CN102523207A - VNC (Virtual Network Computer)-based remote resource access method and proxy device - Google Patents

VNC (Virtual Network Computer)-based remote resource access method and proxy device Download PDF

Info

Publication number
CN102523207A
CN102523207A CN2011104016043A CN201110401604A CN102523207A CN 102523207 A CN102523207 A CN 102523207A CN 2011104016043 A CN2011104016043 A CN 2011104016043A CN 201110401604 A CN201110401604 A CN 201110401604A CN 102523207 A CN102523207 A CN 102523207A
Authority
CN
China
Prior art keywords
vnc
server
client
resource access
image information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011104016043A
Other languages
Chinese (zh)
Inventor
沃天宇
窦彦琪
康俊彬
李建欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN2011104016043A priority Critical patent/CN102523207A/en
Publication of CN102523207A publication Critical patent/CN102523207A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a VNC (Virtual Network Computer)-based remote resource access method and a proxy device. The VNC-based remote resource access method comprises the following steps: the proxy device receives a mapping request message which is sent by an authentication server and carries an IP address of a VNC server, combines the IP address of the proxy device and an unused port into a proxy IP address and establishes a connection with the VNC server; the proxy device establishes a connection with a VNC client side; and the proxy device receives a software resource access operation sent by the VNC client side, sends the software resource access operation to the VNC server, receives operation result screen image information returned by the VNC server according to the resource access operation and sends the operation result screen image information to the VNC client side. According to the technical scheme disclosed by the invention, the VNC server is not exposed on the network anymore by arranging the proxy device between the VNC server and the VNC client side, and thus the safety of the VNC server is improved.

Description

Based on virtual network computer remote resource access method and agent equipment
Technical field
The present invention relates to Intel Virtualization Technology, relate in particular to a kind of based on virtual network computer remote resource access method and agent equipment.
Background technology
Software serviceization (Software-as-a-Service; Abbreviate as: SaaS) be a kind of emerging software application pattern, it combines with virtual, through Intel Virtualization Technology software as service, make each layer loose coupling more that relates in the software execute process.
Virtual network computer (Virtual Network Computing; Abbreviate as: VNC) be a kind of use remote frame buffering (Remote Frame Buffer; Abbreviate as: RFB) agreement realizes that screen-picture is shared and the system of long-range demonstration.This VNC system can transmit the action of keyboard, mouse and instant screen-picture through network.The VNC system comprises two parts assembly: VNC server (server) and VNC client.
In the existing VNC system, the VNC client directly and the VNC server communicate, the VNC server is exposed on the public network, fail safe can't guarantee.
Summary of the invention
It is a kind of based on virtual network computer remote resource access method and agent equipment that the present invention provides, and is exposed to the problem that fail safe can't guarantee on the public network in order to solve the VNC server, improves the fail safe of VNC server.
One aspect of the present invention provides a kind of remote resource access method based on virtual network computer VNC, comprising:
Agent equipment receives the mapping request message of the Internet protocol IP address of carrying the VNC server of certificate server transmission; IP address and the synthetic Agent IP address of the port set that is not used with said agent equipment; And said Agent IP address sent to said certificate server; So that said certificate server sends to the VNC client with said Agent IP address, simultaneously, said agent equipment connects according to the IP address and the said VNC server of said VNC server;
Said agent equipment receives the connection foundation request that said VNC client is sent according to said Agent IP address, and connects with said VNC client;
Said agent equipment receives the resource access operations that said VNC client is sent; Said software resource accessing operation is sent to said VNC server; And receive the operating result screen image information that said VNC server returns according to said resource access operations, and said operating result screen image information is sent to said VNC client.
The present invention provides a kind of agent equipment on the other hand, comprising:
Mapping block; Be used to receive the mapping request message of the Internet protocol IP address of carrying virtual network computer VNC server that certificate server sends; IP address and the synthetic Agent IP address of the port set that is not used with said agent equipment; And said Agent IP address sent to said certificate server, so that said certificate server sends to the VNC client with said Agent IP address;
Module is set up in first connection, is used for connecting according to the IP address and the said VNC server of said VNC server;
Module is set up in second connection, is used to receive the connection foundation request that said VNC client is sent according to said Agent IP address, and connects with said VNC client;
Client is monitored module, is used to receive the resource access operations that said VNC client is sent, and said resource access operations is sent to said VNC server;
Server is monitored module, is used to receive the operating result screen image information that said VNC server returns according to said resource access operations, and said operating result screen image information is sent to said VNC client.
The remote resource access method that one aspect of the present invention provides based on VNC; By agent equipment with the IP address of agent equipment with its on a untapped port be combined to form the Agent IP address and send to the VNC client; Agent equipment connects with VNC client and VNC server respectively; As the agency between VNC client and the VNC server, realize communicating by letter between VNC client and the VNC server, owing to VNC client and agent equipment directly connect; And no longer directly and the VNC server connect; Being exposed on the public network is the port of agent equipment and no longer be the port of VNC server, has solved VNC and has been directly exposed to the unsafe problems that causes on the public network, has improved the fail safe of VNC server.
The agent equipment that the present invention provides on the other hand; With the IP address of agent equipment itself with its on a untapped port be combined to form the Agent IP address and send to the VNC client; Agent equipment connects with VNC client and VNC server respectively; As the agency between VNC client and the VNC server, realize communicating by letter between VNC client and the VNC server, owing to VNC client and agent equipment directly connect; And no longer directly and the VNC server connect; Being exposed on the public network is the port of agent equipment and no longer be the port of VNC server, has solved VNC and has been directly exposed to the unsafe problems that causes on the public network, has improved the fail safe of VNC server.
Description of drawings
Fig. 1 be various embodiments of the present invention based on VNC system configuration sketch map;
The flow chart that Fig. 2 provides for one embodiment of the invention based on the remote resource access method of VNC;
The flow chart that Fig. 3 provides for another embodiment of the present invention based on the remote resource access method of VNC;
The structural representation of the agent equipment that Fig. 4 provides for one embodiment of the invention;
The structural representation of the agent equipment that Fig. 5 provides for another embodiment of the present invention.
Embodiment
Fig. 1 be various embodiments of the present invention based on VNC system configuration sketch map.As shown in Figure 1, this VNC system comprises: VNC server 11, VNC client 12, certificate server 13 and agent equipment 14.
Wherein, VNC server 11 is connected with agent equipment 14, and agent equipment 14 also is connected with certificate server 13 with VNC client 12, and certificate server 13 also is connected with VNC client 12.
The VNC system of present embodiment is that a kind of RFB of use agreement realizes that screen-picture is shared and the system of long-range demonstration; Can the keyboard of VNC client 12, the action and the instant screen-picture of mouse be sent to VNC server 11 through network; The instant screen-picture of VNC server 11 is sent to VNC client 12, thus the visit that VNC client 12 is realized various softwares on the VNC server 11.
Wherein, use the RFB agreement to communicate between VNC server 11 and the VNC client 12.The RFB agreement is a remote graphics user's a simple protocol, be a kind of real " thin client " agreement, and this agreement is stateless.That is to say, if VNC client and VNC server break off is connected after, the state of VNC client can be preserved, and when this VNC client is connected with this VNC server again, then can operate based on the state of the VNC client of preservation before.Even, when different VNC clients is connected to this VNC server, also can operate new VNC client based on the state of the last VNC client of preserving before.
Illustrate: the VNC server 11 in the VNC system of present embodiment can be to adopt existing VNC server, also can adopt the server after existing VNC server made amendment, the server of Meta for example, but be not limited to this.VNC client 12 can be to adopt the intelligent terminal of Android operating system, but is not limited to this.Authenticating device 13 can be inlet (Portal) server, but is not limited to this.
The flow process based on the remote resource access method of VNC that will realize based on the VNC system through specific embodiment explanation below.
The flow chart that Fig. 2 provides for one embodiment of the invention based on the remote resource access method of VNC.As shown in Figure 2, the method for present embodiment comprises:
Step 201, agent equipment receive the mapping request message of the IP address of carrying the VNC server of certificate server transmission; IP address and the synthetic Agent IP address of the port set that is not used with agent equipment; And the Agent IP address sent to certificate server; So that certificate server sends to the VNC client with the Agent IP address, simultaneously, agent equipment connects according to the IP address and the VNC server of VNC server.
In the VNC system, certificate server is responsible for distributing to the VNC client IP address of VNC server.In the prior art; After certificate server is distributed the IP address of VNC server for the VNC client; Directly the IP address with the VNC server that is distributed sends to the VNC client; The VNC client will connect through the IP address and the VNC server of VNC server like this, so also can make the port of VNC server be exposed on the public network.
In the present embodiment, certificate server is after VNC is distributed the IP address of VNC server, sends mapping request message to agent equipment, and through mapping request message the IP address of VNC server is offered agent equipment.After agent equipment receives mapping request message; Therefrom parse the IP address of VNC server; Distribute the port that is not used on the agent equipment for the VNC client then, and the IP address of agent equipment oneself is made up with the port that is not used that is distributed, form a new IP address; Be the Agent IP address, then the Agent IP address sent to authenticating device.After authenticating device receives the Agent IP address, the Agent IP address is sent to the VNC client.Concerning the VNC client, will this Agent IP address of authentication be the IP address of VNC server.
Wherein, Agent equipment with the IP address of agent equipment oneself with the process that the port that is not used that is distributed is combined to form the Agent IP address is: agent equipment is bound the IP address of oneself with the untapped port that is distributed, form the information of the IP address+port of agent equipment.In other words, agent equipment sends to certificate server with the IP address of oneself with the port that is not used that is distributed simultaneously together, and sends to the VNC client by certificate server.
Simultaneously, agent equipment can send connection to the VNC server and set up request, thereby connect with the VNC server according to the IP address of the VNC server that parses.
Wherein, use the RFB agreement to communicate between agent equipment and the VNC server.
Step 202, agent equipment receive the connection foundation request that the VNC client is sent according to the Agent IP address, and connect with the VNC client.
For the VNC client, after getting access to the Agent IP address, will be purpose IP address with the Agent IP address, send to connect to set up to agent equipment and ask.For agent equipment, can obtain the port that is not used of distributing to the VNC client, and on this port, monitor, monitor the VNC client and whether insert this port.Concrete; Agent equipment can monitor on this port whether set up request by the connection of VNC client transmission; When request is set up in the connection that on this port, listens to the transmission of VNC client; Agent equipment earlier carries out authentication to the VNC client, guaranteeing the legitimacy of VNC client identity, and then guarantees the safety of VNC server.After the VNC client was through authentication, agent equipment and VNC client connected.
Wherein, also be to use the RFB agreement to communicate between agent equipment and the VNC client.So the process that agent equipment carries out authentication to the VNC client is the authentification of message process in the RFB agreement just, this verification process mainly comprised for three steps: the first step is mutual handshake message, and purpose is that protocol version and cipher mode are held consultation.Second step was to consult the safety certification mode.The 3rd step was to carry out safety certification.Afterwards, carry out initialization between agent equipment and the VNC client, carry out the mutual of normal protocol information then.
Step 203, agent equipment receive the resource access operations that the VNC client is sent; Resource access operations is sent to the VNC server; And receive the operating result screen image information that the VNC server returns according to resource access operations, and the operating result screen image information is sent to the VNC client.
When act on behalf of equipment and VNC server and VNC client all set up be connected after; VNC client and VNC server just can carry out information interaction through agent equipment; That is to say that the VNC client just can have been carried out resource accesses such as software through agent equipment to the VNC server.
Based on this, the VNC client is sent resource access operations to agent equipment.Wherein, resource access operations can be the operation information that mouse, keyboard of VNC client etc. sends, and for example double-clicks the operation information that mouse is opened certain program.Resource access operations is made up of the packet that meets the RFB agreement one by one.Concrete, the packet that meets the RFB protocol format that the VNC client is sent to agent equipment.After agent equipment receives the packet of VNC client transmission, packet is resolved, classified and packing processing again according to the RFB protocol format, the packet after will handling then sends to the VNC server.
Wherein, because the version of RFB agreement maybe be different between agent equipment and the VNC client, through above-mentioned parsing, classification and packing processing again, agent equipment can form the packet of the RFB protocol version that meets oneself.
Concerning the VNC server; After the resource access operations after treatment that receives the agent equipment forwarding; Can carry out corresponding operating, for example open certain program or file etc. on it, and can send to agent equipment through the operating result screen image information that the RFB agreement will be carried out behind the corresponding operating.Wherein, the operating result screen image information is made up of the packet that meets the RFB agreement one by one.
For agent equipment, after receiving the packet that meets the RFB agreement, packet is resolved, classified and packing processing again according to the RFB agreement, then treated packet is sent to the VNC client.In like manner, agent equipment meets the packet of the RFB protocol version of oneself through formation such as the processing of resolving, classify and pack.So far, accomplished of the visit of VNC client to software on the VNC server.
In the present embodiment; Agent equipment receives the resource access operations that the VNC client is sent; And send to the VNC server after resource access operations handled, and make the VNC server carry out corresponding operating and return result screen image information, agent equipment offers the VNC client with the operating result screen image information; Realized between VNC client and the VNC server alternately with communicate by letter; Realized of the visit of VNC client, and the VNC client is connected with the VNC server no longer directly, but is connected with the VNC server through agent equipment to various resources on the VNC server; Solve the safety problem that is faced when the VNC server is exposed on the network, improved the safety of VNC server.
In the practical application of VNC system, the VNC client is moved in unsettled network environment through regular meeting.In this network environment; The situation that frequent broken string connects again again will appear in the VNC client; The each connection again of VNC client in the prior art all needs again first frame information of Download Server screen; This has just taken a large amount of network bandwidths, has brought bad user experience to the user.To this problem, following examples of the present invention provide a solution, and this solution realizes based on the foregoing description.Specific as follows:
In the present embodiment, agent equipment comprises the two-way message queue, is respectively from the message queue of server to client end and the message queue from the client to the server.Message queue is used for when agent equipment is transmitted message, message being carried out buffer memory.
Based on above-mentioned message queue; When the equipment of agency receives a plurality of resource access operations of VNC client; Can be earlier resource access operations be put into client and carry out buffer memory, handle a plurality of resource access operations successively according to sequencing then to the message queue of server.
Correspondingly; When the equipment of acting on behalf of is resolved, classified the operating result screen image information of VNC server and packing processing again; And the operating result screen image information after will handling is when sending to the VNC client, and agent equipment also can carry out buffer memory with the message queue that the operating result screen image information after handling is put into the server to client end.
Wherein, the performance of message queue directly has influence on the operating efficiency and the performance of whole agent equipment.In the present embodiment, do not limit the concrete realization of employed message queue, but preferably adopt the storage organization of first in first out to realize.Present embodiment is example with the message queue that uses the first in first out structure; Then when message queue still has memory space; When new message (the operating result screen image information after comprising resource access operations and handling), new message is put into the tail of the queue of message queue; When message queue does not have idle storage space, begin successively institute's stored message deletion from the head of the queue of message queue, and subsequent message is moved to head of the queue, till the space of enough depositing new message is arranged.
Wherein, because the VNC client is carried out in the remote resource access process, data traffic is bigger; Can store a lot of message in the message queue short time, thereby make that message queue is long or do not have memory space, for the length of effective control messages formation; And operating factor of memory space in the raising message queue; Agent equipment with message deposit before the message queue, can merge message adjacent and that type is identical, and then the message after will merging is put into message queue.In other words, put into before client carries out buffer memory to the message queue of server,, resource access operations adjacent and that type is identical is merged according to the type of resource access operations when a plurality of resource access operations that the equipment of agency will receive; Resource access operations after will merging is then put into message queue.In addition; Agent equipment is except improving client to the utilance of the message queue of server through resource access operations is merged; Can also the resource access operations after merging be sent to the VNC server together; For example two click operations are placed in the packet and send to the VNC server, thereby improve the forward efficiency of agent equipment.In like manner; The message queue that operating result screen image information after the equipment of agency will be handled is put into the server to client end carries out before the buffer memory; Also can be according to the type of operating result screen image information, the operating result screen image information after adjacent and the processing that type is identical is merged; Then, the operating result screen image information after merging is put into message queue.Handle through this merging, effectively control messages is optimized the performance of message queue to the length of row.In addition, agent equipment can also be placed on the operating result screen image information after merging in the packet and send to the VNC client, thereby improves efficient from the operating result screen image information to the VNC client that transmit.
Based on above-mentioned; Realize through agent equipment when the VNC client with the VNC server between be connected when breaking off; The VNC client can perceive to connect breaks off; This moment, the VNC client was just preserved at operation displayed result screen image (being current operating result screen image information) current, so that the residual information that after connecting again, returns according to agent equipment rebuilds the operating result screen picture.The VNC client perceive connect to break off and current operating result screen picture preserved after, connect through agent equipment and VNC server again.At this moment, the VNC client can be sent to agent equipment again and connected the request of foundation, and agent equipment can connect with the VNC client again.Then; The VNC client can resend resource access operations after rebuliding connection (being that the VNC client has been connected to the VNC server that is connected before the disconnection again through agent equipment); And after agent equipment receives the resource access operations that the VNC client resends; If can not make an immediate response, can put it into client and in the message queue of server, carry out buffer memory, and when this resource access operations obtains handling; Agent equipment is resolved, is classified it and packing processing again, and the resource access operations that the VNC client after will handling resends sends to the VNC server.Simultaneously, the software resource accessing operation that the VNC client after agent equipment will be handled resends stores client in the message queue of server.
For the VNC server, after the resource access operations that the VNC client of receiving the agent equipment forwarding resends, can carry out corresponding operating equally and the operating result screen image information is returned to agent equipment.
After the equipment of agency receives the operating result screen image information that resource access operations that the VNC server resends according to the VNC client returns; Can to the operating result screen image information resolve, classify and again packing handle, and the residual information of the operating result screen image information after the processing of the operating result screen image information after will handling and server buffer memory in the message queue of client sends to the VNC client.For example: when the VNC client is opened certain file through mouse or keyboard; The VNC server will return the screen image information after opening file; This moment, agent equipment can ask poor with the screen image information of the screen image information that receives and the server last time of buffer memory in the message queue of client, and the difference of two screen image information is sent to the VNC client.After the VNC client received the residual information of agent equipment transmission, operating result screen image information and residual information according to preserving before obtained the operating result screen image information that the VNC server returns.For example: the VNC client can with before the operating result screen image information of preserving as benchmark, and the residual information that combines to receive draws desktop, thereby obtains the operating result screen image information that the VNC server returns.This has just reduced agent equipment and has broken off the amount of information of sending when connecting again in the VNC client, has practiced thrift bandwidth resources, helps improving the promptness that the VNC client obtains replying, and has improved user experience.
Wherein, Because in the present embodiment; Use the RFB agreement to communicate between agent equipment and VNC client and the VNC server, and the RFB agreement is a kind of stateless protocol, so the VNC client is broken off and connected the back to the not influence of VNC server; Make that the current information of information and VNC server of buffer memory in the message queue of server to client end on the agent equipment is identical, this provides condition for the realization of the above embodiment of the present invention.
Further; Because the buffer memory ability of message queue is limited; Its cache-time to message is limited; When VNC client and VNC server break off time of being connected above message queue during to the cache-time of message; Agent equipment just can't generate residual information according to the operating result screen image information of buffer memory in the message queue of server to client end after receiving the resource access operations that the VNC client resends, can only handle the resource access operations that the VNC client resends this moment as new resource access operations.
Following examples provide a kind of flow process of the remote resource access method based on VNC on the basis of technique scheme.
The flow chart that Fig. 3 provides for another embodiment of the present invention based on the remote resource access method of VNC.As shown in Figure 3, the method for present embodiment comprises:
Step 300, agent equipment receive the connection foundation request that the VNC client is sent.
Wherein individual, if the VNC client is after connecting disconnection, to initiate connection foundation request again, then after discovery connected disconnection, initiation connected before the foundation request again, and the VNC client can be preserved current operating result screen picture.
Step 301, agent equipment carry out authentication to the VNC client, judge whether the identity of VNC client is legal; When judged result when being, execution in step 302; When judged result for not the time, execution in step 310, i.e. end operation.
Step 302, agent equipment receive the resource access operations that the VNC client is sent.
Step 303, agent equipment are resolved, are classified the resource access operations of this transmission of VNC client and packing processing again, form the resource access operations after handling.
Resource access operations after step 304, agent equipment are handled this sends to the VNC server.
Resource access operations after step 305, VNC server are handled according to this is carried out corresponding operating, and to agent equipment return result screen image information.
Step 306, agent equipment receive this operating result screen image information of returning of VNC server; This operating result screen image information of returning is resolved, is classified and packing processing again to the VNC server, forms this operating result screen image information returned of VNC server after handling.
Step 307, agent equipment are judged the VNC client, and this connects time interval when breaking off whether less than the cache-time of message queue apart from the last time when sending resource access operations; When judged result when being, execution in step 308; When judged result for not the time, execution in step 309.
This step is in order to judging whether returning residual information to the VNC client, rather than whole operating result screen image information.
The operating result screen image information that VNC server after the processing of operating result screen image information after step 308, agent equipment will be handled and server buffer memory in the message queue of client returned last time is asked difference operation, generates the residual information of this operating result screen image information of returning of VNC server; The residual information of agent equipment this operating result screen image information of returning with the VNC server sends to the VNC client; The message queue that this operating result screen image information of returning of VNC server after will handling is simultaneously put into the server to client end carries out buffer memory, and changes and go execution in step 310.
In this step, after the VNC client receives residual information, be benchmark, and combine residual information to draw desktop, thereby obtain this operating result screen image information of returning of VNC server with the operating result screen picture of preserving before.
This operating result screen image information of returning of VNC server after step 309, agent equipment will be handled sends to the VNC client; The message queue that this operating result screen image information of returning of VNC server after will handling is simultaneously put into the server to client end carries out buffer memory, and changes and go execution in step 310.
In this step, the VNC client is directly drawn desktop according to the operating result screen image information that receives after receiving this operating result screen image information of returning of VNC server that agent equipment transmits, and this is similar with prior art, no longer detailed description.
Step 310, end operation.
The remote resource access method based on VNC of present embodiment, agent equipment make the VNC server no longer be exposed on the public network as the agency between VNC client and the VNC server, have solved the safety problem that the VNC server is faced.In addition, agent equipment is used for the message between VNC client and the VNC server is carried out buffer memory through message queue is set; And pass through to use stateless communication protocol (for example RFB agreement) to realize that VNC breaks off when initiating connection again within a certain period of time again, makes the VNC server can only transmit the partial information that the VNC client is asked, and need not transmit full detail; Improved efficiency of transmission; Practiced thrift transmission bandwidth, improved user's experience property, realized that broken string reconnects mechanism fast.
The structural representation of the agent equipment that Fig. 4 provides for one embodiment of the invention.As shown in Figure 4, the agent equipment of present embodiment comprises: module 42 is set up in mapping block 41, first connection, second connection is set up module 43, client monitoring module 44 and server and monitored module 45.
Wherein, Mapping block 41; Be connected with certificate server, be used to receive the mapping request message of the IP address of carrying the VNC server that certificate server sends, IP address and synthetic Agent IP address of the port set that is not used of agent equipment; And the Agent IP address sent to certificate server, so that certificate server sends to the VNC client with the Agent IP address.First connects and to set up module 42, is connected with the VNC server with mapping block 41, and the IP address and the VNC server of the VNC server that is used for receiving according to mapping block 41 connect.Module 43 is set up in second connection, is connected with the VNC client, is used to receive the connection foundation request that the VNC client is sent according to the Agent IP address, and connects with the VNC client.Client is monitored module 44, is connected with the VNC server with the VNC client, is used to receive the resource access operations that the VNC client is sent, and resource access operations is sent to the VNC server.Server is monitored module 45, is connected with the VNC client with the VNC server, is used to receive the operating result screen image information that the VNC server returns according to resource access operations, and the operating result screen image information is sent to the VNC client.
Each functional module of the agent equipment of present embodiment can be used for carrying out the flow process of the remote resource access method based on VNC shown in Figure 2, and its concrete operation principle repeats no more, and sees the description of method embodiment for details.
The agent equipment of present embodiment; Through connecting with the VNC server; And send to the VNC client through the IP address of agent equipment and port are formed the Agent IP address, thereby replace VNC server and VNC client to connect, both realized between VNC client and the VNC server mutual with communicate by letter; Make the VNC client no longer directly be connected again with the VNC server; Make the VNC server no longer be exposed on the public network, solved the problem of the safety that is directly exposed on the public network to be faced because of the VNC server, the fail safe that has improved the VNC server.
The structural representation of the agent equipment that Fig. 5 provides for another embodiment of the present invention.Present embodiment is based on realization embodiment illustrated in fig. 4, and is as shown in Figure 5, and second of present embodiment connects to be set up module 43 and comprise: monitoring unit 431, authentication ' unit 432 and set up unit 433.
Concrete, monitoring unit 431 is used to obtain the port that is not used, and on port, monitors.Authentication ' unit 432 is connected with monitoring unit 431, is used on port, listening to connection that the VNC client sends according to the Agent IP address when setting up request at monitoring unit 431, and the VNC client is carried out authentication.Set up unit 433, be connected with the VNC client with authentication ' unit 432, be used for the authentication result of authentication ' unit 432 for through the time, connect with the VNC client.
The above-mentioned functions unit can be used for carrying out the flow process that agent equipment carries out authentication to the VNC client among the said method embodiment, and its concrete operation principle repeats no more, and sees the description of method embodiment for details.
Further, the client of present embodiment monitoring module 44 comprises: first receives processing unit 441 and handles transmitting element 442.
First receives processing unit 441, is connected with the VNC server with the VNC client, is used to receive the resource access operations that the VNC client is sent.Handle transmitting element 442, be connected with the VNC server with the first reception processing unit 441, be used for resource access operations is resolved, classified and packing processing again, the resource access operations after will handling then sends to the VNC server.
Correspondingly, server monitoring module 45 comprises: second receives the processing unit 451 and first buffer unit 452.
Wherein, Second receives processing unit 451; Be connected with the VNC server with the VNC client; Be used to receive the operating result screen image information that the VNC server returns according to the resource access operations after handling, the operating result screen image information is resolved, classified and packing processing again, the operating result screen image information after will handling then sends to the VNC client.First buffer unit 452 receives processing unit 451 and is connected with second, and the message queue that is used for the operating result screen image information after the processing is put into the server to client end carries out buffer memory.
Further, client monitoring module 44 also comprises: second buffer unit 443.
Second buffer unit 443 receives processing unit 441 and is connected with first, is used for just resource access operations and puts into client and carry out buffer memory to the message of server to being listed as.
Correspondingly, server monitoring module 45 also comprises: merge cells 453.
Merge cells 453; Be connected with first buffer unit 452 with the second reception processing unit 451; Being used for operating result screen image information after first buffer unit 452 will be handled puts into before the message queue of server to client end carries out buffer memory; According to the type of operating result screen image information, the operating result screen image information after adjacent and the processing that type is identical is merged, and offer first buffer unit 452.
By above-mentioned visible, the agent equipment of present embodiment is provided with message queue, is respectively the message queue of server to client end and the message queue that client arrives server.
Above-mentioned each functional unit can be used for carrying out provide among the said method embodiment message is carried out buffer memory and merged the flow process of handling, for the software of VNC client on request visit VNC server under the condition of breaking off connection again provides condition.
Based on above-mentioned, second of present embodiment connect set up module 43 also be used to receive the VNC client perceive broken string and current operating result screen image information preserved after the connection initiated again set up request, and rebulid with the VNC client and to be connected.
Correspondingly; Client is monitored module 44 and also be used to receive the resource access operations that the VNC client resends after being rebulid connection; Resource access operations to the VNC client resends is resolved, is classified and packing processing again, and the resource access operations client that the VNC client after will handling resends sends to the VNC server.
Server is monitored module 45 and also is used to receive the operating result screen image information that resource access operations that the VNC server resends according to the VNC client after handling is returned; And to the operating result screen image information that the resource access operations that the VNC server resends according to the VNC client after handling is returned resolve, classify and again packing handle; And the residual error of the operating result screen image information after the processing of the operating result screen image information after will handling and server buffer memory in the message queue of client sends to the VNC client, and the message queue that the operating result screen picture letter client after will handling is simultaneously put into the server to client end carries out buffer memory.
Above-mentioned second connects and to set up module, client and monitor module and server and monitor module and specifically be used to carry out the VNC client and visit the flow process of the software on the VNC server down breaking off condition of contact again; Realize that broken string reconnects mechanism fast; Its concrete operation principle sees the description of said method embodiment for details, repeats no more at this.
The agent equipment of present embodiment; Through message queue is set the interaction message between VNC server and the VNC client is carried out buffer memory; Make the VNC server in the VNC client when breaking off again the connection request softward interview, can be only to the difference of the operating result screen image information of VNC client transmissions and last time, rather than transmit whole operating result screen image information; Improved transmission rate; Realize reconnecting fast behind the broken string, and practiced thrift transmission bandwidth, improved user's experience property.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.

Claims (10)

1. the remote resource access method based on virtual network computer VNC is characterized in that, comprising:
Agent equipment receives the mapping request message of the Internet protocol IP address of carrying the VNC server of certificate server transmission; IP address and the synthetic Agent IP address of the port set that is not used with said agent equipment; And said Agent IP address sent to said certificate server; So that said certificate server sends to the VNC client with said Agent IP address, simultaneously, said agent equipment connects according to the IP address and the said VNC server of said VNC server;
Said agent equipment receives the connection foundation request that said VNC client is sent according to said Agent IP address, and connects with said VNC client;
Said agent equipment receives the resource access operations that said VNC client is sent; Said resource access operations is sent to said VNC server; And receive the operating result screen image information that said VNC server returns according to said resource access operations, and said operating result screen image information is sent to said VNC client.
2. the remote resource access method based on VNC according to claim 1 is characterized in that, said agent equipment receives the connection that said VNC client sends according to said Agent IP address and sets up request, and connects with said VNC client and to comprise:
Said agent equipment obtains the said port that is not used, and on said port, monitors;
When on said port, listening to connection that said VNC client sends according to said Agent IP address when setting up request, said agent equipment carries out authentication to said VNC client;
When authentication was passed through, said agent equipment and said VNC client connected.
3. the remote resource access method based on VNC according to claim 1; It is characterized in that; Said agent equipment receives the resource access operations that said VNC client is sent; Said resource access operations is sent to said VNC server, and receives the operating result screen image information that said VNC server returns according to said resource access operations, and said operating result screen image information is sent to said VNC client comprise:
Said agent equipment receives the resource access operations that said VNC client is sent, and said resource access operations is resolved, classified and packing processing again, and the resource access operations after will handling then sends to said VNC server;
Said agent equipment receives the operating result screen image information that said VNC server returns according to the resource access operations after handling; Said operating result screen image information is resolved, classified and packing processing again; Operating result screen image information after will handling then sends to said VNC client, and the message queue that the operating result screen image information after will handling is put into the server to client end carries out buffer memory.
4. the remote resource access method based on VNC according to claim 3 is characterized in that, said agent equipment is resolved, classified and comprise before the packing processing said resource access operations after receiving said resource access operations:
Said agent equipment is put into client with said resource access operations and is carried out buffer memory to the message queue of server;
The message queue that operating result screen image information after said agent equipment will be handled is put into the server to client end carries out comprising before the buffer memory:
Said agent equipment is according to the type of operating result screen image information, and the operating result screen image information after adjacent and the processing that type is identical is merged.
5. according to claim 3 or 4 described remote resource access methods, it is characterized in that, also comprise based on VNC:
Said agent equipment receive said VNC client perceive broken string and current operating result image information preserved after the connection initiated again set up request, and rebulid with said VNC client and to be connected;
Said agent equipment receives the resource access operations that said VNC client resends after rebuliding connection; Resource access operations to said VNC client resends is resolved, is classified and packing processing again, and the resource access operations that the said VNC client after will handling resends sends to said VNC server;
Said agent equipment receives the operating result screen image information that resource access operations that said VNC server resends according to the said VNC client after handling is returned; And to the operating result screen image information that the resource access operations that said VNC server resends according to the said VNC client after handling is returned resolve, classify and again packing handle; And the residual information of the operating result screen image information after the processing of buffer memory sends to said VNC client in the message queue of operating result screen image information after will handling and said server to client end, and the message queue that the operating result screen image information after will handling is simultaneously put into said server to client end carries out buffer memory.
6. an agent equipment is characterized in that, comprising:
Mapping block; Be used to receive the mapping request message of the Internet protocol IP address of carrying virtual network computer VNC server that certificate server sends; IP address and the synthetic Agent IP address of the port set that is not used with said agent equipment; And said Agent IP address sent to said certificate server, so that said certificate server sends to the VNC client with said Agent IP address;
Module is set up in first connection, is used for connecting according to the IP address and the said VNC server of said VNC server;
Module is set up in second connection, is used to receive the connection foundation request that said VNC client is sent according to said Agent IP address, and connects with said VNC client;
Client is monitored module, is used to receive the resource access operations that said VNC client is sent, and said resource access operations is sent to said VNC server;
Server is monitored module, is used to receive the operating result screen image information that said VNC server returns according to said resource access operations, and said operating result screen image information is sent to said VNC client.
7. agent equipment according to claim 6 is characterized in that, said second connection is set up module and comprised:
Monitoring unit is used to obtain the said port that is not used, and on said port, monitors;
Authentication ' unit is used on said port, listening to connection that said VNC client sends according to said Agent IP address when setting up request at said monitoring unit, and said VNC client is carried out authentication;
Set up the unit, be used for the authentication result of said authentication ' unit for through the time, connect with said VNC client.
8. agent equipment according to claim 6 is characterized in that, said client is monitored module and comprised:
First receives processing unit, is used to receive the resource access operations that said VNC client is sent;
Handle transmitting element, be used for said resource access operations is resolved, classified and packing processing again, the resource access operations after will handling then sends to said VNC server;
Said server is monitored module and is comprised:
Second receives processing unit; Be used to receive the operating result screen image information that said VNC server returns according to the resource access operations after handling; Said operating result screen image information is resolved, classified and packing processing again, and the operating result screen image information after will handling then sends to said VNC client;
First buffer unit, the message queue that is used for the operating result screen image information after handling is put into the server to client end carries out buffer memory.
9. agent equipment according to claim 8 is characterized in that, said client is monitored module and also comprised:
Second buffer unit is used for just said resource access operations and puts into client and to the message of server row are carried out buffer memory;
Said server is monitored module and is also comprised:
Merge cells; Being used for operating result screen image information after said first buffer unit will be handled puts into before the message queue of server to client end carries out buffer memory; According to the type of operating result screen image information, the operating result screen image information after adjacent and the processing that type is identical is merged.
10. according to Claim 8 or 9 described agent equipments; It is characterized in that; Said second connect set up module also be used to receive said VNC client perceive broken string and current operating result screen image information preserved after the connection initiated again set up request, and rebulid with said VNC client and to be connected;
Said client is monitored module and also be used to receive the resource access operations that said VNC client resends after being rebulid connection; Resource access operations to said VNC client resends is resolved, is classified and packing processing again, and the resource access operations client that the said VNC client after will handling resends sends to said VNC server;
Said server is monitored module and also is used to receive the operating result screen image information that resource access operations that said VNC server resends according to the said VNC client after handling is returned; And to the operating result screen image information that the resource access operations that said VNC server resends according to the said VNC client after handling is returned resolve, classify and again packing handle; And the residual error of the operating result screen image information after the processing of buffer memory sends to said VNC client in the message queue of operating result screen image information after will handling and said server to client end, and the message queue that the operating result screen image information after will handling is simultaneously put into said server to client end carries out buffer memory.
CN2011104016043A 2011-12-06 2011-12-06 VNC (Virtual Network Computer)-based remote resource access method and proxy device Pending CN102523207A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011104016043A CN102523207A (en) 2011-12-06 2011-12-06 VNC (Virtual Network Computer)-based remote resource access method and proxy device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011104016043A CN102523207A (en) 2011-12-06 2011-12-06 VNC (Virtual Network Computer)-based remote resource access method and proxy device

Publications (1)

Publication Number Publication Date
CN102523207A true CN102523207A (en) 2012-06-27

Family

ID=46293999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011104016043A Pending CN102523207A (en) 2011-12-06 2011-12-06 VNC (Virtual Network Computer)-based remote resource access method and proxy device

Country Status (1)

Country Link
CN (1) CN102523207A (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368956A (en) * 2013-07-03 2013-10-23 北京华胜天成科技股份有限公司 RFB (remote frame buffer) protocol secure communication method for VNC (virtual network computer) used for server side and RFB proxy server
CN103618737A (en) * 2013-12-10 2014-03-05 浪潮电子信息产业股份有限公司 VNC console optimization scheme of virtual machines in cloud computing environment
CN103618784A (en) * 2013-11-25 2014-03-05 广东威创视讯科技股份有限公司 VNC multipath interaction method
CN103677840A (en) * 2013-12-18 2014-03-26 浪潮电子信息产业股份有限公司 Method for viewing and operating application graphical interface in job dispatching software
CN103812913A (en) * 2012-11-14 2014-05-21 杭州华三通信技术有限公司 Remote access method and device based on VNC (virtual network computing)
CN105005716A (en) * 2015-06-16 2015-10-28 中国科学院计算技术研究所 Remote payment system and remote payment method of application program
WO2016041453A1 (en) * 2014-09-16 2016-03-24 华为技术有限公司 Remote resource access method and exchange device
CN105446750A (en) * 2014-05-30 2016-03-30 阿里巴巴集团控股有限公司 Web app starting operation and mirror image file generating method and device
CN106570352A (en) * 2015-10-12 2017-04-19 中国石油化工股份有限公司 Method and device for using software resource remotely without password
CN106685785A (en) * 2016-12-27 2017-05-17 北京航空航天大学 Intranet access system based on IPsec VPN proxy
WO2018010146A1 (en) * 2016-07-14 2018-01-18 华为技术有限公司 Response method, apparatus and system in virtual network computing authentication, and proxy server
CN110196769A (en) * 2018-04-19 2019-09-03 财付通支付科技有限公司 A kind of information processing method, device, server and storage medium
CN110708395A (en) * 2019-10-24 2020-01-17 深圳前海环融联易信息科技服务有限公司 Data acquisition method and device, computer equipment and storage medium
CN111741091A (en) * 2020-06-11 2020-10-02 无锡华云数据技术服务有限公司 Method and device for hiding IP and port number of NoVNC server and electronic equipment
CN112689000A (en) * 2020-12-18 2021-04-20 江苏云柜网络技术有限公司 Remote desktop control system and method based on VNC tool
CN113176969A (en) * 2021-04-23 2021-07-27 杭州迪普科技股份有限公司 Service providing method, device, equipment and computer readable storage medium
CN114726850A (en) * 2022-04-02 2022-07-08 福达新创通讯科技(厦门)有限公司 VNC remote access method, device and storage medium
CN117850723A (en) * 2023-12-29 2024-04-09 慧之安信息技术股份有限公司 Split screen management method and system based on remote control desktop

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350833A (en) * 2007-07-16 2009-01-21 国际商业机器公司 Method and system for managing remote host visibility in a proxy server environment
CN101911052A (en) * 2008-01-02 2010-12-08 三星电子株式会社 Method of and apparatus for downloading data
CN101964798A (en) * 2010-10-15 2011-02-02 德讯科技股份有限公司 Multi-graphic protocol unified proxy system based on remote desktop protocol

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350833A (en) * 2007-07-16 2009-01-21 国际商业机器公司 Method and system for managing remote host visibility in a proxy server environment
CN101911052A (en) * 2008-01-02 2010-12-08 三星电子株式会社 Method of and apparatus for downloading data
CN101964798A (en) * 2010-10-15 2011-02-02 德讯科技股份有限公司 Multi-graphic protocol unified proxy system based on remote desktop protocol

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谭造保: ""远程桌面访问的单点登录及其行为审计系统的设计与实现"", 《中国优秀硕士学位论文全文数据库》 *

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103812913B (en) * 2012-11-14 2017-11-10 新华三技术有限公司 A kind of remote access method and device based on Virtual Networking Computing
CN103812913A (en) * 2012-11-14 2014-05-21 杭州华三通信技术有限公司 Remote access method and device based on VNC (virtual network computing)
CN103368956A (en) * 2013-07-03 2013-10-23 北京华胜天成科技股份有限公司 RFB (remote frame buffer) protocol secure communication method for VNC (virtual network computer) used for server side and RFB proxy server
CN103618784A (en) * 2013-11-25 2014-03-05 广东威创视讯科技股份有限公司 VNC multipath interaction method
CN103618784B (en) * 2013-11-25 2017-02-15 广东威创视讯科技股份有限公司 VNC multipath interaction method
CN103618737A (en) * 2013-12-10 2014-03-05 浪潮电子信息产业股份有限公司 VNC console optimization scheme of virtual machines in cloud computing environment
CN103677840A (en) * 2013-12-18 2014-03-26 浪潮电子信息产业股份有限公司 Method for viewing and operating application graphical interface in job dispatching software
CN105446750B (en) * 2014-05-30 2019-12-03 阿里巴巴集团控股有限公司 The method and apparatus that WebApp starting runs, generates image file
CN105446750A (en) * 2014-05-30 2016-03-30 阿里巴巴集团控股有限公司 Web app starting operation and mirror image file generating method and device
WO2016041453A1 (en) * 2014-09-16 2016-03-24 华为技术有限公司 Remote resource access method and exchange device
US10216664B2 (en) 2014-09-16 2019-02-26 Huawei Technologies Co., Ltd. Remote resource access method and switching device
CN105005716B (en) * 2015-06-16 2018-01-09 中国科学院计算技术研究所 A kind of application program remote delivery system and long-range delivery method
CN105005716A (en) * 2015-06-16 2015-10-28 中国科学院计算技术研究所 Remote payment system and remote payment method of application program
CN106570352A (en) * 2015-10-12 2017-04-19 中国石油化工股份有限公司 Method and device for using software resource remotely without password
WO2018010146A1 (en) * 2016-07-14 2018-01-18 华为技术有限公司 Response method, apparatus and system in virtual network computing authentication, and proxy server
US11140162B2 (en) 2016-07-14 2021-10-05 Huawei Technologies Co., Ltd. Response method and system in virtual network computing authentication, and proxy server
CN106685785B (en) * 2016-12-27 2020-06-05 北京航空航天大学 Intranet access system based on IPsec VPN proxy
CN106685785A (en) * 2016-12-27 2017-05-17 北京航空航天大学 Intranet access system based on IPsec VPN proxy
CN110196769A (en) * 2018-04-19 2019-09-03 财付通支付科技有限公司 A kind of information processing method, device, server and storage medium
CN110708395A (en) * 2019-10-24 2020-01-17 深圳前海环融联易信息科技服务有限公司 Data acquisition method and device, computer equipment and storage medium
CN111741091A (en) * 2020-06-11 2020-10-02 无锡华云数据技术服务有限公司 Method and device for hiding IP and port number of NoVNC server and electronic equipment
CN112689000A (en) * 2020-12-18 2021-04-20 江苏云柜网络技术有限公司 Remote desktop control system and method based on VNC tool
CN113176969A (en) * 2021-04-23 2021-07-27 杭州迪普科技股份有限公司 Service providing method, device, equipment and computer readable storage medium
CN114726850A (en) * 2022-04-02 2022-07-08 福达新创通讯科技(厦门)有限公司 VNC remote access method, device and storage medium
CN114726850B (en) * 2022-04-02 2024-01-05 福达新创通讯科技(厦门)有限公司 Method, device and storage medium for remote access of VNC
CN117850723A (en) * 2023-12-29 2024-04-09 慧之安信息技术股份有限公司 Split screen management method and system based on remote control desktop

Similar Documents

Publication Publication Date Title
CN102523207A (en) VNC (Virtual Network Computer)-based remote resource access method and proxy device
WO2023077952A1 (en) Data processing method and system, related device, storage medium and product
CN105159753B (en) The method, apparatus and pooling of resources manager of accelerator virtualization
CN107613020B (en) Equipment management method and device
CN104753817B (en) A kind of cloud computing Message Queuing Services local analogy method and system
WO2017020722A1 (en) Virtual machine based data transmission method, device and system
CN113940044A (en) System and method for managing packet flows via an intermediary device
WO2016177079A1 (en) Method and device for processing cloud desktop resource
CN107483390A (en) A kind of cloud rendering web deployment subsystem, system and cloud rendering platform
WO2016202102A1 (en) Message transmission method and device
CN102845123A (en) Virtual private cloud connection method and tunnel proxy server
US10587713B2 (en) Proxy for sharing remote desktop sessions
CN102638582A (en) Data communicating method and communication end
CN112698838B (en) Multi-cloud container deployment system and container deployment method thereof
CN102377775A (en) Adaptive transmission protocol stack and processing method and system thereof
CN105190530A (en) Transmitting hardware-rendered graphical data
CN106850770A (en) High-efficiency transmission method and device based on cloud computing service
CN110430478B (en) Networking communication method, device, terminal equipment and storage medium
CN105188087A (en) Business communication method and system based on short message gateway
CN103179102B (en) A kind of desktop virtual method, equipment and system
CN101651713B (en) Smart card network data transmitting method and device
CN109308288A (en) Data processing method and device
CN109302496A (en) A kind of novel real time information stream exchange method
CN114691364A (en) Future community digital twin engine flexible deployment system
CN106817426A (en) A kind of reminding method, data transmission method and equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120627