CN102769631A - Method, system and access equipment for accessing Cloud server - Google Patents

Method, system and access equipment for accessing Cloud server Download PDF

Info

Publication number
CN102769631A
CN102769631A CN2012102688500A CN201210268850A CN102769631A CN 102769631 A CN102769631 A CN 102769631A CN 2012102688500 A CN2012102688500 A CN 2012102688500A CN 201210268850 A CN201210268850 A CN 201210268850A CN 102769631 A CN102769631 A CN 102769631A
Authority
CN
China
Prior art keywords
terminal
cloud server
access
access device
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012102688500A
Other languages
Chinese (zh)
Other versions
CN102769631B (en
Inventor
胡士辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201210268850.0A priority Critical patent/CN102769631B/en
Publication of CN102769631A publication Critical patent/CN102769631A/en
Application granted granted Critical
Publication of CN102769631B publication Critical patent/CN102769631B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method, a system and access equipment for accessing a Cloud server. The method comprises the following steps: receiving by the access equipment a first access request sent by a terminal, judging the position information of the terminal, and returning a Cloud server list allowing the terminal to access according to the position information of the terminal; receiving by the access equipment a second access request sent by the terminal, and establishing safety connection by the access equipment and a Cloud server selected by the terminal; after the access equipment is successfully authenticated by the Cloud server selected by the terminal, sending by the access equipment the second access request to the Cloud server selected by the terminal; and receiving by the access equipment an access response sent by the Cloud server selected by the terminal, and sending the access response to the terminal. By applying the invention, the Cloud server is accessed through the access equipment, the access control of a Cloud service can be achieved so as to enhance the safety of an enterprise network.

Description

Method, system and the access device of visit Cloud Server
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method, system and access device of visiting Cloud Server.
Background technology
Cloud computing service (Cloud Computing is hereinafter to be referred as cloud service) is a kind of emerging commercial computation model.It is distributed in calculation task on the resource pool of the computer formation that is called Cloud Server in a large number, makes various application systems can obtain computing capability, memory space and various software service as required.
Cloud Server puts together all computational resources, and realizes management automatically by software, need not artificial participation.It is loaded down with trivial details details worry that this feasible supplier of application need not, and can be absorbed in the business of oneself more, helps innovating and reducing cost.
Be that cloud service is meant the various Service Sources that Cloud Server can provide.
Cloud service generally comprises three kinds of main service modes: infrastructure is promptly served (IaaS; Infrastructure as a Service), platform is promptly served (PaaS; Platform as a Service) and software promptly serve (SaaS, Software as a Service).
IaaS refers to cloud service provider can offer the user to white own infrastructure as service; The disposal ability that the user uses as required, storage, network and other computational resources etc.; Pay as required, this service can significantly reduce overlapping investment and the waste of user on infrastructure.
PaaS refers to cloud service provider provides language from developing application to the user or tool platform; Like object-oriented, literal translation formula computer programming language java, Python; And .Net etc.; That is to say that cloud service provider serves as the main business of oneself so that platform service to be provided, the user can be based on the application program of PaaS exploitation oneself.
It is that network side offers the user to application program as a kind of service that SaaS refers to cloud service provider, and the user can pass through client-side interface such as webpage (web) browser, uses these application programs whenever and wherever possible, and need not install at local host.
Along with popularizing of cloud service, more and more enterprises begins to rent the service that Cloud Server provides through the Internet, for example, use based on the web of SaaS pattern, with the application migration of enterprise in Cloud Server.The enterprise customer can use user name, password or digital certificate directly to visit each application in the Cloud Server through the Internet.
Along with popularizing of intelligent terminal, more and more enterprises employee requires enterprise can support telecommuting, still; In the prior art; Cloud Server and corporate intranet be through Internet connection, and Cloud Server can't confirm that the user logins whether safety of environment, is at corporate intranet or in exterior of enterprise.If the user is in exterior of enterprise, such as being in the public place, then the information of enterprise is revealed more easily.
Summary of the invention
The technical problem that the present invention will solve is, to above-mentioned defective, how a kind of method, system and access device of visiting cloud service is provided, and it can realize the access control of Cloud Server, strengthens the fail safe of enterprise network.
For solving the problems of the technologies described above, the invention provides a kind of method of visiting Cloud Server, this method comprises:
First access request that the access device receiving terminal sends; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Judge said location information of terminals, return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Said access device receives second access request that send at said terminal, and said second access request is used to ask to visit the Cloud Server that said terminal is selected;
Said access device is set up safety with the Cloud Server that said terminal is selected and is connected;
After the authentication of Cloud Server to said access device that said access device is selected through said terminal, said access device sends to the Cloud Server that said terminal is selected with said second access request;
Said access device receives the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, and said access response is the response to said second access request.
In an embodiment preferred of the present invention, after said access device receives first access request of sending at said terminal, further comprise:
Said access device carries out authentication to said terminal, if authentication is passed through, then returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals; Otherwise, process ends.
In an embodiment preferred of the present invention, after said access device receives second access request of sending at said terminal, further comprise:
Said access device judges whether said terminal has authority to visit the Cloud Server that said terminal is selected, if said access device is set up safety with the Cloud Server that said terminal is selected and is connected; Otherwise, process ends.
In an embodiment preferred of the present invention, said said second access request is sent to the Cloud Server of said terminal selecting after, further comprise:
The Cloud Server of selecting when said terminal is through after the authentication to said terminal, and said access device receives the access response that the Cloud Server selected at said terminal sends; Otherwise, process ends.
In an embodiment preferred of the present invention, after the authentication of the Cloud Server that said access device is selected through said terminal, said method also comprises:
Said access device sends to the Cloud Server that said terminal is selected with said location information of terminals; Said location information of terminals is used for the cloud service access rights that said Cloud Server is provided with said terminal; If said terminal has said cloud service access rights, said Cloud Server sends access response to said access device; Otherwise, process ends.
In an embodiment preferred of the present invention, said location information of terminals is added in said second access request.
In an embodiment preferred of the present invention, said access device judges that said location information of terminals specifically comprises:
Said access device is judged said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
In an embodiment preferred of the present invention, said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise.
In an embodiment preferred of the present invention, said access device specifically comprises through the authentication of the Cloud Server that said terminal is selected:
Said access device is through the authentication of said Cloud Server to the digital certificate of said access device.
In an embodiment preferred of the present invention, said access device specifically comprises through the authentication of the Cloud Server that said terminal is selected:
Said access device is through the authentication of said Cloud Server to the IP address of said access device.
In an embodiment preferred of the present invention, said safety is connected to SSL SSL and connects.
The present invention also provides a kind of system that visits Cloud Server, and this system comprises:
The terminal; Be used for sending first access request to access device; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Receive the Cloud Server tabulation of the said terminal access of permission that said access device returns, send second access request to said access device, said second access request is used to ask to visit the Cloud Server that said terminal is selected; Receive the access response that said access device sends, said access response is the response to said second access request;
Access device; Be used for first access request that receiving terminal sends; Judge said location information of terminals; Return the Cloud Server tabulation that allows said terminal access according to said location information of terminals to said terminal, receive second access request that send at said terminal, set up safety with the Cloud Server that said terminal is selected and be connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal;
Cloud Server is used for access device is carried out authentication, after authentication is passed through, receives second access request that said access device sends, and sends access response to said access device.
In an embodiment preferred of the present invention, said access device is further used for authentication is carried out at said terminal.
In an embodiment preferred of the present invention, said access device is further used for judging whether said terminal has authority to visit the Cloud Server that said terminal is selected.
In an embodiment preferred of the present invention, said Cloud Server is further used for authentication is carried out at said terminal.
In an embodiment preferred of the present invention,
Said access device is further used for said location information of terminals is sent to the Cloud Server that said terminal is selected;
Said Cloud Server is further used for being provided with according to said location information of terminals the cloud service access rights at said terminal.
In an embodiment preferred of the present invention, said access device comprises:
The terminal location judging unit is used to judge said location information of terminals, and returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Agent unit is used to receive first access request and second access request that send at said terminal, sets up safety with the Cloud Server that said terminal is selected and is connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal.
In an embodiment preferred of the present invention, said access device further comprises:
The authentication unit is used for authentication is carried out at said terminal;
Said terminal location judging unit; Be further used for after said authentication unit passes through said terminal authentication; Judge said location information of terminals, and return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals.
In an embodiment preferred of the present invention, said access device further comprises:
The authentication unit is used to judge whether said terminal has authority to visit the Cloud Server that said terminal is selected;
Said agent unit is further used for after said authentication unit confirms that said terminal has authority to visit the Cloud Server of selecting at said terminal, setting up safety with the Cloud Server that said terminal is selected and being connected.
In an embodiment preferred of the present invention,
Said access device is further used for judging said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
In an embodiment preferred of the present invention, said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise.
In an embodiment preferred of the present invention,
Said access device is further used for to the Cloud Server that said terminal is selected digital certificate being provided;
Said Cloud Server is further used for the digital certificate of said access device is carried out authentication.
In an embodiment preferred of the present invention, said Cloud Server is further used for authentication is carried out in the IP address of said access device.
In an embodiment preferred of the present invention, said safety is connected to SSL SSL and connects.
The present invention also provides a kind of access device, comprising:
The terminal location judging unit is used to judge said location information of terminals, and returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Agent unit; Be used to receive first access request and second access request that send at said terminal; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Said second access request is used to ask to visit the Cloud Server that said terminal is selected, and sets up safety with the Cloud Server that said terminal is selected and is connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, said access response is the response to said second access request.
In an embodiment preferred of the present invention, further comprise: the authentication unit is used for authentication is carried out at said terminal;
Said terminal location judging unit; Be further used for after said authentication unit passes through said terminal authentication; Judge said location information of terminals, and return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals.
In an embodiment preferred of the present invention, further comprise: the authentication unit is used to judge whether said terminal has authority to visit the Cloud Server that said terminal is selected;
Said agent unit is further used for after said authentication unit confirms that said terminal has authority to visit the Cloud Server of selecting at said terminal, setting up safety with the Cloud Server that said terminal is selected and being connected.
In an embodiment preferred of the present invention,
Said terminal location judging unit is further used for judging said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
In an embodiment preferred of the present invention, said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise.
In an embodiment preferred of the present invention, said safety is connected to SSL SSL and connects.
The invention discloses a kind of method, system and access device of visiting cloud service, utilize method, system and the access device of visit cloud service of the present invention, through access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security.
The not special restriction of the kind of terminal of the present invention, access device and Cloud Server, can realize function according to the invention various terminals, access device and Cloud Server all within the scope of the invention.
The present invention is not limited to the above mode, no matter on its shape or structure, do any variation, every technical scheme of access device visit Cloud Server of utilizing all drops within the protection range of the present invention.In addition, not a kind of modification of the present invention directly through access device but through the technical scheme of access device granted access Cloud Server, all should think within protection range of the present invention.
Description of drawings
Fig. 1 is the flow chart of the method for the described visit cloud service of the embodiment of the invention;
Fig. 2 is the system of the described visit cloud service of the embodiment of the invention and the structural representation of access device.
Embodiment
Below in conjunction with accompanying drawing and embodiment, specific embodiments of the invention is done further explain.Following examples are used to explain the present invention, but are not used for limiting scope of the present invention.
Referring to Fig. 1, the invention provides a kind of access control method of cloud service, comprise step:
First access request that A, access device receiving terminal send; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Judge said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the information such as IP address field at said terminal; Said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise; Return the Cloud Server tabulation that allows said terminal access according to said location information of terminals to said terminal, the Cloud Server that is positioned at the terminal could access of corporate intranet and exterior of enterprise is tabulated different;
Preferably, after said access device receives first access request of sending at said terminal, further comprise:
Said access device is according to first user profile that is received from the terminal; SSL (Secure Sockets Layer for example; SSL) username and password of VPN (Virtual Private Network, VPN) etc. is to carrying out authentication in said terminal; If authentication is passed through, then return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals; Otherwise, process ends.
Preferably, said first user profile is added in said first access request.
Because VPN is widely used in corporate intranet, said access device can be vpn gateway, and to the SaaS Cloud Server, said access device can be the SSL vpn gateway.
Said terminal can comprise: the terminal in exterior of enterprise or the corporate intranet, for example notebook computer, panel computer, smart mobile phone, desktop computer, PDA etc.;
B, said access device receive second access request that send at said terminal, and said second access request is used to ask to visit the Cloud Server that said terminal is selected; Said access device is set up safety with the Cloud Server that said terminal is selected and is connected;
Preferably, said safety connects and comprises SSL connection or TLS (Transport Layer Security, Transport Layer Security) connection etc.
Preferably, after said access device receives second access request of sending at said terminal, further comprise:
Said access device judges whether said terminal has authority to visit the Cloud Server that said terminal is selected, if said access device is set up safety with the Cloud Server that said terminal is selected and is connected, for example SSL connects; Otherwise, process ends;
C, after the authentication of Cloud Server that said access device is selected through said terminal to said access device, said access device will said second access request sends to the Cloud Server of said terminal selection; Said access device receives the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, and said access response is the response to said second access request.
Preferably, said access device specifically comprises through the authentication of the Cloud Server of said terminal selection:
Said access device is through the authentication of said Cloud Server to the digital certificate of said access device.
Preferably, said access device specifically comprises through the authentication of the Cloud Server of said terminal selection:
Said access device is through the authentication of said Cloud Server to the IP address of said access device, and the safe of access device initiation that Cloud Server only allows to have the assigned ip address connects, and for example SSL connects.
Only allow to visit said Cloud Server from the cloud service access request that the cloud service access request of said access device is visited said cloud service or only allowed to have the digital certificate that said access device provides; And then guarantee only could to visit enterprise at Cloud Server the key application in the SaaS Cloud Server for example from the cloud service access request of said access device.
Preferably, said said second access request is sent to the Cloud Server of said terminal selecting after, further comprise:
The Cloud Server of selecting when said terminal is according to second user profile, and after for example the username and password of SaaS server etc. passed through the authentication at said terminal, said access device received the access response that the Cloud Server selected at said terminal sends; Otherwise, process ends.
Preferably, said second user profile is added in said second access request.
Preferably, after the authentication of the Cloud Server that said access device is selected through said terminal, said method also comprises:
Said access device sends to the Cloud Server that said terminal is selected with said location information of terminals; Said location information of terminals is used for the cloud service access rights that said Cloud Server is provided with said terminal; If said terminal has said cloud service access rights, said Cloud Server sends access response to said access device; Otherwise, process ends.
Preferably, said location information of terminals is added in said second access request.
Utilize the method for visit cloud service of the present invention, through said access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security.
Referring to Fig. 2, the invention provides a kind of system that visits cloud service, comprising:
Terminal 100; Be used for sending first access request to access device 200; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Receive the Cloud Server tabulation of permission said terminal 100 visits that said access device 200 returns, send second access request to said access device 200, said second access request is used to ask to visit the Cloud Server 300 that said terminal is selected; Receive the access response that said access device 200 sends, said access response is the response to said second access request;
Access device 200; Be used for first access request that receiving terminal 100 sends; Judge the positional information at said terminal 100 according to the information such as IP address field at the domain name at the IP address at said terminal, said terminal or said terminal; Said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise; Positional information according to said terminal 100 is returned the Cloud Server tabulation that allows 100 visits of said terminal to said terminal 100, receives second access request that send at said terminal 100, sets up safety with the Cloud Server 300 that said terminal 100 is selected and is connected; After the authentication of 300 pairs of said access devices 200 of Cloud Server of selecting through said terminal 100, said second access request is sent to the Cloud Server 300 that said terminal 100 is selected; Receive the access response that the Cloud Server 300 selected at said terminal 100 sends, and said access response is sent to said terminal 100;
Cloud Server 300 is used for access device 200 is carried out authentication, after authentication is passed through, receives second access request that said access device 200 sends, and sends access response to said access device 200.
Preferably, said access device 200 is further used for according to first user profile, and the username and password of for example said access device 200 etc. carry out authentication to said terminal.
Preferably, said first user profile is added in said first access request.
Because VPN is widely used in corporate intranet, said access device can be vpn gateway, and to the SaaS Cloud Server, said access device can be the SSL vpn gateway.
Said terminal 100 can comprise: the terminal in exterior of enterprise or the corporate intranet, for example notebook computer, panel computer, smart mobile phone, desktop computer, PDA etc.;
The terminal 100 addressable Cloud Server tabulations that are positioned at corporate intranet and exterior of enterprise are different, owing to comprise a plurality of Cloud Servers in the cloud of enterprise, then have only the terminal of corporate intranet can visit some core Cloud Servers, reduced the risk of enterprise information security;
Preferably, said safety connects and comprises SSL connection or TLS (Transport Layer Security, Transport Layer Security) connection etc.
Preferably, said access device 200 is further used for judging whether said terminal has authority to visit the Cloud Server that said terminal is selected.
Preferably, said Cloud Server 300 is further used for according to second user profile, and the username and password of for example said Cloud Server 300 etc. are to carrying out authentication in said terminal;
(be widely used in corporate intranet, said access device 200 can be vpn gateway, and to the Cloud Server of SaaS, said access device 200 can be the SSL vpn gateway owing to VPN.
Preferably, said second user profile is added in said second access request.
Preferably, said access device 200 is further used for the positional information at said terminal 100 is sent to the Cloud Server 300 that said terminal 100 is selected;
Said Cloud Server 300; Be further used for being provided with the cloud service access rights at said terminal 100 according to the positional information at said terminal 100; Comprise access profile, access time, access times etc., it is not equal that for example the access time and the access times at said terminal 100 of application, corporate intranet and exterior of enterprise of some enterprise key can not be visited in the said terminal 100 that can visit whole application, the exterior of enterprise of said Cloud Server 300, the said terminal 100 of corporate intranet.
Use because the Cloud Server of enterprise comprises a plurality of cloud services, then have only the terminal of corporate intranet can visit some core cloud services application, reduced the risk of enterprise information security.
Preferably, said access device 200 comprises: terminal location judging unit 201 and agent unit 202, for example web proxy unit;
Said terminal location judging unit 201; Be used for according to the positional information of judging said terminal 100; And return the Cloud Server that allows said terminal 100 to visit according to the positional information at said terminal 100 to said terminal 100 and tabulate, the terminal 100 addressable Cloud Servers tabulations that are positioned at corporate intranet and exterior of enterprise are different;
Owing to comprise a plurality of Cloud Servers in the cloud of enterprise, then have only the terminal of corporate intranet can visit some core Cloud Servers, reduced the risk of enterprise information security;
Said agent unit 202 is used to receive first access request and second access request that send at said terminal 201, sets up safety with the Cloud Server 300 that said terminal 100 is selected and is connected; After the authentication of 300 pairs of said access devices 200 of Cloud Server of selecting through said terminal 100, said second access request is sent to the Cloud Server 300 that said terminal 100 is selected; Receive the access response that the Cloud Server 300 selected at said terminal 100 sends, and said access response is sent to said terminal 100.
Preferably, said access device 200 further comprises: authentication unit 203, be used for authentication is carried out at said terminal 100, and improved the fail safe of corporate intranet;
Correspondingly; Said terminal location judging unit 201; Be further used for after 203 pairs of said terminal 100 authentications in said authentication unit are passed through; Judge the positional information at said terminal 100, and return the Cloud Server tabulation that allows 100 visits of said terminal to said terminal 100 according to the positional information at said terminal 100.
Preferably, said access device 200 further comprises: authentication unit 203 is used to judge whether said terminal 100 has authority to visit the Cloud Server 300 that said terminal 100 is selected;
Correspondingly, said agent unit 202 is further used for after said authentication unit 203 confirms that said terminal 100 has authority to visit the Cloud Server of selecting at said terminal 100 300, setting up safety with the Cloud Server 300 that said terminal 100 is selected and being connected.
Preferably, said access device 200 is further used for to the Cloud Server 300 that said terminal 100 is selected digital certificate being provided;
Said Cloud Server 300 is further used for the digital certificate of said access device 200 is carried out authentication.
Preferably, said Cloud Server 300 is further used for authentication is carried out in the IP address of said access device 200, and the safe of access device initiation that Cloud Server only allows to have the assigned ip address connects, and for example SSL connects.
Only allow to visit said Cloud Server 300 from the cloud service access request that the cloud service access request of said access device 200 is visited said Cloud Server 300 or only allowed to have the digital certificate that said access device 200 provides; And then guarantee only could to visit enterprise at Cloud Server the key application in the SaaS Cloud Server for example from the cloud service access request of said access device 200.
Preferably, said Cloud Server 300 can comprise SaaS Cloud Server, PaaS Cloud Server or IaaS Cloud Server.
Utilize the system of visit cloud service of the present invention, through access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security; Said Cloud Server carries out authentication according to user profile and customer position information to the user, has strengthened the fail safe of enterprise network greatly.
As shown in Figure 2, the present invention also provides a kind of access device 200, comprising:
Terminal location judging unit 201 and agent unit 202, for example web proxy unit;
Said terminal location judging unit 201; The information such as IP address field that are used for domain name or the said terminal 100 at IP address, said terminal 100 according to said terminal 100 are judged the positional information at said terminal 100; Said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise; And return the Cloud Server that allows said terminal 100 to visit according to the positional information at said terminal 100 to said terminal 100 and tabulate, the terminal 100 addressable Cloud Servers tabulations that are positioned at corporate intranet and exterior of enterprise are different;
Said agent unit 202; Be used to receive first access request and second access request that send at said terminal 100; Said first access request is used to ask to provide the Cloud Server tabulation that allows 100 visits of said terminal; Said second access request is used to ask to visit the Cloud Server 300 that said terminal 100 is selected, and sets up safety with the Cloud Server 300 that said terminal 100 is selected and is connected; After the authentication of 300 pairs of said access devices 200 of Cloud Server of selecting through said terminal 100, said second access request is sent to the Cloud Server 300 that said terminal 100 is selected; Receive the access response that the Cloud Server 300 selected at said terminal 100 sends, and said access response is sent to said terminal 100, said access response is the response to said second access request.
Owing to comprise a plurality of Cloud Servers in the cloud of enterprise, then have only the terminal of corporate intranet can visit some core Cloud Servers, reduced the risk of enterprise information security;
Preferably, further comprise: authentication unit 203, be used for according to first user profile, the username and passwords of for example said access device 200 etc. have improved the fail safe of corporate intranet to carrying out authentication in said terminal 100;
Correspondingly; Said terminal location judging unit 201; Be further used for after 203 pairs of said terminal 100 authentications in said authentication unit are passed through; Judge the positional information at said terminal 100, and return the Cloud Server tabulation that allows 100 visits of said terminal to said terminal 100 according to the positional information at said terminal 100.
Preferably, said first user profile is added in said first access request.
Preferably, further comprise: authentication unit 203 is used to judge whether said terminal 100 has authority to visit the Cloud Server 300 that said terminal 100 is selected;
Correspondingly, said agent unit 202 is further used for after said authentication unit 203 confirms that said terminal 100 has authority to visit the Cloud Server of selecting at said terminal 100 300, setting up safety with the Cloud Server 300 that said terminal 100 is selected and being connected.
Utilize access device of the present invention, through said access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security.
In sum, the invention discloses a kind of method, system and access device of visiting cloud service, utilize method, system and the access device of visit cloud service of the present invention, through access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security.
Above execution mode only is used to explain the present invention; And be not limitation of the present invention; The those of ordinary skill in relevant technologies field under the situation that does not break away from the spirit and scope of the present invention, can also be made various variations and modification; Therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.

Claims (30)

1. a method of visiting Cloud Server is characterized in that, this method comprises:
First access request that the access device receiving terminal sends; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Judge said location information of terminals, return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Said access device receives second access request that send at said terminal, and said second access request is used to ask to visit the Cloud Server that said terminal is selected;
Said access device is set up safety with the Cloud Server that said terminal is selected and is connected;
After the authentication of Cloud Server to said access device that said access device is selected through said terminal, said access device sends to the Cloud Server that said terminal is selected with said second access request;
Said access device receives the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, and said access response is the response to said second access request.
2. method according to claim 1 is characterized in that, after said access device receives first access request of sending at said terminal, further comprises:
Said access device carries out authentication to said terminal, if authentication is passed through, then returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals; Otherwise, process ends.
3. method according to claim 1 is characterized in that, after said access device receives second access request of sending at said terminal, further comprises:
Said access device judges whether said terminal has authority to visit the Cloud Server that said terminal is selected, if said access device is set up safety with the Cloud Server that said terminal is selected and is connected; Otherwise, process ends.
4. method according to claim 1 is characterized in that, said said second access request is sent to the Cloud Server of said terminal selecting after, further comprise:
The Cloud Server of selecting when said terminal is through after the authentication to said terminal, and said access device receives the access response that the Cloud Server selected at said terminal sends; Otherwise, process ends.
5. method according to claim 1 is characterized in that, after the authentication of the Cloud Server that said access device is selected through said terminal, said method also comprises:
Said access device sends to the Cloud Server that said terminal is selected with said location information of terminals; Said location information of terminals is used for the cloud service access rights that said Cloud Server is provided with said terminal; If said terminal has said cloud service access rights, said Cloud Server sends access response to said access device; Otherwise, process ends.
6. method according to claim 5 is characterized in that, said location information of terminals is added in said second access request.
7. according to each described method among the claim 1-6, it is characterized in that said access device judges that said location information of terminals specifically comprises:
Said access device is judged said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
8. according to each described method among the claim 1-6, it is characterized in that said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise.
9. according to each described method among the claim 1-6, it is characterized in that said access device specifically comprises through the authentication of the Cloud Server that said terminal is selected:
Said access device is through the authentication of said Cloud Server to the digital certificate of said access device.
10. according to each described method among the claim 1-6, it is characterized in that said access device specifically comprises through the authentication of the Cloud Server that said terminal is selected:
Said access device is through the authentication of said Cloud Server to the IP address of said access device.
11., it is characterized in that said safety is connected to SSL SSL and connects according to each described method among the claim 1-6.
12. a system that visits Cloud Server is characterized in that, this system comprises:
The terminal; Be used for sending first access request to access device; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Receive the Cloud Server tabulation of the said terminal access of permission that said access device returns, send second access request to said access device, said second access request is used to ask to visit the Cloud Server that said terminal is selected; Receive the access response that said access device sends, said access response is the response to said second access request;
Access device; Be used for first access request that receiving terminal sends; Judge said location information of terminals; Return the Cloud Server tabulation that allows said terminal access according to said location information of terminals to said terminal, receive second access request that send at said terminal, set up safety with the Cloud Server that said terminal is selected and be connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal;
Cloud Server is used for access device is carried out authentication, after authentication is passed through, receives second access request that said access device sends, and sends access response to said access device.
13. system according to claim 12 is characterized in that,
Said access device is further used for authentication is carried out at said terminal.
14. system according to claim 12 is characterized in that,
Said access device is further used for judging whether said terminal has authority to visit the Cloud Server that said terminal is selected.
15. system according to claim 12 is characterized in that,
Said Cloud Server is further used for authentication is carried out at said terminal.
16. system according to claim 12 is characterized in that,
Said access device is further used for said location information of terminals is sent to the Cloud Server that said terminal is selected;
Said Cloud Server is further used for being provided with according to said location information of terminals the cloud service access rights at said terminal.
17. system according to claim 12 is characterized in that, said access device comprises:
The terminal location judging unit is used to judge said location information of terminals, and returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Agent unit is used to receive first access request and second access request that send at said terminal, sets up safety with the Cloud Server that said terminal is selected and is connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal.
18. system according to claim 17 is characterized in that, said access device further comprises:
The authentication unit is used for authentication is carried out at said terminal;
Said terminal location judging unit; Be further used for after said authentication unit passes through said terminal authentication; Judge said location information of terminals, and return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals.
19. system according to claim 17 is characterized in that, said access device further comprises:
The authentication unit is used to judge whether said terminal has authority to visit the Cloud Server that said terminal is selected;
Said agent unit is further used for after said authentication unit confirms that said terminal has authority to visit the Cloud Server of selecting at said terminal, setting up safety with the Cloud Server that said terminal is selected and being connected.
20. according to each described system among the claim 12-19, it is characterized in that,
Said access device is further used for judging said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
21., it is characterized in that said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise according to each described system among the claim 12-19.
22. according to each described system among the claim 12-19, it is characterized in that,
Said access device is further used for to the Cloud Server that said terminal is selected digital certificate being provided;
Said Cloud Server is further used for the digital certificate of said access device is carried out authentication.
23. according to each described system among the claim 12-19, it is characterized in that,
Said Cloud Server is further used for authentication is carried out in the IP address of said access device.
24., it is characterized in that said safety is connected to SSL SSL and connects according to each described system among the claim 12-19.
25. an access device is characterized in that, comprising:
The terminal location judging unit is used to judge said location information of terminals, and returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Agent unit; Be used to receive first access request and second access request that send at said terminal; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Said second access request is used to ask to visit the Cloud Server that said terminal is selected, and sets up safety with the Cloud Server that said terminal is selected and is connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, said access response is the response to said second access request.
26. access device according to claim 25 is characterized in that, further comprises:
The authentication unit is used for authentication is carried out at said terminal;
Said terminal location judging unit; Be further used for after said authentication unit passes through said terminal authentication; Judge said location information of terminals, and return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals.
27. access device according to claim 25 is characterized in that, further comprises:
The authentication unit is used to judge whether said terminal has authority to visit the Cloud Server that said terminal is selected;
Said agent unit is further used for after said authentication unit confirms that said terminal has authority to visit the Cloud Server of selecting at said terminal, setting up safety with the Cloud Server that said terminal is selected and being connected.
28. according to each described access device among the claim 25-27, it is characterized in that,
Said terminal location judging unit is further used for judging said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
29., it is characterized in that said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise according to each described access device among the claim 25-27.
30., it is characterized in that said safety is connected to SSL SSL and connects according to each described access device among the claim 25-27.
CN201210268850.0A 2012-07-31 2012-07-31 Access the method for Cloud Server, system and access device Active CN102769631B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210268850.0A CN102769631B (en) 2012-07-31 2012-07-31 Access the method for Cloud Server, system and access device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210268850.0A CN102769631B (en) 2012-07-31 2012-07-31 Access the method for Cloud Server, system and access device

Publications (2)

Publication Number Publication Date
CN102769631A true CN102769631A (en) 2012-11-07
CN102769631B CN102769631B (en) 2015-09-09

Family

ID=47096881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210268850.0A Active CN102769631B (en) 2012-07-31 2012-07-31 Access the method for Cloud Server, system and access device

Country Status (1)

Country Link
CN (1) CN102769631B (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051607A (en) * 2012-12-04 2013-04-17 中国电信股份有限公司云计算分公司 Access method, equipment and system
CN103945330A (en) * 2014-05-12 2014-07-23 重庆邮电大学 Virtual private cloud platform and virtual private cloud secure access method and system
CN104092763A (en) * 2014-07-16 2014-10-08 广州金山网络科技有限公司 Application program installation package pushing method and device
CN104469977A (en) * 2014-09-10 2015-03-25 北京佰才邦技术有限公司 Mobile communication method, device and system
CN104754015A (en) * 2013-12-31 2015-07-01 华为技术有限公司 Method, device and system for establishing remote session
WO2015131524A1 (en) * 2014-09-25 2015-09-11 中兴通讯股份有限公司 Remote access server method and web server
CN105808987A (en) * 2014-12-30 2016-07-27 中国移动通信集团公司 Mobile data interaction method and device
CN105992206A (en) * 2015-02-04 2016-10-05 中国移动通信集团湖北有限公司 Enterprise safety management method, equipment and system
CN106034130A (en) * 2015-03-18 2016-10-19 中兴通讯股份有限公司 Data access method and device
CN107690166A (en) * 2016-08-03 2018-02-13 深圳市深信服电子科技有限公司 A kind of cut-in method, the apparatus and system of VMI platforms
WO2018145266A1 (en) * 2017-02-08 2018-08-16 深圳市汇顶科技股份有限公司 Permission control method, permission-controlled device, electronic device, and system
CN108491500A (en) * 2018-03-20 2018-09-04 新华三云计算技术有限公司 Database cut-in method and device
CN109167834A (en) * 2018-09-11 2019-01-08 上海庆科信息技术有限公司 A kind of the company's cloud method and its relevant apparatus of smart machine
CN110602218A (en) * 2019-09-17 2019-12-20 深圳市迅雷网络技术有限公司 Method and related device for assembling cloud service in user-defined manner
CN111159667A (en) * 2018-11-08 2020-05-15 鸿合科技股份有限公司 Resource access method and device and electronic equipment
CN111212087A (en) * 2020-01-20 2020-05-29 上海米哈游天命科技有限公司 Method, device, equipment and storage medium for determining login server
CN111262865A (en) * 2016-09-23 2020-06-09 华为技术有限公司 Method, device and system for making access control strategy
WO2020248368A1 (en) * 2019-06-10 2020-12-17 平安科技(深圳)有限公司 Intranet accessing method, system, and related device
CN112104603A (en) * 2020-08-06 2020-12-18 华人运通(江苏)技术有限公司 Access right control method, device and system of vehicle interface
CN114172687A (en) * 2021-11-03 2022-03-11 杭州涂鸦信息技术有限公司 Cloud connection method, method for auxiliary equipment to be connected with cloud and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873343A (en) * 2010-06-03 2010-10-27 罗李敏 Internet of things networking method and system thereof
CN102143149A (en) * 2010-12-10 2011-08-03 华为技术有限公司 Method and system for mini-station to access cloud, and access management equipment
CN102577315A (en) * 2011-12-21 2012-07-11 华为技术有限公司 Method, device and system for setting user access to virtual machine

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873343A (en) * 2010-06-03 2010-10-27 罗李敏 Internet of things networking method and system thereof
CN102143149A (en) * 2010-12-10 2011-08-03 华为技术有限公司 Method and system for mini-station to access cloud, and access management equipment
CN102577315A (en) * 2011-12-21 2012-07-11 华为技术有限公司 Method, device and system for setting user access to virtual machine

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051607B (en) * 2012-12-04 2016-03-23 中国电信股份有限公司 Access method, equipment and system
CN103051607A (en) * 2012-12-04 2013-04-17 中国电信股份有限公司云计算分公司 Access method, equipment and system
CN104754015A (en) * 2013-12-31 2015-07-01 华为技术有限公司 Method, device and system for establishing remote session
CN104754015B (en) * 2013-12-31 2018-11-13 华为技术有限公司 A kind of methods, devices and systems for establishing remote session
CN103945330B (en) * 2014-05-12 2017-10-27 重庆邮电大学 Virtual private cloud platform, virtual private cloud safety access method and system
CN103945330A (en) * 2014-05-12 2014-07-23 重庆邮电大学 Virtual private cloud platform and virtual private cloud secure access method and system
CN104092763A (en) * 2014-07-16 2014-10-08 广州金山网络科技有限公司 Application program installation package pushing method and device
CN104469977A (en) * 2014-09-10 2015-03-25 北京佰才邦技术有限公司 Mobile communication method, device and system
CN104469977B (en) * 2014-09-10 2019-01-25 北京佰才邦技术有限公司 Method of mobile communication, device and system
WO2015131524A1 (en) * 2014-09-25 2015-09-11 中兴通讯股份有限公司 Remote access server method and web server
CN105516061A (en) * 2014-09-25 2016-04-20 中兴通讯股份有限公司 Remote server access method and web server
CN105808987A (en) * 2014-12-30 2016-07-27 中国移动通信集团公司 Mobile data interaction method and device
CN105808987B (en) * 2014-12-30 2019-10-15 中国移动通信集团公司 A kind of mobile data exchange method and equipment
CN105992206A (en) * 2015-02-04 2016-10-05 中国移动通信集团湖北有限公司 Enterprise safety management method, equipment and system
CN106034130A (en) * 2015-03-18 2016-10-19 中兴通讯股份有限公司 Data access method and device
CN107690166A (en) * 2016-08-03 2018-02-13 深圳市深信服电子科技有限公司 A kind of cut-in method, the apparatus and system of VMI platforms
CN107690166B (en) * 2016-08-03 2020-11-20 深信服科技股份有限公司 VMI platform access method, device and system
CN111262865A (en) * 2016-09-23 2020-06-09 华为技术有限公司 Method, device and system for making access control strategy
WO2018145266A1 (en) * 2017-02-08 2018-08-16 深圳市汇顶科技股份有限公司 Permission control method, permission-controlled device, electronic device, and system
CN108491500A (en) * 2018-03-20 2018-09-04 新华三云计算技术有限公司 Database cut-in method and device
CN109167834A (en) * 2018-09-11 2019-01-08 上海庆科信息技术有限公司 A kind of the company's cloud method and its relevant apparatus of smart machine
CN111159667A (en) * 2018-11-08 2020-05-15 鸿合科技股份有限公司 Resource access method and device and electronic equipment
WO2020248368A1 (en) * 2019-06-10 2020-12-17 平安科技(深圳)有限公司 Intranet accessing method, system, and related device
CN110602218A (en) * 2019-09-17 2019-12-20 深圳市迅雷网络技术有限公司 Method and related device for assembling cloud service in user-defined manner
CN110602218B (en) * 2019-09-17 2023-02-14 深圳市迅雷网络技术有限公司 Method and related device for assembling cloud service in user-defined manner
CN111212087A (en) * 2020-01-20 2020-05-29 上海米哈游天命科技有限公司 Method, device, equipment and storage medium for determining login server
CN112104603A (en) * 2020-08-06 2020-12-18 华人运通(江苏)技术有限公司 Access right control method, device and system of vehicle interface
CN112104603B (en) * 2020-08-06 2023-11-14 华人运通(江苏)技术有限公司 Access authority control method, device and system of vehicle interface
CN114172687A (en) * 2021-11-03 2022-03-11 杭州涂鸦信息技术有限公司 Cloud connection method, method for auxiliary equipment to be connected with cloud and electronic equipment

Also Published As

Publication number Publication date
CN102769631B (en) 2015-09-09

Similar Documents

Publication Publication Date Title
CN102769631B (en) Access the method for Cloud Server, system and access device
CN103944890B (en) Virtual interaction system based on customer end/server mode and method
RU2707717C2 (en) Mobile authentication in mobile virtual network
CN102724647B (en) Method and system for access capability authorization
US9491183B1 (en) Geographic location-based policy
US11102196B2 (en) Authenticating API service invocations
CN111314340B (en) Authentication method and authentication platform
US9009804B2 (en) Method and system for hybrid software as a service user interfaces
US10320844B2 (en) Restricting access to public cloud SaaS applications to a single organization
CN110049048B (en) Data access method, equipment and readable medium for government affair public service
CN104580074A (en) Logging method of client end application and corresponding server of logging method
CN104468550B (en) A kind of user login method of windows desktop, equipment and system
CN102984169A (en) Single sign-on method, equipment and system
CN103930897A (en) Mobile application, single sign-on management
US11770372B2 (en) Unified identity and access management (IAM) control plane for services associated with a hybrid cloud
CN102710640A (en) Authorization requesting method, device and system
CN103634301A (en) Client side and method for accessing private data stored in server by user
CN103581184A (en) Method and system for mobile terminal to get access to intranet server
US20170187705A1 (en) Method of controlling access to business cloud service
CN112738100B (en) Authentication method, device, authentication equipment and authentication system for data access
CN105550595A (en) Private data access method and system for intelligent communication equipment
CN107743702A (en) The single-sign-on of trustship mobile device
US20140380426A1 (en) Method, device and system for logging in through a browser application at a client terminal
CN107770192A (en) Identity authentication method and computer-readable recording medium in multisystem
CN103179080B (en) The cloud computer system of a kind of Internet user and the method for connection cloud computer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant