CN105262611A - Virtual machine policy management device and management method based on open-stack - Google Patents
Virtual machine policy management device and management method based on open-stack Download PDFInfo
- Publication number
- CN105262611A CN105262611A CN201510560883.6A CN201510560883A CN105262611A CN 105262611 A CN105262611 A CN 105262611A CN 201510560883 A CN201510560883 A CN 201510560883A CN 105262611 A CN105262611 A CN 105262611A
- Authority
- CN
- China
- Prior art keywords
- module
- virtual machine
- policy
- user
- management device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides a virtual machine policy management device based on open-stack. A user requirement is collected from a Horizon user interactive interface module, and the policy management device carries out policy processing on the user requirement, outputs a policy instruction matched with the user requirement to a Qemu virtual machine loading modul and guides a virtual machine to execute the policy instruction. By use of the virtual machine policy management device provided by the invention, the virtual machine in an operation state can be monitored in a real time manner on the premise of not intruding an open-stack primary cloud platform management system, so as to ensure the stability and security of the system. In particular, in view of network traffic of the virtual machine and an encryption requirement of storage objects, a cloud platform user can control the network traffic and whether to encrypt the storage objects or not, and a security requirement of the user is notified to the virtual machine in the real time manner, so that the virtual machine executes the user requirement in the real time manner. In addition, the invention further provides a policy management method achieved by use of the virtual machine policy management device.
Description
Technical field
The present invention relates to a kind of virtual machine based on open-stack to monitor in real time, particularly relate to a kind of virtual machine tactical management device based on open-stack and management method.
Background technology
As everyone knows, open-stack is a cloud computing management platform project of increasing income, use by numerous exploration project.
As shown in Figure 1, open-stack is combined by some main modular assemblies and realizes the structure of a cloud platform, mainly comprises following components:
Calculation control module-Nova: for being unique user or the whole life cycle using management and group virtual machine instance, provide Virtual Service according to user's request.Be responsible for virtual machine creating, start, shutdown, hang-up, time-out, adjustment, move, restart, the operation such as destruction, specification such as information such as configuration CPU, internal memory etc.
Mirror image administration module-Glance: a set of virtual machine image is searched and searching system, support multiple virtual machine image form (AKI, AMI, ARI, ISO, QCOW2, Raw, VDI, VHD, VMDK), have the function creating and upload mirror image, delete mirror image, edit mirror image essential information.
Network management module-Neutron: the network virtualization technology providing cloud computing is other service providing network Connection Service of Open-stack.For user provides interface, can define Network, Subnet, Router, configuration DHCP, DNS, load balancing, L3 serve, network support GRE, VLAN.
Virtual machine interface control module-Libvirt: arrange abstract management level between virtual machine and cloud computing management, libvirt provides various different virtual machine API, manages different virtual machines for upper strata.
Virtual machine carrier module: open-stack supports the multiple main flow software virtual machine of access, comprises KVM, LXC, QEMU, Hyper-V, VMware, XenServer etc.
Open-stack realizes the cloud computing management platform of complete set primarily of the assembly module of respective difference in functionality, and other modules, also comprise object storage module-Swift, authentication module-keystone etc., do not have direct relation, repeat no more with the present invention.
In primary open-stack cloud platform management project, for the virtual machine being in running status, can only by the real-time status monitoring of Libvirt realization to virtual machine, and the virtual machine wanting to realize notifying to be in running status real-time dynamicly performs different user's requests, and (such as user wishes the network traffics encrypted transmission of virtual machine A to virtual machine B, wish that the storage content-encrypt of virtual machine C is preserved etc.), need amendment open-stack all codes relating to module from top to bottom, this is very large for open-stack primary cloud platform management system invasive, a large amount of leak can be introduced, also may increase the unsteadiness of open-stack simultaneously, and need manpower to realize, take time and effort, increase human cost.
Summary of the invention
For the above the deficiencies in the prior art, the invention provides a kind of virtual machine tactical management device based on open-stack, under not invading open-stack nucleus module code and ensureing the prerequisite of system stability, realize the real-time monitoring of virtual machine and the real-time informing of user's request and execution.
A kind of virtual machine tactical management device based on open-stack of the present invention, as shown in Figures 2 and 3, described tactical management device is from the user's request of Horizon User Interface module collection, described tactical management device carries out strategy process to user's request, the policy instructions that output is mated with user's request, to Qemu virtual machine carrier module, and guides the instruction of virtual machine implementation strategy; Described tactical management device comprises a tactful interactive module, described tactful interactive module directly collects the user's request coming from Horizon User Interface module, and abstract process is carried out to user's request, then abstract result is sent to a policy management module; Described policy management module carries out strategy generating, policy store and policy distribution for the user's request after the abstract process received, and described policy management module will be issued to a tactful forwarding module after the policy store of generation; Described tactful forwarding module identifies the strategy received and converts the discernible policy instructions of primary virtual machine to and is distributed to corresponding policy enforcement module; Virtual machine implementation strategy instruction corresponding with policy instructions in Qemu virtual machine carrier module is instructed by described policy enforcement module.
The present invention also provides a kind of virtual machine management method based on open-stack, and described policy management method realizes the management to virtual machine strategy by a tactical management device, as shown in Figure 4, comprises the steps:
S1, collected the user's request of Horizon User Interface module by the tactful collection module of in the tactful interactive module in described tactical management device;
S2, by the user interactive module in described tactful interactive module, abstract process is carried out to the user's request that described tactful collection module is collected;
S3, policy management module user's request after abstract process sent to by described user interactive module in described tactical management device, by described policy management module, generate the strategy matched for the user's request after abstract process;
S4, by described policy management module, the strategy of generation is carried out storing and the tactful forwarding module be handed down in described tactical management device of packing; Strategy is converted to the discernible policy instructions of primary virtual machine by described tactful forwarding module recognition strategy;
S5, by the virtual machine corresponding to the instruction of described tactful forwarding module determination strategy, and by a sub-forwarding module corresponding in described tactful forwarding module policy instructions is distributed to the policy enforcement module in described tactical management device;
S6, the son mated with policy instructions by described policy enforcement module are implemented module and are sent with charge free to Qemu virtual machine carrier module by described policy instructions;
S7, by the described primary virtual machine implementation strategy instruction implemented module with the son that policy instructions is mated and instruct policy instructions in Qemu virtual machine carrier module corresponding.
The virtual machine tactical management device of the application of the invention and management method, under the prerequisite of not invading the primary cloud platform management system of open-stack, can realize the virtual machine monitored in real time in running status, ensure stability and the fail safe of system.Especially for the encryption requirements of virtual machine network flow and storage object, use the present invention, the ability that cloud platform user can be allowed can to possess net control flow and storage object whether encrypt, under the prerequisite not invading Open-stack nucleus module code, realize the safety function that notice virtual machine carries out network traffics encryption and storage encryption, in real time by the demand for security of user notice virtual machine, virtual machine is allowed to perform user's request in real time.
Accompanying drawing explanation
Fig. 1 is the primary Organization Chart of open-stack;
Fig. 2 is tactical management apparatus structure schematic diagram of the present invention;
Fig. 3 is tactical management device of the present invention and the primary framework connection diagram of open-stack;
Fig. 4 is policy management method schematic flow sheet of the present invention.
Embodiment
As shown in Figures 2 and 3, a kind of virtual machine tactical management device based on open-stack of the present invention, described tactical management device is from the user's request of Horizon User Interface module collection, described tactical management device carries out strategy process to user's request, the policy instructions that output is mated with user's request, to Qemu virtual machine carrier module, and guides the instruction of virtual machine implementation strategy.
Wherein, described tactical management device comprises a tactful interactive module, described tactful interactive module directly collects the user's request coming from Horizon User Interface module, and carries out abstract process to user's request, then abstract result is sent to a policy management module; Described policy management module carries out strategy generating, policy store and policy distribution for the user's request after the abstract process received, and described policy management module will be issued to a tactful forwarding module after the policy store of generation; Described tactful forwarding module identifies the strategy received and converts the discernible policy instructions of primary virtual machine to and is distributed to corresponding policy enforcement module; Virtual machine implementation strategy instruction corresponding with policy instructions in Qemu virtual machine carrier module is instructed by described policy enforcement module.
Under optimal way, described tactful interactive module comprises a tactful collection module and a user interactive module; Described tactful collection module directly collects the user's request coming from Horizon User Interface module, and user's request is sent to described user interactive module; Described user interactive module carries out abstract process to the user's request received, and the user's request after abstract process is sent to affiliated policy management module.
In addition, described tactful forwarding module comprises at least one sub-forwarding module, and the quantity of described sub-forwarding module is consistent with the physical server quantity of layout in dummy machine system.Because the quantity of the physical server adopted when a layout dummy machine system is predetermined according to the size of system, thus be as the criterion with physical server quantity in the sub-forwarding module quantity for this system disposition tactical management device time institute layout, no longer change after layout completes.And each sub-forwarding module and each physical server one_to_one corresponding, each sub-forwarding module described only carries out strategy generating, policy store and policy distribution to the virtual machine user demand in the physical server of its correspondence.
Described policy enforcement module comprises at least one height and implements module, and the quantity of described son enforcement module and virtual machine quantity are consistent, and described son implements module and virtual machine one_to_one corresponding.Each sub-forwarding module implements the instruction of module sending strategy at least one height; Each son implements a module only corresponding sub-forwarding module; Each sub-forwarding module described only implements the instruction of module sending strategy to the son of its correspondence.Described policy enforcement module and Qemu virtual machine carrier module real-time, interactive, the foundation of each virtual machine in described Qemu virtual machine carrier module, the instant layout of described policy enforcement module corresponding with each virtual machine one son implement module.Specifically, multiple physical server can be adopted due to during placement of dummy machine system, and each server can set up multiple virtual machine, each virtual machine needs a corresponding son enforcement module, thus will be responsible for implementing the instruction of module sending strategy to all sons that the virtual machine on its corresponding physical server is corresponding at the sub-forwarding module being equipped with to each physical server.
Meanwhile, present invention also offers a kind of virtual machine policy management method based on open-stack, realize, to the management of virtual machine strategy, comprising the steps: by a tactical management device
S1, collected the user's request of Horizon User Interface module by the tactful collection module of in the tactful interactive module in described tactical management device;
S2, by the user interactive module in described tactful interactive module, abstract process is carried out to the user's request that described tactful collection module is collected;
S3, policy management module user's request after abstract process sent to by described user interactive module in described tactical management device, by described policy management module, generate the strategy matched for the user's request after abstract process;
S4, by described policy management module, the strategy of generation is carried out storing and the tactful forwarding module be handed down in described tactical management device of packing; Strategy is converted to the discernible policy instructions of primary virtual machine by described tactful forwarding module recognition strategy;
S5, by the virtual machine corresponding to the instruction of described tactful forwarding module determination strategy, and by a sub-forwarding module corresponding in described tactful forwarding module policy instructions is distributed to the policy enforcement module in described tactical management device;
S6, the son mated with policy instructions by described policy enforcement module are implemented module and are sent with charge free to Qemu virtual machine carrier module by described policy instructions;
S7, by the described primary virtual machine implementation strategy instruction implemented module with the son that policy instructions is mated and instruct policy instructions in Qemu virtual machine carrier module corresponding.
Policy management method of the present invention, by described tactical management device, monitoring virtual machine running status in real time, according to the physical server quantity that placement of dummy machine uses, is equipped with the sub-forwarding module of respective numbers.By tactical management device, the number change of monitoring virtual machine, implements module for each virtual machine is equipped with corresponding son; Described son implements module and virtual machine one_to_one corresponding.By each sub-forwarding module described, implement module at least one height and distribute policy instructions; The policy instructions that the sub-forwarding module only receiving its correspondence by each son enforcement module described distributes; Only implement module to the son of its correspondence by each sub-forwarding module described and distribute policy instructions; Only implement module to a son distribute policy instructions by described sub-forwarding module described in each is each.
The virtual machine tactical management device of the application of the invention and management method, under the prerequisite of not invading the primary cloud platform management system of open-stack, can realize the virtual machine monitored in real time in running status, ensure stability and the fail safe of system.Especially for the encryption requirements of virtual machine network flow and storage object, use the present invention, the ability that cloud platform user can be allowed can to possess net control flow and storage object whether encrypt, under the prerequisite not invading Open-stack nucleus module code, realize the safety function that notice virtual machine carries out network traffics encryption and storage encryption, in real time by the demand for security of user notice virtual machine, virtual machine is allowed to perform user's request in real time.
The above; be only the present invention's preferably embodiment; but protection scope of the present invention is not limited thereto; anyly be familiar with those skilled in the art in the technical scope that the present invention discloses; be equal to according to technical scheme of the present invention and inventive concept thereof and replace or change, all should be encompassed within protection scope of the present invention.
Claims (12)
1. the virtual machine tactical management device based on open-stack, it is characterized in that, described tactical management device is from the user's request of Horizon User Interface module collection, described tactical management device carries out strategy process to user's request, the policy instructions that output is mated with user's request, to Qemu virtual machine carrier module, and guides the instruction of virtual machine implementation strategy;
Described tactical management device comprises a tactful interactive module, described tactful interactive module directly collects the user's request coming from Horizon User Interface module, and abstract process is carried out to user's request, then abstract result is sent to a policy management module;
Described policy management module carries out strategy generating, policy store and policy distribution for the user's request after the abstract process received, and described policy management module will be issued to a tactful forwarding module after the policy store of generation;
Described tactful forwarding module identifies the strategy received and converts the discernible policy instructions of primary virtual machine to and is distributed to corresponding policy enforcement module; Virtual machine implementation strategy instruction corresponding with policy instructions in Qemu virtual machine carrier module is instructed by described policy enforcement module.
2. the virtual machine tactical management device based on open-stack according to claim 1, is characterized in that,
Described tactful interactive module comprises a tactful collection module and a user interactive module;
Described tactful collection module directly collects the user's request coming from Horizon User Interface module, and user's request is sent to described user interactive module; Described user interactive module carries out abstract process to the user's request received, and the user's request after abstract process is sent to described policy management module.
3. the virtual machine tactical management device based on open-stack according to claim 1, is characterized in that,
Described tactful forwarding module comprises at least one sub-forwarding module, and the quantity of described sub-forwarding module is consistent with the physical server quantity of layout in dummy machine system.
4. the virtual machine tactical management device based on open-stack according to claim 3, is characterized in that,
Each sub-forwarding module described and each physical server one_to_one corresponding, each sub-forwarding module described only carries out strategy generating, policy store and policy distribution to the user's request of virtual machines all in the physical server of its correspondence.
5. the virtual machine tactical management device based on open-stack according to claim 3, is characterized in that,
Described policy enforcement module comprises at least one height and implements module; And the quantity of described son enforcement module and virtual machine quantity are consistent.
6. the virtual machine tactical management device based on open-stack according to claim 5, is characterized in that,
Described son implements module and virtual machine one_to_one corresponding.
7. the virtual machine tactical management device based on open-stack according to claim 6, is characterized in that,
Each sub-forwarding module described implements the instruction of module sending strategy at least one height;
Each son described implements a module only corresponding sub-forwarding module;
Each sub-forwarding module described only implements the instruction of module sending strategy to the son of its correspondence.
8., according to the arbitrary described virtual machine tactical management device based on open-stack of claim 5-7, it is characterized in that,
Described policy enforcement module and Qemu virtual machine carrier module real-time, interactive, the foundation of each virtual machine in described Qemu virtual machine carrier module, the instant layout of described policy enforcement module corresponding with each virtual machine one son implement module.
9., based on a virtual machine policy management method of open-stack, it is characterized in that,
Described policy management method realizes, to the management of virtual machine strategy, comprising the steps: by a tactical management device
S1, collected the user's request of Horizon User Interface module by the tactful collection module of in the tactful interactive module in described tactical management device;
S2, by the user interactive module in described tactful interactive module, abstract process is carried out to the user's request that described tactful collection module is collected;
S3, policy management module user's request after abstract process sent to by described user interactive module in described tactical management device, by described policy management module, generate the strategy matched for the user's request after abstract process;
S4, by described policy management module, the strategy of generation is carried out storing and the tactful forwarding module be handed down in described tactical management device of packing; Strategy is converted to the discernible policy instructions of primary virtual machine by described tactful forwarding module recognition strategy;
S5, by the virtual machine corresponding to the instruction of described tactful forwarding module determination strategy, and by a sub-forwarding module corresponding in described tactful forwarding module policy instructions is distributed to the policy enforcement module in described tactical management device;
S6, the son mated with policy instructions by described policy enforcement module are implemented module and are sent with charge free to Qemu virtual machine carrier module by described policy instructions;
S7, by the described primary virtual machine implementation strategy instruction implemented module with the son that policy instructions is mated and instruct policy instructions in Qemu virtual machine carrier module corresponding.
10. the virtual machine policy management method based on open-stack according to claim 9, is characterized in that,
By described tactical management device, monitoring virtual machine running status in real time, according to the physical server quantity that placement of dummy machine uses, is equipped with the sub-forwarding module of respective numbers.
The 11. virtual machine policy management methods based on open-stack according to claim 10, is characterized in that,
By described tactical management device, the number change of monitoring virtual machine, implements module for each virtual machine is equipped with corresponding son; Described son implements module and virtual machine one_to_one corresponding.
The 12. virtual machine policy management methods based on open-stack according to claim 11, is characterized in that,
By each sub-forwarding module described, implement module at least one height and distribute policy instructions;
The policy instructions that the sub-forwarding module only receiving its correspondence by each son enforcement module described distributes;
Only implement module to the son of its correspondence by each sub-forwarding module described and distribute policy instructions;
Only implement module to a son distribute policy instructions by described sub-forwarding module described in each is each.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510560883.6A CN105262611B (en) | 2015-09-07 | 2015-09-07 | Virtual machine tactical management device and management method based on open-stack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510560883.6A CN105262611B (en) | 2015-09-07 | 2015-09-07 | Virtual machine tactical management device and management method based on open-stack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105262611A true CN105262611A (en) | 2016-01-20 |
| CN105262611B CN105262611B (en) | 2018-12-21 |
Family
ID=55102130
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510560883.6A Active CN105262611B (en) | 2015-09-07 | 2015-09-07 | Virtual machine tactical management device and management method based on open-stack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105262611B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147467A (en) * | 2019-12-19 | 2020-05-12 | 紫光云技术有限公司 | Security policy setting method and device for PaaS products under cloud platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685250A (en) * | 2013-12-04 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Virtual machine security policy migration system and method based on SDN |
| US20140129719A1 (en) * | 2012-11-05 | 2014-05-08 | Sea Street Technologies, Inc. | Systems and methods for provisioning and managing an elastic computing infrastructure |
| CN103973676A (en) * | 2014-04-21 | 2014-08-06 | 蓝盾信息安全技术股份有限公司 | Cloud computing safety protection system and method based on SDN |
| CN104683450A (en) * | 2015-02-06 | 2015-06-03 | 中国农业大学 | Video service monitoring cloud system |
-
2015
- 2015-09-07 CN CN201510560883.6A patent/CN105262611B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140129719A1 (en) * | 2012-11-05 | 2014-05-08 | Sea Street Technologies, Inc. | Systems and methods for provisioning and managing an elastic computing infrastructure |
| CN103685250A (en) * | 2013-12-04 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Virtual machine security policy migration system and method based on SDN |
| CN103973676A (en) * | 2014-04-21 | 2014-08-06 | 蓝盾信息安全技术股份有限公司 | Cloud computing safety protection system and method based on SDN |
| CN104683450A (en) * | 2015-02-06 | 2015-06-03 | 中国农业大学 | Video service monitoring cloud system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147467A (en) * | 2019-12-19 | 2020-05-12 | 紫光云技术有限公司 | Security policy setting method and device for PaaS products under cloud platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105262611B (en) | 2018-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103139221B (en) | Data migration method between a kind of dependable virtual platform and construction method, platform | |
| Gao et al. | System design of cloud computing based on mobile learning | |
| CN106982266A (en) | A kind of method and apparatus of automatically dispose cluster | |
| CN103500304B (en) | Virtual machine personalized secure based on Xen monitors system and monitoring method | |
| CN105306576A (en) | Scheduling method and system for password arithmetic units | |
| CN106203126A (en) | A kind of validating vulnerability method and system based on simulated environment | |
| CN104036185B (en) | Virtualization based power and function isolating method for loading module of monolithic kernel operation system | |
| CN108446159A (en) | Mobile terminal dual system based on Docker containers realizes system and method | |
| CN103309721A (en) | Virtual machine monitor management system and method | |
| Xiong et al. | Design and implementation of a prototype cloud video surveillance system | |
| CN108399094A (en) | A kind of dispositions method of application, its dispose device and edge data center | |
| CN109639446A (en) | FPGA device, the cloud system based on FPGA device | |
| CN103207965A (en) | Method and device for License authentication in virtual environment | |
| CN108155988A (en) | A kind of moving method, device, equipment and readable storage medium storing program for executing for protecting key | |
| CN104951712A (en) | Data safety protection method in Xen virtualization environment | |
| CN109510749A (en) | A kind of large-scale virtual network establishing method based on OpenStack and SDN technology | |
| CN103747020A (en) | Safety controllable method for accessing virtual resources by public network | |
| CN103501295B (en) | A kind of remote access method based on virtual machine (vm) migration and equipment | |
| CN107908957B (en) | Safe operation management method and system of intelligent terminal | |
| CN107729760B (en) | CSP implementation method based on Android system and intelligent terminal | |
| CN115344871A (en) | Confidential computing environment construction method and system based on ARM architecture | |
| CN105262611A (en) | Virtual machine policy management device and management method based on open-stack | |
| CN105335212A (en) | Method for controlling cloud computing mandatory access based on distributed implementation | |
| CN106993041A (en) | A kind of power marketing moves work data synchronous method | |
| CN106331024A (en) | Method and device for accessing cloud data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| DD01 | Delivery of document by public notice |
Addressee: Guo Xiaohua Document name: Notification of Passing Examination on Formalities |
|
| C06 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: CHINA ELECTRONIC TECHNOLOGY CYBER SECURITY CO., LTD. Document name: Notification of Passing Preliminary Examination of the Application for Invention |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |