CN107342972B - Method and device for realizing remote access - Google Patents

Method and device for realizing remote access Download PDF

Info

Publication number
CN107342972B
CN107342972B CN201610287105.9A CN201610287105A CN107342972B CN 107342972 B CN107342972 B CN 107342972B CN 201610287105 A CN201610287105 A CN 201610287105A CN 107342972 B CN107342972 B CN 107342972B
Authority
CN
China
Prior art keywords
address
virtual kvm
virtual
kvm
accessed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610287105.9A
Other languages
Chinese (zh)
Other versions
CN107342972A (en
Inventor
张伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Liaoning Co Ltd
Original Assignee
China Mobile Group Liaoning Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Liaoning Co Ltd filed Critical China Mobile Group Liaoning Co Ltd
Priority to CN201610287105.9A priority Critical patent/CN107342972B/en
Publication of CN107342972A publication Critical patent/CN107342972A/en
Application granted granted Critical
Publication of CN107342972B publication Critical patent/CN107342972B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2596Translation of addresses of the same type other than IP, e.g. translation from MAC to MAC addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5061Pools of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/08Protocols specially adapted for terminal emulation, e.g. Telnet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Abstract

The invention discloses a method for realizing remote access, which comprises the following steps: acquiring a virtual keyboard, display and mouse (KVM) remote access request sent by a user side, wherein the remote access request carries ID information of a visited device and a virtual KVM address of the visited device; acquiring a virtual KVM mapping address of the visited equipment according to the ID information of the visited equipment; replacing the virtual KVM address of the accessed device with the virtual KVM mapping address; and establishing virtual KVM session connection between the user side and the accessed equipment according to the virtual KVM mapping address. The invention also discloses a device for realizing remote access.

Description

Method and device for realizing remote access
Technical Field
The invention relates to a data access technology in the field of network communication, in particular to a method and a device for realizing remote access.
Background
Currently, a method for remotely accessing a virtual Keyboard, a display, and a Mouse (KVM) across a network mainly includes: a Virtual Private Network (VPN) mode, a routing mode, and a Network Address Translation (NAT) mode, where the VPN mode is a Virtual Private Network (VPN);
the virtual VPN mode is that a VPN server is arranged in a network of the accessed device, a VPN client is installed on the user side device, and the user side device dials into the VPN network of the accessed device through the VPN client to realize remote access to the virtual KVM of the accessed device.
The disadvantages of the virtual VPN method are as follows: the VPN client needs to be installed on the user side equipment, and before the VPN client is used, the user side equipment is required to be dialed into a VPN network of the accessed equipment through the VPN client to realize remote access to the accessed equipment, so that the operation is quite complex; after the user end device dials into the VPN network of the accessed device through the VPN client, not only the routing table of the VPN client is changed, but also the user end device can access all virtual KVMs of the accessed device through the VPN client, so that unauthorized access of the user end device is easily caused, and the data center has potential safety hazards.
The routing mode is that the network where the user equipment is located and the virtual KVM network of the visited equipment are directly routed to be accessible, so that the user equipment can remotely access the virtual KVM of the visited equipment.
The disadvantages of the above routing method are: once the network route between the user end device and the visited device is accessible, the network isolation between the user end device and the visited device cannot be realized, and the data center also has potential safety hazards.
The static NAT mode is to implement remote access to the virtual KVM of the visited device by pre-installing the vendor client of the visited device in the user side device.
The disadvantages of the static NAT mode are as follows: not only the manufacturer client of the accessed device needs to be installed in advance on the user end device, but also the static NAT needs to occupy a large number of IP addresses of the user end device, and also the IP address of the user end device needs to be configured in advance, which is relatively complex to operate.
Disclosure of Invention
In order to solve the existing technical problem, embodiments of the present invention are expected to provide a method and an apparatus for implementing remote access, so that a user end device can implement KVM remote access to a visited device without installing any software or configuration.
The technical scheme of the embodiment of the invention is realized as follows:
according to an aspect of an embodiment of the present invention, there is provided a method for implementing remote access, the method including: acquiring a virtual keyboard, a display and a mouse KVM remote access request sent by a user side, wherein the remote access request carries ID information of a visited device and a virtual KVM address of the visited device;
acquiring a virtual KVM mapping address of the visited equipment according to the ID information of the visited equipment, and replacing the virtual KVM mapping address of the visited equipment with the virtual KVM mapping address;
and establishing virtual KVM session connection between the user side and the accessed equipment according to the virtual KVM mapping address.
In the foregoing solution, the remote access request further carries an IP address of the user side, and acquiring the virtual KVM mapping address of the accessed device specifically includes:
acquiring an IP address of the user side, and finding an address field to which the IP address belongs in an IP address pool;
and acquiring the virtual KVM mapping address of the visited equipment according to the address field to which the IP address belongs.
In the foregoing solution, resolving the virtual KVM address of the accessed device into the virtual KVM mapping address specifically includes:
acquiring a Java network loading protocol description file of a user side connected with the accessed equipment;
replacing the virtual KVM address of the accessed device in the Java network loading protocol description file with the virtual KVM mapping address, and setting security authentication information for accessing the accessed device in the Java network loading protocol description file.
In the above scheme, the method further comprises: and configuring a routing strategy of the virtual KVM mapping address according to the obtained virtual KVM mapping address, and generating a corresponding routing control instruction according to the routing strategy.
In the above scheme, the method further comprises: when the interrupted virtual KVM session connection between the user side and the accessed device is obtained, the routing strategy related to the virtual KVM session connection is deleted, and the virtual KVM mapping address of the accessed device is recovered.
According to another aspect of the embodiments of the present invention, there is provided an apparatus for enabling remote access, the apparatus including: a policy manager, a URL translator, and a session manager; wherein the content of the first and second substances,
the policy manager is configured to acquire a virtual KVM remote access request sent by a user, where the remote access request carries ID information of an accessed device and a virtual KVM address of the accessed device, and acquire a virtual KVM mapping address of the accessed device according to the ID information of the accessed device;
the URL translator is used for replacing the virtual KVM address of the accessed equipment with the virtual KVM mapping address;
the session manager is configured to establish a virtual KVM session connection between the user side and the visited device according to the virtual KVM mapping address replaced by the URL translator.
In the above scheme, the remote access request also carries an IP address of the user side; the device further comprises: the address pool manager is used for acquiring the IP address of the user side; and allocating the virtual KVM mapping address of the visited device to the policy manager according to the address field of the IP address.
In the above scheme, the URL translator is specifically configured to obtain a Java network loading protocol description file of a user side connected to the accessed device; replacing the virtual KVM address of the accessed device in the Java network loading protocol description file with the virtual KVM mapping address, and setting security authentication information for accessing the accessed device in the Java network loading protocol description file.
In the above scheme, the apparatus further comprises: and the control policy executor is used for configuring a routing policy of the virtual KVM mapping address according to the virtual KVM mapping address acquired by the policy manager and generating a corresponding routing control instruction according to the routing policy.
In the foregoing solution, the control strategy executor is further configured to: when the interrupted virtual KVM session connection between the user side and the accessed device is obtained, the routing strategy related to the virtual KVM session connection is deleted, and the virtual KVM mapping address of the accessed device is recovered.
The embodiment of the invention provides a method and a device for realizing remote access, wherein a virtual KVM remote access request sent by a user side is obtained, and the remote access request carries ID information of a visited device and a virtual KVM address of the visited device; acquiring a virtual KVM mapping address of the visited equipment according to the ID information of the visited equipment, and replacing the virtual KVM mapping address of the visited equipment with the virtual KVM mapping address; and establishing the virtual KVM conversation connection between the user side and the accessed equipment according to the virtual KVM mapping address. Therefore, the virtual KVM remote access of the user terminal to the accessed equipment can be realized without installing any software and configuration on the user terminal equipment, and the operation is simple and convenient; meanwhile, the virtual KVM mapping address realizes point-to-point safe access of the virtual KVM between the user side and the accessed device, and potential safety hazards of the data center are eliminated.
Drawings
FIG. 1 is a flow chart illustrating a method for implementing remote access according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a device for implementing remote access in the embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
FIG. 1 is a flow chart illustrating a method for implementing remote access according to an embodiment of the present invention; as shown in fig. 1, the method includes:
step 101, acquiring a KVM remote access request sent by a user side, where the remote access request carries ID information of an accessed device and a virtual KVM address of the accessed device; here, the virtual KVM mapping address refers to: when the user initiates a virtual KVM remote access request to the accessed device, the virtual KVM address of the accessed device is dynamically mapped to an address that the user can access. The method comprises the steps that a policy manager in a remote access device acquires a virtual KVM remote access request sent by a user side, wherein the remote access request carries ID information of a visited device and a virtual KVM address of the visited device, and the policy manager acquires the virtual KVM mapping address of the visited device according to the ID information of the visited device.
In this embodiment of the present invention, the remote access request further carries an IP address of the user side, and the acquiring the virtual KVM mapping address of the accessed device specifically includes: acquiring an IP address of a user side, finding an address field to which the IP address belongs in an IP address pool, and acquiring a virtual KVM mapping address of the visited device according to the address field to which the IP address belongs;
here, the virtual KVM mapping address includes: a virtual KVM inner mapping address and a virtual KVM outer mapping address, wherein the virtual KVM inner mapping address can be understood as a virtual KVM address of the accessed device in a local area network; the virtual KVM outer-mapped address may be understood as a virtual KVM address of the accessed device in a wide area network; when a user side initiates virtual KVM remote access to a visited device, an address pool manager in a remote access device can acquire an IP address of the user side and ID information of the visited device, and the address pool manager allocates a virtual KVM mapping address which is adapted to the user side to access the visited device to a policy manager according to an address field of the IP address of the user side in an IP address pool;
for example, when the IP address of the user side belongs to the virtual KVM address field of the visited device in the lan in the IP address pool, the virtual KVM inner-layer mapping address of the visited device is sent to the policy manager, the policy manager sends the virtual KVM inner-layer mapping address to the user side, and the user side can directly access the address corresponding to the ID information of the visited device in the IP address pool through the virtual KVM inner-layer mapping address; if the IP address of the user side belongs to the virtual KVM address field of the visited equipment in the wide area network in the IP address pool, the virtual KVM outer layer mapping address of the visited equipment is sent to the policy manager, the policy manager sends the virtual KVM outer layer mapping address to the user side, and the user side accesses the address of the ID information of the visited equipment corresponding to the IP address pool through the virtual KVM outer layer mapping address.
In the embodiment of the present invention, the virtual KVM mapping address may be a virtual KVM mapping address, or a virtual KVM mapping address and a port, according to the difference of the accessed device; for example, when the virtual KVM address of the accessed device is idle more, the user side acquires the virtual KVM mapping address of the accessed device; when the virtual KVM address of the accessed device is idle relatively little, the user side acquires the virtual KVM mapping address and the port of the accessed device, which is not limited herein.
Here, when the user initiates the virtual KVM remote access to the visited device, the policy manager may also obtain the IP address of the user, find the address field to which the IP address belongs in the IP address pool, and obtain the virtual KVM mapping address of the visited device according to the address field to which the IP address belongs.
For example: when the IP address of the user side belongs to the virtual KVM address field of the visited equipment in the local area network in the IP address pool, acquiring the virtual KVM inner layer mapping address of the visited equipment, and sending the virtual KVM inner layer mapping address to the user side, wherein the user side can directly access the address of the ID information of the visited equipment corresponding to the IP address pool through the virtual KVM inner layer mapping address; if the IP address of the user side belongs to the virtual KVM address field of the accessed equipment in the wide area network in the IP address pool, the virtual KVM outer layer mapping address of the accessed equipment is obtained, the virtual KVM outer layer mapping address is sent to the user side, and the user side accesses the address of the ID information of the accessed equipment corresponding to the IP address pool through the virtual KVM outer layer mapping address.
Step 102, acquiring a virtual KVM mapping address of the accessed device according to the ID information of the accessed device, and resolving the virtual KVM address of the accessed device into the virtual KVM mapping address;
here, after receiving the virtual KVM mapping address of the visited device sent by the address pool manager, the policy manager sends a request for establishing connection with the virtual KVM of the visited device to a URL translator in the remote access apparatus, and obtains a Java Network Loading Protocol (JNLP) description file that the user side connects to the visited device, and the URL translator replaces the virtual KVM address of the visited device in the JNLP description file with the virtual KVM mapping address according to the virtual KVM mapping address obtained by the policy manager. In order to avoid illegal user login, the URL translator also sets security authentication information for accessing the accessed device in the JNLP description file. And after the virtual KVM address is replaced, sending a replacement result to the policy manager.
The method of the embodiment of the invention also comprises the following steps: and configuring a routing strategy of the virtual KVM mapping address according to the obtained virtual KVM mapping address, and generating a corresponding routing control instruction according to the routing strategy.
Here, the route control instruction includes: a network address translation instruction, an access control list instruction, and a routing configuration instruction.
The method comprises the steps that a control strategy executor in a remote access device configures a routing strategy of a virtual KVM mapping address according to the virtual KVM mapping address sent to a strategy manager by an address pool manager, generates a corresponding routing control instruction according to the routing strategy, completes configuration of the routing strategy through gateway equipment in the remote access device, and sends a configuration result of the routing strategy to the strategy manager, and the strategy manager sets the virtual KVM address of accessed equipment in the address pool manager to be in a pre-occupation state according to the configuration result of the routing strategy.
In the embodiment of the present invention, the gateway device includes a Local Area Network (LAN) interface and a Wide Area Network (WAN) interface, the LAN interface is responsible for completing Network access of all the accessed devices, and the WAN interface is responsible for receiving a remote access request sent by a user terminal to the accessed devices, where the WAN interface is configured with a plurality of interface pools, each interface pool includes a set of IP addresses and ports, and the IP addresses and ports in the plurality of interface pools form an address pool in an address pool manager.
Step 103, establishing a virtual KVM session connection between the user side and the accessed device according to the virtual KVM mapping address.
Here, the session manager in the remote access device establishes a virtual KVM session connection between the user side and the accessed device according to the virtual KVM mapping address replaced by the URL translator; after the virtual KVM connection between the user side and the accessed device is successfully established, the session manager monitors the virtual KVM session process between the user side and the accessed device so as to control the historical session at a later stage.
In an embodiment of the present invention, controlling the history session includes: active and passive recovery of the virtual KVM session connection between the user side and the accessed device is performed.
Actively reclaiming a virtual KVM session connection between a user side and a visited device includes: obtaining the interrupted virtual KVM session connection between the user side and the accessed device, deleting the routing strategy related to the virtual KVM session connection, and recovering the virtual KVM mapping address of the accessed device.
Here, the control policy executor periodically scans the successfully established virtual KVM session connection, determines that the virtual KVM session connection between the user terminal and the accessed device has been disconnected or in a zombie state when no session is scanned for a long time between the user terminal and the accessed device and a preset threshold time for implementing the remote access system is exceeded, and generates a corresponding control instruction, where the preset threshold time may be 5 minutes or 10 minutes, which is not limited herein. Calling gateway equipment to disconnect the virtual KVM session connection according to the control instruction, deleting a routing strategy and an access control list related to the disconnected virtual KVM session connection in the gateway equipment, recovering the disconnected virtual KVM mapping address of the accessed equipment, and reconfiguring the routing strategy of the disconnected virtual KVM session connection through the gateway equipment. The control strategy executor sends a disconnected virtual KVM session connection message to the session manager, the session manager sends a virtual KVM address or a virtual KVM address and a port occupied by the release user side to the address pool manager after receiving the disconnected session connection message, and sends a session recovery result of the virtual KVM to the user side.
Passively reclaiming a virtual KVM session connection of a user side and a visited device includes: according to a virtual KVM session connection request which is sent by a user side and used for interrupting the connection with the accessed equipment, deleting a routing strategy related to the virtual KVM session connection, and recovering a virtual KVM mapping address of the accessed equipment.
Here, the user side sends a virtual KVM session connection request for interrupting the connection with the accessed device to the session manager, the session manager receives a call back connection recovery request sent by the user side and then sends the call back connection recovery request to the control policy executor, and the control policy executor generates a session connection recovery control instruction according to the session connection recovery request sent by the session manager, completes corresponding session connection recovery configuration by calling the gateway device, and simultaneously cuts off the virtual KVM session connection between the user side and the accessed device.
In this embodiment of the present invention, the session connection recovery control instruction includes: NAT control instruction, ACL control instruction and routing strategy control instruction. And the session manager informs the address pool manager to recover the virtual KVM address or the virtual KVM address and the port occupied by the user side and sends the recovery result of the session connection to the user side.
FIG. 2 is a schematic structural diagram of an apparatus for implementing remote access according to an embodiment of the present invention; as shown in fig. 2, the apparatus 22 includes: policy manager 221, URL translator 222, and session manager 223; wherein the content of the first and second substances,
the policy manager 221 is configured to obtain a virtual KVM remote access request sent by the user 21, where the remote access request carries ID information of the accessed device and a virtual KVM address of the accessed device, and obtain a virtual KVM mapping address of the accessed device 23 according to the ID information of the accessed device;
the URL translator 222, configured to replace the virtual KVM address of the accessed device 23 with the virtual KVM mapping address;
the session manager 223 is configured to establish a virtual KVM session connection between the user side 21 and the visited device 23 according to the virtual KVM mapping address replaced by the URL translator 222.
Here, the virtual KVM mapping address refers to: when the client 21 initiates a virtual KVM remote access request to the accessed device 23, the virtual KVM address of the accessed device 23 is dynamically mapped to an address that the client 21 can access. The policy manager 221 acquires a virtual KVM remote access request sent by the user 21, where the remote access request carries the ID information of the accessed device 23 and the virtual KVM address of the accessed device 23, and the policy manager 221 acquires the virtual KVM mapping address of the accessed device 23 according to the ID information of the accessed device 23; after acquiring the virtual KVM mapping address of the visited device 23, the policy manager 221 sends a request for establishing connection between the user terminal 21 and the visited device 23 to the URL translator 222, acquires a JNLP description file of the user terminal 21 connected to the visited device 23, and the URL translator 222 replaces the virtual KVM address of the visited device 23 in the JNLP description file with the virtual KVM mapping address according to the virtual KVM mapping address acquired by the policy manager 221, and sends the replacement result to the policy manager 221; to avoid illegal user login, the URL translator 222 also sets security authentication information in the JNLP description file for accessing the accessed device 23. The session manager 223 establishes a virtual KVM session connection between the user 21 and the visited device according to the virtual KVM mapping address replaced by the URL translator 222; after the virtual KVM connection between the user side 21 and the accessed device 23 is successfully established, the session manager 223 monitors the virtual KVM session process between the user side 21 and the accessed device 23 for later control of the historical session.
In the embodiment of the present invention, the remote access request further carries an IP address of the user side 21; the device further comprises: an address pool manager 224 for acquiring an IP address of the user terminal 21; finding the address field to which the IP address belongs in the IP address pool, and allocating the virtual KVM mapping address of the visited device 23 to the policy manager 221 according to the address field to which the IP address of the user side 21 belongs.
Here, the virtual KVM mapping address includes: a virtual KVM inner mapping address and a virtual KVM outer mapping address, where the virtual KVM inner mapping address can be understood as a virtual KVM address of the visited device 23 in the local area network; the virtual KVM overlay address may be understood as a virtual KVM address of the accessed device 23 in a wide area network; when the user side 21 initiates the virtual KVM remote access to the accessed device 23, the address pool manager 224 can obtain the IP address of the user side 21 and the ID information of the accessed device 23, and the address pool manager 224 allocates a virtual KVM mapping address adapted to the user side 21 to access the accessed device 23 to the policy manager 221 according to an address field of the IP address of the user side 21 in the IP address pool; for example, when the IP address of the user 21 belongs to the virtual KVM address field of the visited device 23 in the lan in the IP address pool, the virtual KVM inner-layer mapping address of the visited device 23 is sent to the policy manager 221, the policy manager 221 sends the virtual KVM inner-layer mapping address to the user 21, and the user 21 can directly access the address corresponding to the ID information of the visited device 23 in the IP address pool through the virtual KVM inner-layer mapping address; if the IP address of the user 21 belongs to the virtual KVM address field of the visited device 23 in the wan in the IP address pool, the virtual KVM outer layer mapping address of the visited device 23 is sent to the policy manager 221, the policy manager 221 sends the virtual KVM outer layer mapping address to the user 21, and the user 21 accesses the address corresponding to the ID information of the visited device 23 in the IP address pool through the virtual KVM outer layer mapping address.
In the embodiment of the present invention, depending on the difference of the accessed device 23, the virtual KVM mapping address may be a virtual KVM mapping address, or a virtual KVM mapping address and port; for example, when the virtual KVM address of the accessed device 23 is idle more, the user 21 acquires the virtual KVM mapping address of the accessed device 23; when the virtual KVM address of the accessed device 23 is idle relatively little, the user 21 acquires the virtual KVM mapping address and the port of the accessed device 23, which is not limited herein.
The device of the embodiment of the invention also comprises: the control policy executor 225 configures a routing policy of the virtual KVM mapping address according to the virtual KVM mapping address obtained by the policy manager 221, and generates a corresponding routing control instruction according to the routing policy.
Here, the route control instruction includes: a network address translation instruction, an access control list instruction, and a routing configuration instruction. The control policy executor 225 configures a routing policy of the virtual KVM mapping address according to the virtual KVM mapping address sent to the policy manager 221 by the address pool manager 224, generates a corresponding routing control instruction according to the routing policy, completes configuration of the routing policy by the gateway device 226, and sends a configuration result of the routing policy to the policy manager 221, and the policy manager 221 sets the virtual KVM address of the visited device 23 in the address pool manager 224 to a pre-occupation state according to the configuration result of the routing policy. In the embodiment of the present invention, the gateway device 226 includes a LAN interface and a WAN interface, the LAN interface is responsible for completing network access of all the visited devices 23, and the WAN interface is responsible for receiving a remote access request sent by the user end 21 to the visited devices 23, wherein the WAN interface is configured with a plurality of interface pools, each interface pool includes a set of IP addresses and ports, and the IP addresses and ports in the plurality of interface pools form an address pool in the address pool manager 224.
In the embodiment of the present invention, after the virtual KVM session connection between the user side 21 and the visited device 23 is successful, the method further includes performing active recovery and passive recovery on the virtual KVM session connection between the user side 21 and the visited device 23; wherein actively reclaiming the virtual KVM session connection between the user side 21 and the accessed device 23 comprises: the control policy executor 225 obtains the interrupted virtual KVM session connection between the user end 21 and the accessed device 23, deletes the routing policy associated with the virtual KVM session connection, and recovers the mapping address of the virtual KVM of the accessed device 23.
Here, the control policy executor 225 periodically scans the established successful virtual KVM session connection, determines that the virtual KVM session connection between the user end 21 and the accessed device 23 has been disconnected or in a zombie state when it is detected that there is no session between the user end 21 and the accessed device 23 for a long time and a preset threshold time for implementing the remote access system is exceeded, and generates a corresponding control instruction, where the preset threshold time may be 5 minutes or 10 minutes, which is not limited herein. Calling the gateway device 226 to disconnect the virtual KVM session connection according to the control instruction, deleting the routing policy and access control list related to the disconnected virtual KVM session connection in the gateway device 226, recovering the disconnected virtual KVM mapping address of the visited device 23, and performing routing policy reconfiguration on the disconnected virtual KVM session connection through the gateway device 226. The control policy executor 225 sends a message of disconnecting the virtual KVM session to the session manager 223, and the session manager 223, after receiving the message of disconnecting the session, sends the virtual KVM address or the virtual KVM address and the port occupied by the release user side 21 to the address pool manager 224, and sends the session recovery result of the virtual KVM to the user side 21.
The passive reclamation of the virtual KVM session connection of the user end 21 and the visited device 23 includes: the control policy executor 225 deletes the routing policy associated with the virtual KVM session connection and reclaims the mapped address of the virtual KVM of the accessed device 23 according to the virtual KVM session connection request sent by the user side 21 to interrupt the virtual KVM session connection with the accessed device 23.
Here, the user 21 sends a virtual KVM session connection request to the session manager 223 to interrupt the connection with the visited device 23, the session manager 223 receives a call back connection recovery request sent by the user 21 and sends the request to the control policy executor 225, and the control policy executor 225 generates a session connection recovery control instruction according to the session connection recovery request sent by the session manager 223, and completes the corresponding session connection recovery configuration by calling the gateway device 226, and simultaneously cuts off the virtual KVM session connection between the user 21 and the visited device 23. In this embodiment of the present invention, the session connection recovery control instruction includes: NAT control instruction, ACL control instruction and routing strategy control instruction. After completing the session connection recovery configuration, the control policy executor 225 sends the configuration result to the session manager 223, and the session manager 223 completes the virtual KVM session recovery, and the session manager 223 notifies the address pool manager 224 to recover the virtual KVM address or the virtual KVM address and the port occupied by the virtual KVM session, and sends the recovery result of the session connection to the user end 21.
In the embodiment of the present invention, the policy manager 221, the URL translator 222, the session manager 223, the address pool manager 224, the control policy executor 225, and the gateway device 226 may all be located in the remote access apparatus 22, which not only can implement centralized management of virtual KVM for a large amount of devices, but also greatly simplifies the technical difficulty of using virtual KVM, and eliminates the potential safety hazard existing in the data center.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.

Claims (10)

1. A method for enabling remote access, the method comprising:
acquiring a virtual keyboard, a display and a mouse KVM remote access request sent by a user side, wherein the remote access request carries ID information of a visited device and a virtual KVM address of the visited device;
acquiring a virtual KVM mapping address of the visited equipment according to the ID information of the visited equipment, and replacing the virtual KVM mapping address of the visited equipment with the virtual KVM mapping address; the virtual KVM mapping address refers to: when a user side initiates a virtual KVM remote access request to an accessed device, a virtual KVM address of the accessed device is dynamically mapped to an address which can be accessed by the user side;
and establishing virtual KVM session connection between the user side and the accessed equipment according to the virtual KVM mapping address.
2. The method according to claim 1, wherein the remote access request further carries an IP address of the user side, and the obtaining the virtual KVM mapping address of the visited device specifically comprises:
acquiring an IP address of the user side, and finding an address field to which the IP address belongs in an IP address pool;
and acquiring the virtual KVM mapping address of the visited equipment according to the address field to which the IP address belongs.
3. The method of claim 1, wherein resolving the virtual KVM address of the accessed device to the virtual KVM-mapped address comprises:
acquiring a Java network loading protocol description file of a user side connected with the accessed equipment;
replacing the virtual KVM address of the accessed device in the Java network loading protocol description file with the virtual KVM mapping address, and setting security authentication information for accessing the accessed device in the Java network loading protocol description file.
4. The method of claim 1, further comprising:
and configuring a routing strategy of the virtual KVM mapping address according to the obtained virtual KVM mapping address, and generating a corresponding routing control instruction according to the routing strategy.
5. The method of claim 4, further comprising:
when the interrupted virtual KVM session connection between the user side and the accessed device is obtained, the routing strategy related to the virtual KVM session connection is deleted, and the virtual KVM mapping address of the accessed device is recovered.
6. An apparatus for enabling remote access, the apparatus comprising: a policy manager, a URL translator, and a session manager; wherein the content of the first and second substances,
the policy manager is configured to acquire a virtual KVM remote access request sent by a user, where the remote access request carries ID information of an accessed device and a virtual KVM address of the accessed device, and acquire a virtual KVM mapping address of the accessed device according to the ID information of the accessed device; the virtual KVM mapping address refers to: when a user side initiates a virtual KVM remote access request to an accessed device, a virtual KVM address of the accessed device is dynamically mapped to an address which can be accessed by the user side;
the URL translator is used for replacing the virtual KVM address of the accessed equipment with the virtual KVM mapping address;
and the session manager is used for establishing virtual KVM session connection between the user side and the visited equipment according to the virtual KVM mapping address replaced by the URL translator.
7. The apparatus according to claim 6, wherein the remote access request further carries an IP address of the user end; the device further comprises:
and the address pool manager is used for acquiring the IP address of the user side, finding the address field to which the IP address belongs in the IP address pool, and distributing the virtual KVM mapping address of the visited equipment to the policy manager according to the address field to which the IP address belongs.
8. The apparatus according to claim 6, wherein the URL translator is specifically configured to obtain a Java network loading protocol description file of the client connected to the visited device; replacing the virtual KVM address of the accessed device in the Java network loading protocol description file with the virtual KVM mapping address, and setting security authentication information for accessing the accessed device in the Java network loading protocol description file.
9. The apparatus of claim 6, further comprising: and the control policy executor is used for configuring a routing policy of the virtual KVM mapping address according to the virtual KVM mapping address acquired by the policy manager and generating a corresponding routing control instruction according to the routing policy.
10. The apparatus of claim 9, wherein the control strategy executor is further to: when the interrupted virtual KVM session connection between the user side and the accessed device is obtained, the routing strategy related to the virtual KVM session connection is deleted, and the virtual KVM mapping address of the accessed device is recovered.
CN201610287105.9A 2016-05-03 2016-05-03 Method and device for realizing remote access Active CN107342972B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610287105.9A CN107342972B (en) 2016-05-03 2016-05-03 Method and device for realizing remote access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610287105.9A CN107342972B (en) 2016-05-03 2016-05-03 Method and device for realizing remote access

Publications (2)

Publication Number Publication Date
CN107342972A CN107342972A (en) 2017-11-10
CN107342972B true CN107342972B (en) 2020-09-08

Family

ID=60222087

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610287105.9A Active CN107342972B (en) 2016-05-03 2016-05-03 Method and device for realizing remote access

Country Status (1)

Country Link
CN (1) CN107342972B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110007775A (en) * 2019-03-27 2019-07-12 山东超越数控电子股份有限公司 A kind of method and system localized by network implementations KVM low rate external equipment
CN112073539B (en) * 2020-11-10 2021-02-02 湖南航天捷诚电子装备有限责任公司 KVM switcher with remote management function and switching method
CN113612861B (en) * 2021-10-08 2022-01-11 深圳鼎信通达股份有限公司 Remote access method, system and computer readable storage medium
CN117395212A (en) * 2023-09-28 2024-01-12 广东保伦电子股份有限公司 Cascading method and system based on fiber matrix KVM host

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307153A (en) * 2011-10-14 2012-01-04 王宁 Virtual desktop transmission device and method
CN102495677A (en) * 2011-11-23 2012-06-13 浪潮电子信息产业股份有限公司 Method for realizing KVM (kernel-based virtual machine) over IP (internet protocol) through WEB page
CN103491053A (en) * 2012-06-08 2014-01-01 北京百度网讯科技有限公司 UDP load balancing method, UDP load balancing system and UDP load balancing device
CN103986613A (en) * 2014-06-06 2014-08-13 山东超越数控电子有限公司 Remote KVM (kernel-based virtual machine) management method based on network
CN104598303A (en) * 2013-10-31 2015-05-06 中国电信股份有限公司 KVM (Kernel-based Virtual Machine)-based on-line virtual-to-virtual migration method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8683024B2 (en) * 2003-11-26 2014-03-25 Riip, Inc. System for video digitization and image correction for use with a computer management system
US20080031165A1 (en) * 2006-08-07 2008-02-07 Fenghua Shen RS-232 data through a half duplex differential link

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307153A (en) * 2011-10-14 2012-01-04 王宁 Virtual desktop transmission device and method
CN102495677A (en) * 2011-11-23 2012-06-13 浪潮电子信息产业股份有限公司 Method for realizing KVM (kernel-based virtual machine) over IP (internet protocol) through WEB page
CN103491053A (en) * 2012-06-08 2014-01-01 北京百度网讯科技有限公司 UDP load balancing method, UDP load balancing system and UDP load balancing device
CN104598303A (en) * 2013-10-31 2015-05-06 中国电信股份有限公司 KVM (Kernel-based Virtual Machine)-based on-line virtual-to-virtual migration method and device
CN103986613A (en) * 2014-06-06 2014-08-13 山东超越数控电子有限公司 Remote KVM (kernel-based virtual machine) management method based on network

Also Published As

Publication number Publication date
CN107342972A (en) 2017-11-10

Similar Documents

Publication Publication Date Title
US20190207812A1 (en) Hybrid cloud network configuration management
RU2683630C2 (en) Method for update of nsd network service descriptor and device
CN107342972B (en) Method and device for realizing remote access
JP6280641B2 (en) Account login method, device and system
US7822982B2 (en) Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment
US9021005B2 (en) System and method to provide remote device management for mobile virtualized platforms
CN108039969B (en) Network automatic configuration method, device, system, storage medium and target computer
EP3644556B1 (en) Alias management method and device
CN107800743B (en) Cloud desktop system, cloud management system and related equipment
CN110519404B (en) SDN-based policy management method and device and electronic equipment
US10454880B2 (en) IP packet processing method and apparatus, and network system
CN102111326B (en) Method, system and device for realizing mobility in layer 2 tunnel protocol virtual private network
CN107204873B (en) Method for switching target domain name resolution server and related equipment
CN109600292B (en) Method and system for LAC router to initiate L2TP tunnel connection by self dialing number
JP2015528261A (en) Data card APN lock state control method and apparatus, data card
US20170237735A1 (en) Enabling secure network mobile device communications
US20140189357A1 (en) Encryption and authentication based network management method and apparatus
CN112187532A (en) Node control method and system
CN105979202B (en) Data transmission method and device
WO2015055102A1 (en) Method and device for invoking network function
CN105049546A (en) Client terminal IP address allocation method through DHCP server and device thereof
JP2014093772A (en) Method and device for allocating and acquiring ip address
CN101296113B (en) Network element device, network management system and method for network element device registration access to network management system
CN103188266A (en) Address allocation recovery dynamic control method and system based on ezvpn
EP4120713A1 (en) Terminal device identifier obtaining method, apparatus and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant