CN104113460A - Design of tenant exclusive VPN under cloud computation - Google Patents
Design of tenant exclusive VPN under cloud computation Download PDFInfo
- Publication number
- CN104113460A CN104113460A CN201410057059.4A CN201410057059A CN104113460A CN 104113460 A CN104113460 A CN 104113460A CN 201410057059 A CN201410057059 A CN 201410057059A CN 104113460 A CN104113460 A CN 104113460A
- Authority
- CN
- China
- Prior art keywords
- vpn
- tenant
- under
- cloud computing
- design
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention relates to the field of cloud computation, and relates a method by which VPN tenants can exclusively use a VPN system respectively without mutual interference according to practical situations and the VPN tenants can dynamically distribute respective user VPN permissions, add users and perform user management under the situation of multiple VPN instances and multiple tenants and a system thereof. Aiming at the cloud computing tenant exclusive VPN, association relations between the respective VPN service instances corresponding to the tenants are bound in a real-time and dynamical way under the premise of rapid and modularized deployment of a VPN service platform so that the correlated permissions like corresponding user application VPN services are performed on the respective VPN service instances by the tenants without mutual interference.
Description
Technical field
The present invention relates to cloud computing field in the situation that of many VPN instance, many tenants, VPN tenant how according to actual conditions separately non-interfering exclusively enjoy vpn system and VPN tenant how dynamic assignment separately user VPN authority, add user, carry out user management method and system.
Background technology
The VPN of traditional sense is the system of soft or hard one, and hardware and software binds together, and the vpn system of soft or hard one can bring problems, for example: system deployment is complicated, ease for use is poor etc.; And each vpn system correspondence Subscriber Management System separately, only disposes a set of vpn system iff existing like this, there will not be what problem; If but exist in the situations that need to simultaneously dispose many cover vpn systems, if multiple vpn systems are done unified user management and multiple VPN services and multiple VPN keeper are done to the problem of unified management by there will be simultaneously; So analyze, if dispose the situation of single cover vpn system, those ends of tradition VPN can not highlight, if but to dispose many cover vpn systems and need many tenants many covers vpn system to be done to the situation of unified management, traditional vpn system drawback in the situation that meeting the demand will show; Under the environment of present cloud computing, most operation system is all to dispose under virtual environment, software systems are not peeled off out separately and traditional vpn system is soft or hard one, this is also one of current undesirable many drawbacks of vpn system.
Therefore, under the application scenarios of cloud computing, vpn system should meet: be supported under virtual environment and dispose; Support the situation of many tenants, many VPN instance; Meeting can be to the real-time dynamic assignment of VPN Service Source; Vpn system can modularization rapid deployment; Each tenant must exclusively enjoy many requirements such as vpn system.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the present invention proposes tenant under a kind of cloud computing and exclusively enjoy the design of VPN,
, improve adaptability, reliability and the fail safe under cloud computing environment with this.
Under cloud computing environment, VPN service comprises VPN master control and VPN instance two parts, concrete operation mechanism is for passing through VPN master control distributed management, find each VPN instance and bring each VPN instance into VPN master control to manage by example discovery feature module, afterwards should by each VPN Service Instance and associated VPN service relative, and bind with concrete tenant, exclusively enjoy the major function of VPN design to realize tenant.
Above-mentioned analysis, the technical scheme that cloud computing tenant exclusively enjoys VPN is:
1. find VPN instance and include management in by VPN master control.
2. VPN instance and concrete service are associated.
3. the relation between binding business domains, VPN instance and tenant three.
4. the relation between three is shown by VPN master control with tree-shaped structure.
The design that under cloud computing, tenant exclusively enjoys VPN also comprises promising tenant and exclusively enjoys a flow process for the related service of VPN, is below concrete process step:
Under cloud computing environment, pass through the VPN Service Instance of Componentized VPN service platform deployment way rapid deployment pure software.After deployment success, can find relevant VPN instance at the example discovery page of VPN master control.
According to actual situation, the service of VPN instance and concrete representative is associated.
VPN service platform keeper binds the relation between VPN instance, information field and three, and after binding success, the tenant that each VPN instance is corresponding is the keeper of this example.
The VPN instance access function module of VPN master control represents each vpn server example and the corresponding tenant of each VPN Service Instance in tree-shaped mode, has so just reached the object that exclusively enjoys VPN instance by each VPN instance of the distributed management of VPN master control and VPN tenant.
Analyze through summary, in existing cloud computing, virtualized situation, by existing VPN service platform, more meet and meet the present situation in many VPN Service Instance, many tenants situation.
Brief description of the drawings
Fig. 1 is many VPN instance, many VPN tenant's overall construction drawing;
Fig. 2 is structure chart corresponding to each tenant, is the VPN design that tenant exclusively enjoys;
Fig. 3 is the sequential chart that concrete VPN tenant exclusively enjoys VPN service.
Embodiment
In order to make technical problem to be solved by this invention, technical scheme and beneficial effect clearer, clear, below knot
Close drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Under cloud computing, tenant exclusively enjoys a design of VPN, its design mainly comprise following some:
1. find VPN instance and include management in by VPN master control.
2. VPN instance and concrete service are associated.
3. the relation between binding business domains, VPN instance and tenant three.
4. the relation between three is shown by VPN master control with tree-shaped structure.
Specifically introduce many VPN instance, many VPN tenant's overall construction drawing in conjunction with Fig. 1, can see the many examples of VPN with tree-shaped structure in VPN master control, associated VPN service, IP address and the tenant separately separately of each VPN instance.
Specifically introduce structure chart corresponding to each tenant in conjunction with Fig. 2, be the VPN design that tenant exclusively enjoys, when each VPN instance is associated with after VPN tenant separately, VPN tenant just can exclusively enjoy the operation that oneself VPN service is correlated with, for example: add user profile, increase VPN service time, excited users VPN service, enable user VPN service and forbidding user VPN service etc.
Specifically introduce VPN tenant in conjunction with Fig. 3 and exclusively enjoy the sequential chart that VPN serves, meeting Dynamical Deployment VPN Service Instance, under the prerequisite that tenant exists, by the relation between VPN master control binding VPN Service Instance and tenant, reach VPN tenant and exclusively enjoy the object that VPN serves.
Above-mentioned explanation illustrates and has described a preferred embodiment of the present invention, but as previously mentioned, be to be understood that the present invention is not limited to disclosed form herein, should not regard the eliminating to other embodiment as, and can be used for various other combinations, amendment and environment, and can, in invention contemplated scope described herein, change by technology or the knowledge of above-mentioned instruction or association area.And the change that those skilled in the art carry out and variation do not depart from the spirit and scope of the present invention, all should be in the protection range of claims of the present invention.
Claims (5)
1. under cloud computing, tenant exclusively enjoys a design of VPN, it is characterized in that, vpn system, can be fast, Componentized, pure softwareization dispose under cloud computing, virtualized environment.
2. under a kind of cloud computing according to claim 1, tenant exclusively enjoys the design of VPN, it is characterized in that discovery VPN instance that can be dynamic, real-time by the master control of VPN service platform under the prerequisite that meets right 1 and can associated VPN instance and relevant service.
3. under a kind of cloud computing according to claim 1, tenant exclusively enjoys the design of VPN, it is characterized in that, under the prerequisite that meets right 2 by the master control of VPN service platform can related information territory, relation between VPN instance and tenant three.
4. under a kind of cloud computing according to claim 1, tenant exclusively enjoys the design of VPN, it is characterized in that, under the prerequisite that meets right 3, tenant can exclusively enjoy vpn system separately, and each tenant can exclusively enjoy VPN service separately by tenant's login interface, is the corresponding VPN that exclusively enjoys and operates.
5. under a kind of cloud computing according to claim 1, tenant exclusively enjoys the design of VPN, it is characterized in that, tenant, when user applies for VPN service, can use the life cycle of VPN service to do corresponding control, can activate or stop corresponding VPN service user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410057059.4A CN104113460A (en) | 2014-02-20 | 2014-02-20 | Design of tenant exclusive VPN under cloud computation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410057059.4A CN104113460A (en) | 2014-02-20 | 2014-02-20 | Design of tenant exclusive VPN under cloud computation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104113460A true CN104113460A (en) | 2014-10-22 |
Family
ID=51710096
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410057059.4A Pending CN104113460A (en) | 2014-02-20 | 2014-02-20 | Design of tenant exclusive VPN under cloud computation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104113460A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106411735A (en) * | 2016-10-18 | 2017-02-15 | 杭州华三通信技术有限公司 | Routing configuration method and device |
| CN108055187A (en) * | 2017-12-01 | 2018-05-18 | 上海市信息网络有限公司 | User provides the business domains of network and the VPN correlating methods of local service node, system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227376A (en) * | 2008-02-04 | 2008-07-23 | 杭州华三通信技术有限公司 | Equipment and method for virtual special-purpose network multi-case safe access |
| CN102891790A (en) * | 2012-09-21 | 2013-01-23 | 中国电信股份有限公司云计算分公司 | VPN (Virtual Private Network) virtualization method and system of visiting virtual private cloud |
| CN102932404A (en) * | 2011-09-14 | 2013-02-13 | 微软公司 | Multi tenancy for single tenancy applications |
| CN102932342A (en) * | 2012-10-26 | 2013-02-13 | 华为技术有限公司 | Method and network equipment for isolating multi-user virtual local area network |
| CN103002445A (en) * | 2012-11-08 | 2013-03-27 | 张维加 | Safe mobile electronic equipment for providing application services |
| WO2014007813A1 (en) * | 2012-07-03 | 2014-01-09 | Hewlett-Packard Development Company, L.P. | Managing a multitenant cloud service |
-
2014
- 2014-02-20 CN CN201410057059.4A patent/CN104113460A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227376A (en) * | 2008-02-04 | 2008-07-23 | 杭州华三通信技术有限公司 | Equipment and method for virtual special-purpose network multi-case safe access |
| CN102932404A (en) * | 2011-09-14 | 2013-02-13 | 微软公司 | Multi tenancy for single tenancy applications |
| WO2014007813A1 (en) * | 2012-07-03 | 2014-01-09 | Hewlett-Packard Development Company, L.P. | Managing a multitenant cloud service |
| CN102891790A (en) * | 2012-09-21 | 2013-01-23 | 中国电信股份有限公司云计算分公司 | VPN (Virtual Private Network) virtualization method and system of visiting virtual private cloud |
| CN102932342A (en) * | 2012-10-26 | 2013-02-13 | 华为技术有限公司 | Method and network equipment for isolating multi-user virtual local area network |
| CN103002445A (en) * | 2012-11-08 | 2013-03-27 | 张维加 | Safe mobile electronic equipment for providing application services |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106411735A (en) * | 2016-10-18 | 2017-02-15 | 杭州华三通信技术有限公司 | Routing configuration method and device |
| CN106411735B (en) * | 2016-10-18 | 2019-10-11 | 新华三技术有限公司 | A kind of method for configuring route and device |
| CN108055187A (en) * | 2017-12-01 | 2018-05-18 | 上海市信息网络有限公司 | User provides the business domains of network and the VPN correlating methods of local service node, system |
| CN108055187B (en) * | 2017-12-01 | 2020-07-10 | 上海市信息网络有限公司 | VPN correlation method and system for service domain and local service node of user provided network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10834047B2 (en) | Address management in an overlay network environment | |
| EP2827245B1 (en) | Enabling multi-tenant virtual servers in a cloud system | |
| US20140254603A1 (en) | Interoperability for distributed overlay virtual environments | |
| US20150309780A1 (en) | Computer-implemented method, system and computer program product for deploying an application on a computing resource | |
| US20190079744A1 (en) | Systems and methods for a policy-driven orchestration of deployment of distributed applications | |
| CN102638566B (en) | BLOG system running method based on cloud storage | |
| CN110990150A (en) | Tenant management method and system of container cloud platform, electronic device and storage medium | |
| US8694777B2 (en) | Securely identifying host systems | |
| US10048975B2 (en) | Scalable policy management in an edge virtual bridging (EVB) environment | |
| US10917379B2 (en) | Domain intercommunication in shared computing environments | |
| US20160028555A1 (en) | Message broadcasting in a clustered computing environment | |
| US9419930B2 (en) | Management of connections in a messaging environment | |
| US20180234259A1 (en) | MULTICAST TRAFFIC ACROSS VIRTUAL NETWORKS (VNs) | |
| CN103118030A (en) | Desktop cloud based identity authentication method | |
| KR20130114575A (en) | Leader arbitration for provisioning services | |
| CN103207805A (en) | Virtualization-based hard disk reuse system | |
| CN204695386U (en) | Towards the management information system of many tenants | |
| CN104113460A (en) | Design of tenant exclusive VPN under cloud computation | |
| US10521222B2 (en) | Hybrid system for remote application development | |
| US20140201346A1 (en) | Applying a client policy to a group of channels | |
| CN104410651A (en) | Enterprise information system architecture under mobile internet environment | |
| CN103812865A (en) | Method of realizing transparent user login under cloud resource platform | |
| CN102480410A (en) | Single board for centralized business processing and virtualized resource dividing method | |
| CN107608768B (en) | Resource access method based on command line mode, electronic device and storage medium | |
| US9229953B2 (en) | Geo-enabling of data sources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141022 |