CN106844004A - Based on safety protecting method and system under virtualized environment - Google Patents
Based on safety protecting method and system under virtualized environment Download PDFInfo
- Publication number
- CN106844004A CN106844004A CN201611242625.4A CN201611242625A CN106844004A CN 106844004 A CN106844004 A CN 106844004A CN 201611242625 A CN201611242625 A CN 201611242625A CN 106844004 A CN106844004 A CN 106844004A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- migration
- protection
- data
- security protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of safety protecting method and system based under virtualized environment.Wherein method includes:The source physical host from where it is needed to move to purpose physical host when there is virtual machine, and the source secure virtual machine of source physical host to need migration migration virtual machine perform security protection event when, migration virtual machine obtains the protection progress msg of security protection event from the secure virtual machine of source, and the corresponding data to be protected of security protection event are obtained from the physical memory space of source;After migration virtual machine (vm) migration to purpose physical host, migration virtual machine is by the purpose secure virtual machine for protecting progress msg to be sent to purpose physical host, while data to be protected to be write the purpose physical memory space of purpose physical host;After purpose secure virtual machine receives protection progress msg, security protection is proceeded to the data to be protected in write-in purpose physical memory space according to protection progress msg.Its uninterrupted security protection that can realize virtual machine (vm) migration.
Description
Technical field
The present invention relates to technical field of virtualization, more particularly to based on the safety protecting method under virtualized environment and it is
System.
Background technology
With the extensive use of hardware virtualization technology, multiple operation systems can be simultaneously run on a physical host
System, it is mutually isolated between operating system so that the management to hardware facility is more efficient, flexible and saves.For example:To can provide
Virtual machine (vm) migration on source occupancy physical host high on the low physical host of resources occupation rate, so as to reach resource
Reasonable distribution;Or all move on other physical hosts virtual machine on the low physical host of resources occupation rate, and
This TV station physical host is closed so as to reach the effect of energy-conservation.But the security threat for so being faced in legacy operating system deployment
Problem, can also face during the deployment of virtualization.
In order to solve the problems, such as secure virtual machine under virtualized environment, traditional solution is each on every physical host
A set of protection capacity of safety protection software is disposed in individual virtual machine, so as to the security protection for reaching with installed in General Physics hands- operation system
Software has identical function.But a set of security protection product, meeting are all disposed in the multiple virtual machines on Same Physical main frame
Cause the occupancy to computing resource and storage resource.In order to virtual machine repeats deployment protection capacity of safety protection software in mitigating virtualized environment
Cause to computing resource and the occupancy of storage resource, can be by the way of a kind of light agency, light agent way is to prevent safety
Most of inquiry data in shield software are processed in moving on to private clound or public cloud, and the safety of bottom line is only retained in virtual machine
Engine service data, but the data in protection capacity of safety protection software are moved on into cloud server, virtual machine is needed when security engine is carried out
Take certain network bandwidth and the response speed to network environment has certain requirement.
Can solve above-mentioned all to dispose one on each virtual machine of physical host using the mode protected without agent security
Set protection capacity of safety protection software can cause the occupancy of resource and can have the problem of certain requirement to network environment using light agent way,
But it is protection capacity of safety protection software to be disposed on a certain virtual machine of physical host (it is anti-that this is deployed with safety without agent security protection method
The virtual machine for protecting software is secure virtual machine), and for each virtual machine run on the physical host all configures respective virtual
Internal memory, each virtual memory all corresponds to Same Physical memory headroom, so when secure virtual machine does not have deployment secure to prevent other
The virtual machine for protecting software carries out security protection, and the virtual machine that this is protected is again from present physical host migration to other physics
During main frame, after the virtual machine (vm) migration that these are protected to new physical host, because its own does not possess function of safety protection, and
The virtual machine that the secure virtual machine on physical host originally can not continue to protect this carries out security protection, therefore safety
Protection will stop, and the virtual machine that these are protected will again face security threat problem.
The content of the invention
Based on this, it is necessary to virtual for what is protected in physical host of traditional use without agent security protection method
Machine can not continue by protection question when moving to another physical host from a physical host, there is provided one kind is based on virtualized environment
Under safety protecting method and system, can make using being protected in the physical host without agent security protection method
When virtual machine is migrated, the virtual machine for being protected this incessantly carries out security protection.
To reach goal of the invention, there is provided a kind of safety protecting method based under virtualized environment, methods described includes:
The source physical host from where it is needed to move to purpose physical host, and the source physical host when there is virtual machine
Migration virtual machine of the source secure virtual machine to needing migration when performing security protection event, the migration virtual machine is from institute
State the protection progress msg that the security protection event is obtained in the secure virtual machine of source, and from the source physics of the source physical host
The corresponding data to be protected of the security protection event are obtained in memory headroom;
When the migration virtual machine (vm) migration is to after the purpose physical host, it is described migrate virtual machine by it is described protect into
Degree information is sent to the purpose secure virtual machine of the purpose physical host, while the data to be protected are write into the purpose
The purpose physical memory space of physical host;
After the purpose secure virtual machine receives the protection progress msg, according to the protection progress msg to write-in
The data to be protected in the purpose physical memory space proceed security protection.
Wherein in one embodiment, the source physical host that ought have virtual machine needs from where it moves to purpose thing
Reason main frame, and the source secure virtual machine of the source physical host performs security protection thing to the migration virtual machine that needs are migrated
During part, the migration virtual machine obtains the protection progress msg of the security protection event from the source secure virtual machine, and
The step of corresponding data to be protected of the security protection event are obtained from the source physical memory of the source physical host includes:
The source physical host from where it is needed to move to purpose physical host, and the source physical host when there is virtual machine
Source secure virtual machine to need migration the migration virtual machine perform security protection event when, the migration virtual machine
Migration pause instruction is sent to the source secure virtual machine;
After the source secure virtual machine receives the migration pause instruction, stop described to the migration virtual machine execution
Security protection event, and the protection progress msg of the security protection event is sent to the migration virtual machine;
The migration virtual machine receives the protection progress msg, and the protection progress msg is stored in into local disk point
Qu Zhong, and the corresponding data to be protected of the security protection event are obtained from the source physical memory space;
Wherein, described is the data after carrying out Partial security protection by the source secure virtual machine wait data are protected.
It is described after the migration virtual machine (vm) migration to the purpose physical host wherein in one embodiment, institute
State migration virtual machine and the protection progress msg is sent to the purpose secure virtual machine of the purpose physical host, while by institute
Stating the step of data to be protected write the purpose physical memory space of the purpose physical host includes:
When the migration virtual machine (vm) migration is to after the purpose physical host, it is described migrate virtual machine set up its with it is described
Mapping relations between purpose physical memory space;
It is empty that the protection progress msg is sent to the purpose safety by the migration virtual machine according to the mapping relations
Plan machine, and the data to be protected according to the mapping relations to write-in in the purpose physical memory space.
Wherein in one embodiment, it is set up between the purpose physical memory space in the migration virtual machine
After the step of mapping relations, also include:
The migration virtual machine is according to the protection progress msg and the data to be protected in the purpose physical host
Upper generation migration protection event, and the migration security protection event is sent to the purpose safety as security protection event
Virtual machine;
The purpose secure virtual machine receives the security protection event that the migration virtual machine sends, by the safety
The task identification information of the security protection event is extracted in protection event, and is locally remembered according to the task identification information inquiry
Record;
If the purpose secure virtual machine inquire in the local record exist it is identical with the task identification information
Local task identification information, it is determined that the security protection event be not it is described migration protection event;
If the purpose secure virtual machine does not exist and the task identification information phase in inquiring the local record
Same local task identification information, it is determined that the security protection event is the migration protection event, and performs the migration
The protection progress msg is sent to the purpose secure virtual machine by virtual machine according to the mapping relations, and is reflected according to described
The step of relation is penetrated to the data to be protected are write in the purpose physical memory space.
Wherein in one embodiment, after the purpose secure virtual machine receives the protection progress msg, according to institute
State protection progress msg and security protection is proceeded to data to be protected described in writing in the purpose physical memory space
Step includes:
The purpose secure virtual machine receives the protection progress msg, and is not prevented by being extracted in the protection progress msg
Shield data message;
The purpose secure virtual machine does not protect data message in the write-in purpose physical memory space according to
Data protect be analyzed, obtain described in do not protect data in data to be protected;
The purpose secure virtual machine does not protect the data to carry out security protection to described, and the result of security protection is fed back
To the virtual machine after the migration.
Wherein in one embodiment, after the purpose secure virtual machine receives the protection progress msg, according to institute
State protection progress msg and security protection is proceeded to data to be protected described in writing in the purpose physical memory space
Step also includes:
The purpose secure virtual machine receives the protection progress msg, and has been prevented by being extracted in the protection progress msg
Shield data message;
The purpose secure virtual machine has protected data message in the write-in purpose physical memory space according to
Data protect be analyzed, obtain described in protection data in data to be protected;
The purpose secure virtual machine has protected data to be deleted from the purpose physical memory space by described.
The present invention also provides a kind of security protection system based under virtualized environment, and the system at least includes source physics
Main frame and purpose physical host, the source physical host include source secure virtual machine, and the purpose physical host includes mesh
Secure virtual machine, needed in the physical host of source migration migration virtual machine can move to the mesh from the source physical host
Physical host;The migration virtual machine includes acquisition module and sends writing module;The purpose secure virtual machine includes peace
Full protection module, wherein:
The acquisition module, has the source physical host of the virtual machine needs from where it to move to the purpose for working as
Physical host, and the source secure virtual machine of the source physical host performs security protection to the migration virtual machine that needs are migrated
During event, the protection progress msg of the security protection event is obtained from the source secure virtual machine, and from the source physics
The corresponding data to be protected of the security protection event are obtained in the source physical memory space of main frame;
The transmission writing module, for after the migration virtual machine (vm) migration to the purpose physical host, by institute
The purpose secure virtual machine that protection progress msg is sent to the purpose physical host is stated, while the data to be protected are write
The purpose physical memory space of the purpose physical host;
The safety protection module, for the purpose secure virtual machine receive it is described protection progress msg after, root
Proceed safety to data protect described in writing in the purpose physical memory space according to the protection progress msg to prevent
Shield.
Wherein in one embodiment, the acquisition module includes:
Instruction sending unit, has source physical host of the virtual machine needs from where it to move to purpose physics master for working as
Machine, and the source secure virtual machine of the source physical host performs security protection thing to the migration virtual machine that needs are migrated
During part, migration pause instruction is sent to the source secure virtual machine;
Storage unit is received, for stopping performing the peace according to the migration pause instruction in the source secure virtual machine
After full protection event, the protection progress msg of the security protection event of source secure virtual machine feedback is received, and by institute
Protection progress msg is stated to be stored in local disk subregion;
Acquiring unit, for obtaining the corresponding number to be protected of the security protection event from the source physical memory space
According to, wherein, described is the data after carrying out Partial security protection by the source secure virtual machine wait data are protected.
Wherein in one embodiment, the transmission writing module includes:
Set up unit, for when the migration virtual machine (vm) migration to after the purpose physical host, set up its with it is described
Mapping relations between purpose physical memory space;
Writing unit is sent, for the protection progress msg to be sent into the purpose safety according to the mapping relations
Virtual machine, and the data to be protected according to the mapping relations to write-in in the purpose physical memory space.
Wherein in one embodiment, the transmission writing module also includes:
Generation unit, closes for setting up it in the migration virtual machine with the mapping between the purpose physical memory space
After system, migration protection thing is generated in the purpose physical host according to the protection progress msg and the data to be protected
Part, and the migration security protection event is sent to the purpose secure virtual machine as security protection event;
Query Result receiving unit, for the task in the purpose secure virtual machine in the security protection event
After identification information-enquiry local record, the Query Result of the purpose secure virtual machine is received;If Query Result includes described
Purpose secure virtual machine exists and the local task identification letter of the task identification information identical in inquiring the local record
Breath, it is determined that the security protection event is not the migration protection event;If the purpose secure virtual machine inquires institute
State in locally recording and do not exist and the local task identification information of the task identification information identical, it is determined that the security protection
Event is the migration protection event.
Wherein in one embodiment, the safety protection module includes:
Extraction unit, for receiving the protection progress msg, and does not protect number by being extracted in the protection progress msg
It is believed that ceasing and having protected data message;
Analytic unit, for not protecting data message and described having protected data message to the write-in purpose according to described
Data protect in physical memory space are analyzed, obtain described in not protecting data and do not prevent in data to be protected
Shield data;
Security protection unit, for not protecting the data to carry out security protection to described, and the result of security protection is fed back
To the virtual machine after the migration;
Unit is deleted, for having protected data to be deleted from the purpose physical memory space by described.
Beneficial effects of the present invention include:
Above-mentioned safety protecting method and system based under virtualized environment, when on a certain physical host run by
When the virtual machine of protection is migrated, the source secure virtual machine of physical host of the virtual machine as migration virtual machine from where it
Middle acquisition source secure virtual machine performs the protection progress msg of security protection event, while the thing of the physical host where obtaining it
Data to be protected in reason memory headroom, when on the migration virtual machine (vm) migration to purpose physical host, the migration virtual machine will
Protection progress msg sends the secure virtual machine of purpose physical host to, while data to be protected are write into the purpose physical host
Physical memory space in so that secure virtual machine in purpose physical host continues to move this according to protection progress msg
Moving virtual machine carries out security protection, so as to realize the uninterrupted security protection during virtual machine (vm) migration, it is ensured that virtual machine is being moved
Security during shifting.
Brief description of the drawings
Fig. 1 is one structural representation of the physical host of secure virtual machine of deployment in one embodiment;
Fig. 2 is the schematic flow sheet based on the safety protecting method under virtualized environment in one embodiment;
Fig. 3 is that the process based on virtual machine (vm) migration in the security protection system under virtualized environment in one embodiment is shown
It is intended to;
Fig. 4 is the structural representation based on the security protection system under virtualized environment in one embodiment.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with drawings and Examples pair
The present invention is further elaborated based on the safety protecting method and system under virtualized environment.It should be appreciated that this place
The specific embodiment of description is only used to explain the present invention, is not intended to limit the present invention.
In one embodiment, as shown in Figure 1 and Figure 2, there is provided a kind of security protection side based under virtualized environment
Method, the method is comprised the following steps:
S100, needs the source physical host from where it to move to purpose physical host, and source physics master when there is virtual machine
When migration virtual machine of the source secure virtual machine of machine to needing migration performs security protection event, migration virtual machine is pacified from source
The protection progress msg of security protection event is obtained in full virtual machine, and is obtained from the source physical memory space of source physical host
The corresponding data to be protected of security protection event.
S200, after migration virtual machine (vm) migration to purpose physical host, migration virtual machine will protect progress msg to send
To the purpose secure virtual machine of purpose physical host, while data to be protected to be write the purpose physical memory of purpose physical host
Space.
S300, after purpose secure virtual machine receives protection progress msg, according to protection progress msg to write-in purpose thing
Data to be protected in reason memory headroom proceed security protection.
Wherein, two physical hosts are at least included in the above method, and each physical host is based on " preventing without agent security
Protection mechanism ", referring to Fig. 1, this is referred to without agent security preventing mechanism:Multiple virtual machines are deployed with one physical host, often
To that should have respective virtual memory, each virtual memory corresponds to Same Physical memory headroom to individual virtual machine, in multiple virtual machines
There is the virtual machine of predetermined number for secure virtual machine, remaining is the General Virtual Machine for being configured without protection capacity of safety protection software.It is i.e. same
The shared Same Physical memory headroom of multiple virtual machines in one physical host.Preferably, optionally in multiple virtual machine is
Secure virtual machine.This without agent security preventing mechanism due to the virtual memory correspondence Same Physical memory headroom of each virtual machine,
A physical memory space is shared equivalent to each virtual machine, just can be empty by the physical memory between so multiple virtual machines
Between realize each other direct communication, and there is virtual machine to be configured as secure virtual machine in multiple virtual machines, i.e., from multiple empty
Selected in plan machine the virtual machine of predetermined number by configuration protection capacity of safety protection software, for example:Select resources occupation rate low or physics
Resource big one, two or more virtual machines as secure virtual machine, so as to realize secure virtual machine to other non-security void
The security protection of plan machine.Wherein, task manager be the equal of operate in VMM (Virtual Machine Monitor, virtually
Machine monitor) layer a software, for realizing security protection event and number in Same Physical main frame between each virtual machine
According to transmission, it is equivalent to the communication pipe between each virtual machine.Virtual memory utilizes traditional simulation software (qemu, one
Plant the simulation software for increasing income) the one section of memory space emulation in VMM layer is obtained.VMM be used for each virtual machine is planned,
Deployment, pipeline and optimization, realize the scheduling of each virtual machine, and VMM is when each virtual machine is dispatched using each virtual machine as
Individual scheduling unit, dispatches according to timeslice polling mode.
In the present embodiment based on the safety protecting method under virtualized environment, run on a physical host wherein
Virtual machine needs to move to another physical host, and the virtual machine is used as on migration virtual machine physical host where it
When the secure virtual machine of deployment performs security protection event, the source safety of the physical host that the migration virtual machine can be from where it is empty
Protection progress msg, so when the migration virtual machine (vm) migration is to another physical host, the protection progress msg are obtained in plan machine
Also in moving to purpose physical host with the migration virtual machine, the migration virtual machine will protect progress msg to be sent to purpose
The purpose secure virtual machine of physical host, while the data to be protected that will be obtained from above-mentioned source physical memory space write purpose
In the purpose physical memory space of physical host, so that purpose secure virtual machine can continue to treat according to protection progress msg
Protection data carry out security protection, so as to realize carrying out security protection incessantly during virtual machine (vm) migration, it is ensured that virtual machine
Security in transition process.
It should be noted that the protection progress msg includes the task identification information of security protection event and safety
Quantity of documents information, the start information of the corresponding data to be protected of protection event, have protected label information etc..Wherein, task mark
Knowledge information includes task ID (identification, identity) information.According to protected label information can be readily derived from
In the physical memory space of source obtain data to be protected the data of protection and do not protect data.Task identification information can be unique
Really which full protection event in Dingan County's is.With traditional virtual machine for being provided with protection capacity of safety protection software when secure virtual machine is migrated
Identical, here is omitted.
In one embodiment, step S100 includes:
S110, needs the source physical host from where it to move to purpose physical host, and source physics master when there is virtual machine
When migration virtual machine of the source secure virtual machine of machine to needing migration performs security protection event, migration virtual machine is to described
Source secure virtual machine sends migration pause instruction.
S120, after source secure virtual machine receives migration pause instruction, stops performing security protection thing to migration virtual machine
Part, and the protection progress msg of security protection event is sent to migration virtual machine.
S130, migration virtual machine receives protection progress msg, and protection progress msg is stored in local disk subregion, and
The corresponding data to be protected of security protection event are obtained from the physical memory space of source;Wherein, data to be protected are by source safety
Virtual machine carries out the data after Partial security protection.
When source physical host receives migration task, the migration task includes migrating objects, i.e., will perform migration
The virtual machine of task, and the purpose physical host that the migration virtual machine will be moved to.In source, physical host is appointed according to migration
After migration virtual machine is learnt in business, informing removal virtual machine performs migration task.If the migration virtual machine is by source physics master
When source secure virtual machine on machine performs security protection event, it is temporary that migration virtual machine sends a migration to the source secure virtual machine
Stop instruction, so as to notify that the source secure virtual machine stops performing security protection event to the migration virtual machine, it is to avoid unnecessary
Security protection, reduces the occupancy to the internal memory of source physical host.Meanwhile, the security protection thing that the source secure virtual machine is performed
The protection progress msg of part is sent to migration virtual machine, after migration virtual machine receives protection progress msg, is stored in this earth magnetism
In disk subregion, in order to when virtual machine (vm) migration will be migrated to purpose physical host, protection progress msg be moved to simultaneously
In purpose physical host.To refer to that protection progress msg is stored in migration during protection progress msg has a local disk subregion
In the subregion of disk where virtual machine, the position that driver is able to access that, protection progress letter during convenient migration virtual machine (vm) migration
Breath is migrated therewith.
Preferably, while the protection progress msg that virtual machine reception source secure virtual machine sends is migrated, migration is virtual
Machine obtains the corresponding data to be protected of security protection event also from physical memory space, and the data to be protected are source secure virtual
Machine carries out the data after Partial security protection.So it is possible to prevente effectively from the data to be protected that no Partial security is protected (are moved
Move virtual machine write-in source physical memory space before wait protect data) be written to purpose physical memory space when, purpose safety
The wasting of resources of the Data duplication protection that virtual machine has been protected source secure virtual machine.More preferably, from source thing in the way of snapshot
Reason memory headroom in obtain data protect, i.e., to source physical memory space in data creation snapshot to be protected, when needs exist
Recover in purpose physical memory space when data are protected, using snapshot by the data recovery to be protected in the physical memory space of source
To in purpose physical memory space.Data to be protected are copied into purpose physics from the physical memory space of source using snapshot functions
It is simple and convenient in memory headroom, it is easy to accomplish, and save occupancy when migrating to storage resource.
In one embodiment, step S200 includes:
S210, when migration virtual machine (vm) migration is to after purpose physical host, migration virtual machine set up its with purpose physics in
Deposit the mapping relations between space.
S220, migration virtual machine will protect progress msg to be sent to purpose secure virtual machine according to mapping relations, and according to
Mapping relations in purpose physical memory space to writing data to be protected.
After virtual machine (vm) migration is migrated to purpose physical host, it is in purpose physical host relative to other virtual machines
It is an independent system, is mutually isolated with other virtual machines, does not have the function of data interaction.Accordingly, it would be desirable to set up this
Migration virtual machine in purpose physical host with the communication function of other virtual machines.Specifically, the virtual of migration virtual machine is set up
The mapping relations in the purpose physical memory space of internal memory and purpose physical host, due to the purpose physical memory space with the mesh
The virtual memory of other virtual machines of physical host there are corresponding mapping relations, therefore, set up the virtual of migration virtual machine
After mapping relations between internal memory and purpose physical memory space, just can realize in the migration virtual machine and the purpose physical host
The purpose of other virtual shared Same Physical memory headrooms.Wherein, the purpose physical memory space is in purpose physical host
Shared memory space of one piece of internal memory as each virtual machine is marked off in physical memory.The virtual memory of virtual machine is to use biography
By VMM, (Virtual Machine Monitor, virtual machine is supervised for a kind of simulation software (qemu, simulation software for increasing income) of system
Device) the one section of memory space emulation in layer obtains, its data to be protected for being used to cache each virtual machine.Same Physical main frame
On each virtual machine data interaction each other is realized by physical memory space so that from outside between each virtual machine
Look like mutually transparent.
After step S210, migration virtual machine just can be incited somebody to action according to it with the mapping relations between purpose physical memory space
The protection progress msg of the data to be protected brought during migration virtual machine (vm) migration is sent to purpose secure virtual machine, while being moved
In data the to be protected write-in purpose physical memory space brought during shifting, such secure virtual machine just can be according to protection progress msg
Treat protection data and continue executing with security protection, the uninterrupted of security protection is carried out during realizing virtual machine (vm) migration.
Further, after step S210, including:
S210a, migration virtual machine generates migration according to protection progress msg and data to be protected in purpose physical host
Protection event, and migration security protection event is sent to purpose secure virtual machine as security protection event.
S210b, purpose secure virtual machine receives the security protection event that migration virtual machine sends, by security protection event
The task identification information of security protection event is extracted, and is locally recorded according to task identification information inquiry.
S210c, if purpose secure virtual machine exists and task identification information identical in inquiring the local record
Local task identification information, it is determined that security protection event is not migration protection event.
S210d, if purpose secure virtual machine does not exist and task identification information identical sheet in inquiring local record
Ground task identification information, it is determined that security protection event is the migration protection event, and performs step S220.
After migration virtual machine sets up mapping relations with the purpose memory headroom of purpose physical host, in Same Physical master
The transmission that task manager between each virtual machine is only responsible for event is connected in machine, it is therefore desirable to according to data protect and prevent
Shield progress msg generation migration protection event, and migration protection event is transferred to by mesh from migration virtual machine by task manager
Secure virtual machine so that realize by the protection progress msg of the corresponding security protection event of data to be protected pass to purpose peace
Full virtual machine.After the mapping relations set up between migration virtual machine and purpose physical memory space, except meeting on migration virtual machine
Produce outside migration protection event, it is also possible to produce other security protection events, for example:What the driver element of virtual machine was captured
The security protection event that security protection event (network address access, file modification etc.) or secure virtual machine send according to scan task.
If security protection event is produced in local (purpose physical host), the security protection event is locally recorded when producing
In can record its identification information, otherwise then locally record in there is no the identification information of the security protection event.So, when migration is empty
Plan machine will migrate protection event (also regarding a security protection event as in purpose physical host) and its in locally generated safety
When protection event is all sent to purpose secure virtual machine, purpose secure virtual machine need first to judge the security protection event whether be
Migration protection event, if the security protection event for receiving is migration protection event, purpose secure virtual machine then can basis
The protection progress msg of migration protection event carries out security protection to the data to be protected in write-in purpose physical memory space, from
And the uninterrupted execution of security protection event during virtual machine (vm) migration is realized, purpose secure virtual machine confirms the security protection for receiving
Whether event is migration protection event, can further assure that migration protection event can be smoothed out, and is further ensured that void
The security of plan machine.If the security protection event that purpose secure virtual machine is received is not migration protection event, according to one
As security protection event carry out security protection, it is ensured that migration virtual machine security.
In one embodiment, step S300 includes:
S310, purpose secure virtual machine receives protection progress msg, and does not protect data by being extracted in protection progress msg
Information.
S320, purpose secure virtual machine is protected according to waiting in not protecting data message to write-in purpose physical memory space
Data are analyzed, and obtain not protecting data in data to be protected.
S330, purpose secure virtual machine feeds back to the result of security protection to not protecting the data to carry out security protection
Virtual machine after migration.
Further, step S300 also includes:
S310 ', purpose secure virtual machine receives protection progress msg, and has protected data by being extracted in protection progress msg
Information.
S320 ', purpose secure virtual machine is prevented according to waiting in having protected data message to write-in purpose physical memory space
Shield data are analyzed, and obtain the protection data in data to be protected.
S330 ', purpose secure virtual machine will protect data to be deleted from purpose physical memory space.
Above-mentioned two embodiment is two specific embodiments of step S300, wherein, treat and protect not protecting in data
It is necessary step that data carry out security protection, when it can reduce purpose secure virtual machine to having protected Data duplication to protect pair
The occupancy of resource, and the protection efficiency for treating protection data, efficiently and accurately and save resources can also be improved.And obtain and wait to protect
Protection data in data, and data will have been protected to be deleted from purpose physical memory space, can effectively reduce and protect
Data are the occupancy in physical memory space, improve protection efficiency.
In a specific embodiment, purpose secure virtual machine can obtain data to be protected according to protection progress msg
In protection data, data will have been protected to be deleted from purpose physical memory space, then do not protect data to remaining again
Carry out security protection.The security protection process of purpose secure virtual machine can so be simplified.
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method, can be
The hardware of correlation is instructed to complete by computer program, described program can be stored in a computer read/write memory medium
In, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
In one embodiment, as shown in Figure 3,4, a kind of security protection system based under virtualized environment is additionally provided
System, the system at least includes source physical host and purpose physical host, and source physical host includes source secure virtual machine, purpose thing
Reason main frame includes purpose secure virtual machine, the migration virtual machine of migration is needed in the physical host of source and can be moved from source physical host
Move on to purpose physical host;Migration virtual machine includes acquisition module 100 and sends writing module 200;Purpose secure virtual machine bag
Include safety protection module 300.Wherein:
Acquisition module 100, there is source physical host of the virtual machine needs from where it to move to purpose physics master for working as
Machine, and source physical host source secure virtual machine to need migration migration virtual machine perform security protection event when, from
The protection progress msg of security protection event is obtained in the secure virtual machine of source, and from the source physical memory space of source physical host
Obtain the corresponding data to be protected of security protection event.Writing module 200 is sent, for when migration virtual machine (vm) migration to purpose thing
After reason main frame, by the purpose secure virtual machine for protecting progress msg to be sent to purpose physical host, while will data be protected
Write the purpose physical memory space of purpose physical host.Safety protection module 300, for being received in purpose secure virtual machine
To after protection progress msg, the data to be protected in write-in purpose physical memory space are proceeded according to protection progress msg
Security protection.
In the present embodiment based on the security protection system under virtualized environment, when operation is being on a certain physical host
When the virtual machine for being protected is migrated, the source secure virtual of physical host of the virtual machine as migration virtual machine from where it
The protection progress msg that source secure virtual machine performs security protection event is obtained in machine, while physical host where obtaining it
Data to be protected in physical memory space, when on the migration virtual machine (vm) migration to purpose physical host, the migration virtual machine
Protection progress msg is sent the secure virtual machine of purpose physical host to, while data to be protected are write into purpose physics master
In the physical memory space of machine, so that the secure virtual machine in purpose physical host continues to this according to protection progress msg
Migration virtual machine carries out security protection, so as to realize the uninterrupted security protection during virtual machine (vm) migration, it is ensured that virtual machine exists
Security in transition process.
In one embodiment, acquisition module 100 includes:Instruction sending unit 110, for that ought there is virtual machine to need from it
The source physical host at place moves to purpose physical host, and source physical host source secure virtual machine to needing migration
When migration virtual machine performs security protection event, migration pause instruction is sent to source secure virtual machine.Storage unit 120 is received,
For after source secure virtual machine stops performing security protection event according to migration pause instruction, receiving source secure virtual machine feedback
Security protection event protection progress msg, and will protection progress msg be stored in local disk subregion.Acquiring unit
130, for obtaining the corresponding data to be protected of security protection event from the physical memory space of source, wherein, data to be protected are
Data after Partial security protection are carried out by source secure virtual machine.
In one embodiment, sending writing module 200 includes:Unit 210 is set up, for being arrived when migration virtual machine (vm) migration
After purpose physical host, it is set up with the mapping relations between purpose physical memory space.Writing unit 220 is sent, is used for
Progress msg will be protected to be sent to purpose secure virtual machine according to mapping relations, and it is empty to purpose physical memory according to mapping relations
Between in write data to be protected.
In one embodiment, sending writing module 200 also includes:Generation unit 210a, for being built in migration virtual machine
After it is stood with the mapping relations between purpose physical memory space, according to protection progress msg and data to be protected in purpose thing
Manage and generated on main frame migration protection event, and migration security protection event is sent to purpose safety void as security protection event
Plan machine.Query Result receiving unit 210b, for the task identification letter in purpose secure virtual machine in security protection event
After breath inquiry local record, the Query Result of purpose secure virtual machine is received;If Query Result includes purpose secure virtual machine
Inquire in locally recording and exist and the local task identification information of task identification information identical, it is determined that security protection event is not
It is migration protection event;If purpose secure virtual machine does not exist and task identification information identical sheet in inquiring local record
Ground task identification information, it is determined that security protection event is migration protection event.
In one embodiment, safety protection module 300 includes:Extraction unit 310, for receiving protection progress msg,
And do not protected data message and protected data message by being extracted in protection progress msg.Analytic unit 320, does not prevent for basis
Protect data message and protected data message to be analyzed the data to be protected in write-in purpose physical memory space, treated
Not not protecting data and do not protect data in protection data.Security protection unit 330, for anti-to not protecting data to carry out safety
Shield, and the result of security protection is fed back into the virtual machine after migration.Unit 340 is deleted, for data from purpose will to have been protected
Deleted in physical memory space.
Because the principle of this system solve problem is a kind of similar based on the safety protecting method under virtualized environment to foregoing,
Therefore the implementation of the system may refer to the implementation of preceding method, repeats part and repeats no more.
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality
Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, the scope of this specification record is all considered to be.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed, but simultaneously
Can not therefore be construed as limiting the scope of the patent.It should be pointed out that coming for one of ordinary skill in the art
Say, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (11)
1. a kind of safety protecting method based under virtualized environment, it is characterised in that methods described includes:
When there is virtual machine to need source physical host from where it to move to purpose physical host, and the source physical host source
When migration virtual machine of the secure virtual machine to needing migration performs security protection event, the migration virtual machine is from the source
Obtain the protection progress msg of the security protection event in secure virtual machine, and from the source physical memory of the source physical host
The corresponding data to be protected of the security protection event are obtained in space;
After the migration virtual machine (vm) migration to the purpose physical host, the migration virtual machine believes the protection progress
Breath is sent to the purpose secure virtual machine of the purpose physical host, while the data to be protected are write into the purpose physics
The purpose physical memory space of main frame;
After the purpose secure virtual machine receives the protection progress msg, according to the protection progress msg to described in write-in
The data to be protected in purpose physical memory space proceed security protection.
2. the safety protecting method based under virtualized environment according to claim 1, it is characterised in that described when there is void
Plan machine needs source physical host from where it to move to purpose physical host, and the source physical host source secure virtual machine
When performing security protection event to the migration virtual machine for needing migration, the migration virtual machine is from the source secure virtual machine
The middle protection progress msg for obtaining the security protection event, and obtained from the source physical memory of the source physical host described
The step of security protection event corresponding data to be protected, includes:
When there is virtual machine to need source physical host from where it to move to purpose physical host, and the source physical host source
When the migration virtual machine of the secure virtual machine to needing migration performs security protection event, the migration virtual machine is to institute
State source secure virtual machine and send migration pause instruction;
After the source secure virtual machine receives the migration pause instruction, stop performing the safety to the migration virtual machine
Protection event, and the protection progress msg of the security protection event is sent to the migration virtual machine;
The migration virtual machine receives the protection progress msg, and the protection progress msg is stored in into local disk subregion
In, and the corresponding data to be protected of the security protection event are obtained from the source physical memory space;
Wherein, described is the data after carrying out Partial security protection by the source secure virtual machine wait data are protected.
3. the safety protecting method based under virtualized environment according to claim 1, it is characterised in that described when described
To after the purpose physical host, the migration virtual machine protects progress msg to be sent to institute to migration virtual machine (vm) migration by described
The purpose secure virtual machine of purpose physical host is stated, while the data to be protected to be write the purpose of the purpose physical host
The step of physical memory space, includes:
After the migration virtual machine (vm) migration to the purpose physical host, the migration virtual machine sets up it with the purpose
Mapping relations between physical memory space;
The protection progress msg is sent to the purpose secure virtual machine by the migration virtual machine according to the mapping relations,
And according to the mapping relations in the purpose physical memory space write-in described in data to be protected.
4. the safety protecting method based under virtualized environment according to claim 3, it is characterised in that in the migration
After the step of virtual machine sets up it with mapping relations between the purpose physical memory space, also include:
The migration virtual machine is raw in the purpose physical host according to the protection progress msg and the data to be protected
Into migration protection event, and the migration security protection event is sent to the purpose secure virtual as security protection event
Machine;
The purpose secure virtual machine receives the security protection event that the migration virtual machine sends, by the security protection
The task identification information of the security protection event is extracted in event, and is locally recorded according to the task identification information inquiry;
If the purpose secure virtual machine exists and the task identification information identical sheet in inquiring the local record
Ground task identification information, it is determined that the security protection event is not the migration protection event;
If the purpose secure virtual machine does not exist and the task identification information identical in inquiring the local record
Local task identification information, it is determined that the security protection event is the migration protection event, and it is virtual to perform the migration
The protection progress msg is sent to the purpose secure virtual machine by machine according to the mapping relations, and is closed according to the mapping
The step of being to the data to be protected are write in the purpose physical memory space.
5. the safety protecting method based under virtualized environment according to claim 1, it is characterised in that the purpose peace
It is empty to writing the purpose physical memory according to the protection progress msg after full virtual machine receives the protection progress msg
Between in the data to be protected include the step of proceed security protection:
The purpose secure virtual machine receives the protection progress msg, and does not protect number by being extracted in the protection progress msg
It is believed that breath;
The purpose secure virtual machine does not protect data message to writing the institute in the purpose physical memory space according to
State data to be protected to be analyzed, obtain not protecting data in the data to be protected;
The purpose secure virtual machine does not protect the data to carry out security protection to described, and the result of security protection is fed back into institute
State the virtual machine after migration.
6. according to claim 5 based on the safety protecting method under virtualized environment, it is characterised in that the purpose safety
After virtual machine receives the protection progress msg, according to the protection progress msg to writing the purpose physical memory space
In the data to be protected also include the step of proceed security protection:
The purpose secure virtual machine receives the protection progress msg, and has protected number by being extracted in the protection progress msg
It is believed that breath;
The purpose secure virtual machine has protected data message to writing the institute in the purpose physical memory space according to
State data to be protected to be analyzed, obtain the protection data in the data to be protected;
The purpose secure virtual machine has protected data to be deleted from the purpose physical memory space by described.
7. a kind of security protection system based under virtualized environment, it is characterised in that the system at least includes source physics master
Machine and purpose physical host, the source physical host include source secure virtual machine, and the purpose physical host includes purpose
Secure virtual machine, the migration virtual machine of migration is needed in the physical host of source can move to the purpose from the source physical host
Physical host;The migration virtual machine includes acquisition module and sends writing module;The purpose secure virtual machine includes safety
Protection module, wherein:
The acquisition module, has the source physical host of the virtual machine needs from where it to move to the purpose physics for working as
Main frame, and the source secure virtual machine of the source physical host performs security protection event to the migration virtual machine that needs are migrated
When, obtain the protection progress msg of the security protection event from the source secure virtual machine, and from the source physical host
Source physical memory space in obtain the corresponding data to be protected of the security protection event;
The transmission writing module, for after the migration virtual machine (vm) migration to the purpose physical host, described will prevent
Shield progress msg is sent to the purpose secure virtual machine of the purpose physical host, while the data write-in to be protected is described
The purpose physical memory space of purpose physical host;
The safety protection module, for after the purpose secure virtual machine receives the protection progress msg, according to institute
State protection progress msg and security protection is proceeded to data to be protected described in writing in the purpose physical memory space.
8. the security protection system based under virtualized environment according to claim 7, it is characterised in that the acquisition mould
Block includes:
Instruction sending unit, has source physical host of the virtual machine needs from where it to move to purpose physical host for working as, and
When the migration virtual machine of the source secure virtual machine of the source physical host to needing migration performs security protection event,
Migration pause instruction is sent to the source secure virtual machine;
Storage unit is received, is prevented for stopping the execution safety according to the migration pause instruction in the source secure virtual machine
After shield event, the protection progress msg of the security protection event of the source secure virtual machine feedback is received, and will be described anti-
Shield progress msg is stored in local disk subregion;
Acquiring unit, for obtaining the corresponding data to be protected of the security protection event from the source physical memory space,
Wherein, described is the data after carrying out Partial security protection by the source secure virtual machine wait data are protected.
9. the security protection system based under virtualized environment according to claim 7, it is characterised in that the transmission is write
Entering module includes:
Unit is set up, for after the migration virtual machine (vm) migration to the purpose physical host, setting up it with the purpose
Mapping relations between physical memory space;
Writing unit is sent, for the protection progress msg to be sent into the purpose secure virtual according to the mapping relations
Machine, and the data to be protected according to the mapping relations to write-in in the purpose physical memory space.
10. the security protection system based under virtualized environment according to claim 9, it is characterised in that the transmission
Writing module also includes:
Generation unit, for it is described migration virtual machine set up itself and the mapping relations between the purpose physical memory space it
Afterwards, migration protection event is generated in the purpose physical host according to the protection progress msg and the data to be protected,
And the migration security protection event is sent to the purpose secure virtual machine as security protection event;
Query Result receiving unit, for the task identification in the purpose secure virtual machine in the security protection event
After information inquiry local record, the Query Result of the purpose secure virtual machine is received;If Query Result includes the purpose
Secure virtual machine inquire in the local record exist with the local task identification information of the task identification information identical, then
Determine that the security protection event is not the migration protection event;If the purpose secure virtual machine inquires described local
Do not exist and the local task identification information of the task identification information identical in record, it is determined that the security protection event is
The migration protection event.
11. security protection systems based under virtualized environment according to claim 7, it is characterised in that the safety
Protection module includes:
Extraction unit, for receiving the protection progress msg, and does not protect data to believe by being extracted in the protection progress msg
Cease and protected data message;
Analytic unit, for not protecting data message and described having protected data message to the write-in purpose physics according to described
Data protect in memory headroom are analyzed, obtain described in not protecting data and do not protect number in data to be protected
According to;
Security protection unit, for not protecting the data to carry out security protection to described, and feeds back to institute by the result of security protection
State the virtual machine after migration;
Unit is deleted, for having protected data to be deleted from the purpose physical memory space by described.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611242625.4A CN106844004B (en) | 2016-12-29 | 2016-12-29 | Security protection method and system based on virtualization environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611242625.4A CN106844004B (en) | 2016-12-29 | 2016-12-29 | Security protection method and system based on virtualization environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106844004A true CN106844004A (en) | 2017-06-13 |
| CN106844004B CN106844004B (en) | 2020-02-14 |
Family
ID=59113616
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611242625.4A Active CN106844004B (en) | 2016-12-29 | 2016-12-29 | Security protection method and system based on virtualization environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106844004B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111124599A (en) * | 2019-11-08 | 2020-05-08 | 海光信息技术有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
| CN111600775A (en) * | 2020-05-15 | 2020-08-28 | 苏州浪潮智能科技有限公司 | Security testing method, device, equipment and medium for cluster encryption migration |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067356A (en) * | 2012-12-12 | 2013-04-24 | 北京启明星辰信息技术股份有限公司 | System and method for business virtual machine safety guaranteeing |
| CN103065086A (en) * | 2012-12-24 | 2013-04-24 | 北京启明星辰信息技术股份有限公司 | Distributed intrusion detection system and method applied to dynamic virtualization environment |
| CN103685250A (en) * | 2013-12-04 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Virtual machine security policy migration system and method based on SDN |
| CN105227541A (en) * | 2015-08-21 | 2016-01-06 | 华为技术有限公司 | A kind of security strategy dynamic migration method and device |
| CN105530259A (en) * | 2015-12-22 | 2016-04-27 | 华为技术有限公司 | Message filtering method and equipment |
-
2016
- 2016-12-29 CN CN201611242625.4A patent/CN106844004B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067356A (en) * | 2012-12-12 | 2013-04-24 | 北京启明星辰信息技术股份有限公司 | System and method for business virtual machine safety guaranteeing |
| CN103065086A (en) * | 2012-12-24 | 2013-04-24 | 北京启明星辰信息技术股份有限公司 | Distributed intrusion detection system and method applied to dynamic virtualization environment |
| CN103685250A (en) * | 2013-12-04 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Virtual machine security policy migration system and method based on SDN |
| CN105227541A (en) * | 2015-08-21 | 2016-01-06 | 华为技术有限公司 | A kind of security strategy dynamic migration method and device |
| CN105530259A (en) * | 2015-12-22 | 2016-04-27 | 华为技术有限公司 | Message filtering method and equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111124599A (en) * | 2019-11-08 | 2020-05-08 | 海光信息技术有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
| CN111600775A (en) * | 2020-05-15 | 2020-08-28 | 苏州浪潮智能科技有限公司 | Security testing method, device, equipment and medium for cluster encryption migration |
| CN111600775B (en) * | 2020-05-15 | 2022-02-22 | 苏州浪潮智能科技有限公司 | Security testing method, device, equipment and medium for cluster encryption migration |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106844004B (en) | 2020-02-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101574366B1 (en) | Synchronizing virtual machine and application life cycles | |
| JP5021721B2 (en) | Creating host level application consistent backups of virtual machines | |
| EP2587375A1 (en) | Securely hosting workloads in virtual computing environments | |
| TWI620126B (en) | Method and computer-readable storage medium for expansion of services for a virtual data center guest computer system | |
| US9632725B2 (en) | Computer-implemented method, program, and tracer node for obtaining trace data relating to particular virtual machine | |
| CN105556478A (en) | Systems and methods for protecting virtual machine data | |
| CN104133690B (en) | Migrated to the dynamic application for having updated operating system grade from an operating system grade | |
| CN106778275A (en) | Based on safety protecting method and system and physical host under virtualized environment | |
| CN103793258A (en) | Hypervisor-based server duplication system and method | |
| CN106201566A (en) | The rich big special hot upgrade method of software of profit and equipment | |
| CN104281484B (en) | A kind of virtual machine migration method and device | |
| KR101592782B1 (en) | Apparatus and Method for monitoring the resources in full virtualization system | |
| CN107656797A (en) | The method and apparatus of across virtual platform migration virtual machine | |
| US8910161B2 (en) | Scan systems and methods of scanning virtual machines | |
| CN106777394B (en) | Cluster file system | |
| CN107430669A (en) | computing system and method | |
| CN105022678A (en) | Data backup method and apparatus for virtual machine | |
| CN106503587A (en) | A kind of hanging method of data disks and monitor of virtual machine | |
| CN106844004A (en) | Based on safety protecting method and system under virtualized environment | |
| US20130054868A1 (en) | Image storage optimization in virtual environments | |
| CN105844162B (en) | A kind of method of windows virtual machine vulnerability scanning under virtual platform | |
| CN103425563B (en) | Based on online I/O electronic evidence-collecting system and the evidence collecting method thereof of Intel Virtualization Technology | |
| CN106844005A (en) | Based on data reconstruction method and system under virtualized environment | |
| CN111459643A (en) | Host migration method | |
| CN106844006A (en) | Based on data prevention method and system under virtualized environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100190 Zhongguancun street, Haidian District, Beijing, No. 22, A1305, 13 Applicant after: Beijing net an Technology Limited by Share Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun street, No. 22, building 1301 Applicant before: Beijing Rising Information Technology Co., Ltd |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |