CN103188336A - Virtual desktop-based operation and maintenance management method - Google Patents
Virtual desktop-based operation and maintenance management method Download PDFInfo
- Publication number
- CN103188336A CN103188336A CN 201110461597 CN201110461597A CN103188336A CN 103188336 A CN103188336 A CN 103188336A CN 201110461597 CN201110461597 CN 201110461597 CN 201110461597 A CN201110461597 A CN 201110461597A CN 103188336 A CN103188336 A CN 103188336A
- Authority
- CN
- China
- Prior art keywords
- virtual desktop
- personnel
- maintenance
- management method
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a virtual desktop-based operation and maintenance management method which can reduce the harm caused by misoperation during operation and maintenance and can be used for managing the operation and maintenance personnel in a centralized way. The method comprises the following steps of: (1) enabling the operation and maintenance personnel to log in an operation and maintenance management system by using a browser/server (B/S) mode at an operation and maintenance terminal, and entering the virtual desktop provided by a bastion host; (2) looking over equipment and tools which are needed to be maintained on the virtual desktop; (3) after the operation and maintenance tool corresponding to the operation is selected, automatically establishing the corresponding interlinkage between the operation and maintenance tool and the maintained server according to the configuration of a system administrator; and (4) carrying out maintenance operation by connecting the server on the virtual desktop by the operation personnel. According to the virtual desktop-based operation and maintenance management method, the harm caused by misoperation during operation and maintenance can be alleviated, the operation and maintenance personnel can be managed in a centralized way, the operation of the operation and maintenance personnel is simple by technologies such as the virtual desktop, and single sign-on, and the maintenance process of the server is controllable and auditable by the technologies such as access control and audit for the operation and maintenance.
Description
Technical field
The present invention relates to a kind of operation management method, especially a kind of operation management method based on virtual desktop.
Background technology
Existing operation management method has just been strengthened O﹠M personnel's management, the audit of O﹠M operation, and the O﹠M pattern does not change, and O﹠M personnel's operation is more complicated.When using the ssh mode to carry out O﹠M as the O﹠M personnel, with O﹠M personnel account number, password login operation management system, re-use ssh and sign in on the maintained main frame earlier, process as shown in Figure 1.Directly connect the harm that misoperation produces when causing O﹠M easily, complicated operation between existing operation management method O﹠M personnel and the server.
Summary of the invention
The operation management method based on virtual desktop that the invention provides a kind of harm that misoperation produces when reducing O﹠M, the O﹠M personnel are managed concentratedly.
Realize the operation management method based on virtual desktop of the object of the invention, comprise the steps:
(1) the O﹠M personnel use B/S pattern login operation management system in the O﹠M terminal, enter the virtual desktop that Bastion Host provides;
(2) check equipment and the instrument of safeguarding at virtual desktop;
(3) behind the corresponding operation and maintenance tools of selection operation, operation and maintenance tools can dispose according to the system manager, set up respective links with maintained server automatically;
(4) O﹠M personnel Connection Service device on virtual desktop carries out attended operation.
Described operation management method based on virtual desktop, by the following method the O﹠M personnel are carried out unified management:
Adopt the authority separation principle, login user differentiated, divide the role to give the different operating object, realize to the maintenance process of protected host can control, auditable target;
For the system manager, can manage O﹠M resource, O﹠M user, operation and maintenance tools, can set the O﹠M access control policy, the single-sign-on tactical management;
For audit management person, can be to audit state, audit user, audit log is checked and manage;
For the O﹠M personnel, can check own maintainable all devices, and select to have authorized operation and maintenance tools that this equipment is safeguarded.
Described operation management method based on virtual desktop adopts the white list pattern to the O﹠M personnel control that conducts interviews, and the O﹠M operation of namely having only white list to allow can be performed, and other O﹠Ms are operated and all are under an embargo.
Described operation management method based on virtual desktop adopts the blacklist pattern to the O﹠M personnel control that conducts interviews, and namely the O﹠M personnel can't carry out the O﹠M operation in blacklist, can only use other not the O﹠M in blacklist operate.
The beneficial effect of a kind of operation management method based on virtual desktop of the present invention is as follows:
Operation management method based on virtual desktop of the present invention, utilize the virtual desktop technology to set up unique escape way, realize the physical isolation between O﹠M personnel and the server, make O﹠M personnel place terminal can not be directly connected to server, can only come the Connection Service device by the virtual desktop of login Bastion Host, the harm that misoperation produces when reducing O﹠M.Simultaneously the O﹠M personnel are managed concentratedly, simple by technique guarantee O﹠M personnel operation such as virtual desktop, single-sign-on, and by to technology such as the access control of O﹠M operation, audits, guarantee that the maintenance process of server can be controlled, can audit.
Description of drawings
Fig. 1 is the schematic diagram of existing operation management method.
Fig. 2 is the schematic diagram of the operation management method based on virtual desktop of the present invention.
Embodiment
As shown in Figure 2, the operation management method based on virtual desktop of the present invention comprises the steps:
(1) the O﹠M personnel use B/S pattern login operation management system in the O﹠M terminal, enter the virtual desktop that Bastion Host provides;
(2) check equipment and the instrument of safeguarding at virtual desktop;
(3) behind the corresponding operation and maintenance tools of selection operation, operation and maintenance tools can dispose according to the system manager, set up respective links with maintained server automatically;
(4) O﹠M personnel Connection Service device on virtual desktop carries out attended operation.
Described operation management method based on virtual desktop, by the following method the O﹠M personnel are carried out unified management:
Adopt the authority separation principle, login user differentiated, divide the role to give the different operating object, realize to the maintenance process of protected host can control, auditable target;
For the system manager, can manage O﹠M resource, O﹠M user, operation and maintenance tools, can set the O﹠M access control policy, the single-sign-on tactical management;
For audit management person, can be to audit state, audit user, audit log is checked and manage;
For the O﹠M personnel, can check own maintainable all devices, and select to have authorized operation and maintenance tools that this equipment is safeguarded.
Described operation management method based on virtual desktop adopts the white list pattern to the O﹠M personnel control that conducts interviews, and the O﹠M operation of namely having only white list to allow can be performed, and other O﹠Ms are operated and all are under an embargo.
Described operation management method based on virtual desktop adopts the blacklist pattern to the O﹠M personnel control that conducts interviews, and namely the O﹠M personnel can't carry out the O﹠M operation in blacklist, can only use other not the O﹠M in blacklist operate.
The advantage of the operation management method based on virtual desktop of the present invention is as follows:
1, use operation management system that the O﹠M personnel are carried out unified management.
Among the present invention, adopt the authority separation principle, login user differentiated, divide the role to give the different operating object, realize to the maintenance process of protected host can control, auditable target.
For the system manager, can manage O﹠M resource (address of maintained server, system maintenance account etc.), O﹠M user, operation and maintenance tools (operation and maintenance tools such as ssh, telnet, rdp) etc., can set the O﹠M access control policy, integrated managements such as single-sign-on strategy;
For audit management person, can be to audit state, audit user, audit log is checked and manage;
For the O﹠M personnel, can check own maintainable all devices, and select to have authorized operation and maintenance tools that this equipment is safeguarded.Maintenance process is carried out in strict accordance with the O﹠M access control policy, and the record more detailed logging, for audit management person its operation is checked and playback.
2, use the virtual desktop technology to set up the O﹠M escape way, simplify the O﹠M process.
Among the present invention, O﹠M personnel terminal can not be directly connected to server, also need not to know the server system the user name and password.The O﹠M personnel can only use Bastion Host to be connected to server as the virtual desktop that the O﹠M personnel provide by the login operation management system.The O﹠M personnel use B/S pattern login operation management system in the O﹠M terminal, enter the virtual desktop that Bastion Host provides, and check own equipment and the instrument of safeguarding.After selecting the corresponding operation and maintenance tools of operation, operation and maintenance tools can dispose according to the system manager, set up respective links with maintained server automatically.Like this, the O﹠M personnel just can carry out attended operation by the Connection Service device on virtual desktop, as carry out the O﹠M operation at O﹠M terminal desktop Connection Service device.
3, use the operation control that conducts interviews to O﹠M of black, white list.
When the O﹠M personnel carry out the O﹠M operation, must carry out in strict accordance with the O﹠M access control policy of system manager's configuration.The O﹠M access control policy divides two kinds: a kind of is the white list pattern, and the O﹠M operation of having only white list to allow can be performed, and other O﹠M operations all are under an embargo; A kind of is the blacklist pattern, and the O﹠M personnel can't carry out the O﹠M operation in blacklist, can only use other not operations of the O﹠M in blacklist.So strict access control is carried out in O﹠M personnel's operation, the misoperation when reducing O﹠M and malicious persons are destroyed the loss that brings.
Audit modes such as 4, support screen video recording, literal video recording.
Audit measure divides two kinds: film recording audit and literal audit.The O﹠M personnel login the Bastion Host virtual desktop, and behind the selection operation and maintenance tools Connection Service device, all O﹠M operations all can be noted, for postaudit.
5, the single-sign-on of operation and maintenance tools
When certain operation and maintenance tools of O﹠M personnel selection are safeguarded certain station server, operation and maintenance tools will carry out single-sign-on according to the O﹠M resource of system manager's configuration, the O﹠M personnel do not need to know the login mode of server, can not revise the server configuration yet, leak server info.
Operation management method based on virtual desktop of the present invention adopts the B/S pattern that the O﹠M personnel are carried out unified management, changes the O﹠M personnel and directly logins by the pattern of O﹠M main frame, will be by the O﹠M Host Protection outside the O﹠M personnel visual field.When the O﹠M personnel attempt visit by the O﹠M main frame, need login operation management system earlier, differentiate access authorization O﹠M main frame through the operation management system identity, and record detail operations daily record, guarantee " need checking before the visit; restricted during visit, can audit after the visit ", ensure by the O﹠M Host Security.
Embodiment recited above is described preferred implementation of the present invention; be not that scope of the present invention is limited; design under the spiritual prerequisite not breaking away from the present invention; various distortion and improvement that the common engineers and technicians in this area make technical solution of the present invention all should fall in the definite protection range of claims of the present invention.
Claims (4)
1. the operation management method based on virtual desktop comprises the steps:
(1) the O﹠M personnel use B/S pattern login operation management system in the O﹠M terminal, enter the virtual desktop that Bastion Host provides;
(2) check equipment and the instrument of safeguarding at virtual desktop;
(3) behind the corresponding operation and maintenance tools of selection operation, operation and maintenance tools can dispose according to the system manager, set up respective links with maintained server automatically;
(4) O﹠M personnel Connection Service device on virtual desktop carries out attended operation.
2. the operation management method based on virtual desktop according to claim 1 is characterized in that: by the following method the O﹠M personnel are carried out unified management:
Adopt the authority separation principle, login user differentiated, divide the role to give the different operating object, realize to the maintenance process of protected host can control, auditable target;
For the system manager, can manage O﹠M resource, O﹠M user, operation and maintenance tools, can set the O﹠M access control policy, the single-sign-on tactical management;
For audit management person, can be to audit state, audit user, audit log is checked and manage;
For the O﹠M personnel, can check own maintainable all devices, and select to have authorized operation and maintenance tools that this equipment is safeguarded.
3. the operation management method based on virtual desktop according to claim 1 and 2 is characterized in that: adopt the white list pattern to the O﹠M personnel control that conducts interviews, the O﹠M operation of namely having only white list to allow can be performed, and other O﹠Ms are operated and all are under an embargo.
4. the operation management method based on virtual desktop according to claim 1 and 2, it is characterized in that: adopt the blacklist pattern to the O﹠M personnel control that conducts interviews, be that the O﹠M personnel can't carry out the O﹠M operation in blacklist, can only use other not operations of the O﹠M in blacklist.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201110461597 CN103188336A (en) | 2011-12-31 | 2011-12-31 | Virtual desktop-based operation and maintenance management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201110461597 CN103188336A (en) | 2011-12-31 | 2011-12-31 | Virtual desktop-based operation and maintenance management method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103188336A true CN103188336A (en) | 2013-07-03 |
Family
ID=48679301
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201110461597 Pending CN103188336A (en) | 2011-12-31 | 2011-12-31 | Virtual desktop-based operation and maintenance management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103188336A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973484A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance management system based on network topological structure |
CN103973782A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance operation control system and method based on blacklist command setting |
CN103973488A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance management system and method based on RDP protocol |
CN104734921A (en) * | 2015-04-21 | 2015-06-24 | 网神信息技术(北京)股份有限公司 | Authority processing method and device for network monitoring system |
CN106803138A (en) * | 2015-11-26 | 2017-06-06 | 北京奥鹏远程教育中心有限公司 | A kind of O&M service subsystem |
CN107317711A (en) * | 2017-06-30 | 2017-11-03 | 北京小度信息科技有限公司 | Cloud O&M method, device and computer-readable recording medium |
CN108366090A (en) * | 2018-01-09 | 2018-08-03 | 国网安徽省电力公司阜阳供电公司 | A kind of system that dispatch data net remotely accesses reinforcing and Centralized Monitoring |
CN109120427A (en) * | 2017-06-26 | 2019-01-01 | 亿阳安全技术有限公司 | A kind of operation audit method and device |
CN109934011A (en) * | 2019-03-18 | 2019-06-25 | 国网安徽省电力有限公司黄山供电公司 | A kind of data safety partition method applied to O&M auditing system |
CN110955870A (en) * | 2019-11-05 | 2020-04-03 | 广州海颐信息安全技术有限公司 | Connection method and device for supporting connection use of multiple operation and maintenance tools and obtaining audit |
CN112711456A (en) * | 2020-12-31 | 2021-04-27 | 北京珞安科技有限责任公司 | Agent login method and device of operation and maintenance tool and computer equipment |
CN113885425A (en) * | 2021-09-24 | 2022-01-04 | 沈阳化工大学 | Industrial field PLC network safety operation and maintenance method |
CN114143092A (en) * | 2021-12-01 | 2022-03-04 | 江苏亨通工控安全研究院有限公司 | Operation and maintenance function centralized management platform, user terminal, system and construction method |
-
2011
- 2011-12-31 CN CN 201110461597 patent/CN103188336A/en active Pending
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973484A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance management system based on network topological structure |
CN103973782A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance operation control system and method based on blacklist command setting |
CN103973488A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance management system and method based on RDP protocol |
CN103973484B (en) * | 2014-04-29 | 2019-03-05 | 上海上讯信息技术股份有限公司 | A kind of operation management system based on network topology structure |
CN103973488B (en) * | 2014-04-29 | 2018-07-24 | 上海上讯信息技术股份有限公司 | Operation management system based on RDP agreements and method |
CN104734921A (en) * | 2015-04-21 | 2015-06-24 | 网神信息技术(北京)股份有限公司 | Authority processing method and device for network monitoring system |
CN106803138A (en) * | 2015-11-26 | 2017-06-06 | 北京奥鹏远程教育中心有限公司 | A kind of O&M service subsystem |
CN109120427A (en) * | 2017-06-26 | 2019-01-01 | 亿阳安全技术有限公司 | A kind of operation audit method and device |
CN109120427B (en) * | 2017-06-26 | 2022-04-01 | 亿阳安全技术有限公司 | Operation and maintenance auditing method and device |
CN107317711A (en) * | 2017-06-30 | 2017-11-03 | 北京小度信息科技有限公司 | Cloud O&M method, device and computer-readable recording medium |
CN108366090A (en) * | 2018-01-09 | 2018-08-03 | 国网安徽省电力公司阜阳供电公司 | A kind of system that dispatch data net remotely accesses reinforcing and Centralized Monitoring |
CN109934011A (en) * | 2019-03-18 | 2019-06-25 | 国网安徽省电力有限公司黄山供电公司 | A kind of data safety partition method applied to O&M auditing system |
CN110955870A (en) * | 2019-11-05 | 2020-04-03 | 广州海颐信息安全技术有限公司 | Connection method and device for supporting connection use of multiple operation and maintenance tools and obtaining audit |
CN112711456A (en) * | 2020-12-31 | 2021-04-27 | 北京珞安科技有限责任公司 | Agent login method and device of operation and maintenance tool and computer equipment |
CN113885425A (en) * | 2021-09-24 | 2022-01-04 | 沈阳化工大学 | Industrial field PLC network safety operation and maintenance method |
CN114143092A (en) * | 2021-12-01 | 2022-03-04 | 江苏亨通工控安全研究院有限公司 | Operation and maintenance function centralized management platform, user terminal, system and construction method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103188336A (en) | Virtual desktop-based operation and maintenance management method | |
US11503043B2 (en) | System and method for providing an in-line and sniffer mode network based identity centric firewall | |
US11361098B2 (en) | Systems and methods for front-end and back-end data security protocols | |
US8443190B2 (en) | Method for securing a two-way communications channel and device for implementing said method | |
CN108521347B (en) | Industrial control operation and maintenance behavior auditing method, device and system | |
CN105430000A (en) | Cloud computing security management system | |
CN110351298A (en) | Access control method, device, equipment and storage medium | |
CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
CN108173838A (en) | A kind of control auditing method accessed the network equipment | |
CN104754582A (en) | Client and method for maintaining BYOD (Bring Your Own Device) safety | |
CN107919984A (en) | Possess the O&M server and its management method of automatic upgrade function | |
Payne et al. | Securing the Internet of Things: best practices for deploying IoT devices | |
CN103413083A (en) | Security defending system for single host | |
CN109547402A (en) | Data guard method, device, electronic equipment and readable storage medium storing program for executing | |
CN104204973A (en) | Dynamic configuration of industrial control system | |
CN104104745B (en) | A kind of electric network terminal safety permission method | |
CN106302498A (en) | A kind of data base's access firewall system based on login parameters | |
CN103491054A (en) | SAM access system | |
US11716626B2 (en) | Network access control system | |
Tongkaw | VPN Security in campus network during Covid-19 epidemic: Case study in Southeast Asia | |
Braband | What's Security Level got to do with Safety Integrity Level? | |
CN105790935A (en) | Independent-software-and-hardware-technology-based trusted authentication server | |
US10581861B2 (en) | Endpoint access manager | |
CN101562620B (en) | Method of terminal exchange access and control device thereof | |
CN105656840A (en) | Network security permission authentication system and method based on permission control |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130703 |