CN105893849A - Method for distributing patches under virtualization platform - Google Patents
Method for distributing patches under virtualization platform Download PDFInfo
- Publication number
- CN105893849A CN105893849A CN201610192909.0A CN201610192909A CN105893849A CN 105893849 A CN105893849 A CN 105893849A CN 201610192909 A CN201610192909 A CN 201610192909A CN 105893849 A CN105893849 A CN 105893849A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- patch
- virtual
- distributing
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for distributing patches under a virtualization platform. The virtualization platform is established on a host machine and internally provided with a virtual machine. The method includes the following steps of S1, installing a security virtual machine on the host machine, establishing an nginx server on the security virtual machine, configuring a backward agency module and a cache module of the nginx server, and connecting the nginx server with a patch server; S2, requiring patch data from the security virtual machine through the virtual machine by means of security agency; S3, distributing the patch data to the virtual machine through the security virtual machine by means of the nginx server. In the virtualization environment, the method is used for providing comprehensive, rapid and efficient patch distributing method for the virtual machine under a Windows operation system, the influences of patch distribution on network loads are reduced, the occupation of network wideband is reduced, and the potential security hazards caused when patches are not distributed in time and bugs can not be fixed are avoided.
Description
Technical field
The present invention relates to the virtual machine technique under virtual platform, specifically for, relate to a kind of empty
Method for distributing patch under planization platform.
Background technology
Under virtualized environment, such as Windows system, known to the virtual machine of Windows system
The reparation of leak is still that the important step that security protection and virtual machine are reinforced, and patch distribution is leak
The premise repaired.
At present, the leak reparation of virtualized environment is still the reparation continuing to use traditional physical computer system
Mode, i.e. the leak reparation of Windows system terminal depends on the centralized management of management and control end, in portion
Under the agency being deployed in terminal coordinates, carry out patch distribution to terminal one by one, then complete repairing of leak
Return to work work.But, the leak reparation of virtualized environment is continued to use traditional mode and be there are problems.
Under virtual platform, a physics host can dispose multiple virtual machine, in whole production
Up to ten million virtual machines may be disposed under environment.Therefore, traditional leak repair mode does not only have
Make full use of feature and the advantage of Intel Virtualization Technology, and the as easy as rolling off a log experience affecting virtual machine,
Even there is potential safety hazard.Mainly show as following 2 points:
One, management and control end is that substantial amounts of virtual machine carries out patch distribution one by one, takies a large amount of network bandwidth,
This can have a strong impact on network performance, even produces network storm, affects the experience of virtual machine;
Two, traditional leak repair mode cannot be for virtual machine or the virtual machine being in off-mode
Template carries out patch distribution so that these virtual machines not obtaining patch or virtual machine template
Potential safety hazard.
Therefore, on the impact of virtual machine experience when how to avoid patch to distribute, how patch is avoided
The potential safety hazard that distribution may bring, becomes those skilled in the art's problem demanding prompt solution and research
Emphasis.
Summary of the invention
Take the substantial amounts of network bandwidth for solving patch distribution in existing virtualized environment, may bring
The problems such as potential safety hazard, the invention discloses method for distributing patch under a kind of virtual platform, it is to avoid big
Take the network bandwidth to amount, improve network performance, it is to avoid the potential safety hazard may brought during patch distribution.
For realizing above-mentioned technical purpose, the invention discloses method for distributing patch under a kind of virtual platform,
Building virtual platform on host, be provided with virtual machine in virtual platform, the method also includes
Following steps,
S1: install secure virtual machine on host, build nginx server on secure virtual machine,
The reverse proxy module of configuration nginx server and cache module, nginx server and patch service
Device connects;
S2: virtual machine asks patch data by TSM Security Agent to secure virtual machine;
S3: secure virtual machine distributes patch data by nginx server to virtual machine.
By above-mentioned method for distributing patch, the present invention will pass through management and control end to substantial amounts of virtual machine simultaneously
Distribution patch is changed into be distributed to the virtual machine being deployed on same host by secure virtual machine
Patch, the nginx server of each secure virtual machine is merely responsible for several virtual machine, and all of safety is empty
Plan machine completes patch distribution work.The present invention is exchanged by the data within host, instead of big portion
Divide the data exchange depending on physical network, thus significantly reduce offered load, greatly subtract
The little patch distribution consumption to network performance.
Further, in step S2, if virtual machine is in virtual machine template state, safety is empty
Virtual machine template is remotely converted into virtual machine by plan machine by Intel Virtualization Technology, and is allowed to be in start shape
State, then virtual machine asks patch data by TSM Security Agent to secure virtual machine.
The present invention passes through Intel Virtualization Technology, it is simple to the remotely conversion between Control architecture and virtual machine, with
Complete patch distribution work, make protection gap controlled, it is to avoid because of virtual machine is converted into template and cannot
Carry out patch and distribute the potential safety hazard brought.
Further, in step S2, if virtual machine is in off-mode, secure virtual machine passes through
Intel Virtualization Technology carries out remote opening operation, and then virtual machine please to secure virtual machine by TSM Security Agent
Seek patch data.
The present invention passes through Intel Virtualization Technology, it is simple to remotely virtual machine is carried out switching on and shutting down operation, to complete
Patch distribution work, makes protection gap controlled, it is to avoid be in off-mode for a long time because of virtual machine and nothing
Method carries out patch and distributes the potential safety hazard brought.
Further, in step S3, if the cache module storage of nginx server has patch number
According to, then secure virtual machine distributes patch to virtual machine;If the cache module of nginx server is of no help
Fourth data, then ask patch data by the reverse proxy module of nginx server to patch server,
And patch data is stored to cache module.
If secure virtual machine is cached with corresponding patch data, directly carry out patch distribution;If peace
Full virtual machine not yet caches corresponding patch data, by the reverse proxy function of nginx by patch number
It is redirected to deposit the patch server of patch data according to request, and caches from patch server download
Patch data.Virtual machine can send patch by the proxy module of its internal configuration to secure virtual machine
Request, secure virtual machine accept request after and nginx server buffer module internal memory thereon contain
Patch data, then distribute patch to virtual machine.
Further, if the cache module storage of nginx server has patch data, secure virtual
Machine distributes patch data to virtual machine by the way of host internal exchange of data.
Further, in the cache module of nginx server, storage has patch data.
Further, in step S2, the TSM Security Agent module of configuration virtual machine, virtual machine is by peace
Full Proxy module asks patch data to secure virtual machine.
Further, a secure virtual machine installed by every host.
Further, at least two virtual machines on host, a secure virtual machine is at least two
Virtual machine distribution patch.
Further, in patch server is the webserver of external network platform or virtual platform
Server.
The invention have the benefit that in virtualized environment, the present invention is for operating for Windows
Virtual machine under system provides comprehensively, method for distributing patch fast and efficiently, reduces patch distribution right
The impact of offered load, the network bandwidth is taken, it is to avoid because patch distribution cannot be carried out Lou not in time
The potential safety hazard that hole is repaired and brought.
Accompanying drawing explanation
Fig. 1 is the flow chart of method for distributing patch under virtual platform.
Fig. 2 is the schematic diagram of method for distributing patch under virtual platform.
Detailed description of the invention
Below in conjunction with Figure of description, method for distributing patch under virtual platform of the present invention is carried out in detail
Explanation and explanation.
As shown in Figure 1, 2, the invention provides method for distributing patch under a kind of virtual platform,
Dispose virtual platform on host, virtual machine is installed, in virtual platform on host at least
Two virtual machines, a secure virtual machine is that at least two virtual machine distributes patch.The method also includes
Following steps:
S1: separately installed secure virtual machine on host, builds nginx on this secure virtual machine
Server, installs, configures nginx server, mainly includes the reverse generation configuring nginx server
Reason module and cache module, make nginx server have reverse proxy and caching function, and nginx takes
Business device is connected with patch server, disposes secure virtual machine proxy module, it is achieved virtual in virtual machine
Machine TSM Security Agent function;In the present embodiment, every host installs a secure virtual machine, configuration
In the cache module of nginx server, storage has patch data, and this patch data can be beforehand through patch
Server obtains, it is possible to be stored in cache module by patch data by other means.
S2: virtual machine asks patch data by TSM Security Agent to secure virtual machine;More specifically,
The present invention configures the TSM Security Agent module of virtual machine, and virtual machine passes through TSM Security Agent module to secure virtual
Machine request patch data.
Now it is considered as following situation:
If virtual machine is in virtual machine template state, by secure virtual machine remotely by virtual machine mould
Plate is converted into virtual machine, and is allowed to be in open state, and then virtual machine is by the generation of its internal configuration
Reason module is to secure virtual machine request distribution patch data, and finally, secure virtual machine is taken by nginx
Business device distributes patch to virtual machine.
If virtual machine is in off-mode, secure virtual machine carries out remote opening by Intel Virtualization Technology
Operation, then virtual machine asks distribution patch by the proxy module of its internal configuration to secure virtual machine
Data, then nginx server distributes patch to virtual machine.
S3: secure virtual machine distributes patch data by nginx server to virtual machine, and nginx takes
Business device sends patch request, and the patch storage that will obtain by reverse proxy module to patch server
In cache module, now it is considered as following situation:
If the cache module storage of secure virtual machine has patch data, then nginx server directly to
Virtual machine distribution patch;Nginx server of the present invention eliminates the reliance on physics to the patch distribution of virtual machine
Network, be directly distributed by host internal exchange of data, it is to avoid takies the network bandwidth,
Improve network speed, improve Consumer's Experience.
If cache module is without patch data, then by the reverse proxy module of nginx server to benefit
Fourth server request patch data, and patch data is stored to cache module.
The innovative point of the present invention is to use the secure virtual machine installing nginx server, passes through
The reverse proxy function of nginx and caching function reduce offered load, make protection by Intel Virtualization Technology
Gap is controlled.The secure virtual machine of the present invention is understood as one and remotely can be grasped by Intel Virtualization Technology
Virtual machine or masterplate under control virtual platform, and it is mainly used in the virtual machine of patch distribution, host should
It is interpreted as disposing virtual platform, there is configuration Windows or the thing of other operating system virtual machines
Reason computer or a physical node, patch server, should as the server of storage patch data
Server may be the webserver of external network platform, it is also possible to for the server under virtual environment.
The secure virtual machine of the present invention stores a certain amount of patch data within a certain period of time, when patch data is complete
After part sends out, again can ask patch data to patch server.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all
Any amendment, equivalent and the simple modifications etc. made in flesh and blood of the present invention, should be included in
Within protection scope of the present invention.
Claims (10)
1. a method for distributing patch under virtual platform, builds virtual platform on host,
Virtual machine is installed in virtual platform, it is characterised in that: the method also comprises the steps,
S1: install secure virtual machine on host, build nginx server on secure virtual machine,
The reverse proxy module of configuration nginx server and cache module, nginx server and patch service
Device connects;
S2: virtual machine asks patch data by TSM Security Agent to secure virtual machine;
S3: secure virtual machine distributes patch data by nginx server to virtual machine.
Method for distributing patch under virtual platform the most according to claim 1, it is characterised in that:
In step S2, if virtual machine is in virtual machine template state, secure virtual machine is by virtualization
Virtual machine template is remotely converted into virtual machine by technology, and is allowed to be in open state, then virtual machine
Patch data is asked to secure virtual machine by TSM Security Agent.
Method for distributing patch under virtual platform the most according to claim 2, it is characterised in that:
In step S2, if virtual machine is in off-mode, secure virtual machine is carried out by Intel Virtualization Technology
Remote opening operates, and then virtual machine asks patch data by TSM Security Agent to secure virtual machine.
4. according to method for distributing patch under the virtual platform described in claim 1 or 3, its feature
It is: in step S3, if the cache module storage of nginx server has patch data, then pacifies
Full virtual machine distributes patch to virtual machine;If the cache module of nginx server is without patch data,
Then ask patch data by the reverse proxy module of nginx server to patch server, and will mend
Fourth data store to cache module.
Method for distributing patch under virtual platform the most according to claim 4, it is characterised in that:
If the cache module storage of nginx server has patch data, secure virtual machine is by host
The mode of portion's data exchange distributes patch data to virtual machine.
Method for distributing patch under virtual platform the most according to claim 1, it is characterised in that:
In the cache module of nginx server, storage has patch data.
Method for distributing patch under virtual platform the most according to claim 1, it is characterised in that:
In step S2, the TSM Security Agent module of configuration virtual machine, virtual machine passes through TSM Security Agent module to peace
Full virtual machine request patch data.
8., according to method for distributing patch under the virtual platform described in claim 1,2 or 3, it is special
Levy and be: a secure virtual machine installed by every host.
Method for distributing patch under virtual platform the most according to claim 8, it is characterised in that:
At least two virtual machines on host, a secure virtual machine is that at least two virtual machine distributes patch.
Method for distributing patch under virtual platform the most according to claim 1, it is characterised in that:
Patch server is the server in the webserver of external network platform or virtual platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610192909.0A CN105893849B (en) | 2016-03-30 | 2016-03-30 | Method for distributing patch under a kind of virtual platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610192909.0A CN105893849B (en) | 2016-03-30 | 2016-03-30 | Method for distributing patch under a kind of virtual platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105893849A true CN105893849A (en) | 2016-08-24 |
| CN105893849B CN105893849B (en) | 2019-06-21 |
Family
ID=57014443
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610192909.0A Active CN105893849B (en) | 2016-03-30 | 2016-03-30 | Method for distributing patch under a kind of virtual platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105893849B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266822A (en) * | 2019-07-23 | 2019-09-20 | 浪潮云信息技术有限公司 | A kind of shared implementation of load balancing based on nginx |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999369A (en) * | 2012-12-25 | 2013-03-27 | 杭州华三通信技术有限公司 | Method and device for upgrading virtual machines |
| US20130268763A1 (en) * | 2011-08-09 | 2013-10-10 | CloudPassage, Inc. | Systems and methods for implementing security in a cloud computing environment |
| CN104504339A (en) * | 2014-12-24 | 2015-04-08 | 北京奇虎科技有限公司 | Virtualization security detection method and system |
-
2016
- 2016-03-30 CN CN201610192909.0A patent/CN105893849B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130268763A1 (en) * | 2011-08-09 | 2013-10-10 | CloudPassage, Inc. | Systems and methods for implementing security in a cloud computing environment |
| CN102999369A (en) * | 2012-12-25 | 2013-03-27 | 杭州华三通信技术有限公司 | Method and device for upgrading virtual machines |
| CN104504339A (en) * | 2014-12-24 | 2015-04-08 | 北京奇虎科技有限公司 | Virtualization security detection method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266822A (en) * | 2019-07-23 | 2019-09-20 | 浪潮云信息技术有限公司 | A kind of shared implementation of load balancing based on nginx |
| CN110266822B (en) * | 2019-07-23 | 2022-02-25 | 浪潮云信息技术股份公司 | Shared load balancing implementation method based on nginx |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105893849B (en) | 2019-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI705336B (en) | Equipment and method for supporting online upgrade | |
| CN103034527B (en) | Hybrid virtualization cloud computing resources optimal control method and system | |
| CN101950253B (en) | Method for upgrading optical module firmware in optical network unit by utilizing WEB webpage interface | |
| CN113742031B (en) | Node state information acquisition method and device, electronic equipment and readable storage medium | |
| CN105553741A (en) | Automatic deployment method for application system based on cloud computing | |
| CN108089913B (en) | Virtual machine deployment method of super-fusion system | |
| CN106055388A (en) | Cloud platform application automatic deployment framework | |
| CN202918339U (en) | Ground test-launch-control system of carrier rocket based on cloud computing | |
| CN103457933A (en) | System and method for dynamically configuring virtual machine migration security policy | |
| CN108712296A (en) | One kind being based on distributed daily record monitoring device and method | |
| CN103853585A (en) | Method for implementing centralized management of versions through cloud | |
| CN106559484A (en) | The method that instance system exempts from installation and operation application | |
| CN106557347A (en) | Oftware updating method and device | |
| CN103036855A (en) | Achievement device and method of authority management | |
| CN103077034B (en) | hybrid virtualization platform JAVA application migration method and system | |
| CN107391256A (en) | A kind of relay protection fixed value setting computing architecture and method based on cloud computing technology | |
| CN106708573A (en) | System and method used for automatic installation of Hadoop cluster | |
| CN105430096A (en) | Automatic installation method and device for parallel file system | |
| CN111158752A (en) | SAAS multi-version control system and use method thereof | |
| CN104318091A (en) | Moonlet ground testing method based on virtualization computer system | |
| CN103428288B (en) | Based on the copies synchronized method of subregion state table and coordinator node | |
| CN105404530A (en) | System and method for realizing simple deployment and using private cloud | |
| CN105893849A (en) | Method for distributing patches under virtualization platform | |
| CN108509230B (en) | High-precision intelligent gray scale release system | |
| CN105262604A (en) | Virtual machine migration method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |