CN102546788B - Cloud platform management method and cloud platform - Google Patents
Cloud platform management method and cloud platform Download PDFInfo
- Publication number
- CN102546788B CN102546788B CN201110452605.0A CN201110452605A CN102546788B CN 102546788 B CN102546788 B CN 102546788B CN 201110452605 A CN201110452605 A CN 201110452605A CN 102546788 B CN102546788 B CN 102546788B
- Authority
- CN
- China
- Prior art keywords
- user
- application
- data
- cloud platform
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud platform management method and a cloud platform which are capable of ensuring that information of a user is not maliciously recorded and utilized by an application or is not leaked to other users by the application with a bug, so as to improve the safety of data in the cloud platform and protect the privacy information of the user. The cloud platform management method provided by the embodiment of the invention comprises the following steps of: loading an application which is submitted by a developer and is verified by the cloud platform, and storing the application and user application data generated by the application for the user into a user data storage server, wherein the generated user application data is provided with an application identifier and a user identifier; when receiving an access request of the user, binding the application identifier and the user identifier of the current user into the access request; and calling the relevant application according to the bound application identifier and user identifier, and utilizing the user application data aiming at the current user to operate the application on an application server.
Description
Technical field
The present invention relates to field cloud computing applied technical field, particularly a kind of cloud platform management method and cloud platform.
Background technology
Cloud computing (Cloud Computing) is to develop over the past two years a field rapidly, and it provides a kind of account form based on the Internet, and in this way, shared software and hardware resources and information can offer computer and other equipment as required.
About public cloud field, there are a lot of application products based on cloud platform, such as being absorbed in the net dish product of storage, be absorbed in the QPlus product of chat and other application, but current application product is the application of bookmark class, these bookmark class application simply will be called and be redirected in other third party website products, by third party website product, user data be carried out to store and management, and provide service to user.
At least there is following defect in existing cloud platform application product:
Because the application product going out based on existing cloud platform development is the application of bookmark class, need to be by means of third party website product store and management user data, the hidden danger that exists user profile to reveal, Information Security is lower.
Summary of the invention
The invention provides a kind of cloud platform management method and cloud platform, to solve that the application of existing cloud platform need to be embedded in third party website product and the information leakage problem brought.
For achieving the above object, the embodiment of the present invention has adopted following technical scheme:
The embodiment of the present invention provides a kind of cloud platform management method, and described method comprises:
The application that load is submitted to and examined by cloud platform by developer, is applied as user's application data store that user generates in storage of subscriber data server by this application and this, and the user's application data generating is provided with application identities and user ID;
When receiving user's access request, active user's user ID and application identities are bundled in access request, according to bound user ID and application identities, call related application and utilize and on application server, move this application for user's application data of active user.
The embodiment of the present invention also provides a kind of cloud platform, and described cloud platform comprises application server and management devices;
Described application server, the application that load is submitted to and examined by cloud platform by developer, is applied as user's application data store that user generates in storage of subscriber data server by this application and this,
Described management devices, for generated user's application data arranges application identities and user ID; And, when application server receives user's access request, active user's user ID and application identities are bundled in access request, according to bound user ID and application identities, call related application and utilize and on application server, move this application for user's application data of active user.
The beneficial effect of the embodiment of the present invention is:
The embodiment of the present invention provides a kind of novel cloud platform architecture, can in cloud platform, support the operation of application, and in cloud platform, user data is carried out to store and management, avoided, due to the user profile leakage problem causing by means of third party website product operation application, having guaranteed the fail safe of information;
And; this cloud platform is when carrying out the operation of user data; adopt between a kind of application and the access isolation mech isolation test between user; an application can only be accessed the data that this application self creates; a user also can only access this user's self data; the information that has further ensured user is not recorded and utilizes or be stored in the application of leak and reveals to other users by malicious application, significantly improved the fail safe of data in cloud platform, has protected user's privacy information.
Accompanying drawing explanation
A kind of cloud platform structure schematic diagram that Fig. 1 provides for the embodiment of the present invention one;
A kind of cloud platform implementation method schematic flow sheet that Fig. 2 provides for the embodiment of the present invention two;
A kind of cloud platform management method flow schematic diagram that Fig. 3 provides for the embodiment of the present invention three.
A kind of cloud platform structure schematic diagram that Fig. 4 provides for the embodiment of the present invention four.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
This programme provides a kind of novel cloud platform, the memory mechanism of complete application operating mechanism and user and application data is provided, on this cloud platform, can support the exploitation to application product, developer does not need oneself to set up server can arrive server end by application deployment, and application is offered to user's use.Be that this programme passes through this novel cloud platform mechanism, a kind of operation and management of independently applying and supporting this application without being embedded in third party website product is provided.And this cloud platform provides the isolation of access to different user and different application, it is the cloud computing platform of new generation that possesses platform opening and secure user data.
Referring to Fig. 1, be a kind of cloud platform structure schematic diagram that the embodiment of the present invention one provides, this cloud platform comprises storage of subscriber data server 16,17 and application server (Application Server) 12,
Described application server 12, the application that load is submitted to and examined by cloud platform by developer, is applied as user's application data store that user generates in storage of subscriber data server 16,17 by this application and this; And, according to user's access request, call related application, and utilize and on application server 12, move this application for user's application data of this user.
Further, in this cloud platform, can also comprise exploitation server (Developer Server) 13 and development data storage server 18,19, and, navigation server (Navigation Server) 11 and navigational route database 14,15.For example, application server is that the application of passing through audit of institute's load distributes address, according to the address information of distributed address, be this application generation application load information, and application load information can be kept in the application navigation data in navigational route database, navigational route database is according to the application query of institute's request access in access request to this address information and inform application server, and application server calls application according to this address information from appropriate address.
Wherein, the function of the navigation server in this cloud platform, application server and exploitation server can adopt the mode of server cluster to realize.
Application server and exploitation server can adopt identical server to realize, both main distinctions are the difference of the different and concrete function of realizing of authority, for example, on exploitation server, can move the not application through examining, and on application server, only allow operation by the application of audit; Exploitation server can issue to developer the application development tool of this cloud platform, application is examined, and application server does not possess these functions.
The development data storage server 18,19 that the storage of subscriber data server 16,17 that application server is used is used with exploitation server also can adopt identical database server to realize, wherein, storage of subscriber data server 16 and development data storage server 18 be user's application data and the development data of storage organization respectively, and storage of subscriber data server 17 and development data storage server 19 are stored respectively non-structured user's application data and development data (as key-value pair categorical data or file type data etc.).But have any different on stored data content, for example, storage of subscriber data server 16 storage be the structurized user's application data generating for user in application actual motion, and 18 storages of development data storage server is the structurized user's application data being applied in test run process (or trial run) as test subscriber's generation.
The present embodiment has carried out Partition of role to the various servers of cloud platform, and the concrete function of each role service is rationally set, so that each server can be good at collaborative work, the several functions that meets cloud platform is realized, and increase work efficiency and resource utilization, navigation server, application server and three roles' of exploitation server major function is as follows:
Navigation server: completing user registration, login authentication, the operations such as the private desktop of leading subscriber and access application market;
Application server: the execution of concrete application.Because apply numerous, so being different application load, application server distributes different addresses, user's application data that access application is required is also loaded in application, wherein, during data access according to active user and current application as condition, realize the isolation of data between different user and different application.
Exploitation server: similar with application server structure, but can carry out the not application through examining, the application through audit only can not be arranged in developer's oneself private desktop, and developer only can be by the memory space of developer oneself in exploitation server access development data storage server.
Below the specific works mode of each equipment in this cloud platform is described.
Described exploitation server, to developer, issue application development tool, receive the application that developer utilizes described application development tool to develop and submit to, application and this are applied as to test subscriber's application data store that test subscriber generates in development data storage server, and utilize test subscriber's application data to move this application; And, to successful operation and submitted to the application of audit by developer, according to audit policy, this application is examined, when audit by time, this application is sent to application server.
Described navigation server, provides user's registration and login feature, and the user authentication data getting is stored to described navigational route database; And, when receiving user's access request, according to described user authentication data, user identity is verified, the access request of the user by checking is forwarded to application server.
For by the application of audit, develop server the application descriptor of this application getting is sent to navigation server; During this application of application server load, for this application generates application load information, and application load information is sent to navigation server.This application descriptor can comprise the information that the title, application function description of application etc. provided by developer, can also comprise the application identification information that cloud platform arranges for application in application descriptor; Application load information spinner will comprise the address information that cloud platform arranges for application, jointly consists of the complete application navigation data of an application application descriptor and application load information.
Described navigation server is stored in navigational route database by the application descriptor receiving and application load information, and according to described application descriptor and application load information, relevant application is added in safeguarded application market.
Described navigation server, according to the information of the application that user accessed, generates the private desktop for this user, and described private table user oriented provides the information of the mounted application of this user and the information of application market; Described navigation server utilizes private desktop to receive user's access request, and access result is back to user.For example, when user registers on navigation server, navigation server is user assignment account, and the login password of recording user and logon name.The information of user's account information, login password and logon name is arranged in user authentication data.
This cloud platform can also provide private desktop function for user, the interactive interface providing for a user in cloud platform can be provided private desktop, this individual's desktop can be by the user data of storing in cloud platform and information notification user, being convenient to user and cloud platform carries out alternately, for example, in private desktop, can comprise all mounted application of user, and the application to be selected in application market, when user accesses private desktop, can know these information, the icon that user can install by clicking application sends access request order to cloud platform, start application.User also can open application market, and therefrom selects application, chooses after application, sends access request order, gets this application and this application is installed on the private desktop of oneself.
Further, described navigation server, provides developer's registration and login feature, and the developer's verify data getting is stored to described navigational route database; And, when the exploitation request that receives developer, according to described developer's verify data, developer's identity is verified, the result is informed to exploitation server; Described exploitation server, after knowing that according to described authentication result developer is legal developer, issues application development tool to this developer.
Scene below in conjunction with utilizing the application of this cloud platform development, describes the operational mode of cloud platform, mainly comprises following processing:
1: navigation server receives developer's registration, for developer distributes account and developer's verify data of obtaining is stored in navigational route database, as is stored in navigational route database 14.When the exploitation request that receives developer, according to described developer's verify data, developer's identity is verified, the result is informed to exploitation server.
2: exploitation server, after knowing that according to described authentication result developer is legal developer, open developer's exploitation authority, to this developer, issue application development tool (cloudlike platform SDK developing instrument).
3, exploitation server is downloaded to cloud platform SDK developer's local computer, by developer, this cloud platform SDK is installed on local computer, and utilizes by the application of platform SDK exploitation oneself.
4, after application and development completes, application is uploaded to cloud platform and be deployed to exploitation server and debug and test, now only have developer's oneself account can have access to test subscriber's application data of this application and this application.
If 5 by test, application can be successfully after, the submission audit instruction sending to cloud platform by developer, develops server the application of current version is examined.
After audit is passed through, exploitation server generates application descriptor to the application by audit, and this application descriptor is sent to navigation server, by navigation server, application is published to application market and installs and uses to general user.This application descriptor can comprise Apply Names, application function description etc., utilize Apply Names and application function description etc. can make user know the essential information of application, and utilize the address information (application load information) being applied in application server can make user by the extremely relevant application of private desktop access.
Further, in the present embodiment, utilize the application that described application development tool is developed at least to there is following interface function:
Page rendering interface function, for playing up the exported page;
Data output interface function, for the data to user browser output predefined type, described data comprise one or more in image data, video data, voice data and document data;
Outer chain interface function, for obtaining required information resources from external website;
User data access interface function, the user's application data loading for receiving cloud platform, and set up the statistical items of described user's application data, obtain statistics.While being applied in actual motion by this user data access interface function, can access user's affiliated data, as the volatibility buffered data for a certain user, structural data, unstructured data etc.
Further, described in the present embodiment, developing server examines application according to one or more following audit policies:
Strategy 1: the function whether function realizing during application operation realizes in describing with application function conforms to.
Strategy 2: whether the size of the cloud platform resource that when operation application is shared is in cloud platform allows amount; When the shared resource of application surpasses while allowing amount, require application to modify, by shared resource limitation in allowing amount, or, directly break off relations this application.
Strategy 3: whether the content that application provides meets the requirement of state's laws rules.This strategy requires resource that service that application provides and application used all without prejudice to the requirement of laws and regulations.
Strategy 4: whether application exists the behavior of revealing user data.When this strategy major requirement application is accessed external website by outer chain, can not carry the user data in cloud platform
Strategy 5: whether the outer chain in application and advertisement putting be in cloud platform allowed band.This cloud platform allowed band can comprise allowed outer chain and quantity and the type of advertisement putting.
Strategy 6: whether the statistical function of application has revealed specific subscriber data.This strategy requires to apply can not be by self according to the user data in platform, and statistics obtains user profile and leaks to external website.
After audit is passed through, application can be submitted in application market, and for application arranges corresponding charging policy, for example, can be priced at free or charge (disposable charge or cycle charging), or, by advertising expenditure, be divided into.
It should be noted that, the various application unifications of in the present embodiment can the server in platform developer being uploaded move, and the application server load in cloud platform is all by the application of audit, and exploitation server load developer submits the application of test to.Each developer, without setting up respectively more independent server for moving the application after exploitation well, has reduced development cost.
And each user's data (comprise user authentication data and be applied as user's application data that user generates) and the data of application are all unified to be stored in cloud platform, are managed by the unification of cloud platform.Third party does not have the authority of data in access cloud platform, only has the owner of cloud platform or operator can access and manage user data and the application data in cloud platform.And a user only can access and manage the user data for this user, can not access other users' user data; An application also only can be accessed the application data of this application, can not access the application data of other application, thereby has guaranteed the safety of user profile.
This platform also limits developer's data access authority, the developer of application also only can access the data (being stored in the data in development data storage server) under this developer's account, and can not actual user's data (be stored in the user authentication data in navigation server and be stored in the user's application data in application server) be conducted interviews, thereby further guaranteed that user data can not revealed, improve the fail safe of information, guaranteed user's privacy.
From the above mentioned, the cloud platform in this programme has following fundamental characteristics:
1: this cloud platform operates on Internet Server, by everyone unification of cloud platform, control and run, user can be anywhere or anytime by the application on browser access cloud platform.
2: cloud platform preserve all user authentication datas, application data and be applied as that user creates for application data.
3: cloud platform can be examined the application that all developers develop and submit to, and the application of examining is rendered in application market.
This programme medium cloud platform has following fundamental characteristics to user's management:
1: when user registers, be user assignment register account number;
2: to user, provide private desktop, the user after registration utilizes account number cipher to log in after cloud platform, to user, shows private desktop.The content of each user's private desktop and setting are kept in the navigational route database of platform, by platform, carry out unified management;
3: after the application in application market being installed to user on oneself private desktop, on user's private desktop, will, add the shortcut that starts this application, so that user can start application by the application shortcut of own private desktop;
4: all information by user in application platform are all kept in the cloud platform of server end, and any client browser of user all can be accessed this user's user data.
This programme medium cloud platform has following fundamental characteristics to developer's management:
1: the platform SDK that cloud platform provides to developer carrys out Application and Development;
2: the application of unauthorized can be installed to developer's oneself private desktop, to test;
3: the application of unauthorized can be submitted to cloud platform and examine;
4: the application of examining can be distributed in application market.
The application of developing based on cloud platform in this programme has following fundamental characteristics:
1: application is that the cloud platform SDK providing by platform develops;
2: the application that the audit of cloud platform is passed through can publish in application market
3: application can be installed on the privately owned desktop of different user
4: the operation of application loads on the server end of cloud platform completely, developer does not need to provide separately load equipment.
5: application can create user-dependent user's application data for user, this partial data keeps isolation, different application and with accessing the data of other users or application per family on user and application.
The embodiment of the present invention two also provides a kind of cloud platform implementation method, and referring to Fig. 2, described method comprises:
21: the application that load is submitted to and examined by cloud platform by developer, is applied as user's application data store that user generates in storage of subscriber data server by this application and this;
22: according to user's access request, call related application, and utilize and on application server, move this application for user's application data of this user.
Above-mentioned steps 21 and 22 can realize in conjunction with corresponding storage of subscriber data server by the application server in cloud platform.
Further, in load, by developer, submitted to and the application examined by cloud platform before, described method also comprises:
23: to developer, issue application development tool;
24: receive the application that developer utilizes described application development tool develop and submits, by apply and test subscriber's application data store that this is applied as test subscriber's generation in development data storage server, and utilize test subscriber's application data to move this application;
25: to successful operation and submitted to the application of audit by developer, according to audit policy, this application is examined.
After examining successfully, execution step 21, is sent to application server by application.
Above-mentioned steps 23 to 25 can realize in conjunction with corresponding development data storage server by the exploitation server in cloud platform.
Further, in this programme, can also utilize navigation server navigation database, user and developer are registered and authenticated, user's registration and login feature is provided, the user authentication data getting is stored to described navigational route database; And, when receiving user's access request, according to described user authentication data, user identity is verified, the access request of the user by checking is forwarded to application server.And the information of the application of installing according to user, generates the private desktop for this user, described private table user oriented provides the information of the mounted application of this user and the information of application market; And utilize private desktop to receive user's access request, and access result is back to user.
In the inventive method embodiment, the specific works mode of each step can, referring to the related content in product embodiments of the present invention, repeat no more.
From the above mentioned, embodiments of the invention provide a kind of novel cloud platform architecture, can in cloud platform, support the operation of application, and in cloud platform, user data is carried out to store and management, avoided, due to the user profile leakage problem causing by means of third party website product operation application, having guaranteed the fail safe of information; And because this cloud platform can be supported the operation of application, application developer can be utilized this cloud platform development and operation application product, developer is without setting up voluntarily server again, thereby significantly reduced development cost.
The embodiment of the present invention three provides a kind of cloud platform management method, and referring to Fig. 3, described method comprises:
31: the application that load is submitted to and examined by cloud platform by developer, this application and this are applied as to user's application data store that user generates in storage of subscriber data server, and the user's application data generating is provided with application identities (Id) and user ID.
The concrete mode that application identities and user ID are set according to the difference of data type is also different, and the two kinds of data types of structuring and destructuring of mainly take are below example explanation.
Structural data
Can in the following way application identities and user ID be arranged in structurized user's application data:
By increase an associating major key field in tables of data, user ID is arranged in user's application data, and, by application identities being set in the table name of tables of data, application identities is arranged in user's application data.
With a memorandum, being applied as example below describes.The application of this memorandum is kept at user's memorandum information in user's structural data, so, and can be as shown in the table 1 that table name is " Memo " at exploitation time institute's definition structure data format:
Table 1
| Field name | Type | Remarks |
| Id | Int | Numbering (Primary Key) |
| Caption | Varchar | Title |
| Text | Varchar | Content |
| RemiderTime | DateTime | Reminder time |
For developer, definition data structure as shown above, but when this application platform operation, platform (as the application server in platform or exploitation server) can increase for the structural data table of above-mentioned establishment an associating major key field, as shown in the second row of following table 2:
Table 2
| Field name | Type | Remarks |
| UserId | Bigint | Platform user Id |
| Id | Int | Numbering (Primary Key) |
| Caption | Varchar | Title |
| Text | Varchar | Content |
| RemiderTime | DateTime | Reminder time |
And platform (as the application server in platform or exploitation server) can be by the table name of tables of data according to application again binding, as above the table name of table 2 when actual motion can be, " AppData 4ABCC454Memo ", wherein 4ABCC454 is that platform is unique application identities that application distributes, AppData is the default prefix of applying in platform, the original table name that Memo is tables of data.
Unstructured data
At this, unstructured data is divided into key-value pair (K-V) type and two kinds of situations of file type are discussed.
(1) for the destructuring user application data of key-value pair type
Processing mode for the unstructured data (comprising the data that are stored in memory buffer service and K-V database) of K-V type is as follows:
By user ID and application identities being set in the key Key in data, user ID and application identities are arranged in user's application data.Key has been carried out to definition again, the form of Key can be defined as shape as the string format of AppId:UserId:Key, wherein, AppId is that platform is unique Id that application distributes, UserId active user's user Id, Key is the Key that is applied in the practical operation of when read-write (in K-V categorical data original Key).
(2) for the destructuring user application data of file type
To the file in cloud platform, adopt a unified access path to conduct interviews, by user ID and application identities are arranged in file access routing information, user ID and application identities are arranged in user's application data.
In platform, the file access routing information of application access file can standard be following form: $ ROOT/AppId/UserId/FilePath, wherein AppId is unique Id that cloud platform distributes for application, UserId is current sessions user's user Id, $ ROOT represents the root path of cloud platform to file storage, practical operation path when FilePath represents to be applied in reading and writing of files.
32: when receiving user's access request, active user's user ID and application identities are bundled in access request, according to bound user ID and application identities, call related application and utilize and on application server, move this application for user's application data of active user.
In the present embodiment, cloud platform can utilize set unified interface that user's registration and login feature are provided, and is the user assignment account of registration.For example, cloud platform utilization navigation server is wherein realized the registration of user and application developer and login and preserves user profile.The user that can send access request is the user of current login cloud platform, i.e. user under current account.Cloud platform directly obtains according to user's log-on message or obtains user ID by searching the user data of having stored, and this user ID is added in user's access request.The user's who receives access request also can be indicated required application of calling, and cloud platform is also added into the application identities of application that access request is called in this access request, thereby realize, active user's user ID and application identities is bundled in access request.
The application of calling is mainly divided into two types of write operation and read operations to the operation of user's application data, by these two kinds of action types, is realized the increase of user's application data, deletion, is upgraded and read etc.
The two kinds of data types of structuring and destructuring of still take are below example explanation.
Structural data
That moves is applied in while writing new data in the existing user's application data of active user, according to the application identities of current application, find corresponding tables of data, as when application identities is 4ABCC454, the table name of the tables of data finding can be " AppData_4ABCC454_Memo ", and new data is write in this tables of data and active user's user ID write in the associating major key field of this tables of data.
When data writing, cloud platform can be automatically by current sessions user's platform user sign (Id), be supplemented in tables of data _ _ UserId field, and by data data writing table " AppData_4ABCC454_Memo ".And,
The application moving during reading out data, finds corresponding tables of data according to the application identities of current application, and from this tables of data, extracts corresponding data according to active user's user ID from the existing user's application data of active user.When reading out data, cloud platform can be organized table name prefix for current application Id, such as, the table name prefix of current application is " AppData_4ABCC454; and active user Id joins in data selection condition, so just accomplished the isolation of user and application data.
Unstructured data
(1) for the destructuring user application data of key-value pair type
When data writing, the application moving, by active user's user ID, application identities and Key value are combined as data selection condition, is carried out writing or reading of user's application data.For example, when writing or during reading out data, cloud platform can be automatically by the Id of current application, current sessions user's Id, the Key1 of application access, be combined into final Key such as 4ABCC454:101:Key1, utilize Key after this combination as data selection condition, realize the isolation of different user and application data.
(2) for the destructuring user application data of file type
The application moving when using active user's user ID, application identities and reading and writing of files together with practical operation combination of paths as routing information, carry out writing or reading of user's application data.
For example, when writing or during reading out data Sample.jpg, cloud platform can be automatically by the Id of current application, current sessions user's Id, application access path P ath, be combined into final path, such as: $ ROOT/4ABCC454/101/Path1/Sample.jpg, realizes the isolation of different user and application data by arranging of routing information.
Data access when from the above mentioned, application moves is mainly processed as follows:
1: user's access platform login page, by authenticating user identification,
2: cloud platform is played up user's private desktop for user, the application data that user has been installed (icon, the server of load connects) returns to browser;
3: user clicks application icon, be redirected to the server link of application, application server is tied to this user's session operation in the user Id of current platform user;
4: user sees the page of application output, send access request, this access request and active user's user ID and application identities binding, initiate by this access request the operation that certain needs visit data;
5: application process is carried out data access operation, accessing operation is delivered to application server in cloud platform;
6: platform carries out the operation of data access, platform can be tied to current platform user Id and application Id in data access (or selection) condition, and continues accessing database or buffer memory.
The embodiment of the present invention four also provides a kind of cloud platform, and described cloud platform comprises application server 41 and management devices 42;
Described application server 41, the application that load is submitted to and examined by cloud platform by developer, this application and this are applied as to user's application data store that user generates in storage of subscriber data server (comprising structurized storage of subscriber data server and non-structured storage of subscriber data server)
Described management devices 42, for generated user's application data arranges application identities and user ID; And, when application server receives user's access request, active user's user ID and application identities are bundled in access request, according to bound user ID and application identities, call related application and utilize and on application server, move this application for user's application data of active user.
Above-mentioned cloud platform can also comprise navigation server 43 and exploitation server 44, and its specific works mode is referring to the embodiment of the present invention one and two.
For example, when exploitation, application development tool (SDK) can, by the program packing of User Exploitation, comprise code, resource file, various configurations etc.Then, upload application bag and test and examine to developing server, test and examine successfully after, cloud platform can be on application server load application startup be service processes independently, and the application server link synchronization of this application is arrived to navigation server.Cloud platform also can be carried out the data initialization program of service processes, creates corresponding tables of data or other storage organizations etc.
With the resource acquisition authority relatively big difference of developer in existing scheme, the resource that developing server on cloud platform provides to developer can be restricted to lower level, but allows developer's real-time update to belong to this developer's resource.Developer can first upload to the complete application of exploitation on exploitation server and move, and developer logins platform by the platform account of oneself, and uses this application, and now the data access of application is limited in developer's account.User can Test Application, and after the normal operation of application, can submit audit to.
The application of a stable release that load audit is passed through in application server, resource can dynamically be adjusted according to application access amount.The load model being applied in exploitation server and client server is as broad as long, and the application that only application server only allows audit to pass through moves, and exploitation server allows real time modifying to come into force.
Further, described management devices 42, by increasing an associating major key field in tables of data, user ID is arranged in user's application data, and, by application identities being set in the table name of tables of data, application identities is arranged in user's application data.
For the destructuring user application data of key-value pair type, described management devices 42, by the key Key in data, user ID and application identities being set, is arranged on user ID and application identities in user's application data;
For the destructuring user application data of file type, described management devices 42, by user ID and application identities are arranged in file access routing information, is arranged on user ID and application identities in user's application data.
In the embodiment of the present invention four cloud platforms, the specific works mode of device and equipment can be referring to the embodiment of the present invention one to three.
From the above mentioned, the embodiment of the present invention provides a kind of novel cloud platform architecture, can in cloud platform, support the operation of application, and in cloud platform, user data is carried out to store and management, avoided, due to the user profile leakage problem causing by means of third party website product operation application, having guaranteed the fail safe of information;
And; this cloud platform is when carrying out the operation of user data; adopt between a kind of application and the access isolation mech isolation test between user; an application can only be accessed the data that this application self creates; a user also can only access this user's self data; the information that has further ensured user is not recorded and utilizes or be stored in the application of leak and reveals to other users by malicious application, significantly improved the fail safe of data in cloud platform, has protected user's privacy information.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.All any modifications of doing within the spirit and principles in the present invention, be equal to replacement, improvement etc., be all included in protection scope of the present invention.
Claims (6)
1. a cloud platform management method, is characterized in that, described method comprises:
The application that load is submitted to and examined by cloud platform by developer, is applied as user's application data store that user generates in storage of subscriber data server by this application and this, and the user's application data generating is provided with application identities and user ID;
When receiving user's access request, active user's user ID and application identities are bundled in access request, according to bound user ID and application identities, call related application and utilize and on application server, move this application for user's application data of active user;
Wherein, in the following way application identities and user ID are arranged in structurized user's application data:
By increase an associating major key field in tables of data, user ID is arranged in structurized user's application data, and, by the table name of tables of data, application identities being set, application identities is arranged in structurized user's application data;
Wherein, in the following way application identities and user ID are arranged in non-structured user's application data:
For the destructuring user application data of key-value pair type, by the key Key in data, user ID and application identities being set, user ID and application identities are arranged in user's application data;
For the destructuring user application data of file type, by user ID and application identities are arranged in file access routing information, user ID and application identities are arranged in user's application data.
2. method according to claim 1, is characterized in that, described method also comprises:
That moves is applied in while writing new data in the existing user's application data of active user, according to the application identities of current application, find corresponding tables of data, new data is write in this tables of data and active user's user ID is write in the associating major key field of this tables of data; And,
The application moving during reading out data, finds corresponding tables of data according to the application identities of current application, and from this tables of data, extracts corresponding data according to active user's user ID from the existing user's application data of active user.
3. method according to claim 1, is characterized in that,
The Key that is provided with user ID and application identities is the character string information with following form:
Application identities: user ID: Key;
The file access routing information that is provided with user ID and application identities has following form:
$ ROOT/ application identities/user ID/FilePath, wherein, $ ROOT represents the root path of cloud platform to file storage, practical operation path when FilePath represents to be applied in reading and writing of files.
4. method according to claim 1, is characterized in that, described method also comprises:
For the destructuring user application data of key-value pair type, the application moving, by active user's user ID, application identities and Key value are combined as data selection condition, is carried out writing or reading of user's application data;
For the destructuring user application data of file type, the application moving when using active user's user ID, application identities and reading and writing of files together with practical operation combination of paths as routing information, carry out writing or reading of user's application data.
5. method according to claim 1, is characterized in that, described method also comprises:
Utilize set unified interface that user's registration and login feature are provided, described active user is the user of current login cloud platform.
6. a cloud platform, is characterized in that, described cloud platform comprises application server and management devices;
Described application server, the application that load is submitted to and examined by cloud platform by developer, is applied as user's application data store that user generates in storage of subscriber data server by this application and this,
Described management devices, for generated user's application data arranges application identities and user ID; And, when application server receives user's access request, active user's user ID and application identities are bundled in access request, according to bound user ID and application identities, call related application and utilize and on application server, move this application for user's application data of active user;
Wherein, described management devices, by increasing an associating major key field in tables of data, user ID is arranged in structurized user's application data, and, by the table name of tables of data, application identities being set, application identities is arranged in structurized user's application data;
For the destructuring user application data of key-value pair type, described management devices, by the key Key in data, user ID and application identities being set, is arranged on user ID and application identities in user's application data;
For the destructuring user application data of file type, described management devices, by user ID and application identities are arranged in file access routing information, is arranged on user ID and application identities in user's application data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110452605.0A CN102546788B (en) | 2011-12-29 | 2011-12-29 | Cloud platform management method and cloud platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110452605.0A CN102546788B (en) | 2011-12-29 | 2011-12-29 | Cloud platform management method and cloud platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102546788A CN102546788A (en) | 2012-07-04 |
| CN102546788B true CN102546788B (en) | 2014-11-12 |
Family
ID=46352734
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110452605.0A Active CN102546788B (en) | 2011-12-29 | 2011-12-29 | Cloud platform management method and cloud platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102546788B (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685342B (en) * | 2012-08-31 | 2018-01-09 | 百度在线网络技术(北京)有限公司 | The method of personal cloud storage data center and cloud data storage |
| CN105589687B (en) * | 2014-11-24 | 2019-01-18 | 中国银联股份有限公司 | A kind of Oftware updating method based on cloud platform |
| CN105100282B (en) * | 2015-09-06 | 2021-06-08 | 浪潮软件股份有限公司 | Timer tool under tobacco cloud platform |
| CN106649076A (en) * | 2015-11-02 | 2017-05-10 | 天脉聚源(北京)科技有限公司 | Application testing method and system |
| CN105893070A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | Application SDK upgrading method and system |
| CN106850503B (en) * | 2015-12-04 | 2020-07-03 | 阿里巴巴集团控股有限公司 | Login-free identity authentication method and device |
| CN105376263A (en) * | 2015-12-24 | 2016-03-02 | 青岛洪锦电子商务有限公司 | Unified management method for multi-system data |
| CN105635758B (en) * | 2015-12-30 | 2019-02-12 | 深圳创维数字技术有限公司 | A kind of smart television desktop back-stage management method and server |
| CN106325936A (en) * | 2016-08-24 | 2017-01-11 | 明算科技(北京)股份有限公司 | Rapid access method and rapid access system for application program |
| CN106776785B (en) * | 2016-11-24 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data writing method and device and data processing system |
| CN107943542A (en) * | 2017-11-28 | 2018-04-20 | 山东浪潮通软信息科技有限公司 | A kind of configuration information management method, device, computer-readable recording medium and storage control |
| CN108494870B (en) * | 2018-04-03 | 2022-05-17 | 中国平安人寿保险股份有限公司 | CDN-based dynamic data loading method and device |
| CN108763929B (en) * | 2018-05-16 | 2020-08-21 | 有时数联科技(北京)有限公司 | Method and system for performing parallel security audit on data and application |
| CN109977758A (en) * | 2019-01-29 | 2019-07-05 | 杭州鸿福科技有限公司 | A kind of face identification system and method based on cloud platform management |
| CN111737725B (en) * | 2019-06-25 | 2024-04-12 | 北京京东尚科信息技术有限公司 | User marking method, device, server and storage medium |
| CN111090879B (en) * | 2019-12-05 | 2023-07-21 | 达闼机器人股份有限公司 | Data processing method, device, readable storage medium, electronic equipment and system |
| CN113037679A (en) * | 2019-12-09 | 2021-06-25 | 李庆玉 | Cloud space management system |
| CN113971275A (en) * | 2021-12-24 | 2022-01-25 | 苏州浪潮智能科技有限公司 | Event parallel computing method and device based on server development |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217368A (en) * | 2007-12-29 | 2008-07-09 | 亿阳安全技术有限公司 | A network logging on system and the corresponding configuration method and methods for logging on the application system |
| EP2296350A1 (en) * | 2009-09-14 | 2011-03-16 | Alcatel Lucent | Management of application server-related user data |
| CN102629935A (en) * | 2012-03-07 | 2012-08-08 | 中兴通讯股份有限公司 | Method for installing application software based on cloud service, device thereof and system thereof |
-
2011
- 2011-12-29 CN CN201110452605.0A patent/CN102546788B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217368A (en) * | 2007-12-29 | 2008-07-09 | 亿阳安全技术有限公司 | A network logging on system and the corresponding configuration method and methods for logging on the application system |
| EP2296350A1 (en) * | 2009-09-14 | 2011-03-16 | Alcatel Lucent | Management of application server-related user data |
| CN102629935A (en) * | 2012-03-07 | 2012-08-08 | 中兴通讯股份有限公司 | Method for installing application software based on cloud service, device thereof and system thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102546788A (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102546788B (en) | Cloud platform management method and cloud platform | |
| CN102523304B (en) | Application cloud platform and implementation method thereof | |
| US9047462B2 (en) | Computer account management system and realizing method thereof | |
| US11275839B2 (en) | Code package processing | |
| US9807061B2 (en) | Privacy server for protecting personally identifiable information | |
| Bates et al. | Towards secure provenance-based access control in cloud environments | |
| US7966599B1 (en) | Runtime library including a virtual file system | |
| CN1713106B (en) | Method for providing security to an application and authorizing application to access to the security object | |
| US20200228622A1 (en) | Dynamic Runtime Interface for Device Management | |
| Saini | Squid Proxy Server 3.1: beginner's guide | |
| CN109634619B (en) | Trusted execution environment implementation method and device, terminal device and readable storage medium | |
| CN108021614A (en) | A kind of method and system for page dynamic load | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| CN106874461A (en) | A kind of workflow engine supports multi-data source configuration security access system and method | |
| CN104506487B (en) | The credible execution method of privacy policy under cloud environment | |
| CN104102483A (en) | Method and system for securely using public services for private or enterprise purposes | |
| JP2022522645A (en) | Tying a secure guest's secure key to a hardware security module | |
| US20220232010A1 (en) | Protected resource authorization using autogenerated aliases | |
| JP2022522678A (en) | Secure execution guest owner environment control | |
| EP3610623A1 (en) | Protocol-level identity mapping | |
| CN109361713A (en) | Internet risk monitoring and control method, apparatus, equipment and storage medium | |
| CN109587233A (en) | Cloudy Container Management method, equipment and computer readable storage medium | |
| CN110199283A (en) | For the system and method that authentication platform is trusted in network function virtualized environment | |
| CN110266792A (en) | Address conversion method, device, equipment and computer readable storage medium | |
| US8396969B1 (en) | Domain name buckets in a hosted storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: Room 810, 8 / F, 34 Haidian Street, Haidian District, Beijing 100080 Patentee after: BEIJING D-MEDIA COMMUNICATION TECHNOLOGY Co.,Ltd. Address before: 100089 Beijing city Haidian District wanquanzhuang Road No. 28 Wanliu new building 6 storey block A room 602 Patentee before: BEIJING D-MEDIA COMMUNICATION TECHNOLOGY Co.,Ltd. |
|
| CP02 | Change in the address of a patent holder |