CN107465752A - A kind of connection management method and device - Google Patents
A kind of connection management method and device Download PDFInfo
- Publication number
- CN107465752A CN107465752A CN201710727039.7A CN201710727039A CN107465752A CN 107465752 A CN107465752 A CN 107465752A CN 201710727039 A CN201710727039 A CN 201710727039A CN 107465752 A CN107465752 A CN 107465752A
- Authority
- CN
- China
- Prior art keywords
- node
- escape way
- libvirt
- section point
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 52
- 238000012545 processing Methods 0.000 claims description 4
- 238000000034 method Methods 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 239000011800 void material Substances 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007596 consolidation process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of connection management method and device, and the above method comprises the following steps:After management node receives the connection request of first node, escape way application request is sent to section point;If escape way application success, the first node and the virtual software storehouse Libvirt of the section point TCP port, which are established, to be connected.In above-mentioned technical proposal, pass through escape way management so that the opening of Libvirt TCP port is controllable, realizes the security of connection;Remotely connection need not input password to libvirt, simplify automatic flow, simultaneously as the manual operation too many without keeper, therefore reduce fault rate.
Description
Technical field
The invention belongs to field of cloud computer technology, more particularly to a kind of connection management method and device.
Background technology
As virtualization technology continues to develop, virtualization advantage also gradually embodies, such as Server Consolidation, faster hard
Part, using simple, flexible snapping technique, this to be virtualized into as important component in many enterprise architectures.In cloud computing
In management software exploitation, many bottom most softwares all select virtualization software storehouse libvirt to carry out Virtual Machine Manager, because
Libvirt can manage multi-platform virtual machine, when carrying out Virtual Machine Manager using libvirt, since it is desired that cross-node management,
Therefore need to establish a libvirt connection.
Existing virtualization software storehouse libvirt connection method has SSH connections to be connected with TCP:
1st, security protocol SSH connections need to input ssh passwords, meet security, but will body in actual production environment
The drawbacks of revealing it, such as dynamic migration of virtual machine, when remotely connecting libvirt, the libvirt no this sound of API connections
Mechanism is answered, can not just be manually entered ssh passwords;
Although the security of virtualization can be greatly reduced, if user by configuring cipher key to solving
Name or password are changed, it is necessary to are safeguarded the key pair between node again, added the complexity of virtualization;
2nd, TCP (Transmission ControlProtocol, transmission control protocol) connections libvirt only need by
Open and can interconnect in libvirt configuration file tcp ports, it is not necessary to password, therefore there is no security protection, security obtains not
To guarantee.
Therefore, there is an urgent need to provide a kind of connection management scheme to solve above-mentioned technical problem.
The content of the invention
The present invention provides a kind of connection management method and device, to solve the above problems.
The embodiment of the present invention provides a kind of connection management method, comprises the following steps:Management node receives first node
Connection request after, send escape way application request to section point;
If escape way application success, the first node is with the virtual software storehouse Libvirt's of the section point
TCP port establishes connection.
The embodiment of the present invention also provides a kind of connection management device, including processor, is adapted for carrying out each instruction;Storage is set
Standby, suitable for storing a plurality of instruction, the instruction is suitable to be loaded and performed by the processor;
After management node receives the connection request of first node, escape way application request is sent to section point;
If escape way application success, the first node is with the virtual software storehouse Libvirt's of the section point
TCP port establishes connection.
Technical scheme provided in an embodiment of the present invention:After management node receives the connection request of first node, to second
Node sends escape way application request;If escape way application success, the void of the first node and the section point
The TCP port for intending software library Libvirt establishes connection.
In above-mentioned technical proposal, pass through escape way management so that the opening of Libvirt TCP port is controllable, realizes
The security of connection;Remotely connection need not input password to libvirt, simplify automatic flow, simultaneously as without keeper too
More manual operations, therefore reduce fault rate.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 show the connection management method flow diagram of the embodiment of the present invention 1;
Fig. 2 show the connection management method flow diagram of the embodiment of the present invention 2;
Fig. 3 show the connection management device structure chart of the embodiment of the present invention 3.
Embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that do not conflicting
In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
Fig. 1 show the connection management method flow diagram of the embodiment of the present invention 1, comprises the following steps:
Step 101:After management node receives the connection request of first node, escape way application is sent to section point
Request;
Further, the escape way application request carries first node information.
Wherein, the first node information includes at least one of:First node title, first node IP address.
Step 102:If escape way application success, the virtual software storehouse of the first node and the section point
Libvirt TCP port establishes connection.
Further, after the escape way application success, the section point opens the peace for the first node
Full tunnel.
Preferably, the TCP port of the virtual software storehouse Libvirt is located in the escape way.
Wherein, the escape way is established by fire wall.
Further, after management node receives the connection request of first node, escape way Shen is sent to section point
Before please asking, in addition to:
By changing Libvirt configuration files, the TCP port of the Libvirt is opened.
Further, the TCP port of the first node and the virtual software storehouse Libvirt of the section point is established
After TCP connections, task processing is carried out;
After task is disposed, the first node disconnects TCP connections;
The management node sends escape way turn-off request to the section point, wherein, the escape way is closed
Request carries the first node information;
The section point closes the escape way opened for the first node.
The embodiment of the present invention solves the TCP secure connections between node, and it is logical that the libvirt ports opened are put into safety
In road, escape way is realized by fire wall iptables rules.
Fig. 2 show the connection management method flow diagram of the embodiment of the present invention 2, comprises the following steps:
Step 201:During deployed environment, libvirt configuration files are changed, libvirt TCP port is opened, it is come into force;
Step 202:Deployment secure passage rule on each node, and the rule is run, the regular function is shielding
Connection of all other node to this node libvirt TCP ports;
Step 203:When 1 connecting node 2 of node, the information that management node carries node 1 sends escape way to node 2
Application request, if escape way application success, node 2 unidirectionally open the libvirt TCP connections to node 1;
Step 204:Node 1 performs task by the virtualization software storehouse libvirt of TCP connecting nodes 2;
Step 205:Node 1 completes task, exits TCP connections, and management node, which carries the information of node 1 and sent to node 2, pacifies
Full tunnel turn-off request, node 2 close the escape way opened to node 1.
By the embodiment of the present invention, long-range TCP secure connections libvirt can be achieved, the method achieve virtualization software
Storehouse libvirt TCP connections, when carrying out the libvirt connections between node, safety certifying method is added, will not eject and carry
Show, without password is inputted again, these operations improve the automation stream of management software on the premise of ensureing to virtualize safety
Journey, the manual operation too many without keeper, fault rate is reduced, while also provided conveniently for later back-stage management.
Fig. 2 show the connection management device structure chart of the embodiment of the present invention 2, including processor, is adapted for carrying out each instruction;
Storage device, suitable for storing a plurality of instruction, the instruction is suitable to be loaded and performed by the processor;
After management node receives the connection request of first node, escape way application request is sent to section point;
If escape way application success, the first node is with the virtual software storehouse Libvirt's of the section point
TCP port establishes connection.
Further, after the escape way application success, the section point opens the peace for the first node
Full tunnel.
Preferably, the TCP port of the virtual software storehouse Libvirt is located in the escape way.
Wherein, the escape way is established by fire wall.
Further, the escape way application request carries first node information.
Further, after management node receives the connection request of first node, escape way Shen is sent to section point
Before please asking, in addition to:
By changing Libvirt configuration files, the TCP port of the Libvirt is opened.
Further, the TCP port of the first node and the virtual software storehouse Libvirt of the section point is established
After TCP connections, task processing is carried out;
After task is disposed, the first node disconnects TCP connections;
The management node sends escape way turn-off request to the section point, wherein, the escape way is closed
Request carries the first node information;
The section point closes the escape way opened for the first node
The embodiment of the present invention makes opening for the TCP port that libvirt monitors by long-range TCP secure connections libvirt methods
Put controllable, increase security;Remotely connection need not input password to libvirt, simplify automatic flow.
Technical scheme provided in an embodiment of the present invention:After management node receives the connection request of first node, to second
Node sends escape way application request;If escape way application success, the void of the first node and the section point
The TCP port for intending software library Libvirt establishes connection.
In above-mentioned technical proposal, pass through escape way management so that the opening of Libvirt TCP port is controllable, realizes
The security of connection;Remotely connection need not input password to libvirt, simplify automatic flow, simultaneously as without keeper too
More manual operations, therefore reduce fault rate.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (14)
- A kind of 1. connection management method, it is characterised in that comprise the following steps:After management node receives the connection request of first node, escape way application request is sent to section point;If escape way application success, the TCP ends of the first node and the virtual software storehouse Libvirt of the section point Mouth establishes connection.
- 2. connection management method according to claim 1, it is characterised in that described after the escape way application success Section point opens the escape way for the first node.
- 3. connection management method according to claim 2, it is characterised in that the TCP ends of the virtual software storehouse Libvirt Mouth is in the escape way.
- 4. according to the connection management method described in claim 1 or 2 or 3, it is characterised in that establish the safety by fire wall Passage.
- 5. connection management method according to claim 1, it is characterised in that escape way application request carries the One nodal information.
- 6. connection management method according to claim 1, it is characterised in that management node receives the connection of first node After request, before sending escape way application request to section point, in addition to:By changing Libvirt configuration files, the TCP port of the Libvirt is opened.
- 7. connection management method according to claim 1, it is characterised in that the first node and the section point After virtual software storehouse Libvirt TCP port establishes TCP connections, task processing is carried out;After task is disposed, the first node disconnects TCP connections;The management node sends escape way turn-off request to the section point, wherein, the escape way turn-off request Carry the first node information;The section point closes the escape way opened for the first node.
- 8. a kind of connection management device, it is characterised in that including processor, be adapted for carrying out each instruction;Storage device, suitable for storage A plurality of instruction, the instruction are suitable to be loaded and performed by the processor;After management node receives the connection request of first node, escape way application request is sent to section point;If escape way application success, the TCP ends of the first node and the virtual software storehouse Libvirt of the section point Mouth establishes connection.
- 9. connection management device according to claim 8, it is characterised in that described after the escape way application success Section point opens the escape way for the first node.
- 10. connection management device according to claim 9, it is characterised in that the TCP of the virtual software storehouse Libvirt Port is located in the escape way.
- 11. according to the connection management method described in claim 8 or 9 or 10, it is characterised in that establish the peace by fire wall Full tunnel.
- 12. connection management device according to claim 8, it is characterised in that the escape way application request carries First node information.
- 13. connection management device according to claim 8, it is characterised in that management node receives the company of first node After connecing request, before sending escape way application request to section point, in addition to:By changing Libvirt configuration files, the TCP port of the Libvirt is opened.
- 14. connection management device according to claim 8, it is characterised in that the first node and the section point Virtual software storehouse Libvirt TCP port establish TCP connections after, carry out task processing;After task is disposed, the first node disconnects TCP connections;The management node sends escape way turn-off request to the section point, wherein, the escape way turn-off request Carry the first node information;The section point closes the escape way opened for the first node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710727039.7A CN107465752B (en) | 2017-08-22 | 2017-08-22 | Connection management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710727039.7A CN107465752B (en) | 2017-08-22 | 2017-08-22 | Connection management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107465752A true CN107465752A (en) | 2017-12-12 |
| CN107465752B CN107465752B (en) | 2021-02-05 |
Family
ID=60549583
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710727039.7A Active CN107465752B (en) | 2017-08-22 | 2017-08-22 | Connection management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107465752B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1578218A (en) * | 2003-06-30 | 2005-02-09 | 微软公司 | Reducing network configuration complexity with transparent virtual private networks |
| CN1802821A (en) * | 2003-08-29 | 2006-07-12 | 诺基亚公司 | Personal remote firewall |
| CN101099332A (en) * | 2004-09-13 | 2008-01-02 | Ut斯达康公司 | Dynamic firewall capabilities for wireless access gateways |
| US20080077788A1 (en) * | 2006-09-26 | 2008-03-27 | Microsoft Corporation | Secure Tunnel Over HTTPS Connection |
| CN101543004A (en) * | 2006-11-20 | 2009-09-23 | 英国电讯有限公司 | Secure network architecture |
| CN103136026A (en) * | 2013-02-22 | 2013-06-05 | 浪潮电子信息产业股份有限公司 | Method for achieving secure shell (ssh) connecting identification of virtualized software library libvirt |
| CN104852949A (en) * | 2014-02-14 | 2015-08-19 | 航天信息股份有限公司 | Cloud storage data management method and system based on hybrid encryption mechanism |
| CN107210956A (en) * | 2015-02-05 | 2017-09-26 | 科里普特佐内北美股份有限公司 | Multiple tunnel Objunctive network adaptor |
-
2017
- 2017-08-22 CN CN201710727039.7A patent/CN107465752B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1578218A (en) * | 2003-06-30 | 2005-02-09 | 微软公司 | Reducing network configuration complexity with transparent virtual private networks |
| CN1802821A (en) * | 2003-08-29 | 2006-07-12 | 诺基亚公司 | Personal remote firewall |
| CN101099332A (en) * | 2004-09-13 | 2008-01-02 | Ut斯达康公司 | Dynamic firewall capabilities for wireless access gateways |
| US20080077788A1 (en) * | 2006-09-26 | 2008-03-27 | Microsoft Corporation | Secure Tunnel Over HTTPS Connection |
| CN101543004A (en) * | 2006-11-20 | 2009-09-23 | 英国电讯有限公司 | Secure network architecture |
| CN103136026A (en) * | 2013-02-22 | 2013-06-05 | 浪潮电子信息产业股份有限公司 | Method for achieving secure shell (ssh) connecting identification of virtualized software library libvirt |
| CN104852949A (en) * | 2014-02-14 | 2015-08-19 | 航天信息股份有限公司 | Cloud storage data management method and system based on hybrid encryption mechanism |
| CN107210956A (en) * | 2015-02-05 | 2017-09-26 | 科里普特佐内北美股份有限公司 | Multiple tunnel Objunctive network adaptor |
Non-Patent Citations (5)
| Title |
|---|
| ALPHA: "在Ubuntu 12.04上利用IP Tables来设置防火墙", 《BLOGJAVA》 * |
| SKYADM: "Windows Server2008屏蔽IP之防火墙篇", 《空桥-博客-WINDOWS》 * |
| 战神归来: "linux防火墙开放端口,针对固定ip开放端口", 《术之多》 * |
| 杨川: "基于oVirt云平台的防火墙系统设计与实现", 《中国优秀硕士学位论文全文数据库》 * |
| 贺静: "虚拟化数据中心服务资源性能监测系统研究", 《中国优秀硕士学位论文全文数据库》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107465752B (en) | 2021-02-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9973511B2 (en) | Method and system for enabling access of a client device to a remote desktop | |
| US10554646B2 (en) | Providing domain-joined remote applications in a cloud environment | |
| KR101824980B1 (en) | Secure client drive mapping and file storage system for mobile device management type security | |
| KR101738400B1 (en) | Mobile device locking with context | |
| US11755349B2 (en) | Secure digital workspace using machine learning and microsegmentation | |
| US9843560B2 (en) | Automatically validating enterprise firewall rules and provisioning firewall rules in computer systems | |
| US20130132856A1 (en) | Systems and Methods for Gesture Interaction with Cloud-Based Applications | |
| US10735525B2 (en) | System, method and computer program product for network function modification | |
| EP3428825A1 (en) | Securely operating remote cloud-based applications | |
| US20130138810A1 (en) | Systems and Methods for Workspace Interaction with Cloud-Based Applications | |
| US10942729B2 (en) | Upgrade of firmware in an interface hardware of a device in association with the upgrade of driver software for the device | |
| US10901725B2 (en) | Upgrade of port firmware and driver software for a target device | |
| US20180176255A1 (en) | Native tag-based configuration for workloads in a virtual computing environment | |
| JP2022511020A (en) | Real-time concealment of digital content | |
| US10812463B2 (en) | Secure access to an enterprise computing environment | |
| US11374792B2 (en) | Techniques for utilizing multiple network interfaces for a cloud shell | |
| EP4201029A1 (en) | Security zone policy enforcement in a cloud infrastructure system | |
| US20220038543A1 (en) | Computer system providing context-based software as a service (saas) application session switching and related methods | |
| CN107465752A (en) | A kind of connection management method and device | |
| CN106130969B (en) | A kind of method of controlling security and system of system for cloud computing | |
| US11350319B2 (en) | Optimized quality of service enforcement for handover between different radio access types | |
| CN106412114A (en) | SDN based load balancing method and system | |
| US9032196B1 (en) | Management of components in a hosting architecture | |
| US9032197B1 (en) | Management of components in a hosting architecture | |
| US20240007465A1 (en) | Controlling access to components of a software-defined data center in a hybrid environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210108 Address after: Building 9, No.1, guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Wuzhong District, Suzhou City, Jiangsu Province Applicant after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd. Address before: Room 1601, floor 16, 278 Xinyi Road, Zhengdong New District, Zhengzhou City, Henan Province Applicant before: ZHENGZHOU YUNHAI INFORMATION TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |