CN105224387A - A kind of security deployment method of virtual machine under cloud computing - Google Patents
A kind of security deployment method of virtual machine under cloud computing Download PDFInfo
- Publication number
- CN105224387A CN105224387A CN201510561941.7A CN201510561941A CN105224387A CN 105224387 A CN105224387 A CN 105224387A CN 201510561941 A CN201510561941 A CN 201510561941A CN 105224387 A CN105224387 A CN 105224387A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- layer
- safe
- security
- api
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The present invention discloses the security deployment method of virtual machine under a kind of cloud computing, belongs to Virtual Machine Manager technical field; Utilize the physical server resource in physical hardware resources layer to set up deployment secure virtual machine, secure virtual machine carries out the renewal in security sweep, information security storehouse; Virtualization software layer is set, as the middle layer of the virtual machine application resource access on physical hardware resources and upper strata, arrange safe API ccf layer at this layer, safe API ccf layer is provided with API framework interface, and secure virtual machine passes through API framework interface and virtualization software layer timing is mutual; Install secure virtual machine when application virtual machine is disposed to drive, mutual by the timing of API framework interface and virtualization software layer, the timing obtaining the fail-safe software of secure virtual machine upgrades and the information of protection.
Description
Technical field
The present invention discloses the security deployment method of virtual machine under a kind of cloud computing, belongs to Virtual Machine Manager technical field.
Background technology
Cloud computing is distributed treatment (DistributedComputing), the continuity of parallel processing (ParallelComputillg) and grid computing (GridComputillg) and development, or perhaps the business of these computer science concepts realizes.It is not exclusively calculate, and is not also store purely, but collection calculates and is stored in all over the body, by various to server, network, application program and database resource by internet for user provides a kind of theory of integrated service.Current, cloud computing is approved by industry gradually, and cloud data center operation system realizes gradually and is committed to practice, plays more and more important effect in social production and sphere of life.Based on the data center of virtual machine server construction, because virtualized server directly can provide management access by Internet, but data center periphery cannot provide effective preventing mechanism, existing security mechanism mainly utilizes the basic function of fail-safe software to mainly contain periodic scanning, information security storehouse renewal etc., this kind of software encounters many problems and challenge under virtual machine environment: as the scanning of anti-virus software, it is large that virus base renewal etc. can cause the moment of resource to consume, the security strategy preset creates frequently at virtual machine, the Chang Rongyi in process such as to copy to lose efficacy, the generation of each virtual machine needs the restriction of deployment secure software to cause increasing handling cost etc., these cause the virtual machine service efficiency under cloud computing low further.
Based on the problems referred to above, we have proposed the security deployment method of virtual machine under a kind of cloud computing, by adopting at physical host deploy secure virtual machine, and provide the mode of the security service such as antivirus protection, intrusion detection by this secure virtual machine for all virtual machines on physical host, realize the safety of virtual machine under cloud computing more efficiently and safely; Program security is high, be more suitable for virtual system, overcome existing protection capacity of safety protection software deployment way, namely protection capacity of safety protection software need each virtual in dispose, for have the resource consumption of proxy mode large, upgrade the shortcomings such as loaded down with trivial details, handling cost is huge, the deployment density of application virtual machine can be increased simultaneously, reduce Constructing data center cost.
Summary of the invention
The present invention is directed to virtualized server and directly can provide management access by Internet, but data center periphery cannot provide effective preventing mechanism, existing security mechanism mainly utilizes the basic function of fail-safe software to protect, there is many problems, cause the problem that the virtual machine service efficiency under cloud computing is low, the security deployment method of virtual machine under a kind of cloud computing is provided, overcome existing protection capacity of safety protection software deployment way, namely protection capacity of safety protection software need each virtual in dispose, for there being the resource consumption of proxy mode large, upgrade loaded down with trivial details, the shortcomings such as handling cost is huge, the deployment density of application virtual machine can be increased simultaneously, reduce Constructing data center cost.
The concrete scheme that the present invention proposes is:
A kind of security deployment method of virtual machine under cloud computing:
Utilize the physical server resource in physical hardware resources layer to set up deployment secure virtual machine, secure virtual machine carries out the renewal in security sweep, information security storehouse; Virtualization software layer is set, as the middle layer of the virtual machine application resource access on physical hardware resources and upper strata, arrange safe API ccf layer at this layer, safe API ccf layer is provided with API framework interface, and secure virtual machine passes through API framework interface and virtualization software layer timing is mutual; Install secure virtual machine when application virtual machine is disposed to drive, mutual by the timing of API framework interface and virtualization software layer, the timing obtaining the fail-safe software of secure virtual machine upgrades and the information of protection.
Described deployment secure virtual machine process of setting up is: a newly-built secure virtual machine, its configuration item is set, at this virtual machine deploy fail-safe software, install the driving mutual with safe API ccf layer, secure virtual machine utilizes this driving to complete registration in virtualization software layer.
Described secure virtual machine carries out security sweep, information security storehouse renewal process is: when fail-safe software has renewal, then prompting upgrades this fail-safe software,, upgrade by API framework interface and the mutual driving of virtualization software layer meanwhile, and re-start and drive registration.
Timing renewal and the protection information of the fail-safe software of application virtual machine acquisition secure virtual machine carry out security protection: the renewal rewards theory of safe API ccf layer record security software, and driving interactive portion update content pushed to by safe API ccf layer on application virtual machine, application virtual machine upgrades and drives, and re-starting driving registration, the safety completed on application virtual machine drives and upgrades.
Usefulness of the present invention is: the present invention is by adopting at physical host deploy secure virtual machine, secure virtual machine timing scan and obtain fail-safe software information security storehouse upgrade, by mutual with the safe API framework of virtualization software layer, the security service such as antivirus protection, intrusion detection lastest imformation is pushed to application virtual machine inside, can reduce and the moment of resource is consumed, reduce handling cost simultaneously, namely secure virtual machine is that all virtual machines on physical host provide and protect guarantee efficiently and safely, realizes the safety of virtual machine under cloud computing; Overcome the defect that traditional each virtual machine will dispose protection capacity of safety protection software simultaneously, improve deploying virtual machine density and resource utilization.
Accompanying drawing explanation
The schematic flow sheet of Fig. 1 the inventive method;
Fig. 2 block schematic illustration of the present invention.
Embodiment
A kind of security deployment method of virtual machine under cloud computing:
Utilize the physical server resource in physical hardware resources layer to set up deployment secure virtual machine, secure virtual machine carries out the renewal in security sweep, information security storehouse; Virtualization software layer is set, as the middle layer of the virtual machine application resource access on physical hardware resources and upper strata, arrange safe API ccf layer at this layer, safe API ccf layer is provided with API framework interface, and secure virtual machine passes through API framework interface and virtualization software layer timing is mutual; Install secure virtual machine when application virtual machine is disposed to drive, mutual by the timing of API framework interface and virtualization software layer, the timing obtaining the fail-safe software of secure virtual machine upgrades and the information of protection.
Utilize said method, the present invention will be further described by reference to the accompanying drawings.
Wherein, safe API ccf layer proposed by the invention is conceptive on virtualization software layer at logical level, and safe API ccf layer realizes the safe access control of bottom physical hardware by virtualization software layer.For the function access of secure virtual machine and the security protection of application virtual machine provide a whole set of api interface, based on these interfaces, complete safe operation to physical hardware layer resource and access control by virtual machine software layer.
Deployment secure virtual machine first: a first newly-built secure virtual machine, certain configuration item is set, then on this virtual machine, fail-safe software is installed, then continue on a virtual machine the driving mutual with safe API ccf layer is installed, this driving is completed registration at safe API ccf layer by last secure virtual machine, so far, the deployment of secure virtual machine is completed.
Secure virtual machine upgrades: when fail-safe software has renewal, then point out user to upgrade this fail-safe software, meanwhile, upgrades the driving mutual with safe API ccf layer, and re-starts driving registration, finally completes the renewal of secure virtual machine.
Simultaneously, the renewal rewards theory of safe API ccf layer record security software, and driving interactive portion update content pushed to by safe API ccf layer on common application virtual machine, common application virtual machine upgrades and drives, and re-starting driving registration, the safety completed on application virtual machine drives and upgrades.
How secure virtual machine and application virtual machine work:
Secure virtual machine timing scan and obtain fail-safe software information security storehouse upgrade, by with virtualization software layer on safe API ccf layer mutual, constantly update correlated virus storehouse, wooden horse storehouse, security information storehouse etc., carried out the security protection work of physical hardware resources layer by safe API ccf layer timing.
Method of the present invention is dispose unit with physical server, and virtual machine, namely common application deploying virtual machine density is increased dramatically, and can automatically inherit various security protection from secure virtual machine, realizes the highly effective and safe access control of self.
Claims (4)
1. the security deployment method of virtual machine under cloud computing, is characterized in that
Utilize the physical server resource in physical hardware resources layer to set up deployment secure virtual machine, secure virtual machine carries out the renewal in security sweep, information security storehouse; Virtualization software layer is set, as the middle layer of the virtual machine application resource access on physical hardware resources and upper strata, arrange safe API ccf layer at this layer, safe API ccf layer is provided with API framework interface, and secure virtual machine passes through API framework interface and virtualization software layer timing is mutual; Install secure virtual machine when application virtual machine is disposed to drive, mutual by the timing of API framework interface and virtualization software layer, the timing obtaining the fail-safe software of secure virtual machine upgrades and the information of protection.
2. the security deployment method of virtual machine under a kind of cloud computing according to claim 1, it is characterized in that described deployment secure virtual machine process of setting up is: a newly-built secure virtual machine, its configuration item is set, at this virtual machine deploy fail-safe software, install the driving mutual with safe API ccf layer, secure virtual machine utilizes this driving to complete registration in virtualization software layer.
3. the security deployment method of virtual machine under a kind of cloud computing according to claim 1 and 2, it is characterized in that described secure virtual machine carries out security sweep, information security storehouse renewal process is: when fail-safe software has renewal, then prompting upgrades this fail-safe software, simultaneously, upgrade by the mutual driving of API framework interface and virtualization software layer, and re-start to drive and register.
4. the security deployment method of virtual machine under a kind of cloud computing according to claim 3, it is characterized in that timing renewal and the protection information of the fail-safe software of application virtual machine acquisition secure virtual machine carry out security protection: the renewal rewards theory of safe API ccf layer record security software, and driving interactive portion update content pushed to by safe API ccf layer on application virtual machine, application virtual machine upgrades and drives, and re-starting driving registration, the safety completed on application virtual machine drives and upgrades.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510561941.7A CN105224387A (en) | 2015-09-07 | 2015-09-07 | A kind of security deployment method of virtual machine under cloud computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510561941.7A CN105224387A (en) | 2015-09-07 | 2015-09-07 | A kind of security deployment method of virtual machine under cloud computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105224387A true CN105224387A (en) | 2016-01-06 |
Family
ID=54993377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510561941.7A Pending CN105224387A (en) | 2015-09-07 | 2015-09-07 | A kind of security deployment method of virtual machine under cloud computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105224387A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106844005A (en) * | 2016-12-29 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Based on data reconstruction method and system under virtualized environment |
| US10310885B2 (en) | 2016-10-25 | 2019-06-04 | Microsoft Technology Licensing, Llc | Secure service hosted in a virtual security environment |
| WO2019178855A1 (en) * | 2018-03-23 | 2019-09-26 | 华为技术有限公司 | Method for virtual machine to access remote acceleration device, and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110271270A1 (en) * | 2010-04-28 | 2011-11-03 | Novell, Inc. | System and method for upgrading kernels in cloud computing environments |
| CN103258160A (en) * | 2013-05-30 | 2013-08-21 | 浪潮集团有限公司 | Method for monitoring cloud security under virtualization environment |
| CN103870749A (en) * | 2014-03-20 | 2014-06-18 | 中国科学院信息工程研究所 | System and method for implementing safety monitoring of virtual machine system |
| CN104767741A (en) * | 2015-03-24 | 2015-07-08 | 杭州安恒信息技术有限公司 | A Computing Service Separation and Security Protection System Based on Lightweight Virtual Machine |
-
2015
- 2015-09-07 CN CN201510561941.7A patent/CN105224387A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110271270A1 (en) * | 2010-04-28 | 2011-11-03 | Novell, Inc. | System and method for upgrading kernels in cloud computing environments |
| CN103258160A (en) * | 2013-05-30 | 2013-08-21 | 浪潮集团有限公司 | Method for monitoring cloud security under virtualization environment |
| CN103870749A (en) * | 2014-03-20 | 2014-06-18 | 中国科学院信息工程研究所 | System and method for implementing safety monitoring of virtual machine system |
| CN104767741A (en) * | 2015-03-24 | 2015-07-08 | 杭州安恒信息技术有限公司 | A Computing Service Separation and Security Protection System Based on Lightweight Virtual Machine |
Non-Patent Citations (1)
| Title |
|---|
| 赵鑫: "基于虚拟化应用的安全工具的研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10310885B2 (en) | 2016-10-25 | 2019-06-04 | Microsoft Technology Licensing, Llc | Secure service hosted in a virtual security environment |
| CN106844005A (en) * | 2016-12-29 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Based on data reconstruction method and system under virtualized environment |
| CN106844005B (en) * | 2016-12-29 | 2020-04-14 | 北京瑞星网安技术股份有限公司 | Data recovery method and system based on virtualization environment |
| WO2019178855A1 (en) * | 2018-03-23 | 2019-09-26 | 华为技术有限公司 | Method for virtual machine to access remote acceleration device, and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8904113B2 (en) | Virtual machine exclusive caching | |
| US9766945B2 (en) | Virtual resource scheduling for containers with migration | |
| US8875160B2 (en) | Dynamic application migration | |
| US9961098B2 (en) | Container data offline and online scan in a cloud environment | |
| CN102999369B (en) | The method and device of virtual machine upgrading | |
| US10353739B2 (en) | Virtual resource scheduling for containers without migration | |
| CN103902885B (en) | Towards multi-security level(MSL) virtual desktop system secure virtual machine shielding system and method | |
| US10884645B2 (en) | Virtual machine hot migration method, host machine and storage medium | |
| US8881144B1 (en) | Systems and methods for reclaiming storage space from virtual machine disk images | |
| CN104298559A (en) | Method and device for virtualizing physical host system | |
| US10331476B1 (en) | Storage device sharing among virtual machines | |
| US8910161B2 (en) | Scan systems and methods of scanning virtual machines | |
| US10185548B2 (en) | Configuring dependent services associated with a software package on a host system | |
| US11573815B2 (en) | Dynamic power management states for virtual machine migration | |
| CN103810429A (en) | Computer virus searching and killing method based on desktop cloud virtualization technology | |
| US20180034791A1 (en) | Secret keys management in a virtualized data-center | |
| CN104360892A (en) | System and method for creating virtual machine | |
| CN107329836B (en) | Multi-system memory management method and device and mobile terminal | |
| US20140237479A1 (en) | Virtual Machine-to-Image Affinity on a Physical Server | |
| US9230069B2 (en) | Execution-based license discovery and optimization | |
| CN105224387A (en) | A kind of security deployment method of virtual machine under cloud computing | |
| GB2512482A (en) | Verification program, verification method, and verification device | |
| CN107203410A (en) | A kind of VMI method and system based on redirection of system call | |
| CN101539864A (en) | Method for self adaptedly safeguarding the normal starting of credible client virtual domain | |
| CN103713937B (en) | Transformer substation terminal system operation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160106 |
|
| RJ01 | Rejection of invention patent application after publication |