but not limited to: the user use virtual machine CPU quantity, CPU usage, memory size, disk limit, use information such as duration.
In the practical implementation process, when first access network of remote desktop client or follow-up access network, virtual machine all can report the visit charge information of said UE to accounting server according to the visit situation of user's CPU, internal memory, storage and application software.
Preferably; When above-mentioned first request of landing for said UE during first to logging request that said network equipment sends; Distribute at least one virtual machine to after the UE at above-mentioned network equipment, can also comprise following processing: above-mentioned network equipment is preserved above-mentioned virtual machine ID.
In preferred implementation process, after above-mentioned network equipment was preserved virtual machine ID, said method can also comprise following processing: above-mentioned network equipment reception comes from second of above-mentioned UE and lands request, and this UE is carried out authentication; After authentication is passed through, above-mentioned network equipment will be redistributed to above-mentioned UE with the virtual machine ID corresponding virtual machine of above-mentioned preservation; Above-mentioned UE and above-mentioned virtual machine ID corresponding virtual machine carry out the device redirection operation, and carry out virtual desktop operated.
Fig. 6 is for combining the schematic flow sheet of the first access network of remote desktop client embodiment illustrated in fig. 3; Wherein, Present embodiment indication " for the first time " is meant after the virtual desktop trusteeship service of user's contracting terminal the flow process of access network for the first time, and as shown in Figure 6, this flow process comprises:
Step S602, UE 10 initiates virtual desktop services to IAD 302 and inserts request, and user's identity information is carried in this request.
Step S604; IAD 302 reads authorization data according to subscriber identity information to certificate server 304; Adopt based on 3GPP SIM (Subscriber IdentityModule like the user; Subscriber identity module) AKA (Authentication and Key Agreement, authentication and key agreement) mode is carried out authentication, and the authorization data that then reads is authentication 5 tuple data of 3GPP.
In the authentication pattern of this step, can adopt any existing certification mode in the existing communication network, such as the authentication mode of the used usemame/password authentication mode of broadband access, 3GPP2 etc.
Step S606, certificate server 304 returns authorization data.
Step S608, IAD 302 sends authentication challenge according to the authorization data that reads to UE 10.
Step S610, UE 10 calculates the Authentication Response data, issues IAD 302.
Step S612, the authorization data that 302 couples of UE 10 of IAD send carries out verification, and verification is changeed step S614 through the back.
Step S614, IAD 302 sends the virtual machine request for allocation to scheduling virtual machine device 306, carries the identity information of authenticated at least.
Step S616, scheduling virtual machine device 306 is to subscribed services device 310 these users' of request virtual desktop CAMEL-Subscription-Information.
Step S618, subscribed services device 310 return this user's virtual desktop CAMEL-Subscription-Information, include but not limited to CPU quantity that this user contracts, memory size, disk limit, priority, software configuration information etc.Because the user is first login, never assigns virtual machine, so the virtual machine identification information that has not distributed in the return information.
Step S620 after scheduling virtual machine device 306 is received subscription data, in conjunction with resource operating position in subscription data and the virtual machine pond 308, distributes the resources of virtual machine of a free time.
Step S622, scheduling virtual machine device 306 is issued the virtual machine pond with assignment request, comprises the resource allocation information of virtual machine and user's identity information, and this assignment request finally is responsible for processing by the virtual machine manager at virtual machine place, has reserved related resource.
Step S624, scheduling virtual machine device 306 return success response to IAD 302 after executing assign task, comprising the position information such as IP address of virtual machine.
Step S626, IAD 302 is given UE 10 return authentication success responses.
Step S628, UE 10 initiates the virtual desktop access request.
Step S630, IAD 302 its legitimacies of checking
Step S632, IAD 302 is transmitted to the virtual machine in the virtual machine pond that this user distributed with the access request of UE 10.
Step S634, the virtual machine that has distributed place virtual machine manager is verified user validation, and loads user's desktop according to user's I/O capability.
Step S636, virtual machine pond 308 reports the appointment successful information to subscribed database, comprises but is not limited to the id information of virtual machine; This reports and can be carried out by the virtual machine manager at the virtual machine place of having distributed.
Step S638, the subscribed database in the subscribed services device 310 is noted virtual machine ID, assigns virtual use during in order to the subsequent user login.
Step S640~S642, virtual machine backward reference success response arrives UE 10 via IAD 302.
Step S644, virtual machine reports the visit charge information to accounting server, charges service time such as press virtual machine, is exactly the beginning message that charges here.
Step S646; Carry out the visit of virtual desktop between UE 10 and virtual machine; The implementation that depends on virtual desktop, these visits can become the different logical passage according to the different tissues of input-output equipment, such as being divided into the logical sub passage according to screen, keyboard, mouse, sound, storage.
Step S648, in the access process of virtual desktop, virtual machine periodically reports charge information to accounting server.
Further; In order to improve the load time of virtual desktop, promote client's experience, UE can insert the I/O capability that just carries self in the request at step S610; When being assigned by the scheduling virtual machine device, this information uses; When step S622, just can shift to an earlier date loaded virtual machine, start virtual desktop for client's UE distribution.
Fig. 7 is for combining the schematic flow sheet of the follow-up login access network of remote desktop client embodiment illustrated in fig. 3; Be that with embodiment main difference shown in Figure 6 user-subscribed database stored the virtual machine id information of having assigned, follow-up virtual machine assigns process also different.Specific as follows:
Step S702 is corresponding to the operation of step S602~S612 in embodiment illustrated in fig. 6.Repeat no more here.
Step S704, IAD 302 sends the virtual machine request for allocation to scheduling virtual machine device 306, carries the identity information of authenticated at least.
Step S706, scheduling virtual machine device 306 is to subscribed services device 310 these users' of request virtual desktop CAMEL-Subscription-Information.
Step S708, subscribed services device 310 return this user's virtual desktop CAMEL-Subscription-Information, and wherein, this virtual desktop CAMEL-Subscription-Information includes but not limited to CPU quantity that this user contracts, memory size, disk limit, priority, software configuration information etc.Because the user is follow-up login, signs in to virtual machine through virtual desktop, so write down the virtual machine ID that distributed in the subscribed database in the past.
Step S710 after scheduling virtual machine device 306 is received subscription data, according to the virtual machine id information that returns, finds in the past the information of the virtual machine that distributes, resource operating position in the combined with virtual machine pond, the where recovery virtual machine of decision in the virtual machine pond.
Step S712, scheduling virtual machine device 306 send the instruction of the virtual machine that recovers designated virtual machine ID to virtual machine pond 308.
Step S714 is to S736, and the step S624-step S648 during correspondence is embodiment illustrated in fig. 6 repeats no more here.
Preferably, after the virtual desktop operated of above-mentioned execution, can also comprise: above-mentioned network equipment receives the de-registration request that comes from above-mentioned UE; Above-mentioned network equipment discharges above-mentioned virtual machine.
For the better log off procedure of understanding in the above-mentioned preferred embodiment, specify below in conjunction with Fig. 8, wherein, Fig. 8 is for combining UE embodiment illustrated in fig. 3 schematic flow sheet from network cancellation virtual desktop, and as shown in Figure 8, this logout flow path comprises:
Step S802, UE 10 sends de-registration request to IAD 302;
Step S804, IAD 302 is through the legitimacy of certificate server 304 checking UE 10.
Step S806, IAD 302 is transmitted de-registration request to scheduling virtual machine device 306.
Step S808, scheduling virtual machine device 306 find this user's corresponding virtual machine information, send the resources of virtual machine request that discharges to virtual machine pond 308.
Step S810, virtual machine pond 308 is returned and is discharged response.
Step S812, scheduling virtual machine device 306 return to IAD 302 and nullify response.
Step S814, IAD 302 return to nullify to UE 10 and confirm.
In sum; Can learn that the above embodiment of the present invention adds authentication mechanism and billing mechanism simultaneously through the terminal trustship of terminal and network equipment realization desktop virtual in whole implement process; Solved in the correlation technique; The virtual desktop technology can't be carried out authentication with the existing user of communication network, and the relatively poor and current terminal staging cycle length of the support of storage capacity and dispatching, cost are than problems such as height, and then it is safer to have reached the desktop virtual that the terminal is participated in; Improve the effect of storage capacity and dispatching; Simultaneously operator can make up the virtual terminal mandatory system that can run according to the foregoing description, the telecom operators under existing telecom operation pattern and the user, also can shorten the cycle and reduction upgrade cost of terminal staging.
Obviously, it is apparent to those skilled in the art that above-mentioned each module of the present invention or each step can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, and in some cases, can carry out step shown or that describe with the order that is different from here by calculation element; Perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (15)
1. a desktop virtual terminal trustship method is characterized in that, comprising:
Network equipment receives and comes from first of the user equipment (UE) request of landing and said UE is carried out authentication;
After authentication was passed through, said network equipment distributed at least one virtual machine to give said UE, and wherein, said virtual machine adopts virtual machine ID sign;
Said UE and said virtual machine ID corresponding virtual machine carry out being redirected of equipment;
Said UE carries out virtual desktop operated to said virtual machine.
2. method according to claim 1 is characterized in that, said network equipment comprises: IAD, said network equipment carry out authentication to said UE and comprise:
Said IAD reception comes from first of said UE and lands request;
Said IAD and certificate server carry out alternately, accomplish recognizing of said UE levied.
3. method according to claim 2 is characterized in that, said certificate server is the home subscribed services device HSS among the mobile network, and said HSS comprises: authentication server functions entity and subscribed services device functional entity.
4. method according to claim 1; It is characterized in that; Said network equipment distributes at least one virtual machine to give said UE according to the CAMEL-Subscription-Information of user at the service provider place; Wherein, said CAMEL-Subscription-Information comprise following one of at least: said virtual machine CPU quantity, memory size, disk limit and service priority.
5. method according to claim 1 and 2 is characterized in that, when said first request of landing for said UE during first to logging request that said network equipment sends, distribute after at least one virtual machine gives said UE at said network equipment, also comprise:
Said network equipment is preserved said virtual machine ID.
6. method according to claim 5 is characterized in that, after said network equipment was preserved said virtual machine ID, said method also comprised:
Said network equipment reception comes from second of said UE and lands request, and said UE is carried out authentication;
After authentication is passed through, said network equipment will be redistributed to said UE with the virtual machine ID corresponding virtual machine of said preservation;
Said UE and said virtual machine ID corresponding virtual machine carry out the device redirection operation, and carry out virtual desktop operated.
7. method according to claim 1 and 2 is characterized in that, after the virtual desktop operated of said execution, also comprises:
Said network equipment receives the de-registration request that comes from said UE;
Said network equipment discharges said virtual machine.
8. method according to claim 1 and 2 is characterized in that, when said UE carried out virtual desktop operated, said method also comprised: said virtual machine reports the visit charge information of said UE to accounting server.
9. desktop virtual terminal mandatory system comprises: user equipment (UE) and network equipment, it is characterized in that,
Said UE comprises:
Sending module is used for sending first to said network equipment and lands request;
First redirection module is used for the input equipment of said UE side is redirected to the virtual machine that said network equipment distributes;
Executive Module is used for after the virtual machine of said UE and network equipment distribution carries out device redirection, carrying out virtual desktop operated;
Said network equipment comprises:
Receiver module is used to receive and comes from first of said UE and land request;
Authentication module is used for according to said first request of landing said UE being carried out authentication;
Distribution module is used for after authentication is passed through, and distributes at least one said virtual machine to give said UE, and wherein, said virtual machine adopts virtual machine ID sign;
Second redirection module is used for the output equipment of said network side is redirected to said UE.
10. mandatory system according to claim 9 is characterized in that, said authentication module comprises: IAD, and be used to receive and come from first of the said UE request of landing and carry out alternately with certificate server, completion is to the authentication of said UE.
11. mandatory system according to claim 9 is characterized in that, said certificate server is the home subscribed services device HSS among the mobile network, and said HSS comprises: authentication server functions entity and subscribed services device functional entity.
12., it is characterized in that said network equipment also comprises according to claim 9 or 10 described mandatory systems:
Memory module when being used in said first request of landing for said UE first to logging request that said network equipment sends, is distributed after at least one virtual machine gives said UE at said network equipment, preserves said virtual machine ID.
13. mandatory system according to claim 10 is characterized in that,
Said receiver module also is used to receive and comes from second of said UE and land request;
Said authentication module also is used for according to second of said UE the request of landing said UE is carried out authentication;
Said distribution module also is used for after authentication is passed through, and the virtual machine ID corresponding virtual machine that said memory module is preserved is redistributed to said UE.
14. according to claim 9 or 10 described mandatory systems, it is characterized in that,
Said receiver module also is used to receive the de-registration request of said UE;
Then said network equipment also comprises:
Nullify module, be used for discharging and said virtual machine according to said de-registration request.
15., it is characterized in that said network equipment also comprises according to claim 9 or 10 described mandatory systems:
Accounting module is used for when said UE carries out virtual desktop operated, reports the visit charge information of said UE to accounting server.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010569636.XA CN102487380B (en) | 2010-12-01 | 2010-12-01 | Desktop virtual terminal entrusting method and system |
| PCT/CN2011/078795 WO2012071907A1 (en) | 2010-12-01 | 2011-08-23 | Method and system for hosting desktop virtualized terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010569636.XA CN102487380B (en) | 2010-12-01 | 2010-12-01 | Desktop virtual terminal entrusting method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102487380A true CN102487380A (en) | 2012-06-06 |
| CN102487380B CN102487380B (en) | 2016-09-07 |
Family
ID=46152834
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010569636.XA Active CN102487380B (en) | 2010-12-01 | 2010-12-01 | Desktop virtual terminal entrusting method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102487380B (en) |
| WO (1) | WO2012071907A1 (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868723A (en) * | 2012-08-22 | 2013-01-09 | 上海金图信息科技有限公司 | Control console and management method of management zero terminal machine and desktop virtual machine |
| CN102891851A (en) * | 2012-09-25 | 2013-01-23 | 中国联合网络通信集团有限公司 | Access control method, equipment and system of virtual desktop |
| CN103209190A (en) * | 2013-04-23 | 2013-07-17 | 深圳市京华科讯科技有限公司 | Desktop all-in-one machine access gateway and implementation method thereof |
| CN103220359A (en) * | 2013-04-23 | 2013-07-24 | 深圳市京华科讯科技有限公司 | Management system and management method for desktop all-in-one machine |
| WO2013178099A1 (en) * | 2012-08-29 | 2013-12-05 | 中兴通讯股份有限公司 | System, method, client and service centre for realizing remote desktop |
| CN103514044A (en) * | 2012-06-29 | 2014-01-15 | 北京金山安全软件有限公司 | Resource optimization method, device and system of dynamic behavior analysis system |
| CN103780641A (en) * | 2012-10-17 | 2014-05-07 | 中国电信股份有限公司 | Cloud desktop access method, home gateway and system |
| CN103944882A (en) * | 2014-03-19 | 2014-07-23 | 华存数据信息技术有限公司 | Cloud desktop authorization management method under cloud computing environment |
| CN103975567A (en) * | 2012-11-14 | 2014-08-06 | 华为技术有限公司 | Dual-factor authentication method and virtual machine device |
| CN104468550A (en) * | 2014-11-28 | 2015-03-25 | 华为技术有限公司 | User login method for Windows desktop, device and system |
| CN104679494A (en) * | 2013-11-29 | 2015-06-03 | 华为技术有限公司 | Method and device for achieving long-distance virtual desktop and application program |
| CN104954400A (en) * | 2014-03-27 | 2015-09-30 | 中国电信股份有限公司 | Cloud computing system and realizing method thereof |
| CN105159749A (en) * | 2015-09-11 | 2015-12-16 | 东莞市微云系统科技有限公司 | Method and system for redirecting local disk to a virtual machine by cloud terminal |
| CN105843612A (en) * | 2016-03-21 | 2016-08-10 | 深圳市京华科讯科技有限公司 | Method for switching virtual machines by terminal device and terminal device |
| CN106130765A (en) * | 2016-06-23 | 2016-11-16 | 杭州华三通信技术有限公司 | virtual desktop distribution method and device |
| CN106209423A (en) * | 2016-06-23 | 2016-12-07 | 杭州华三通信技术有限公司 | Virtual desktop distribution method and device |
| CN107124390A (en) * | 2016-02-25 | 2017-09-01 | 阿里巴巴集团控股有限公司 | Prevention-Security, implementation method, the apparatus and system of computing device |
| CN112241299A (en) * | 2019-07-18 | 2021-01-19 | 上海达龙信息科技有限公司 | Operation management method, system, medium and server for electronic equipment |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108470125B (en) * | 2018-02-09 | 2021-01-19 | 北京明朝万达科技股份有限公司 | OLE redirection method and system based on virtual desktop |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020069369A1 (en) * | 2000-07-05 | 2002-06-06 | Tremain Geoffrey Donald | Method and apparatus for providing computer services |
| US20060294517A1 (en) * | 2005-06-28 | 2006-12-28 | Zimmer Vincent J | Network interface sharing among multiple virtual machines |
| CN101378386A (en) * | 2007-08-31 | 2009-03-04 | 运软网络科技(上海)有限公司 | Safety authentication method and apparatus for transferring screen by a palm terminal using virtual technology |
| CN101410803A (en) * | 2006-01-24 | 2009-04-15 | 思杰系统有限公司 | Methods and systems for providing access to a computing environment |
| CN101470621A (en) * | 2007-12-28 | 2009-07-01 | 埃森哲环球服务有限公司 | Virtual machine configuration system |
| CN101621377A (en) * | 2009-03-26 | 2010-01-06 | 常熟理工学院 | Trusted access method under virtual computing environment |
| CN101667144A (en) * | 2009-09-29 | 2010-03-10 | 北京航空航天大学 | Virtual machine communication method based on shared memory |
| CN101681257A (en) * | 2007-04-26 | 2010-03-24 | 惠普开发有限公司 | Virtual machine control |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| NZ528277A (en) * | 2001-03-19 | 2007-06-29 | Qualcomm Inc | Dynamically downloading and executing system services on a wireless device |
| WO2009108579A2 (en) * | 2008-02-26 | 2009-09-03 | Vmware, Inc. | Extending server-based desktop virtual machine architecture to client machines |
| CN101242261B (en) * | 2008-03-21 | 2010-08-04 | 华耀环宇科技(北京)有限公司 | A VPN connection separation method based on operating system desktop |
-
2010
- 2010-12-01 CN CN201010569636.XA patent/CN102487380B/en active Active
-
2011
- 2011-08-23 WO PCT/CN2011/078795 patent/WO2012071907A1/en active Application Filing
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020069369A1 (en) * | 2000-07-05 | 2002-06-06 | Tremain Geoffrey Donald | Method and apparatus for providing computer services |
| US20060294517A1 (en) * | 2005-06-28 | 2006-12-28 | Zimmer Vincent J | Network interface sharing among multiple virtual machines |
| CN101410803A (en) * | 2006-01-24 | 2009-04-15 | 思杰系统有限公司 | Methods and systems for providing access to a computing environment |
| CN101681257A (en) * | 2007-04-26 | 2010-03-24 | 惠普开发有限公司 | Virtual machine control |
| CN101378386A (en) * | 2007-08-31 | 2009-03-04 | 运软网络科技(上海)有限公司 | Safety authentication method and apparatus for transferring screen by a palm terminal using virtual technology |
| CN101470621A (en) * | 2007-12-28 | 2009-07-01 | 埃森哲环球服务有限公司 | Virtual machine configuration system |
| CN101621377A (en) * | 2009-03-26 | 2010-01-06 | 常熟理工学院 | Trusted access method under virtual computing environment |
| CN101667144A (en) * | 2009-09-29 | 2010-03-10 | 北京航空航天大学 | Virtual machine communication method based on shared memory |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103514044A (en) * | 2012-06-29 | 2014-01-15 | 北京金山安全软件有限公司 | Resource optimization method, device and system of dynamic behavior analysis system |
| CN102868723A (en) * | 2012-08-22 | 2013-01-09 | 上海金图信息科技有限公司 | Control console and management method of management zero terminal machine and desktop virtual machine |
| WO2013178099A1 (en) * | 2012-08-29 | 2013-12-05 | 中兴通讯股份有限公司 | System, method, client and service centre for realizing remote desktop |
| CN102891851A (en) * | 2012-09-25 | 2013-01-23 | 中国联合网络通信集团有限公司 | Access control method, equipment and system of virtual desktop |
| CN103780641A (en) * | 2012-10-17 | 2014-05-07 | 中国电信股份有限公司 | Cloud desktop access method, home gateway and system |
| CN103780641B (en) * | 2012-10-17 | 2017-08-15 | 中国电信股份有限公司 | Access method, home gateway and the system of cloud desktop |
| CN103975567A (en) * | 2012-11-14 | 2014-08-06 | 华为技术有限公司 | Dual-factor authentication method and virtual machine device |
| CN103209190A (en) * | 2013-04-23 | 2013-07-17 | 深圳市京华科讯科技有限公司 | Desktop all-in-one machine access gateway and implementation method thereof |
| CN103220359A (en) * | 2013-04-23 | 2013-07-24 | 深圳市京华科讯科技有限公司 | Management system and management method for desktop all-in-one machine |
| CN104679494A (en) * | 2013-11-29 | 2015-06-03 | 华为技术有限公司 | Method and device for achieving long-distance virtual desktop and application program |
| CN103944882A (en) * | 2014-03-19 | 2014-07-23 | 华存数据信息技术有限公司 | Cloud desktop authorization management method under cloud computing environment |
| CN104954400A (en) * | 2014-03-27 | 2015-09-30 | 中国电信股份有限公司 | Cloud computing system and realizing method thereof |
| CN104468550A (en) * | 2014-11-28 | 2015-03-25 | 华为技术有限公司 | User login method for Windows desktop, device and system |
| WO2016082548A1 (en) * | 2014-11-28 | 2016-06-02 | 华为技术有限公司 | User login method, device and system for windows desktop |
| CN105159749A (en) * | 2015-09-11 | 2015-12-16 | 东莞市微云系统科技有限公司 | Method and system for redirecting local disk to a virtual machine by cloud terminal |
| CN107124390A (en) * | 2016-02-25 | 2017-09-01 | 阿里巴巴集团控股有限公司 | Prevention-Security, implementation method, the apparatus and system of computing device |
| CN105843612A (en) * | 2016-03-21 | 2016-08-10 | 深圳市京华科讯科技有限公司 | Method for switching virtual machines by terminal device and terminal device |
| CN106130765A (en) * | 2016-06-23 | 2016-11-16 | 杭州华三通信技术有限公司 | virtual desktop distribution method and device |
| CN106209423A (en) * | 2016-06-23 | 2016-12-07 | 杭州华三通信技术有限公司 | Virtual desktop distribution method and device |
| CN106209423B (en) * | 2016-06-23 | 2019-09-06 | 新华三技术有限公司 | Virtual desktop distribution method and device |
| CN112241299A (en) * | 2019-07-18 | 2021-01-19 | 上海达龙信息科技有限公司 | Operation management method, system, medium and server for electronic equipment |
| CN112241299B (en) * | 2019-07-18 | 2023-08-18 | 上海达龙信息科技有限公司 | Operation management method, system, medium and server of electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102487380B (en) | 2016-09-07 |
| WO2012071907A1 (en) | 2012-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102487380A (en) | Desktop virtual terminal entrusting method and system | |
| CN104378342B (en) | Many accounts verification method, Apparatus and system | |
| KR101507919B1 (en) | Method and apparatus for virtual desktop service | |
| KR101296065B1 (en) | Secure subscriber identity module service | |
| CN103001992B (en) | Virtual desktop realizes system and its application method | |
| CN101499995B (en) | Service scheduling method, system and apparatus for service scheduling | |
| US9535681B2 (en) | Validating availability of firmware updates for client devices | |
| CN109068179A (en) | A kind of multi-platform live broadcasting method, computer installation and computer readable storage medium | |
| US20150058834A1 (en) | Distributing software for updating of client devices | |
| US9781192B2 (en) | Device management service | |
| CN105719391A (en) | Mobile device supporting multiple payment cards and method | |
| CN105100150A (en) | Cloud desktop migration method and apparatus, and distributed cloud desktop system | |
| CN113141260B (en) | Secure access method, system and equipment based on software-defined wide area network (SD-WAN) | |
| CN112637221B (en) | Equipment control method and device | |
| CN105763610A (en) | Desktop cloud service providing method and desktop cloud service providing device | |
| CN114616807B (en) | Method and system for managing and controlling a communication network | |
| CN105959933A (en) | Terminal control method and control device, and server | |
| CN104471541B (en) | Promote the method and computer system of mixing application environment | |
| CN106600254B (en) | Multi-account management method and device for user | |
| CN105763569B (en) | To the method for account authentication, client, service platform and management platform | |
| CN105122775A (en) | Mist networks | |
| CN110753093A (en) | Method and device for managing equipment in cloud computing system | |
| CN105871982A (en) | Content pushing method, device and system | |
| CN102523335B (en) | Mobile terminal middleware system oriented to virtual community application | |
| CN112732730B (en) | Block chain-based card data updating method, system and provider platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |