CN105491061A - Access control system and method - Google Patents
Access control system and method Download PDFInfo
- Publication number
- CN105491061A CN105491061A CN201511024577.7A CN201511024577A CN105491061A CN 105491061 A CN105491061 A CN 105491061A CN 201511024577 A CN201511024577 A CN 201511024577A CN 105491061 A CN105491061 A CN 105491061A
- Authority
- CN
- China
- Prior art keywords
- access control
- control policy
- virtual machine
- security
- security agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an access control system and method. The access control method comprises the steps that: a plurality of security domains are formed in a virtual network by a cloud security management unit according to a preset first access control strategy, wherein the security domain comprises at least one virtual machine, and the cloud security management unit is arranged in the cloud computing virtual network; a second access control strategy is formed by a security agent unit according to the first access control strategy, wherein the security agent unit is arranged in a physical host, the second access control strategy is used for access control of the virtual machine in the physical host, and the cloud security management unit is connected with the security agent unit. According to the technical scheme provided by embodiments of the invention, there is no need to modify the network configuration of the virtual network when the security strategy of the virtual network is changed, thereby preventing the situation where management of the virtual network is affected by modification of the network configuration.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of access control system and method thereof.
Background technology
Resource is carried out centralized distribution scheduling by one of feature of cloud computing exactly.The virtual physical equipment that makes is converted into resource pool, has the feature of distribution according to need and mutually isolation, and therefore virtual is that resource can the necessary condition of flexible allocation scheduling.Server virtualization and Storage Virtualization have the solution of comparative maturity, but the business of data center is too busy to get away network, each tenant needs the virtual machine being connected oneself by network, and can not interfere with each other with the network of other tenants, therefore, network as a part for resource equally towards virtual future development.The network of data center must be isolated into multiple virtual network, distributes to each tenant, makes each tenant feel independently using network, can distribute the IP address of oneself, arrange the network security policy of oneself.
According to current network technology, the isolation of tenant network can adopt VLAN (VirtualLocalAreaNetwork, VLAN) technology, and security strategy can be configured on switches.But the application of virtual machine, release and migration all have dynamic, and this makes the network configuration relevant to virtual machine also must have dynamic, therefore frequently revising network configuration affects network management.
Summary of the invention
For solving the problem, the invention provides a kind of access control system and method thereof, the change for the security strategy solving existing cloud computing virtual network affects the problem of network management.
For this reason, the invention provides a kind of access control method, comprising:
Step S1, cloud security administrative unit form multiple security domain according to the first access control policy preset among virtual network, and described security domain comprises at least one virtual machine, and described cloud security administrative unit is arranged in cloud computing virtual network;
Step S2, TSM Security Agent unit form the second access control policy according to described first access control policy, described TSM Security Agent unit is arranged in physical host, described second access control policy is for the control that conducts interviews to the virtual machine in described physical host, and described cloud security administrative unit is connected with described TSM Security Agent unit.
Optionally, described step S2 comprises:
Form the 3rd access control policy according to described first access control policy, described 3rd access control policy is for the control that conducts interviews to the communication between the virtual machine in same security domain;
Form the 4th access control policy according to described first access control policy, described 4th access control policy is used for conducting interviews to the communication between the virtual machine in a security domain and the virtual machine in another security domain controlling.
Optionally, described step S2 comprises:
Form the 5th access control policy according to described first access control policy, described 5th access control policy is for the control that conducts interviews to the communication between the virtual machine in same physical host;
Form the 6th access control policy according to described first access control policy, described 6th access control policy is used for conducting interviews to the communication between the virtual machine in a physical host and the virtual machine in another physical host controlling.
Optionally, described step S1 comprises:
Change described first access control policy;
Multiple security domain is formed according to the first access control policy after changing.
Optionally, described step S2 comprises:
Monitor the state of described first access control policy;
The second new access control policy is formed according to the first access control policy after change when described first access control policy changes.
The invention provides a kind of access control system, comprise cloud security administrative unit and TSM Security Agent unit, described cloud security administrative unit is arranged in cloud computing virtual network, and described TSM Security Agent unit is arranged in physical host, and described cloud security administrative unit is connected with described TSM Security Agent unit;
The first access control policy that described cloud security administrative unit is used for according to presetting forms multiple security domain among virtual network, and described security domain comprises at least one virtual machine;
Described TSM Security Agent unit is used for forming the second access control policy according to described first access control policy, and described second access control policy is for the control that conducts interviews to the virtual machine in described physical host.
Optionally, described TSM Security Agent unit comprises the first TSM Security Agent module and the second TSM Security Agent module;
Described first TSM Security Agent module is used for forming the 3rd access control policy according to described first access control policy, and described 3rd access control policy is for the control that conducts interviews to the communication between the virtual machine in same security domain;
Described second TSM Security Agent module is used for forming the 4th access control policy according to described first access control policy, and described 4th access control policy is used for conducting interviews to the communication between the virtual machine in a security domain and the virtual machine in another security domain controlling.
Optionally, described TSM Security Agent unit comprises the 3rd TSM Security Agent module and the 4th TSM Security Agent module;
Described 3rd TSM Security Agent module is used for forming the 5th access control policy according to described first access control policy, and described 5th access control policy is for the control that conducts interviews to the communication between the virtual machine in same physical host;
Described 4th TSM Security Agent module is used for forming the 6th access control policy according to described first access control policy, and described 6th access control policy is used for conducting interviews to the communication between the virtual machine in a physical host and the virtual machine in another physical host controlling.
Optionally, described cloud security administrative unit comprises change module and first and forms module, and described change module and described first forms model calling;
Described change module is for changing described first access control policy;
Described first forms module for forming multiple security domain according to the first access control policy after change.
Optionally, described TSM Security Agent unit comprises monitoring modular and second and forms module, and described monitoring modular and described second forms model calling;
Described monitoring modular is for monitoring the state of described first access control policy;
Described second forms module is used for forming the second new access control policy when described first access control policy changes according to the first access control policy after change.
The present invention has following beneficial effect:
In access control system provided by the invention and method thereof, described access control method comprises: cloud security administrative unit forms multiple security domain according to the first access control policy preset among virtual network, described security domain comprises at least one virtual machine, and described cloud security administrative unit is arranged in cloud computing virtual network; TSM Security Agent unit forms the second access control policy according to described first access control policy, described TSM Security Agent unit is arranged in physical host, described second access control policy is for the control that conducts interviews to the virtual machine in described physical host, and described cloud security administrative unit is connected with described TSM Security Agent unit.The network configuration with virtual network need not be revised when technical scheme provided by the invention changes the security strategy of virtual network, thus avoid the management of Change impact to virtual network of network configuration.In addition, technical scheme provided by the invention can provide reliably for multiple tenant, safe and extendible network, realize the access control behavior between virtual machine and the external world by arranging access control policy, virtual machine in same security domain has identical access strategy to external world, thus realizes the division of security domain.Simultaneously, technical scheme provided by the invention can also realize various level access control by the access control policy arranging different brackets, thus the fine-granularity access control realized between security domain and within security domain, thus the cost that cloud service provider provides services on the Internet to tenant can be reduced.
Accompanying drawing explanation
The flow chart of a kind of access control method that Fig. 1 provides for the embodiment of the present invention one;
The structural representation of a kind of access control system that Fig. 2 provides for the embodiment of the present invention two;
The Organization Chart of a kind of access control system that Fig. 3 provides for the embodiment of the present invention two.
Embodiment
For making those skilled in the art understand technical scheme of the present invention better, below in conjunction with accompanying drawing, access control system provided by the invention and method thereof are described in detail.
Embodiment one
The flow chart of a kind of access control method that Fig. 1 provides for the embodiment of the present invention one.As shown in Figure 1, described access control method comprises:
Step S1, cloud security administrative unit form multiple security domain according to the first access control policy preset among virtual network, and described security domain comprises at least one virtual machine, and described cloud security administrative unit is arranged in cloud computing virtual network.
In the present embodiment, all virtual machines in described cloud security administrative unit centralized management virtual network, arrange the first access control policy according to actual needs, to form multiple security domain, thus realize the Secure isolation to virtual network.The network configuration with virtual network need not be revised when the technical scheme that the present embodiment provides changes the security strategy of virtual network, thus avoid the management of Change impact to virtual network of network configuration.In addition, the technical scheme that the present embodiment provides can provide reliably for multiple tenant, safe and extendible network, realize the access control behavior between virtual machine and the external world by arranging access control policy, virtual machine in same security domain has identical access strategy to external world, thus realizes the division of security domain.
Step S2, TSM Security Agent unit form the second access control policy according to described first access control policy, described TSM Security Agent unit is arranged in physical host, described second access control policy is for the control that conducts interviews to the virtual machine in described physical host, and described cloud security administrative unit is connected with described TSM Security Agent unit.
In the present embodiment, described TSM Security Agent unit is arranged on each physical host.The first access control policy that described TSM Security Agent unit is arranged according to cloud security administrative unit forms the second access control policy, thus completes the further access control of virtual machine.Optionally, described TSM Security Agent unit adopts OpenFlow technology or IPtable technology to form the second access control policy on described physical host.
Preferably, described step S2 comprises: form the 3rd access control policy according to described first access control policy, described 3rd access control policy is for the control that conducts interviews to the communication between the virtual machine in same security domain, form the 4th access control policy according to described first access control policy, described 4th access control policy is used for conducting interviews to the communication between the virtual machine in a security domain and the virtual machine in another security domain controlling.The access control method that the present embodiment provides can realize various level access control by the access control policy arranging different brackets, thus realizes the fine-granularity access control between security domain and within security domain.
In the present embodiment, described step S2 comprises: form the 5th access control policy according to described first access control policy, described 5th access control policy is for the control that conducts interviews to the communication between the virtual machine in same physical host, form the 6th access control policy according to described first access control policy, described 6th access control policy is used for conducting interviews to the communication between the virtual machine in a physical host and the virtual machine in another physical host controlling.The access control method that the present embodiment provides can realize various level access control by the access control policy arranging different brackets, thus realizes the fine-granularity access control between physical host and within physical host.
Preferably, described step S1 comprises: change described first access control policy, forms multiple security domain according to the first access control policy after changing.Described step S2 comprises: the state of monitoring described first access control policy, forms the second new access control policy when described first access control policy changes according to the first access control policy after change.The access control method that the present embodiment provides is virtual by Internet resources, makes the scheduling of Internet resources break away from network constraint.The focus that described access control method is paid close attention to is not switch system or ASIC standards system, but the centralized control and management of access control policy.The access control policy of centralized control and management can obtain global network view or other more network state information at any time, thus is difficult to the network function of realization under can realizing original Web control pattern.Make virtual network programmable to the centralized control and management of access control policy, thus can realize supporting many tenants, optimizing flow and move the network functions such as virtual machine.
The access control method that the present embodiment provides comprises: cloud security administrative unit forms multiple security domain according to the first access control policy preset among virtual network, described security domain comprises at least one virtual machine, and described cloud security administrative unit is arranged in cloud computing virtual network; TSM Security Agent unit forms the second access control policy according to described first access control policy, described TSM Security Agent unit is arranged in physical host, described second access control policy is for the control that conducts interviews to the virtual machine in described physical host, and described cloud security administrative unit is connected with described TSM Security Agent unit.The network configuration with virtual network need not be revised when the technical scheme that the present embodiment provides changes the security strategy of virtual network, thus avoid the management of Change impact to virtual network of network configuration.In addition, the technical scheme that the present embodiment provides can provide reliably for multiple tenant, safe and extendible network, realize the access control behavior between virtual machine and the external world by arranging access control policy, virtual machine in same security domain has identical access strategy to external world, thus realizes the division of security domain.Simultaneously, the technical scheme that the present embodiment provides can also realize various level access control by the access control policy arranging different brackets, thus the fine-granularity access control realized between security domain and within security domain, thus the cost that cloud service provider provides services on the Internet to tenant can be reduced.
Embodiment two
The structural representation of a kind of access control system that Fig. 2 provides for the embodiment of the present invention two, the Organization Chart of a kind of access control system that Fig. 3 provides for the embodiment of the present invention two.As shown in Figures 2 and 3, described access control system comprises cloud security administrative unit 101 and TSM Security Agent unit 102, described cloud security administrative unit 101 is arranged in cloud computing virtual network, described TSM Security Agent unit 102 is arranged in physical host, and described cloud security administrative unit 101 is connected with described TSM Security Agent unit 102.Described cloud security administrative unit 101 for forming multiple security domain according to the first access control policy preset among virtual network, and described security domain comprises at least one virtual machine.Described TSM Security Agent unit 102 is for forming the second access control policy according to described first access control policy, and described second access control policy is for the control that conducts interviews to the virtual machine in described physical host.
In the present embodiment, described cloud security administrative unit 101 manages all virtual machines in virtual network concentratedly, arranges the first access control policy according to actual needs, to form multiple security domain, thus realizes the Secure isolation to virtual network.The network configuration with virtual network need not be revised when the technical scheme that the present embodiment provides changes the security strategy of virtual network, thus avoid the management of Change impact to virtual network of network configuration.In addition, the technical scheme that the present embodiment provides can provide reliably for multiple tenant, safe and extendible network, realize the access control behavior between virtual machine and the external world by arranging access control policy, virtual machine in same security domain has identical access strategy to external world, thus realizes the division of security domain.
In the present embodiment, described TSM Security Agent unit 102 is arranged on each physical host.The first access control policy that described TSM Security Agent unit 102 is arranged according to cloud security administrative unit 101 forms the second access control policy, thus completes the further access control of virtual machine.Optionally, described TSM Security Agent unit 102 adopts OpenFlow technology or IPtable technology to form the second access control policy on described physical host.
Preferably, described TSM Security Agent unit 102 comprises the first TSM Security Agent module and the second TSM Security Agent module.Described first TSM Security Agent module is used for forming the 3rd access control policy according to described first access control policy, and described 3rd access control policy is for the control that conducts interviews to the communication between the virtual machine in same security domain.Described second TSM Security Agent module is used for forming the 4th access control policy according to described first access control policy, and described 4th access control policy is used for conducting interviews to the communication between the virtual machine in a security domain and the virtual machine in another security domain controlling.The access control system that the present embodiment provides can realize various level access control by the access control policy arranging different brackets, thus realizes the fine-granularity access control between security domain and within security domain.
In the present embodiment, described TSM Security Agent unit 102 comprises the 3rd TSM Security Agent module and the 4th TSM Security Agent module.Described 3rd TSM Security Agent module is used for forming the 5th access control policy according to described first access control policy, and described 5th access control policy is for the control that conducts interviews to the communication between the virtual machine in same physical host.Described 4th TSM Security Agent module is used for forming the 6th access control policy according to described first access control policy, and described 6th access control policy is used for conducting interviews to the communication between the virtual machine in a physical host and the virtual machine in another physical host controlling.The access control system that the present embodiment provides can realize various level access control by the access control policy arranging different brackets, thus realizes the fine-granularity access control between physical host and within physical host.
Preferably, described cloud security administrative unit 101 comprises change module 201 and first and forms module 202, and described change module 201 and described first forms module 202 and is connected.Described change module 201 is for changing described first access control policy, and described first forms module 202 for forming multiple security domain according to the first access control policy after change.Described TSM Security Agent unit 102 comprises monitoring modular 203 and second and forms module 204, described monitoring modular 203 and described second forms module 204 and is connected, described monitoring modular 203 is for monitoring the state of described first access control policy, and described second forms module 204 for forming the second new access control policy when described first access control policy changes according to the first access control policy after change.The focus that described access control system is paid close attention to is not switch system or ASIC standards system, but the centralized control and management of access control policy.The access control policy of centralized control and management can obtain global network view or other more network state information at any time, thus is difficult to the network function of realization under can realizing original Web control pattern.Make virtual network programmable to the centralized control and management of access control policy, thus can realize supporting many tenants, optimizing flow and move the network functions such as virtual machine.
The access control system that the present embodiment provides comprises: comprise cloud security administrative unit and TSM Security Agent unit, described cloud security administrative unit is arranged in cloud computing virtual network, described TSM Security Agent unit is arranged in physical host, and described cloud security administrative unit is connected with described TSM Security Agent unit.The first access control policy that described cloud security administrative unit is used for according to presetting forms multiple security domain among virtual network, and described security domain comprises at least one virtual machine.Described TSM Security Agent unit is used for forming the second access control policy according to described first access control policy, and described second access control policy is for the control that conducts interviews to the virtual machine in described physical host.The network configuration with virtual network need not be revised when the technical scheme that the present embodiment provides changes the security strategy of virtual network, thus avoid the management of Change impact to virtual network of network configuration.In addition, the technical scheme that the present embodiment provides can provide reliably for multiple tenant, safe and extendible network, realize the access control behavior between virtual machine and the external world by arranging access control policy, virtual machine in same security domain has identical access strategy to external world, thus realizes the division of security domain.Simultaneously, the technical scheme that the present embodiment provides can also realize various level access control by the access control policy arranging different brackets, thus the fine-granularity access control realized between security domain and within security domain, thus the cost that cloud service provider provides services on the Internet to tenant can be reduced.
Be understandable that, the illustrative embodiments that above execution mode is only used to principle of the present invention is described and adopts, but the present invention is not limited thereto.For those skilled in the art, without departing from the spirit and substance in the present invention, can make various modification and improvement, these modification and improvement are also considered as protection scope of the present invention.
Claims (10)
1. an access control method, is characterized in that, comprising:
Step S1, cloud security administrative unit form multiple security domain according to the first access control policy preset among virtual network, and described security domain comprises at least one virtual machine, and described cloud security administrative unit is arranged in cloud computing virtual network;
Step S2, TSM Security Agent unit form the second access control policy according to described first access control policy, described TSM Security Agent unit is arranged in physical host, described second access control policy is for the control that conducts interviews to the virtual machine in described physical host, and described cloud security administrative unit is connected with described TSM Security Agent unit.
2. access control method according to claim 1, is characterized in that, described step S2 comprises:
Form the 3rd access control policy according to described first access control policy, described 3rd access control policy is for the control that conducts interviews to the communication between the virtual machine in same security domain;
Form the 4th access control policy according to described first access control policy, described 4th access control policy is used for conducting interviews to the communication between the virtual machine in a security domain and the virtual machine in another security domain controlling.
3. access control method according to claim 1, is characterized in that, described step S2 comprises:
Form the 5th access control policy according to described first access control policy, described 5th access control policy is for the control that conducts interviews to the communication between the virtual machine in same physical host;
Form the 6th access control policy according to described first access control policy, described 6th access control policy is used for conducting interviews to the communication between the virtual machine in a physical host and the virtual machine in another physical host controlling.
4. access control method according to claim 1, is characterized in that, described step S1 comprises:
Change described first access control policy;
Multiple security domain is formed according to the first access control policy after changing.
5. access control method according to claim 4, is characterized in that, described step S2 comprises:
Monitor the state of described first access control policy;
The second new access control policy is formed according to the first access control policy after change when described first access control policy changes.
6. an access control system, it is characterized in that, comprise cloud security administrative unit and TSM Security Agent unit, described cloud security administrative unit is arranged in cloud computing virtual network, described TSM Security Agent unit is arranged in physical host, and described cloud security administrative unit is connected with described TSM Security Agent unit;
The first access control policy that described cloud security administrative unit is used for according to presetting forms multiple security domain among virtual network, and described security domain comprises at least one virtual machine;
Described TSM Security Agent unit is used for forming the second access control policy according to described first access control policy, and described second access control policy is for the control that conducts interviews to the virtual machine in described physical host.
7. access control system according to claim 6, is characterized in that, described TSM Security Agent unit comprises the first TSM Security Agent module and the second TSM Security Agent module;
Described first TSM Security Agent module is used for forming the 3rd access control policy according to described first access control policy, and described 3rd access control policy is for the control that conducts interviews to the communication between the virtual machine in same security domain;
Described second TSM Security Agent module is used for forming the 4th access control policy according to described first access control policy, and described 4th access control policy is used for conducting interviews to the communication between the virtual machine in a security domain and the virtual machine in another security domain controlling.
8. access control system according to claim 6, is characterized in that, described TSM Security Agent unit comprises the 3rd TSM Security Agent module and the 4th TSM Security Agent module;
Described 3rd TSM Security Agent module is used for forming the 5th access control policy according to described first access control policy, and described 5th access control policy is for the control that conducts interviews to the communication between the virtual machine in same physical host;
Described 4th TSM Security Agent module is used for forming the 6th access control policy according to described first access control policy, and described 6th access control policy is used for conducting interviews to the communication between the virtual machine in a physical host and the virtual machine in another physical host controlling.
9. access control system according to claim 6, is characterized in that, described cloud security administrative unit comprises change module and first and forms module, and described change module and described first forms model calling;
Described change module is for changing described first access control policy;
Described first forms module for forming multiple security domain according to the first access control policy after change.
10. access control system according to claim 9, is characterized in that, described TSM Security Agent unit comprises monitoring modular and second and forms module, and described monitoring modular and described second forms model calling;
Described monitoring modular is for monitoring the state of described first access control policy;
Described second forms module is used for forming the second new access control policy when described first access control policy changes according to the first access control policy after change.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511024577.7A CN105491061A (en) | 2015-12-30 | 2015-12-30 | Access control system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511024577.7A CN105491061A (en) | 2015-12-30 | 2015-12-30 | Access control system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105491061A true CN105491061A (en) | 2016-04-13 |
Family
ID=55677775
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511024577.7A Pending CN105491061A (en) | 2015-12-30 | 2015-12-30 | Access control system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105491061A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105827663A (en) * | 2016-06-02 | 2016-08-03 | 中国联合网络通信集团有限公司 | Access control method and system |
CN109246136A (en) * | 2016-08-25 | 2019-01-18 | 杭州数梦工场科技有限公司 | A kind of message control method and device |
CN109254831A (en) * | 2018-09-06 | 2019-01-22 | 山东师范大学 | Virtual machine network method for managing security based on cloud management platform |
CN110474913A (en) * | 2019-08-20 | 2019-11-19 | 福建伊时代信息科技股份有限公司 | Virtualization means of defence and terminal under a kind of cloud environment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102307246A (en) * | 2010-09-25 | 2012-01-04 | 广东电子工业研究院有限公司 | Protection system and method for secure communication among virtual machines based on cloud computing |
CN102707985A (en) * | 2011-03-28 | 2012-10-03 | 中兴通讯股份有限公司 | Access control method and system for virtual machine system |
CN102843387A (en) * | 2011-06-20 | 2012-12-26 | 倪海宇 | Cloud computing safety control platform based on safety classification |
-
2015
- 2015-12-30 CN CN201511024577.7A patent/CN105491061A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102307246A (en) * | 2010-09-25 | 2012-01-04 | 广东电子工业研究院有限公司 | Protection system and method for secure communication among virtual machines based on cloud computing |
CN102707985A (en) * | 2011-03-28 | 2012-10-03 | 中兴通讯股份有限公司 | Access control method and system for virtual machine system |
CN102843387A (en) * | 2011-06-20 | 2012-12-26 | 倪海宇 | Cloud computing safety control platform based on safety classification |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105827663A (en) * | 2016-06-02 | 2016-08-03 | 中国联合网络通信集团有限公司 | Access control method and system |
CN109246136A (en) * | 2016-08-25 | 2019-01-18 | 杭州数梦工场科技有限公司 | A kind of message control method and device |
CN109246136B (en) * | 2016-08-25 | 2020-12-04 | 杭州数梦工场科技有限公司 | Message control method and device |
CN109254831A (en) * | 2018-09-06 | 2019-01-22 | 山东师范大学 | Virtual machine network method for managing security based on cloud management platform |
CN109254831B (en) * | 2018-09-06 | 2020-05-29 | 山东师范大学 | Virtual machine network security management method based on cloud management platform |
CN110474913A (en) * | 2019-08-20 | 2019-11-19 | 福建伊时代信息科技股份有限公司 | Virtualization means of defence and terminal under a kind of cloud environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103618621B (en) | A kind of software defined network SDN method of automatic configuration, equipment and system | |
CN106713406B (en) | Method and system for accessing slice network | |
CN105190558B (en) | For creating the method and system of logical resource | |
CN104579732B (en) | Virtualize management method, the device and system of network function network element | |
US9298515B2 (en) | Methods, systems, and computer readable media for providing a virtualized diameter network architecture and for routing traffic to dynamically instantiated diameter resource instances | |
US10057109B2 (en) | Defining interdependent virtualized network functions for service level orchestration | |
CN105812260B (en) | A kind of method, apparatus and system that control mac address forwarding table is sent | |
CN105939290B (en) | A kind of method and device for distributing resource | |
WO2016206456A1 (en) | Physical machine upgrading method, service migration method and apparatus | |
CN105095317B (en) | Distributed data base service management system | |
CN103368768A (en) | Automatically scaled network overlay with heuristic monitoring in hybrid cloud environment | |
US9331891B2 (en) | Virtual consolidated appliance | |
CN105760214A (en) | Equipment state and resource information monitoring method, related equipment and system | |
CN105159775A (en) | Load balancer based management system and management method for cloud computing data center | |
CN104202264A (en) | Carrying resource allocation method for clouded data center network, device and system | |
CN103078965B (en) | The IP address management method of virtual machine | |
CN103369027A (en) | Location-aware virtual service provisioning in a hybrid cloud environment | |
CN105554178B (en) | A kind of method, gateway and the system of address distribution | |
CN105491061A (en) | Access control system and method | |
CN106293934A (en) | A kind of cluster system management optimization method and platform | |
CN102437933A (en) | Fault tolerance system and method of server | |
CN110661641B (en) | Virtual network function VNF deployment method and device | |
CN104486103A (en) | Message transmission method and equipment | |
CN107920117B (en) | Resource management method, control equipment and resource management system | |
CN103152239A (en) | Open VSwitch-based virtual network implementation method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160413 |
|
RJ01 | Rejection of invention patent application after publication |