CN104954452A - Dynamic cipher card resource control method in virtualization environment - Google Patents
Dynamic cipher card resource control method in virtualization environment Download PDFInfo
- Publication number
- CN104954452A CN104954452A CN201510293585.5A CN201510293585A CN104954452A CN 104954452 A CN104954452 A CN 104954452A CN 201510293585 A CN201510293585 A CN 201510293585A CN 104954452 A CN104954452 A CN 104954452A
- Authority
- CN
- China
- Prior art keywords
- pci
- cipher card
- hardware
- card equipment
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1074—Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a dynamical distributing method and a real-time monitoring method for resource information of PCI-E (peripheral component interconnect-express) cipher equipment on multiple physical nodes in a virtualization environment, and particularly relates to a physical cipher card equipment distributing method applied to a single physical server and a real-time monitoring method for using conditions of physical cipher cards on servers in presence of multiple servers. Content to be monitored includes the number of virtualization servers using cipher cards, the name of bound virtualization servers and encryption and decryption data volumes of the cipher cards.
Description
Technical field
The invention belongs to field of cloud computer technology, more specifically, relate to cipher card resource dynamic control method under a kind of virtualized environment.
Background technology
Intel Virtualization Technology becomes the core technology in cloud computing gradually, it provides a practicable solution to resource maximum using on physical server.On the other hand, present high performance hardware device is expensive, and under the prerequisite not having Intel Virtualization Technology, hardware device expensive in this, performance is not utilized to the full extent.PCI-E encryption device is exactly one wherein.
Existing patented invention has given under virtualized environment, the method for virtual PCI-E cipher card equipment in virtual machine, and successfully achieves the virtual of PCI-E cipher card equipment.This is for the invention provides basis.
But, in this PCI-E cipher card device virtualization method, there are 2 deficiencies.One is not consider when separate unit physical machine having polylith PCI-E encryption device how this distributes between multiple DomU to use this physics cipher card, accomplishes the load balancing of encryption device; Two is the state informations to this physics password, comprises that each PCI-E encryption device is current to be monitored in real time in information such as the data volumes for which platform virtualized server service, each PCI-E encryption device encrypting and decrypting.
Summary of the invention
For the defect of existing invention technology, the object of the invention is to find out a kind of when adapting to the many encrypted card of multiserver, to the control method of cipher card resource, hardware encryption card resource dynamic can be distributed to virtualized server.
To achieve these goals, the invention provides cipher card resource dynamic control method under a kind of virtualized environment, comprise the steps:
(1) to hardware PCI-E cipher card equipment, carry out the encapsulation of data structure, contain the reference count of this hardware PCI-E cipher card equipment, accumulation enciphered data amount and accumulative solution ciphertext data amount in the data structure of this encapsulation, and be tied to the virtual machine sequence on this cipher card equipment; After separate unit physical server has guided, the kernel module of load driver layer, has completed the initialization of this data structure, sets up hardware PCI-E cipher card equipment sequence (k
1, k
2k
n), wherein k
irepresent i-th piece of PCI-E cipher card, n represents the quantity of hardware PCI-E cipher card equipment, and the accumulation enciphered data amount (e of hardware PCI-E cipher card equipment
1, e
2..., e
i..., e
n) and accumulative solution ciphertext data amount; (d
1, d
2..., d
i..., d
n) be initialized as (0,0 ... ..., 0), e
iand d
irepresent accumulation enciphered data amount and the accumulative solution ciphertext data amount of i-th piece of hardware PCI-E cipher card equipment respectively, n represents the quantity of hardware PCI-E encrypted card equipment, the reference count sequence (c of initiating hardware PCI-E encrypted card equipment
1, c
2..., c
i..., c
n) be (0,0 ... ..., 0), wherein c
ibe i-th piece of hardware PCI-E encryption device, you represent the quantity of hardware PCI-E cipher card equipment;
(2) at virtualized server DomU
iduring startup, run PCI-E cipher card resource allocation algorithm, the virtualized server for this startup distributes and binds one piece of hardware PCI-E cipher card equipment;
(3) virtualized server DomU
iafter startup, if being the hardware PCI-E cipher card equipment that it distributes according to PCI-E cipher card resource allocation algorithm is k
i, hardware PCI-E cipher card equipment reference count sequence becomes (c
1, c
2..., c
i+ 1 ..., c
n), the new reference count sequence of hardware PCI-E cipher card equipment and the virtual machine sequence information of this binding are sent to from this separate unit physical server the physical server needing monitoring;
(4) resource recording physics PCI-E cipher card adds up enciphered data amount for (e
1, e
2..., e
i..., e
n), at virtualized server DomU
iafter request is once encrypted, upgrade hardware PCI-E cipher card equipment and add up enciphered data amount for (e
1, e
2..., e
i+ p ..., e
n), wherein p is for establishing enciphered data amount;
(5) the accumulative data decryption amount recording physics PCI-E cipher card resource is (d
1, d
2..., d
i..., d
n), at virtualized server DomU
iafter request is once deciphered, upgrade hardware PCI-E cipher card equipment and add up data decryption amount for (d
1, d
2..., d
i+ q ..., d
n), wherein q is data decryption amount;
(6) at virtualized server DomU
iduring shutdown, cancel encrypted card binding, upgrade (c
1, c
2..., c
i+ 1 ..., c
n) be (c
1, c
2..., c
i..., c
n); But the enciphered data amount sequence (e of this cipher card
1, e
2..., e
i+ p ..., e
n) and data decryption amount sequence (d
1, d
2..., d
i+ q ..., d
n) constant, the new reference count sequence of hardware PCI-E cipher card equipment and the virtual machine sequence information of this binding are sent to from this separate unit physical server the physical server needing monitoring simultaneously;
(7) after drive load, create kernel thread at driving layer, be responsible in real time the reference count sequence of hardware PCI-E encrypted card equipment, the virtual machine sequence of binding and accumulation enciphered data amount and accumulative solution ciphertext data amount being sent to application layer.
By the above technical scheme that the present invention conceives, compared with prior art, the present invention has following beneficial effect:
(1), due to step (1), step (2) and step (3), patent of the present invention meets dynamically distributes to virtualized server to polylith hardware PCI-E cipher card equipment on separate unit physical server, gives the solution of a load balancing.
(3), due to step (3) and step (6), The present invention gives when multiple stage physical server, the binding information between the hardware PCI-E encrypted card on each physical server and virtualized server is monitored in real time.
(2), due to step (4) and step (5), when The present invention gives for multiple stage physical server, the accumulation encryption and decryption data volume for the hardware PCI-E cipher card equipment on each physical server carries out real-time monitoring.
Accompanying drawing explanation
Fig. 1 is polylith cipher card equipment dynamic binding schematic diagram on single server in the embodiment of the present invention;
Fig. 2 is physics cipher card monitoring resource condition schematic diagram in multiserver situation in the embodiment of the present invention.Multiple stage is had in a practical situation from server in figure.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.In addition, if below in described each execution mode of the present invention involved technical characteristic do not form conflict each other and just can mutually combine.
The invention provides cipher card resource dynamic control method under a kind of virtualized environment, the method comprises Xen, KVM, VMWARE but is not limited to this three kinds of virtual platforms under being used for virtual platform, all feasible under different system.Particularly, described method comprises the steps:
(1) to hardware PCI-E cipher card equipment, carry out the encapsulation of data structure, contain the reference count of this hardware PCI-E cipher card equipment, accumulation enciphered data amount and accumulative solution ciphertext data amount in the data structure of this encapsulation, and be tied to the virtual machine sequence on this cipher card equipment.After separate unit physical server has guided, the kernel module of load driver layer, has completed the initialization of this data structure, sets up hardware PCI-E cipher card equipment sequence (k
1, k
2k
n), wherein k
irepresent i-th piece of PCI-E cipher card, and the accumulation enciphered data amount (e of hardware PCI-E cipher card equipment
1, e
2..., e
i..., e
n) and accumulative solution ciphertext data amount (d
1, d
2..., d
i..., d
n) be initialized as (0,0 ... ..., 0), e
iand d
irepresent accumulation enciphered data amount and the accumulative solution ciphertext data amount of i-th piece of hardware PCI-E cipher card equipment respectively.
Particularly, in the realization driving layer, kernel chained list is adopted to preserve the data structure of hardware encryption card.
(2) at virtualized server DomU
iduring startup, run PCI-E cipher card resource allocation algorithm, the virtualized server for this startup distributes and binds one piece of hardware PCI-E cipher card equipment.
As shown in Figure 1, be polylith cipher card equipment dynamic binding schematic diagram on single server in the embodiment of the present invention.For only having the situation of two pieces of PCI-E cipher cards in Dom0 shown in figure.In way, solid line represents the encrypted card of the dynamic binding when virtual machine activation, and dotted line represents the binding relationship that system manager specifies.Be expressed as DomU1 and DomUk+1 shown in figure and distribute two block encryption cards.
Particularly, PCI-E cipher card resource binding concrete steps are:
(2.1) hardware PCI-E encryption device reference count sequence (c is searched
1, c
2..., c
j..., c
n), wherein c
jrepresent the reference count of jth block encryption card, find minimum reference count c
i, the hardware PCI-E cipher card equipment gone out selected by this operation of PCI-E cipher card resource allocation algorithm is k
i.
(2.2) the reference count sequence (c of hardware PCI-E cipher card equipment is upgraded
1, c
2..., c
i+ 1 ..., c
n), and by needs binding hardware PCI-E cipher card equipment k
ivirtualized server DomU
ijoin k
ivirtual machine list in.
(3) virtualized server DomU
iafter startup, according to PCI-E cipher card resource allocation algorithm, the hardware PCI-E cipher card equipment distributed for it is k
i, hardware PCI-E cipher card equipment reference count sequence becomes (c
1, c
2..., c
i+ 1 ..., c
n).Now hardware PCI-E cipher card state changes, and the new reference count sequence of hardware PCI-E cipher card equipment and the virtual machine sequence information of this binding are sent to from this separate unit physical server the physical server needing monitoring.
(4), after virtualized server starts, system manager can be that virtualized server assigns empty encrypted card in addition again according to the business demand of virtualized server.System manager on monitoring server for the virtual machine of specifying is selected to add hardware PCI-E cipher card equipment, this interpolation instruction (DomU
i, n), be expressed as virtualized server DomU
iadd n block hardware PCI-E cipher card equipment.After virtual machine place separate unit physical server receives this instruction, be passed to driving layer.Layer is driven to perform cipher card assignment algorithm.
Particularly, cipher card assignment algorithm:
(4.1) layer is driven to receive (DomU
i, n) after order, check the legitimacy of assigning order, mainly check whether n is greater than cipher card total quantity on this physical server, if be greater than, refuse to specify.
(4.2) retrieve physical hardware PCI-E cipher card equipment chained list, find n block encryption card, these cipher cards meet following condition: { k
j+1k
j+n| k
j+1k
j+nbe not tied to DomU
iand be in hardware PCI-E cipher card equipment sequence, quote minimum n block hardware PCI-E cipher card equipment.
(4.3) increase the reference count of this n block encryption card, quote sequence and become (c
1, c
2..., c
i+ 1 ..., c
j+k+ 1 ..., c
n), wherein (c
j+k) represent and just distributed to virtualized server DomU
ithe reference count of hardware PCI-E encrypted card equipment, and by this virtualized server DomU
iadd to respectively in the virtual machine sequence of hardware PCI-E cipher card equipment.
(4.4) by the reference count sequence (c of up-to-date hardware PCI-E encrypted card equipment
1, c
2..., c
i+ 1 ..., c
j+k+ 1 ..., c
n) state information sends to monitoring server.
(5) resource recording physics PCI-E cipher card adds up enciphered data amount for (e
1, e
2..., e
i..., e
n), at virtualized server DomU
iafter request is once encrypted, enciphered data amount is p, upgrades hardware PCI-E cipher card equipment and adds up enciphered data amount for (e
1, e
2..., e
i+ p ..., e
n).
(6) the accumulative data decryption amount recording physics PCI-E cipher card resource is (d
1, d
2..., d
i..., d
n), at virtualized server DomU
iafter request is once deciphered, data decryption amount is q, then upgrade hardware PCI-E cipher card equipment and add up data decryption amount for (d
1, d
2..., d
i+ q ..., d
n).
Because the renewal of hardware PCI-E cipher card devices encrypt and data decryption amount is more frequent, therefore for the accumulation encryption and decryption data amount information of hardware PCI-E cipher card equipment, the mode of kernel timer can be adopted, every 120 seconds, regularly send the data to service end once.
(7) at virtualized server DomU
iduring shutdown, cancel encrypted card binding, upgrade (c
1, c
2..., c
i+ 1 ..., c
n) be (c
1, c
2..., c
i..., c
n).But the ciphering sequence (e of this cipher card
1, e
2..., e
i+ p ..., e
n) and decrypted sequences (d
1, d
2..., d
i+ q ..., d
n) constant.
(8) after drive load, create kernel thread at driving layer, be responsible in real time the reference count sequence of hardware PCI-E encrypted card equipment, the virtual machine sequence of binding and accumulation enciphered data amount and accumulative solution ciphertext data amount being sent to application layer.
As shown in Figure 2, drive layer that Netlink mechanism can be adopted in a broadcast manner these information to be sent to application layer from server (separate unit physical server), after the application layer finger daemon of server receives this information, send to master server (monitoring server) in the mode of TCP link.
Those skilled in the art will readily understand; the foregoing is only preferred embodiment of the present invention; not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1. a cipher card resource dynamic control method under virtualized environment, it is characterized in that, described method comprises the steps:
(1) to hardware PCI-E cipher card equipment, carry out the encapsulation of data structure, contain the reference count of this hardware PCI-E cipher card equipment, accumulation enciphered data amount and accumulative solution ciphertext data amount in the data structure of this encapsulation, and be tied to the virtual machine sequence on this cipher card equipment; After separate unit physical server has guided, the kernel module of load driver layer, has completed the initialization of this data structure, sets up hardware PCI-E cipher card equipment sequence (k
1, k
2k
n), wherein k
irepresent i-th piece of hardware PCI-E cipher card equipment, n represents the quantity of cipher card equipment, and the accumulation enciphered data amount (e of hardware PCI-E cipher card equipment
1, e
2..., e
i..., e
n) and accumulative solution ciphertext data amount (d
1, d
2..., d
i..., d
n) be initialized as (0,0 ..., 0 ..., 0), e
iand d
irepresent accumulation enciphered data amount and the accumulative solution ciphertext data amount of i-th piece of hardware PCI-E cipher card equipment respectively, n represents the quantity of hardware PCI-E cipher card equipment, the reference count sequence (c of initiating hardware PCI-E encrypted card equipment
1, c
2..., c
i..., c
n) be (0,0 ..., 0 ..., 0), wherein c
ibe i-th piece of hardware PCI-E encryption device, you represent the quantity of hardware PCI-E cipher card equipment;
(2) at virtualized server DomU
iduring startup, run PCI-E cipher card resource allocation algorithm, the virtualized server for this startup distributes and binds one piece of hardware PCI-E cipher card equipment;
(3) virtualized server DomU
iafter startup, if being the hardware PCI-E cipher card equipment that it distributes according to PCI-E cipher card resource allocation algorithm is k
i, hardware PCI-E cipher card equipment reference count sequence becomes (c
1, c
2..., c
i+ 1 ..., c
n), the new reference count sequence of hardware PCI-E cipher card equipment and the virtual machine sequence information of this binding are sent to from this separate unit physical server the physical server needing monitoring;
(4) resource recording physics PCI-E cipher card adds up enciphered data amount for (e
1, e
2..., e
i..., e
n), at virtualized server DomU
iafter request is once encrypted, upgrade hardware PCI-E cipher card equipment and add up enciphered data amount for (e
1, e
2..., e
i+ p ..., e
n), its p is for establishing enciphered data amount;
(5) the accumulative data decryption amount recording physics PCI-E cipher card resource is (d
1, d
2..., d
i..., d
n), at virtualized server DomU
iafter request is once deciphered, upgrade hardware PCI-E cipher card equipment and add up data decryption amount for (d
1, d
2..., d
i+ q ..., d
n), wherein q is data decryption amount;
(6) at virtualized server DomU
iduring shutdown, cancel encrypted card binding, upgrade (c
1, c
2..., c
i+ 1 ..., c
n) be (c
1, c
2..., c
i..., c
n); But the ciphering sequence (e of this cipher card
1, e
2..., e
i+ p ..., e
n) and decrypted sequences (d
1, d
2..., d
i+ q ..., d
n) constant;
(7) after drive load, create kernel thread at driving layer, be responsible in real time the reference count sequence of hardware PCI-E encrypted card equipment, the virtual machine sequence of binding and accumulation enciphered data amount and accumulative solution ciphertext data amount being sent to application layer.
2. the method for claim 1, is characterized in that, PCI-E cipher card resource allocation algorithm in described step (2), is specially:
(2.1) hardware PCI-E encryption device reference count sequence (c is searched
1, c
2..., c
j..., c
n), wherein c
jrepresent the reference count of jth block encryption card, find minimum reference count c
i, the hardware PCI-E cipher card equipment gone out selected by this operation of PCI-E cipher card resource allocation algorithm is k
i;
(2.2) the reference count sequence (c of hardware PCI-E cipher card equipment is upgraded
1, c
2..., c
i+ 1 ..., c
n), and by needs binding hardware PCI-E cipher card equipment k
ivirtualized server DomU
ijoin k
ivirtual machine list in.
3. method as claimed in claim 1 or 2, is characterized in that, after described step (3), also comprise: virtualized server is that virtualized server assigns empty encrypted card in addition again according to the business demand of virtualized server after starting; Virtual machine for specifying on monitoring server is selected to add hardware PCI-E cipher card equipment, this interpolation instruction (DomU
i, n), be expressed as virtualized server DomU
iadd n block hardware PCI-E cipher card equipment; After virtual machine place separate unit physical server receives this instruction, be passed to driving layer, drive layer to perform cipher card assignment algorithm.
4. method as claimed in claim 3, it is characterized in that, described cipher card assignment algorithm is specially:
(4.1) layer is driven to receive (DomU
i, n) after order, check whether n is greater than cipher card total quantity on this physical server, if be greater than, refuse to specify;
(4.2) retrieve physical hardware PCI-E cipher card equipment chained list, find n block encryption card, these cipher cards meet following condition: { k
j+1k
j+n| k
j+1k
j+nbe not tied to DomU
iand be in hardware PCI-E cipher card equipment sequence, quote minimum n block hardware PCI-E cipher card equipment;
(4.3) increase the reference count of this n block encryption card, quote sequence and become (c
1, c
2..., c
i+ 1 ..., c
j+k+ 1 ..., c
n), wherein (c
j+k) represent and just distributed to virtualized server DomU
ithe reference count of hardware PCI-E encrypted card equipment, and by this virtualized server DomU
iadd in the virtual machine sequence of hardware PCI-E cipher card equipment respectively;
(4.4) by the reference count sequence (c of up-to-date hardware PCI-E encrypted card equipment
1, c
2..., c
i+ 1 ..., c
j+k+ 1 ..., c
n) state information sends to monitoring server.
5. method as claimed in claim 1 or 2, is characterized in that, in described step (1), in the realization driving layer, adopts kernel chained list to preserve the data structure of hardware encryption card.
6. method as claimed in claim 1 or 2, is characterized in that, drives layer to adopt Netlink mechanism these information to be sent in a broadcast manner in described step (7); After the finger daemon of application layer receives this information, send to monitoring server in the mode of TCP link.
7. method as claimed in claim 1 or 2, is characterized in that, for the accumulation encryption and decryption data amount information of hardware PCI-E cipher card equipment, adopts the mode of kernel timer, every 120 seconds, regularly sends the data to service end once.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510293585.5A CN104954452B (en) | 2015-06-02 | 2015-06-02 | Cipher card resource dynamic control method under a kind of virtualized environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510293585.5A CN104954452B (en) | 2015-06-02 | 2015-06-02 | Cipher card resource dynamic control method under a kind of virtualized environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104954452A true CN104954452A (en) | 2015-09-30 |
CN104954452B CN104954452B (en) | 2018-12-28 |
Family
ID=54168795
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510293585.5A Active CN104954452B (en) | 2015-06-02 | 2015-06-02 | Cipher card resource dynamic control method under a kind of virtualized environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104954452B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106874065A (en) * | 2017-01-18 | 2017-06-20 | 北京三未信安科技发展有限公司 | A kind of system for supporting hardware virtualization |
CN108491725A (en) * | 2018-03-13 | 2018-09-04 | 山东超越数控电子股份有限公司 | A kind of method of inter-virtual machine communication safety in raising cloud |
CN109344632A (en) * | 2018-09-28 | 2019-02-15 | 山东超越数控电子股份有限公司 | A kind of OPENSTACK volumes of encryption method based on hardware encryption card |
CN114221994A (en) * | 2021-12-15 | 2022-03-22 | 北京安盟信息技术股份有限公司 | Dynamic allocation method for PCIE (peripheral component interface express) password card virtualized resources |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102023888A (en) * | 2010-11-04 | 2011-04-20 | 北京曙光天演信息技术有限公司 | Virtual device based on multiple encryption cards |
CN102270153A (en) * | 2011-08-12 | 2011-12-07 | 曙光信息产业(北京)有限公司 | Method and device for sharing encrypted card in virtual environment |
CN102289631A (en) * | 2011-08-12 | 2011-12-21 | 无锡城市云计算中心有限公司 | Method for realizing virtual safety computing environment |
CN102984080A (en) * | 2012-12-31 | 2013-03-20 | 无锡城市云计算中心有限公司 | Load balance method used for cloud computation system |
US8763159B1 (en) * | 2012-12-05 | 2014-06-24 | Parallels IP Holdings GmbH | System and method for application license management in virtual environments |
-
2015
- 2015-06-02 CN CN201510293585.5A patent/CN104954452B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102023888A (en) * | 2010-11-04 | 2011-04-20 | 北京曙光天演信息技术有限公司 | Virtual device based on multiple encryption cards |
CN102270153A (en) * | 2011-08-12 | 2011-12-07 | 曙光信息产业(北京)有限公司 | Method and device for sharing encrypted card in virtual environment |
CN102289631A (en) * | 2011-08-12 | 2011-12-21 | 无锡城市云计算中心有限公司 | Method for realizing virtual safety computing environment |
US8763159B1 (en) * | 2012-12-05 | 2014-06-24 | Parallels IP Holdings GmbH | System and method for application license management in virtual environments |
CN102984080A (en) * | 2012-12-31 | 2013-03-20 | 无锡城市云计算中心有限公司 | Load balance method used for cloud computation system |
Non-Patent Citations (1)
Title |
---|
容晓峰,周利华: "密码服务器运算资源可扩展管理研究", 《电信科学》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106874065A (en) * | 2017-01-18 | 2017-06-20 | 北京三未信安科技发展有限公司 | A kind of system for supporting hardware virtualization |
CN108491725A (en) * | 2018-03-13 | 2018-09-04 | 山东超越数控电子股份有限公司 | A kind of method of inter-virtual machine communication safety in raising cloud |
CN109344632A (en) * | 2018-09-28 | 2019-02-15 | 山东超越数控电子股份有限公司 | A kind of OPENSTACK volumes of encryption method based on hardware encryption card |
CN114221994A (en) * | 2021-12-15 | 2022-03-22 | 北京安盟信息技术股份有限公司 | Dynamic allocation method for PCIE (peripheral component interface express) password card virtualized resources |
CN114221994B (en) * | 2021-12-15 | 2022-09-13 | 北京安盟信息技术股份有限公司 | Dynamic allocation method for PCIE (peripheral component interface express) password card virtualized resources |
Also Published As
Publication number | Publication date |
---|---|
CN104954452B (en) | 2018-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9317316B2 (en) | Host virtual machine assisting booting of a fully-encrypted user virtual machine on a cloud environment | |
US10693844B2 (en) | Efficient migration for encrypted virtual machines by active page copying | |
US9892265B1 (en) | Protecting virtual machine data in cloud environments | |
CN108228316B (en) | Method and device for virtualizing password device | |
US11500988B2 (en) | Binding secure keys of secure guests to a hardware security module | |
US20150134965A1 (en) | Enhanced Secure Virtual Machine Provisioning | |
CN103403731B (en) | The data encryption treating apparatus of cloud storage system and method | |
US9098379B2 (en) | Computing reusable image components to minimize network bandwidth usage | |
US20090132804A1 (en) | Secured live software migration | |
CN104951712B (en) | A kind of data security protection method under Xen virtualized environment | |
US11201836B2 (en) | Method and device for managing stateful application on server | |
CN103259762A (en) | File encryption and decryption method and system based on cloud storage | |
US20140047427A1 (en) | Concurrent embedded application update and migration | |
CN104104692A (en) | Virtual machine encryption method, decryption method and encryption-decryption control system | |
CN104954452A (en) | Dynamic cipher card resource control method in virtualization environment | |
CN105306576A (en) | Scheduling method and system for password arithmetic units | |
CN114930328A (en) | Binding a secure object of a security module to a secure guest | |
JP2022040156A (en) | Virtual machine transition method by check point authentication in virtualized environment | |
CN109104275A (en) | A kind of HSM equipment | |
CN112948070A (en) | Method for processing data by a data processing accelerator and data processing accelerator | |
JP2022502882A (en) | HSM self-destruction methods, systems and programs in hybrid cloud KMS solutions | |
CN113544674A (en) | Secure execution client owner control for secure interface controls | |
US10691356B2 (en) | Operating a secure storage device | |
AU2021236350B2 (en) | Virtual machine perfect forward secrecy | |
CN114238938A (en) | PCIE password card virtualization configuration management method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |