CN104038444A - Resource allocation method, equipment and system - Google Patents
Resource allocation method, equipment and system Download PDFInfo
- Publication number
- CN104038444A CN104038444A CN201310069870.XA CN201310069870A CN104038444A CN 104038444 A CN104038444 A CN 104038444A CN 201310069870 A CN201310069870 A CN 201310069870A CN 104038444 A CN104038444 A CN 104038444A
- Authority
- CN
- China
- Prior art keywords
- resource
- security domain
- virtual
- group
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a resource allocation method used for allocating a special resource group for each security domain in a resource pool. The method comprises the following steps: after a resource allocation request sent by a security domain is received, and when that a special resource group of the security domain meets resource requested by the security domain is determined, resource is allocated for the security domain in the special resource group of the security domain; and when the special resource group of the security domain does not meet the resource requested by the security domain, the security domain is scheduled in the resource pool, and the resource requested by the security domain is allocated for the security domain. The invention further discloses a piece of resource allocation equipment and a resource allocation system. By adopting the scheme of the invention, the problem of resource sharing across security domains can be solved, the utilization rate of resources can be improved, and security specification requirements of security domains can be met.
Description
Technical field
The present invention relates to system for cloud computing safe practice, relate in particular to method, equipment and system that a kind of resource is distributed.
Background technology
At present, in the network environment of a plurality of security domains, utilize Intel Virtualization Technology to carry out Internet technology (IT, Internet Technology) resource consolidation of architecture, requirement is in the situation that number of servers significantly reduces, improve sharing flexibly of computational resource, and maintain as much as possible original security domain environment to meet the network security code requirement of enterprise.Conventional thinking is, disposes more host server, or for host server adds network interface card as much as possible, to meet the access needs of a plurality of security domains.But under cloud computing and virtualized environment, computing environment is implemented in blade server environment more, blade server has highdensity computational resource, and its network interface card extended capability is more limited, therefore, has at present two kinds of common methods for designing:
1, for the higher application system of security requirement, consider emphatically security requirement, be respectively corresponding security domain and plan independently resource pool, mode with independent resource pond, the mode of a corresponding security domain of resource pool, is that the fail safe of computational resource and applied environment provides safeguard better.But the method cannot realize the resource-sharing between different security domains, resource utilization is lower.
2, for the general application system of security requirement, consider emphatically the flexibly shared requirement of computational resource, original a plurality of security domains can be integrated into a large security domain, plan a large resource pool simultaneously, the corresponding large security domain in the large resource pond of, realizes sharing flexibly and dynamic migration of computational resource better.Although all resources that the method can realize in resource pool are shared flexibly, all application deployments are in a large security domain, and the fail safe of application system will decrease before integrating.
Summary of the invention
In view of this, the method, the equipment and system that provide a kind of resource to distribute are provided main purpose of the present invention, can solve the resource-sharing problem across security domain, can meet the safety standard requirements of security domain simultaneously.
For achieving the above object, technical scheme of the present invention is achieved in that
The method that resource is distributed, in resource pool, for each security domain distributes private resource group, described method comprises:
Receive after the resource allocation request that security domain sends, when the private resource group of determining described security domain meets the resource of described security domain request, be described security domain Resources allocation in the private resource group of described security domain; When the private resource group of described security domain does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request.
Preferably, described private resource group comprises more than one blade server, and described more than one blade server provides virtual machine as the resource in private resource group.
Preferably, the method also comprises:
For each security domain arranges special virtual group;
For described blade server arranges virtual switch, virtual network interface card; Wherein, described virtual machine is connected with described virtual switch by the virtual port on virtual switch; Described blade server is connected with virtual group by virtual network interface card;
Described resource of dispatching and distributing described security domain request in described resource pool for described security domain, comprising:
It in described resource pool, is described security domain scheduling idling-resource, according to the dynamic logic mapping status between the dynamic logic mapping status between the dynamic logic mapping status between the virtual port on virtual machine and virtual switch, virtual switch and virtual network interface card, virtual network interface card and virtual group, the dynamic logic that the associated institute idling-resource of dispatching is corresponding is shone upon.
Preferably, described method also comprises:
Receive after the resource release request of described security domain, cancel the associated of each the dynamic logic mapping corresponding with the current resource of described security domain.
A cloud computing management platform, described cloud computing management platform comprises receiving element, determining unit and resource allocation unit; Wherein,
Described receiving element, the resource allocation request sending for receiving security domain;
Described determining unit, for determining whether the private resource group of described security domain meets the resource of described security domain request, and will determine result notice resource allocation unit;
Described resource allocation unit, while meeting the resource of described security domain request for the private resource group that is described security domain in described definite result, is described security domain Resources allocation in the private resource group of described security domain; When the private resource group that is described security domain in described definite result does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request.
Preferably, described cloud computing management platform also comprises:
Dispensing unit, for being that at resource pool each security domain distributes private resource group; Wherein, described private resource group comprises more than one blade server, and described more than one blade server provides virtual machine as the resource in private resource group; And, for each security domain arranges special virtual group; And, for described more than one blade server arranges virtual switch, virtual network interface card; Wherein, described virtual machine is connected with described virtual switch by the virtual port on virtual switch; Described blade server is connected with virtual group by virtual network interface card.
Preferably, described resource allocation unit, also, for according to the dynamic logic mapping status between the dynamic logic mapping status between the dynamic logic mapping status between the virtual port on virtual machine and virtual switch, virtual switch and virtual network interface card, virtual network interface card and virtual group, be associated as dynamic logic mapping corresponding to idling-resource that security domain distributes.
Preferably, described receiving element, the resource release request also sending for receiving security domain;
Corresponding, described resource allocation unit, also for cancelling the associated of each the dynamic logic mapping corresponding with the current resource of described security domain.
A resource allocation system, described system comprises cloud computing management platform, resource pool and security domain; Wherein,
Described cloud computing management platform, for receiving after the resource allocation request that security domain sends, when the private resource group of determining described security domain meets the resource of described security domain request, is described security domain Resources allocation in the private resource group of described security domain; When the private resource group of described security domain does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request;
Described resource pool, is used to security domain that resource is provided;
Described security domain, for sending resource allocation request to cloud computing management platform; Also for sending resource release request to cloud computing management platform.
Preferably, described cloud computing management platform is the cloud computing management platform described in claim 5 to 8 any one.
Method, equipment and system that resource provided by the invention is distributed, it in resource pool, is each security domain distribution private resource group, receive after the resource allocation request of security domain transmission, when the private resource group of determining described security domain meets the resource of described security domain request, it in the private resource group of described security domain, is described security domain Resources allocation; When the private resource group of described security domain does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request.The present invention utilizes cloud computing management platform to carry out performance collection analysis and dynamic resource scheduling to the resource in resource pool, thereby can realize neatly the resource-sharing between different security domains, can meet the access demand of a plurality of security domains; Meanwhile, in resource pool, adopt data link layer network technology end to end, realize the logical security isolation of different security domain resources, thereby guarantee that the secure border of existing security domain remains unchanged.By technical scheme provided by the invention, can solve the resource-sharing problem across security domain, can improve the utilance of resource, can meet again the safety standard requirements of security domain.
Accompanying drawing explanation
Fig. 1 is the realization flow schematic diagram of resource allocation methods of the present invention;
Fig. 2 is the composition structural representation of cloud computing management platform of the present invention;
Fig. 3 is the composition structural representation of resource allocation system of the present invention;
Fig. 4 is the composition structural representation of the logical architecture of embodiment of the present invention resource pool;
Fig. 5 is the realization flow schematic diagram of embodiment of the present invention resource dynamic scheduling;
Fig. 6 is the schematic diagram of the logical architecture of a kind of resource allocation system of the embodiment of the present invention.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is further described in more detail.
Fig. 1 is the realization flow schematic diagram of resource allocation methods of the present invention, and as shown in Figure 1, the method comprises the following steps:
Step 101: receive the resource allocation request that security domain sends;
Step 102: when the private resource group of determining described security domain meets the resource of described security domain request, be described security domain Resources allocation in the private resource group of described security domain; When the private resource group of described security domain does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request.
Concrete, in resource pool, be each security domain distribution private resource group; Wherein, described private resource group comprises more than one blade server, and described more than one blade server provides virtual machine as the resource in private resource group.
Concrete, the method also comprises:
For each security domain arranges special virtual group;
For described blade server arranges virtual switch, virtual network interface card; Wherein, described virtual machine is connected with described virtual switch by the virtual port on virtual switch; Described blade server is connected with virtual group by virtual network interface card.
Concrete, described resource of dispatching and distributing described security domain request in described resource pool for described security domain, comprising:
It in described resource pool, is described security domain scheduling idling-resource, according to the dynamic logic mapping status between the dynamic logic mapping status between the dynamic logic mapping status between the virtual port on virtual machine and virtual switch, virtual switch and virtual network interface card, virtual network interface card and virtual group, the dynamic logic that the associated institute idling-resource of dispatching is corresponding is shone upon.
Such as, certain security domain sends resource allocation request to cloud computing management platform, cloud computing management platform gathers the resource information of resource pool, when the private resource group of described security domain does not meet the resource of described security domain request, in described resource pool for described security domain is dispatched and distribute idling-resource, and to the virtual network interface card corresponding with described security domain and the logical mappings between virtual group, and, logical mappings between virtual switch and virtual network interface card, and cloud computing management platform is that the virtual machine that described security domain distributes carries out associated with the dynamic logic mapping between virtual port, so that the state of above-mentioned dynamic logic mapping is in connected state, so, can be that the virtual machine that described security domain distributes accesses described security domain by cloud computing management platform.
Concrete, described method also comprises:
Receive after the resource release request of described security domain, cancel the associated of each the dynamic logic mapping corresponding with the current resource of described security domain.
Fig. 2 is the composition structural representation of a kind of cloud computing management platform of the present invention, and as shown in Figure 2, described cloud computing management platform comprises receiving element 22, determining unit 23 and resource allocation unit 24; Wherein,
Described receiving element 22, the resource allocation request sending for receiving security domain;
Described determining unit 23, for determining whether the private resource group of described security domain meets the resource of described security domain request, and will determine result notice resource allocation unit 24;
Described resource allocation unit 24, while meeting the resource of described security domain request for the private resource group that is described security domain in described definite result, is described security domain Resources allocation in the private resource group of described security domain; When the private resource group that is described security domain in described definite result does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request.
Concrete, described cloud computing management platform also comprises:
Dispensing unit 21, for being that at resource pool each security domain distributes private resource group; Wherein, described private resource group comprises more than one blade server, and described more than one blade server provides virtual machine as the resource in private resource group; And, for each security domain arranges special virtual group; And, for described more than one blade server arranges virtual switch, virtual network interface card; Wherein, described virtual machine is connected with described virtual switch by the virtual port on virtual switch; Described blade server is connected with virtual group by virtual network interface card.
Concrete, described resource allocation unit 23, also, for according to the dynamic logic mapping status between the dynamic logic mapping status between the dynamic logic mapping status between the virtual port on virtual machine and virtual switch, virtual switch and virtual network interface card, virtual network interface card and virtual group, be associated as dynamic logic mapping corresponding to idling-resource that security domain distributes.
Concrete, described receiving element 22, the resource release request also sending for receiving security domain;
Corresponding, described resource allocation unit 23, also for cancelling the associated of each the dynamic logic mapping corresponding with the current resource of described security domain.
Fig. 3 is the composition structural representation of resource allocation system of the present invention, and as shown in Figure 3, described system comprises cloud computing management platform 31, resource pool 32 and security domain 33; Wherein,
Described cloud computing management platform 31, for receiving after the resource allocation request of security domain 33 transmissions, when the private resource group of determining described security domain 33 meets the resource of described security domain request, in the private resource group of described security domain 33, be described security domain 33 Resources allocation; When the private resource group of described security domain 33 does not meet the resource of described security domain 33 requests, it in described resource pool 32, is the resource that described security domain 33 is dispatched and distribute described security domain 33 to ask;
Described resource pool 32, is used to security domain 33 that resource is provided;
Described security domain 33, for sending resource allocation request to cloud computing management platform 31; Also for sending resource release request to cloud computing management platform 31.
Here, the composition structure of described cloud computing management platform 31 is composition structural representation as shown in Figure 2.
Fig. 4 is the composition structural representation of the logical architecture of embodiment of the present invention resource pool, and as shown in Figure 4, resource pool is mainly comprised of blade server 41 and the Switching Module 42 that is positioned on blade server case 40; Wherein,
Blade server 41, is used to security domain 44 that resource is provided;
Switching Module 42, for the resource access security territory that blade server is provided.
Concrete, described blade server 41 comprises: virtual machine (VM, Virtual Machine) 410, virtual switch (VS, Virtual Switch) 413, virtual network interface card (VNIC, Virtual Network Interface Controller) 415; Wherein,
Virtual machine 410, is used to each security domain 44 that resource is provided;
Virtual switch 413, for being connected with Switching Module 42 by virtual network interface card 415;
Virtual network interface card 415, for connecting virtual switch 413 and Switching Module 42.
Here, the virtual port of virtual switch (Portgroup) 412, sequence number (ID, IDentity) by VLAN (VLAN, Virtual Local Area Network) is divided into virtual machine 410 the different sub-network section of corresponding security domain 44;
Virtual network interface card 415 is the virtual subport out of the physical port on blade server 41, and wherein, each physical port can be supported a plurality of virtual network interface cards 415, meets the use needs of 41 pairs of a plurality of network interfaces of blade server.
Concrete, described Switching Module 42 comprises: virtual group (VG, Virtual Group) 427; Wherein,
Described virtual group 427, for dividing the different network segments by Switching Module 42; Also for being connected with virtual switch 413 by virtual network interface card 415, and, also for the physical port (EXT) 428 that outreaches by Switching Module 42, realize and being connected of outside physical network, meet the access needs of different security domains 44.
Here, the physical network of described outside is security domain (Secure Zone) 44;
The described physical port 428 that outreaches, realizes the access with each security domain 44 by optical patchcord.
Concrete, the logical mappings 411 between virtual machine 410 and the virtual port 412 of virtual switch 413, for realizing the different sub-network section of the corresponding security domain 44 of virtual machine 410 access; Logical mappings 414 between virtual switch 413 and virtual network interface card 415, can realize by virtual group 427 interconnection and interflow of virtual switch 413 and security domain 44; Logical mappings 426 between virtual network interface card 415 and virtual group 427, realizes the interconnection and interflow of different segment group on blade server 41 and Switching Module 42.
Here,, there are clear and definite network security border and safety standard requirements in the network security territory that the production network planning of security domain 44Wei enterprise is drawn, and network interconnection intercommunication is realized in the core exchange area by enterprise between different security domains.
The present embodiment is divided into resource pool: pre-configured fixed resource and schedulable dynamic resource two parts.
1) pre-configured fixed resource
Pre-configured fixed resource refers to that part resource that can be pre-configured, generally, no longer changes after fixed resource has configured according to system architecture planning, to guarantee stable, the reliable and fail safe of whole system framework.Fixed resource mainly comprises virtual machine 410, virtual port 412, virtual switch 413, virtual network interface card 415, virtual group 427, outreaches physical port 428 and security domain 44 etc., and its deployment way is as follows:
Virtual machine 410, can utilize pre-configured virtual machine image, can realize fast virtual machine 410 and dispose, and access easily corresponding security domain 44 by the scheduling of dynamic resource;
Virtual port 412 and virtual switch 413, plan in advance and configure; Between virtual switch 413 and security domain 44, also realize corresponding deployment one by one, the VLAN network segment that 412 of virtual ports need to access according to the different application of corresponding security domain 44 is configured;
Virtual network interface card 415, because physical port on blade server 41 can virtualized subport limited amount, need to need to dynamically dispatch according to actual security domain access;
Outreach physical port 428 and virtual group 427, security domain 44 parts, the security domain 44 that need to access according to resource pool is planned in advance and configures, be virtual group 427, outreach and between physical port 428 and security domain 44, realize corresponding deployment one by one, wire jumper and configuration are substantially fixing, and then can meet neatly the access needs of resource dynamic allotment.
2) schedulable dynamic resource
Schedulable dynamic resource refers to the resource that need to dynamically dispatch according to actual needs.By the scheduling of dynamic resource, can realize easily and flexibly sharing across security domain of resource, improve resource utilization.Dynamic resource mainly comprises:
Dynamic logic mapping 411 between virtual machine 410 and virtual port 412, the data link layer network security that can realize between different security domain resources by VLAN label is isolated;
Dynamic logic between virtual switch 413 and virtual network interface card 415 mapping 414, can pass through virtual group 427, realizes being communicated with between virtual switch 413 and corresponding security domain 44;
Dynamic logic between virtual network interface card 415 and virtual group 427 mapping 426, the associated and data link layer network security that can realize between virtual network interface card 415 and each security domain 44 is isolated.
The present invention is by the planning and configuration of each assembly in logical architecture and flexible dispatching, realizes sharing flexibly and the security boundary of security domain across security domain of resource.
Fig. 5 is the realization flow schematic diagram of embodiment of the present invention resource dynamic scheduling, and as shown in Figure 5, this flow process comprises the following steps:
Step 501: security domain sends resource allocation request to cloud computing management platform, then performs step 502;
Step 502: cloud computing management platform is according to the resource allocation request of security domain, resource information to resource pool gathers, check in described resource pool, whether the blade server corresponding with described security domain meets the resource bid of described security domain, if do not met, execution step 503; Otherwise, execution step 504;
Step 503: cloud computing management platform is carried out scheduling of resource; Then, execution step 504;
Here, if the interior blade server corresponding with described security domain of resource pool cannot meet the application resource requirement of this security domain, cloud computing management platform carry out scheduling of resource, i.e. extended resources from the blade server of other available free resource.
Step 504: cloud computing management platform is security domain Resources allocation, creates virtual machine, then performs step 505;
Here, cloud computing management platform is carried out resource distribution and virtual machine creating on blade server corresponding with described security domain, that have enough computational resources and Internet resources in resource pool.
Step 505: cloud computing management platform is disposed virtual machine environment, and checks network configuration, then performs step 506;
Step 506: whether the inspection of cloud computing management platform meets security domain access conditions, if do not met, execution step 507; Otherwise, execution step 509;
Here, if the virtual network interface card corresponding with this security domain and virtual group, virtual switch and virtual network interface card interconnect, meet the access conditions requirement of corresponding security domain.
Step 507: cloud computing management platform scheduling association virtual network interface card and virtual group, make the virtual network interface card matching with described security domain be communicated with virtual group; Then perform step 508;
Step 508: cloud computing management platform scheduling association virtual switch and virtual network interface card, make the virtual switch and the virtual network interface that match with described security domain link logical; Then perform step 509;
Step 509: cloud computing management platform associated virtual machine and respective virtual port, realize virtual machine and access corresponding security domain; Then perform step 510;
Step 510: cloud computing management platform is upgraded the resource information in resource pool.
The present invention carries out the operations such as information gathering, resource distribute, security domain access conditions checks, scheduling of resource is associated by cloud computing management platform to fixed resource and schedulable dynamic resource, realization, across rapid deployment and the dynamic assignment of security domain resource, meets the resource bid demand of each security domain; , idle resource can be carried out resource and discharge recovery by cancelling the dynamic resource association of corresponding security domain meanwhile, really realize flexibility and the scalability of resource pool under cloud computing environment.
Under cloud computing environment, by the above-mentioned Automatic dispatching to schedulable dynamic resource, control, guarantee that the resource in resource pool meets the distribution use needs of each security domain easily, fully realizes sharing flexibly and high usage of resource.
Fig. 6 is the schematic diagram of the logical architecture of a kind of resource allocation system of the embodiment of the present invention, as shown in Figure 6, this system relates to the resource-sharing requirement of ten security domains, because the physical port of each blade server can only be supported at most four virtual network interface cards, be that each blade server can only meet the access of four security domains at most simultaneously, the present embodiment adopts by the stagger mode of security domain of platform blade server, as: blade server 1 is supported security domain 1, 2, 3, 4 access, blade server 2 is supported security domain 2, 3, 4, 5 access etc., thereby farthest realize sharing flexibly of resource.
Wherein, pre-configured fixed resource comprises virtual machine, virtual port, virtual switch, virtual network interface card, virtual group, outreaches the parts such as physical port and security domain.Virtual group n, physics outreach port n and security domain n one by one correspondence be fixedly connected with, therefore, the dynamic dispatching of resource pool internal resource does not affect the connection of security domain.Virtual switch adopts distributed virtual switch, and is the pre-configured good corresponding virtual switch of each security domain, meets the access needs of each security domain VLAN.
Schedulable dynamic resource comprises: the dynamic logic mapping between virtual machine and virtual port, the dynamic logic mapping between virtual switch and virtual network interface card, the dynamic logic mapping between virtual network interface card and virtual group.
Here, the scheduling of dynamic resource, by cloud computing management platform, according to the resource allocation request of each security domain, carry out automation association, thereby each blade server of realizing in resource pool can access different security domains neatly, and then meet the resource-sharing across security domain.Meanwhile, the network technology of the inner end-to-end employing data link layer of resource pool realizes the safety isolation across security domain resource, does not affect the network architecture of existing security domain, meets safety standard requirements.
The above, be only preferred embodiment of the present invention, is not intended to limit protection scope of the present invention.
Claims (10)
1. the method that resource is distributed, is characterized in that, in resource pool, for each security domain distributes private resource group, described method comprises:
Receive after the resource allocation request that security domain sends, when the private resource group of determining described security domain meets the resource of described security domain request, be described security domain Resources allocation in the private resource group of described security domain; When the private resource group of described security domain does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request.
2. method according to claim 1, is characterized in that, described private resource group comprises more than one blade server, and described more than one blade server provides virtual machine as the resource in private resource group.
3. method according to claim 1 and 2, is characterized in that, the method also comprises:
For each security domain arranges special virtual group;
For described blade server arranges virtual switch, virtual network interface card; Wherein, described virtual machine is connected with described virtual switch by the virtual port on virtual switch; Described blade server is connected with virtual group by virtual network interface card;
Described resource of dispatching and distributing described security domain request in described resource pool for described security domain, comprising:
It in described resource pool, is described security domain scheduling idling-resource, according to the dynamic logic mapping status between the dynamic logic mapping status between the dynamic logic mapping status between the virtual port on virtual machine and virtual switch, virtual switch and virtual network interface card, virtual network interface card and virtual group, the dynamic logic that the associated institute idling-resource of dispatching is corresponding is shone upon.
4. according to the method described in claims 1 to 3 any one, it is characterized in that, described method also comprises:
Receive after the resource release request of described security domain, cancel the associated of each the dynamic logic mapping corresponding with the current resource of described security domain.
5. a cloud computing management platform, is characterized in that, described cloud computing management platform comprises receiving element, determining unit and resource allocation unit; Wherein,
Described receiving element, the resource allocation request sending for receiving security domain;
Described determining unit, for determining whether the private resource group of described security domain meets the resource of described security domain request, and will determine result notice resource allocation unit;
Described resource allocation unit, while meeting the resource of described security domain request for the private resource group that is described security domain in described definite result, is described security domain Resources allocation in the private resource group of described security domain; When the private resource group that is described security domain in described definite result does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request.
6. cloud computing management platform according to claim 5, is characterized in that, described cloud computing management platform also comprises:
Dispensing unit, for being that at resource pool each security domain distributes private resource group; Wherein, described private resource group comprises more than one blade server, and described more than one blade server provides virtual machine as the resource in private resource group; And, for each security domain arranges special virtual group; And, for described more than one blade server arranges virtual switch, virtual network interface card; Wherein, described virtual machine is connected with described virtual switch by the virtual port on virtual switch; Described blade server is connected with virtual group by virtual network interface card.
7. cloud computing management platform according to claim 5, it is characterized in that, described resource allocation unit, also, for according to the dynamic logic mapping status between the dynamic logic mapping status between the dynamic logic mapping status between the virtual port on virtual machine and virtual switch, virtual switch and virtual network interface card, virtual network interface card and virtual group, be associated as dynamic logic mapping corresponding to idling-resource that security domain distributes.
8. cloud computing management platform according to claim 5, is characterized in that,
Described receiving element, the resource release request also sending for receiving security domain;
Corresponding, described resource allocation unit, also for cancelling the associated of each the dynamic logic mapping corresponding with the current resource of described security domain.
9. a resource allocation system, is characterized in that, described system comprises cloud computing management platform, resource pool and security domain; Wherein,
Described cloud computing management platform, for receiving after the resource allocation request that security domain sends, when the private resource group of determining described security domain meets the resource of described security domain request, is described security domain Resources allocation in the private resource group of described security domain; When the private resource group of described security domain does not meet the resource of described security domain request, in described resource pool, for described security domain, dispatch and distribute the resource of described security domain request;
Described resource pool, is used to security domain that resource is provided;
Described security domain, for sending resource allocation request to cloud computing management platform; Also for sending resource release request to cloud computing management platform.
10. system according to claim 9, is characterized in that, described cloud computing management platform is the cloud computing management platform described in claim 5 to 8 any one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310069870.XA CN104038444B (en) | 2013-03-05 | 2013-03-05 | A kind of method of resource allocation, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310069870.XA CN104038444B (en) | 2013-03-05 | 2013-03-05 | A kind of method of resource allocation, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104038444A true CN104038444A (en) | 2014-09-10 |
| CN104038444B CN104038444B (en) | 2017-05-31 |
Family
ID=51469036
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310069870.XA Active CN104038444B (en) | 2013-03-05 | 2013-03-05 | A kind of method of resource allocation, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104038444B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105743821A (en) * | 2014-12-12 | 2016-07-06 | 中兴通讯股份有限公司 | Method and system for preventing conflicts of available resources of logic switches |
| CN105991738A (en) * | 2015-02-27 | 2016-10-05 | 中国移动通信集团四川有限公司 | Method and system for cross safety domain resource sharing in cloud resource pool |
| WO2019001023A1 (en) * | 2017-06-26 | 2019-01-03 | 中兴通讯股份有限公司 | Resource allocation method and system |
| CN109190420A (en) * | 2018-09-11 | 2019-01-11 | 网御安全技术(深圳)有限公司 | A kind of server encryption and decryption blade, system and encipher-decipher method |
| CN109525581A (en) * | 2018-11-19 | 2019-03-26 | 中国移动通信集团广东有限公司 | A kind of cloud resource security control method and system |
| CN109617720A (en) * | 2018-12-11 | 2019-04-12 | 郑州云海信息技术有限公司 | A kind of distribution method and device of Internet resources |
| CN110933147A (en) * | 2019-11-15 | 2020-03-27 | 广州深卓信息科技有限公司 | Information technology analysis system based on cloud computing |
| CN111083088A (en) * | 2018-10-19 | 2020-04-28 | 中国电子科技集团公司第十五研究所 | Cloud platform hierarchical management method and device based on multiple security domains |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030065676A1 (en) * | 2001-09-05 | 2003-04-03 | Microsoft Corporation | Methods and system of managing concurrent access to multiple resources |
| CN101163133A (en) * | 2006-10-10 | 2008-04-16 | 中国科学院计算技术研究所 | Communication system and method of implementing resource sharing under multi-machine virtual environment |
| US20090016220A1 (en) * | 2007-07-11 | 2009-01-15 | Mustafa Uysal | Dynamic feedback control of resources in computing environments |
| CN102103518A (en) * | 2011-02-23 | 2011-06-22 | 运软网络科技(上海)有限公司 | System for managing resources in virtual environment and implementation method thereof |
| CN102317914A (en) * | 2011-08-01 | 2012-01-11 | 华为技术有限公司 | Methods, system and devices for managing virtual resources |
| CN102761469A (en) * | 2011-04-27 | 2012-10-31 | 阿里巴巴集团控股有限公司 | Allocation method and device for resource pool |
-
2013
- 2013-03-05 CN CN201310069870.XA patent/CN104038444B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030065676A1 (en) * | 2001-09-05 | 2003-04-03 | Microsoft Corporation | Methods and system of managing concurrent access to multiple resources |
| CN101163133A (en) * | 2006-10-10 | 2008-04-16 | 中国科学院计算技术研究所 | Communication system and method of implementing resource sharing under multi-machine virtual environment |
| US20090016220A1 (en) * | 2007-07-11 | 2009-01-15 | Mustafa Uysal | Dynamic feedback control of resources in computing environments |
| CN102103518A (en) * | 2011-02-23 | 2011-06-22 | 运软网络科技(上海)有限公司 | System for managing resources in virtual environment and implementation method thereof |
| CN102761469A (en) * | 2011-04-27 | 2012-10-31 | 阿里巴巴集团控股有限公司 | Allocation method and device for resource pool |
| CN102317914A (en) * | 2011-08-01 | 2012-01-11 | 华为技术有限公司 | Methods, system and devices for managing virtual resources |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105743821A (en) * | 2014-12-12 | 2016-07-06 | 中兴通讯股份有限公司 | Method and system for preventing conflicts of available resources of logic switches |
| CN105743821B (en) * | 2014-12-12 | 2019-12-17 | 中兴通讯股份有限公司 | Method and system for preventing conflict of resources occupied by logic switch |
| CN105991738B (en) * | 2015-02-27 | 2019-05-14 | 中国移动通信集团四川有限公司 | Method and system across security domain resource-sharing in a kind of cloud resource pond |
| CN105991738A (en) * | 2015-02-27 | 2016-10-05 | 中国移动通信集团四川有限公司 | Method and system for cross safety domain resource sharing in cloud resource pool |
| WO2019001023A1 (en) * | 2017-06-26 | 2019-01-03 | 中兴通讯股份有限公司 | Resource allocation method and system |
| CN109190420A (en) * | 2018-09-11 | 2019-01-11 | 网御安全技术(深圳)有限公司 | A kind of server encryption and decryption blade, system and encipher-decipher method |
| CN109190420B (en) * | 2018-09-11 | 2020-08-25 | 网御安全技术(深圳)有限公司 | Server encryption and decryption blade, system and encryption and decryption method |
| CN111083088A (en) * | 2018-10-19 | 2020-04-28 | 中国电子科技集团公司第十五研究所 | Cloud platform hierarchical management method and device based on multiple security domains |
| CN111083088B (en) * | 2018-10-19 | 2022-03-04 | 中电太极(集团)有限公司 | Cloud platform hierarchical management method and device based on multiple security domains |
| CN109525581A (en) * | 2018-11-19 | 2019-03-26 | 中国移动通信集团广东有限公司 | A kind of cloud resource security control method and system |
| CN109525581B (en) * | 2018-11-19 | 2021-01-26 | 中国移动通信集团广东有限公司 | Cloud resource security management and control method and system |
| CN109617720A (en) * | 2018-12-11 | 2019-04-12 | 郑州云海信息技术有限公司 | A kind of distribution method and device of Internet resources |
| CN109617720B (en) * | 2018-12-11 | 2022-02-25 | 郑州云海信息技术有限公司 | Method and device for distributing network resources |
| CN110933147A (en) * | 2019-11-15 | 2020-03-27 | 广州深卓信息科技有限公司 | Information technology analysis system based on cloud computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104038444B (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104038444A (en) | Resource allocation method, equipment and system | |
| CN107278362B (en) | The method of Message processing, host and system in cloud computing system | |
| CN107153565B (en) | Method for configuring resource and network equipment thereof | |
| US8027354B1 (en) | Network consolidation for virtualized servers | |
| CN102932174B (en) | A kind of physical network card management method, device and physical host | |
| EP3206339B1 (en) | Network card configuration method and resource management center | |
| CN105991738B (en) | Method and system across security domain resource-sharing in a kind of cloud resource pond | |
| CN102831015B (en) | The dispatching method of polycaryon processor and equipment | |
| EP2628080B1 (en) | A computer cluster arrangement for processing a computation task and method for operation thereof | |
| CN110088732A (en) | A kind of data package processing method, host and system | |
| CN106385329B (en) | Processing method, device and the equipment of resource pool | |
| EP3811206A1 (en) | Network-accessible computing service for micro virtual machines | |
| CN103870314A (en) | Method and system for simultaneously operating different types of virtual machines by single node | |
| CN109479059B (en) | System and method for transport layer level identification and isolation of container traffic | |
| CN102609295A (en) | Dynamic operation scheduling system of virtual machine | |
| DE112013000395T5 (en) | Policy enforcement in computing environment | |
| KR20090063122A (en) | System and method for managing work load in the multi system | |
| EP2867763B1 (en) | Data storage with virtual appliances | |
| CN103685608A (en) | Method and device for automatically configuring IP (Internet Protocol) address of security virtual machine | |
| CN112600903B (en) | Elastic virtual network card migration method | |
| CN109542630A (en) | A kind of mobile communication net network function virtual platform based on container cloud | |
| WO2017181829A1 (en) | Virtualization platform operation method and virtualization platform | |
| CN102508696B (en) | A kind of asymmetric resource regulating method and device | |
| CN105159784B (en) | The dispositions method and system of a kind of virtual server | |
| CN114629794A (en) | Hardware resource management method and communication device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |