CN104954452A - Dynamic cipher card resource control method in virtualization environment - Google Patents

Dynamic cipher card resource control method in virtualization environment Download PDF

Info

Publication number
CN104954452A
CN104954452A CN201510293585.5A CN201510293585A CN104954452A CN 104954452 A CN104954452 A CN 104954452A CN 201510293585 A CN201510293585 A CN 201510293585A CN 104954452 A CN104954452 A CN 104954452A
Authority
CN
China
Prior art keywords
pci
cipher card
hardware
card equipment
cipher
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510293585.5A
Other languages
Chinese (zh)
Other versions
CN104954452B (en
Inventor
付才
刘涛
韩兰胜
刘铭
崔永泉
汤学明
骆婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201510293585.5A priority Critical patent/CN104954452B/en
Publication of CN104954452A publication Critical patent/CN104954452A/en
Application granted granted Critical
Publication of CN104954452B publication Critical patent/CN104954452B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a dynamical distributing method and a real-time monitoring method for resource information of PCI-E (peripheral component interconnect-express) cipher equipment on multiple physical nodes in a virtualization environment, and particularly relates to a physical cipher card equipment distributing method applied to a single physical server and a real-time monitoring method for using conditions of physical cipher cards on servers in presence of multiple servers. Content to be monitored includes the number of virtualization servers using cipher cards, the name of bound virtualization servers and encryption and decryption data volumes of the cipher cards.

Description

Cipher card resource dynamic control method under a kind of virtualized environment
Technical field
The invention belongs to field of cloud computer technology, more specifically, relate to cipher card resource dynamic control method under a kind of virtualized environment.
Background technology
Intel Virtualization Technology becomes the core technology in cloud computing gradually, it provides a practicable solution to resource maximum using on physical server.On the other hand, present high performance hardware device is expensive, and under the prerequisite not having Intel Virtualization Technology, hardware device expensive in this, performance is not utilized to the full extent.PCI-E encryption device is exactly one wherein.
Existing patented invention has given under virtualized environment, the method for virtual PCI-E cipher card equipment in virtual machine, and successfully achieves the virtual of PCI-E cipher card equipment.This is for the invention provides basis.
But, in this PCI-E cipher card device virtualization method, there are 2 deficiencies.One is not consider when separate unit physical machine having polylith PCI-E encryption device how this distributes between multiple DomU to use this physics cipher card, accomplishes the load balancing of encryption device; Two is the state informations to this physics password, comprises that each PCI-E encryption device is current to be monitored in real time in information such as the data volumes for which platform virtualized server service, each PCI-E encryption device encrypting and decrypting.
Summary of the invention
For the defect of existing invention technology, the object of the invention is to find out a kind of when adapting to the many encrypted card of multiserver, to the control method of cipher card resource, hardware encryption card resource dynamic can be distributed to virtualized server.
To achieve these goals, the invention provides cipher card resource dynamic control method under a kind of virtualized environment, comprise the steps:
(1) to hardware PCI-E cipher card equipment, carry out the encapsulation of data structure, contain the reference count of this hardware PCI-E cipher card equipment, accumulation enciphered data amount and accumulative solution ciphertext data amount in the data structure of this encapsulation, and be tied to the virtual machine sequence on this cipher card equipment; After separate unit physical server has guided, the kernel module of load driver layer, has completed the initialization of this data structure, sets up hardware PCI-E cipher card equipment sequence (k 1, k 2k n), wherein k irepresent i-th piece of PCI-E cipher card, n represents the quantity of hardware PCI-E cipher card equipment, and the accumulation enciphered data amount (e of hardware PCI-E cipher card equipment 1, e 2..., e i..., e n) and accumulative solution ciphertext data amount; (d 1, d 2..., d i..., d n) be initialized as (0,0 ... ..., 0), e iand d irepresent accumulation enciphered data amount and the accumulative solution ciphertext data amount of i-th piece of hardware PCI-E cipher card equipment respectively, n represents the quantity of hardware PCI-E encrypted card equipment, the reference count sequence (c of initiating hardware PCI-E encrypted card equipment 1, c 2..., c i..., c n) be (0,0 ... ..., 0), wherein c ibe i-th piece of hardware PCI-E encryption device, you represent the quantity of hardware PCI-E cipher card equipment;
(2) at virtualized server DomU iduring startup, run PCI-E cipher card resource allocation algorithm, the virtualized server for this startup distributes and binds one piece of hardware PCI-E cipher card equipment;
(3) virtualized server DomU iafter startup, if being the hardware PCI-E cipher card equipment that it distributes according to PCI-E cipher card resource allocation algorithm is k i, hardware PCI-E cipher card equipment reference count sequence becomes (c 1, c 2..., c i+ 1 ..., c n), the new reference count sequence of hardware PCI-E cipher card equipment and the virtual machine sequence information of this binding are sent to from this separate unit physical server the physical server needing monitoring;
(4) resource recording physics PCI-E cipher card adds up enciphered data amount for (e 1, e 2..., e i..., e n), at virtualized server DomU iafter request is once encrypted, upgrade hardware PCI-E cipher card equipment and add up enciphered data amount for (e 1, e 2..., e i+ p ..., e n), wherein p is for establishing enciphered data amount;
(5) the accumulative data decryption amount recording physics PCI-E cipher card resource is (d 1, d 2..., d i..., d n), at virtualized server DomU iafter request is once deciphered, upgrade hardware PCI-E cipher card equipment and add up data decryption amount for (d 1, d 2..., d i+ q ..., d n), wherein q is data decryption amount;
(6) at virtualized server DomU iduring shutdown, cancel encrypted card binding, upgrade (c 1, c 2..., c i+ 1 ..., c n) be (c 1, c 2..., c i..., c n); But the enciphered data amount sequence (e of this cipher card 1, e 2..., e i+ p ..., e n) and data decryption amount sequence (d 1, d 2..., d i+ q ..., d n) constant, the new reference count sequence of hardware PCI-E cipher card equipment and the virtual machine sequence information of this binding are sent to from this separate unit physical server the physical server needing monitoring simultaneously;
(7) after drive load, create kernel thread at driving layer, be responsible in real time the reference count sequence of hardware PCI-E encrypted card equipment, the virtual machine sequence of binding and accumulation enciphered data amount and accumulative solution ciphertext data amount being sent to application layer.
By the above technical scheme that the present invention conceives, compared with prior art, the present invention has following beneficial effect:
(1), due to step (1), step (2) and step (3), patent of the present invention meets dynamically distributes to virtualized server to polylith hardware PCI-E cipher card equipment on separate unit physical server, gives the solution of a load balancing.
(3), due to step (3) and step (6), The present invention gives when multiple stage physical server, the binding information between the hardware PCI-E encrypted card on each physical server and virtualized server is monitored in real time.
(2), due to step (4) and step (5), when The present invention gives for multiple stage physical server, the accumulation encryption and decryption data volume for the hardware PCI-E cipher card equipment on each physical server carries out real-time monitoring.
Accompanying drawing explanation
Fig. 1 is polylith cipher card equipment dynamic binding schematic diagram on single server in the embodiment of the present invention;
Fig. 2 is physics cipher card monitoring resource condition schematic diagram in multiserver situation in the embodiment of the present invention.Multiple stage is had in a practical situation from server in figure.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.In addition, if below in described each execution mode of the present invention involved technical characteristic do not form conflict each other and just can mutually combine.
The invention provides cipher card resource dynamic control method under a kind of virtualized environment, the method comprises Xen, KVM, VMWARE but is not limited to this three kinds of virtual platforms under being used for virtual platform, all feasible under different system.Particularly, described method comprises the steps:
(1) to hardware PCI-E cipher card equipment, carry out the encapsulation of data structure, contain the reference count of this hardware PCI-E cipher card equipment, accumulation enciphered data amount and accumulative solution ciphertext data amount in the data structure of this encapsulation, and be tied to the virtual machine sequence on this cipher card equipment.After separate unit physical server has guided, the kernel module of load driver layer, has completed the initialization of this data structure, sets up hardware PCI-E cipher card equipment sequence (k 1, k 2k n), wherein k irepresent i-th piece of PCI-E cipher card, and the accumulation enciphered data amount (e of hardware PCI-E cipher card equipment 1, e 2..., e i..., e n) and accumulative solution ciphertext data amount (d 1, d 2..., d i..., d n) be initialized as (0,0 ... ..., 0), e iand d irepresent accumulation enciphered data amount and the accumulative solution ciphertext data amount of i-th piece of hardware PCI-E cipher card equipment respectively.
Particularly, in the realization driving layer, kernel chained list is adopted to preserve the data structure of hardware encryption card.
(2) at virtualized server DomU iduring startup, run PCI-E cipher card resource allocation algorithm, the virtualized server for this startup distributes and binds one piece of hardware PCI-E cipher card equipment.
As shown in Figure 1, be polylith cipher card equipment dynamic binding schematic diagram on single server in the embodiment of the present invention.For only having the situation of two pieces of PCI-E cipher cards in Dom0 shown in figure.In way, solid line represents the encrypted card of the dynamic binding when virtual machine activation, and dotted line represents the binding relationship that system manager specifies.Be expressed as DomU1 and DomUk+1 shown in figure and distribute two block encryption cards.
Particularly, PCI-E cipher card resource binding concrete steps are:
(2.1) hardware PCI-E encryption device reference count sequence (c is searched 1, c 2..., c j..., c n), wherein c jrepresent the reference count of jth block encryption card, find minimum reference count c i, the hardware PCI-E cipher card equipment gone out selected by this operation of PCI-E cipher card resource allocation algorithm is k i.
(2.2) the reference count sequence (c of hardware PCI-E cipher card equipment is upgraded 1, c 2..., c i+ 1 ..., c n), and by needs binding hardware PCI-E cipher card equipment k ivirtualized server DomU ijoin k ivirtual machine list in.
(3) virtualized server DomU iafter startup, according to PCI-E cipher card resource allocation algorithm, the hardware PCI-E cipher card equipment distributed for it is k i, hardware PCI-E cipher card equipment reference count sequence becomes (c 1, c 2..., c i+ 1 ..., c n).Now hardware PCI-E cipher card state changes, and the new reference count sequence of hardware PCI-E cipher card equipment and the virtual machine sequence information of this binding are sent to from this separate unit physical server the physical server needing monitoring.
(4), after virtualized server starts, system manager can be that virtualized server assigns empty encrypted card in addition again according to the business demand of virtualized server.System manager on monitoring server for the virtual machine of specifying is selected to add hardware PCI-E cipher card equipment, this interpolation instruction (DomU i, n), be expressed as virtualized server DomU iadd n block hardware PCI-E cipher card equipment.After virtual machine place separate unit physical server receives this instruction, be passed to driving layer.Layer is driven to perform cipher card assignment algorithm.
Particularly, cipher card assignment algorithm:
(4.1) layer is driven to receive (DomU i, n) after order, check the legitimacy of assigning order, mainly check whether n is greater than cipher card total quantity on this physical server, if be greater than, refuse to specify.
(4.2) retrieve physical hardware PCI-E cipher card equipment chained list, find n block encryption card, these cipher cards meet following condition: { k j+1k j+n| k j+1k j+nbe not tied to DomU iand be in hardware PCI-E cipher card equipment sequence, quote minimum n block hardware PCI-E cipher card equipment.
(4.3) increase the reference count of this n block encryption card, quote sequence and become (c 1, c 2..., c i+ 1 ..., c j+k+ 1 ..., c n), wherein (c j+k) represent and just distributed to virtualized server DomU ithe reference count of hardware PCI-E encrypted card equipment, and by this virtualized server DomU iadd to respectively in the virtual machine sequence of hardware PCI-E cipher card equipment.
(4.4) by the reference count sequence (c of up-to-date hardware PCI-E encrypted card equipment 1, c 2..., c i+ 1 ..., c j+k+ 1 ..., c n) state information sends to monitoring server.
(5) resource recording physics PCI-E cipher card adds up enciphered data amount for (e 1, e 2..., e i..., e n), at virtualized server DomU iafter request is once encrypted, enciphered data amount is p, upgrades hardware PCI-E cipher card equipment and adds up enciphered data amount for (e 1, e 2..., e i+ p ..., e n).
(6) the accumulative data decryption amount recording physics PCI-E cipher card resource is (d 1, d 2..., d i..., d n), at virtualized server DomU iafter request is once deciphered, data decryption amount is q, then upgrade hardware PCI-E cipher card equipment and add up data decryption amount for (d 1, d 2..., d i+ q ..., d n).
Because the renewal of hardware PCI-E cipher card devices encrypt and data decryption amount is more frequent, therefore for the accumulation encryption and decryption data amount information of hardware PCI-E cipher card equipment, the mode of kernel timer can be adopted, every 120 seconds, regularly send the data to service end once.
(7) at virtualized server DomU iduring shutdown, cancel encrypted card binding, upgrade (c 1, c 2..., c i+ 1 ..., c n) be (c 1, c 2..., c i..., c n).But the ciphering sequence (e of this cipher card 1, e 2..., e i+ p ..., e n) and decrypted sequences (d 1, d 2..., d i+ q ..., d n) constant.
(8) after drive load, create kernel thread at driving layer, be responsible in real time the reference count sequence of hardware PCI-E encrypted card equipment, the virtual machine sequence of binding and accumulation enciphered data amount and accumulative solution ciphertext data amount being sent to application layer.
As shown in Figure 2, drive layer that Netlink mechanism can be adopted in a broadcast manner these information to be sent to application layer from server (separate unit physical server), after the application layer finger daemon of server receives this information, send to master server (monitoring server) in the mode of TCP link.
Those skilled in the art will readily understand; the foregoing is only preferred embodiment of the present invention; not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.

Claims (7)

1. a cipher card resource dynamic control method under virtualized environment, it is characterized in that, described method comprises the steps:
(1) to hardware PCI-E cipher card equipment, carry out the encapsulation of data structure, contain the reference count of this hardware PCI-E cipher card equipment, accumulation enciphered data amount and accumulative solution ciphertext data amount in the data structure of this encapsulation, and be tied to the virtual machine sequence on this cipher card equipment; After separate unit physical server has guided, the kernel module of load driver layer, has completed the initialization of this data structure, sets up hardware PCI-E cipher card equipment sequence (k 1, k 2k n), wherein k irepresent i-th piece of hardware PCI-E cipher card equipment, n represents the quantity of cipher card equipment, and the accumulation enciphered data amount (e of hardware PCI-E cipher card equipment 1, e 2..., e i..., e n) and accumulative solution ciphertext data amount (d 1, d 2..., d i..., d n) be initialized as (0,0 ..., 0 ..., 0), e iand d irepresent accumulation enciphered data amount and the accumulative solution ciphertext data amount of i-th piece of hardware PCI-E cipher card equipment respectively, n represents the quantity of hardware PCI-E cipher card equipment, the reference count sequence (c of initiating hardware PCI-E encrypted card equipment 1, c 2..., c i..., c n) be (0,0 ..., 0 ..., 0), wherein c ibe i-th piece of hardware PCI-E encryption device, you represent the quantity of hardware PCI-E cipher card equipment;
(2) at virtualized server DomU iduring startup, run PCI-E cipher card resource allocation algorithm, the virtualized server for this startup distributes and binds one piece of hardware PCI-E cipher card equipment;
(3) virtualized server DomU iafter startup, if being the hardware PCI-E cipher card equipment that it distributes according to PCI-E cipher card resource allocation algorithm is k i, hardware PCI-E cipher card equipment reference count sequence becomes (c 1, c 2..., c i+ 1 ..., c n), the new reference count sequence of hardware PCI-E cipher card equipment and the virtual machine sequence information of this binding are sent to from this separate unit physical server the physical server needing monitoring;
(4) resource recording physics PCI-E cipher card adds up enciphered data amount for (e 1, e 2..., e i..., e n), at virtualized server DomU iafter request is once encrypted, upgrade hardware PCI-E cipher card equipment and add up enciphered data amount for (e 1, e 2..., e i+ p ..., e n), its p is for establishing enciphered data amount;
(5) the accumulative data decryption amount recording physics PCI-E cipher card resource is (d 1, d 2..., d i..., d n), at virtualized server DomU iafter request is once deciphered, upgrade hardware PCI-E cipher card equipment and add up data decryption amount for (d 1, d 2..., d i+ q ..., d n), wherein q is data decryption amount;
(6) at virtualized server DomU iduring shutdown, cancel encrypted card binding, upgrade (c 1, c 2..., c i+ 1 ..., c n) be (c 1, c 2..., c i..., c n); But the ciphering sequence (e of this cipher card 1, e 2..., e i+ p ..., e n) and decrypted sequences (d 1, d 2..., d i+ q ..., d n) constant;
(7) after drive load, create kernel thread at driving layer, be responsible in real time the reference count sequence of hardware PCI-E encrypted card equipment, the virtual machine sequence of binding and accumulation enciphered data amount and accumulative solution ciphertext data amount being sent to application layer.
2. the method for claim 1, is characterized in that, PCI-E cipher card resource allocation algorithm in described step (2), is specially:
(2.1) hardware PCI-E encryption device reference count sequence (c is searched 1, c 2..., c j..., c n), wherein c jrepresent the reference count of jth block encryption card, find minimum reference count c i, the hardware PCI-E cipher card equipment gone out selected by this operation of PCI-E cipher card resource allocation algorithm is k i;
(2.2) the reference count sequence (c of hardware PCI-E cipher card equipment is upgraded 1, c 2..., c i+ 1 ..., c n), and by needs binding hardware PCI-E cipher card equipment k ivirtualized server DomU ijoin k ivirtual machine list in.
3. method as claimed in claim 1 or 2, is characterized in that, after described step (3), also comprise: virtualized server is that virtualized server assigns empty encrypted card in addition again according to the business demand of virtualized server after starting; Virtual machine for specifying on monitoring server is selected to add hardware PCI-E cipher card equipment, this interpolation instruction (DomU i, n), be expressed as virtualized server DomU iadd n block hardware PCI-E cipher card equipment; After virtual machine place separate unit physical server receives this instruction, be passed to driving layer, drive layer to perform cipher card assignment algorithm.
4. method as claimed in claim 3, it is characterized in that, described cipher card assignment algorithm is specially:
(4.1) layer is driven to receive (DomU i, n) after order, check whether n is greater than cipher card total quantity on this physical server, if be greater than, refuse to specify;
(4.2) retrieve physical hardware PCI-E cipher card equipment chained list, find n block encryption card, these cipher cards meet following condition: { k j+1k j+n| k j+1k j+nbe not tied to DomU iand be in hardware PCI-E cipher card equipment sequence, quote minimum n block hardware PCI-E cipher card equipment;
(4.3) increase the reference count of this n block encryption card, quote sequence and become (c 1, c 2..., c i+ 1 ..., c j+k+ 1 ..., c n), wherein (c j+k) represent and just distributed to virtualized server DomU ithe reference count of hardware PCI-E encrypted card equipment, and by this virtualized server DomU iadd in the virtual machine sequence of hardware PCI-E cipher card equipment respectively;
(4.4) by the reference count sequence (c of up-to-date hardware PCI-E encrypted card equipment 1, c 2..., c i+ 1 ..., c j+k+ 1 ..., c n) state information sends to monitoring server.
5. method as claimed in claim 1 or 2, is characterized in that, in described step (1), in the realization driving layer, adopts kernel chained list to preserve the data structure of hardware encryption card.
6. method as claimed in claim 1 or 2, is characterized in that, drives layer to adopt Netlink mechanism these information to be sent in a broadcast manner in described step (7); After the finger daemon of application layer receives this information, send to monitoring server in the mode of TCP link.
7. method as claimed in claim 1 or 2, is characterized in that, for the accumulation encryption and decryption data amount information of hardware PCI-E cipher card equipment, adopts the mode of kernel timer, every 120 seconds, regularly sends the data to service end once.
CN201510293585.5A 2015-06-02 2015-06-02 Cipher card resource dynamic control method under a kind of virtualized environment Active CN104954452B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510293585.5A CN104954452B (en) 2015-06-02 2015-06-02 Cipher card resource dynamic control method under a kind of virtualized environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510293585.5A CN104954452B (en) 2015-06-02 2015-06-02 Cipher card resource dynamic control method under a kind of virtualized environment

Publications (2)

Publication Number Publication Date
CN104954452A true CN104954452A (en) 2015-09-30
CN104954452B CN104954452B (en) 2018-12-28

Family

ID=54168795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510293585.5A Active CN104954452B (en) 2015-06-02 2015-06-02 Cipher card resource dynamic control method under a kind of virtualized environment

Country Status (1)

Country Link
CN (1) CN104954452B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106874065A (en) * 2017-01-18 2017-06-20 北京三未信安科技发展有限公司 A kind of system for supporting hardware virtualization
CN108491725A (en) * 2018-03-13 2018-09-04 山东超越数控电子股份有限公司 A kind of method of inter-virtual machine communication safety in raising cloud
CN109344632A (en) * 2018-09-28 2019-02-15 山东超越数控电子股份有限公司 A kind of OPENSTACK volumes of encryption method based on hardware encryption card
CN114221994A (en) * 2021-12-15 2022-03-22 北京安盟信息技术股份有限公司 Dynamic allocation method for PCIE (peripheral component interface express) password card virtualized resources

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102023888A (en) * 2010-11-04 2011-04-20 北京曙光天演信息技术有限公司 Virtual device based on multiple encryption cards
CN102270153A (en) * 2011-08-12 2011-12-07 曙光信息产业(北京)有限公司 Method and device for sharing encrypted card in virtual environment
CN102289631A (en) * 2011-08-12 2011-12-21 无锡城市云计算中心有限公司 Method for realizing virtual safety computing environment
CN102984080A (en) * 2012-12-31 2013-03-20 无锡城市云计算中心有限公司 Load balance method used for cloud computation system
US8763159B1 (en) * 2012-12-05 2014-06-24 Parallels IP Holdings GmbH System and method for application license management in virtual environments

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102023888A (en) * 2010-11-04 2011-04-20 北京曙光天演信息技术有限公司 Virtual device based on multiple encryption cards
CN102270153A (en) * 2011-08-12 2011-12-07 曙光信息产业(北京)有限公司 Method and device for sharing encrypted card in virtual environment
CN102289631A (en) * 2011-08-12 2011-12-21 无锡城市云计算中心有限公司 Method for realizing virtual safety computing environment
US8763159B1 (en) * 2012-12-05 2014-06-24 Parallels IP Holdings GmbH System and method for application license management in virtual environments
CN102984080A (en) * 2012-12-31 2013-03-20 无锡城市云计算中心有限公司 Load balance method used for cloud computation system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
容晓峰,周利华: "密码服务器运算资源可扩展管理研究", 《电信科学》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106874065A (en) * 2017-01-18 2017-06-20 北京三未信安科技发展有限公司 A kind of system for supporting hardware virtualization
CN108491725A (en) * 2018-03-13 2018-09-04 山东超越数控电子股份有限公司 A kind of method of inter-virtual machine communication safety in raising cloud
CN109344632A (en) * 2018-09-28 2019-02-15 山东超越数控电子股份有限公司 A kind of OPENSTACK volumes of encryption method based on hardware encryption card
CN114221994A (en) * 2021-12-15 2022-03-22 北京安盟信息技术股份有限公司 Dynamic allocation method for PCIE (peripheral component interface express) password card virtualized resources
CN114221994B (en) * 2021-12-15 2022-09-13 北京安盟信息技术股份有限公司 Dynamic allocation method for PCIE (peripheral component interface express) password card virtualized resources

Also Published As

Publication number Publication date
CN104954452B (en) 2018-12-28

Similar Documents

Publication Publication Date Title
US9317316B2 (en) Host virtual machine assisting booting of a fully-encrypted user virtual machine on a cloud environment
US10693844B2 (en) Efficient migration for encrypted virtual machines by active page copying
US9892265B1 (en) Protecting virtual machine data in cloud environments
CN108228316B (en) Method and device for virtualizing password device
US11500988B2 (en) Binding secure keys of secure guests to a hardware security module
US20150134965A1 (en) Enhanced Secure Virtual Machine Provisioning
CN103403731B (en) The data encryption treating apparatus of cloud storage system and method
US9098379B2 (en) Computing reusable image components to minimize network bandwidth usage
US20090132804A1 (en) Secured live software migration
CN104951712B (en) A kind of data security protection method under Xen virtualized environment
US11201836B2 (en) Method and device for managing stateful application on server
CN103259762A (en) File encryption and decryption method and system based on cloud storage
US20140047427A1 (en) Concurrent embedded application update and migration
CN104104692A (en) Virtual machine encryption method, decryption method and encryption-decryption control system
CN104954452A (en) Dynamic cipher card resource control method in virtualization environment
CN105306576A (en) Scheduling method and system for password arithmetic units
CN114930328A (en) Binding a secure object of a security module to a secure guest
JP2022040156A (en) Virtual machine transition method by check point authentication in virtualized environment
CN109104275A (en) A kind of HSM equipment
CN112948070A (en) Method for processing data by a data processing accelerator and data processing accelerator
JP2022502882A (en) HSM self-destruction methods, systems and programs in hybrid cloud KMS solutions
CN113544674A (en) Secure execution client owner control for secure interface controls
US10691356B2 (en) Operating a secure storage device
AU2021236350B2 (en) Virtual machine perfect forward secrecy
CN114238938A (en) PCIE password card virtualization configuration management method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant