CN107580065B - A kind of private clound cut-in method and equipment - Google Patents
A kind of private clound cut-in method and equipment Download PDFInfo
- Publication number
- CN107580065B CN107580065B CN201710840882.6A CN201710840882A CN107580065B CN 107580065 B CN107580065 B CN 107580065B CN 201710840882 A CN201710840882 A CN 201710840882A CN 107580065 B CN107580065 B CN 107580065B
- Authority
- CN
- China
- Prior art keywords
- cloud
- access terminal
- cloud access
- terminal device
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000005641 tunneling Effects 0.000 claims abstract description 29
- 230000005540 biological transmission Effects 0.000 claims description 6
- 239000011800 void material Substances 0.000 claims description 4
- 238000004891 communication Methods 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000011144 upstream manufacturing Methods 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Abstract
A kind of private clound cut-in method and equipment, are related to field of communication technology, and method provided by the embodiments of the present application can simplify the configuration management of privately owned cloud access, solve the problems, such as that configuration work amount is big when accessing privately owned cloud resource in the prior art, it is long to open the period.This method comprises: control layout platform obtains the ordering information of user;It controls layout platform and cloud resource configuration information is generated according to ordering information, and cloud resource configuration information is sent to cloud resource data center;According to the cloud resource that cloud resource configuration information is that user distributes corresponding private clound, the routing established between the cloud host in the cloud resource of cloud access virtual gateway and private clound is directed toward for cloud resource data center;Control layout platform authenticates the cloud access terminal device, and cloud access terminal equipment configuration information is sent to cloud access terminal device;Establish the Virtual Private Network vpn tunneling between cloud access terminal device and cloud access virtual gateway.
Description
Technical field
This application involves field of communication technology more particularly to a kind of private clound cut-in methods, equipment.
Background technique
With the proposition of the concepts such as " internet+", " industry 4.0 ", cloud service obtains more widely available application, a large amount of enterprises
Buy the cloud service product of operator or IT vendor.In traditional cloud resource cut-in method, user, which needs first to buy cloud service, to be mentioned
For the cloud resource of quotient, pass through internet access public cloud.Enterprise customer can also by open using only oneself be able to access that,
Other people sightless privately owned cloud services.
When opening private clound business, in the prior art it is generally necessary to technical staff's configuration access in Internet resources respectively
The Internet resources (private leased circuit service) of private clound and privately owned cloud resource is configured in the cloud resource of data center, and then keep user logical
Cross the cloud host of corresponding privately owned cloud resource in specific network resource accession data center.Inventor has found in the prior art extremely
There is following technical problem less: being accessed in traditional cut-in method using the mode that cloud resource and Internet resources is respectively configured privately owned
Cloud resource, configuration work amount is big, it is long to open the period.And it is existing no matter troubleshooting or service fulfillment are frequently necessary to technical staff
Field processing, it is therefore desirable to which enterprise itself has the high expense of more high-quality technical staff or payment to realize private clound
Method.
Summary of the invention
Embodiments herein provides a kind of private clound cut-in method and equipment, can be in the access service of private clound
Internet resources and privately owned cloud resource carry out centralized management control, realize automatically configuring and quickly opening for private clound cloud resource access
It is logical.
In order to achieve the above objectives, embodiments herein adopts the following technical scheme that
In a first aspect, the embodiment of the present application provides a kind of private clound cut-in method, comprising: control layout platform, which obtains, to be used
The ordering information at family;It controls layout platform and cloud resource configuration information is generated according to ordering information, and cloud resource configuration information is sent out
It send to cloud resource data center;Cloud resource data center distributes corresponding private clound according to cloud resource configuration information, for user
Cloud resource, and cloud access virtual gateway is established in the cloud resource of private clound, pass through the corresponding virtual road of the cloud resource of private clound
The routing established between the cloud host in the cloud resource of cloud access virtual gateway and private clound by device vRouter is directed toward;Control is compiled
Row's platform authenticates cloud access terminal device according to ordering information, and generates cloud access terminal equipment configuration information, by cloud
Access terminal equipment configuration information is sent to cloud access terminal device;Cloud access terminal device is according to cloud access terminal equipment configuration
Information establishes the Virtual Private Network vpn tunneling between cloud access terminal device and cloud access virtual gateway;Cloud access terminal is set
It is ready for use on and provides the physical channel of access private clound for user, cloud access terminal device belongs to any enterprise branch.This Shen
Please embodiment provide privately owned cloud access method, pass through the ordering information by control layout platform according to user, unified distribution
The cloud resource of private clound and the Internet resources established between user and the cloud resource of private clound establish cloud access terminal device
Virtual Private Network vpn tunneling between cloud access virtual gateway, and then realize automatically configuring and fastly for cloud resource access
Speed is open-minded, improves the efficiency for opening private clound business.Meanwhile the application is connect using cloud access terminal device to provide for user
Enter to access the physical channel of private clound.Thus when user needs to access private clound, as long as cloud access terminal device is accessed net
Network, so that it may which the physical channel provided by cloud access terminal device accesses the cloud resource of private clound.
In the first possible design, with reference to first aspect, cloud access virtual net is established in the cloud resource of private clound
It closes, comprising: the mirror image of cloud access virtual gateway is sent to cloud resource data center, cloud resource data center by control layout platform
The mirror image that cloud access virtual gateway is installed in the cloud resource of private clound, establishes cloud access virtual gateway.
In second of possible design, with reference to first aspect, in control layout platform according to ordering information to cloud access
Before terminal device is authenticated, this method further include: after cloud access terminal equipment access network, cloud access terminal device to
Dynamic host configuration protocol DHCP server sends address acquisition request, and Dynamic Host Configuration Protocol server is cloud access according to address acquisition request
Terminal device distributes interconnection agreement IP address between network, while the uniform resource position mark URL for controlling layout platform being sent
To cloud access terminal device;Cloud access terminal device parses the address of control layout platform by domain name system DNS, establishes cloud and connects
Enter terminal device and control the connection of layout platform, and sends authentication information to control layout platform.
In the third possible design, with reference to first aspect, in control layout platform according to ordering information to cloud access
After terminal device is authenticated, cloud resource data center passes through vRouter again and establishes cloud access virtual gateway and private clound
Routing between cloud host in cloud resource is directed toward.In the design, it is contemplated that if going forward side by side in cloud access terminal equipment access network
Routing between cloud access virtual gateway and cloud host is established before row certification to be directed toward, then it can be because of there is no cloud access terminal device
Need to access the cloud host in private clound, so that the routing between the cloud access virtual gateway having had built up and cloud host be made to refer to
To nonsensical, waste operation, storage resource.
Second aspect, the application provide a kind of control layout platform, comprising: module are obtained, for obtaining the order of user
Information;Processing module, for generating cloud resource configuration information according to ordering information after obtaining module and obtaining ordering information;Hair
Module is sent, the cloud resource configuration information for generating processing module is sent to cloud resource data center;So that cloud resource number
According to center according to cloud resource configuration information, the cloud resource of corresponding private clound is distributed for user, and is built in the cloud resource of private clound
Vertical cloud access virtual gateway, establishes cloud access virtual gateway by the corresponding virtual router vRouter of the cloud resource of private clound
Routing between the cloud host in the cloud resource of private clound is directed toward;Authentication module, for obtaining module acquisition ordering information
Afterwards, cloud access terminal device is authenticated;Processing module is also used to authenticate cloud access terminal device in authentication module
Later, cloud access terminal equipment configuration information is generated;Sending module is also used to generate cloud access terminal device in processing module and match
After confidence breath, cloud access terminal equipment configuration information is sent to cloud access terminal device, so that cloud access terminal device root
According to cloud access terminal equipment configuration information, the Virtual Private Network between cloud access terminal device and cloud access virtual gateway is established
Vpn tunneling;Cloud access terminal device is used to provide the physical channel of access private clound for an enterprise branch.Send mould
Block is also used to the mirror image of cloud access virtual gateway being sent to cloud resource data center;So that cloud resource data center is in private
There is the mirror image for installing cloud access virtual gateway in the cloud resource of cloud, establishes cloud access virtual gateway.Based on the same inventive concept, by
The principle and beneficial effect solved the problems, such as in the control layout platform may refer to each of above-mentioned first aspect and first aspect
Possible method implementation and brought beneficial effect, therefore the implementation of the control layout platform may refer to above-mentioned
On the one hand with the embodiment of each possible method of first aspect, overlaps will not be repeated.
The third aspect, this application provides a kind of cloud access terminal devices, comprising: sending module is used for control layout
Platform sends authentication information;Receiving module, for receiving control after sending module sends authentication information to control layout platform
The cloud access terminal equipment configuration information that layout platform is sent;Link block, for receiving control layout platform in receiving module
After the cloud access terminal equipment configuration information of transmission, the cloud access in the cloud resource of cloud access terminal device and private clound is established
Virtual Private Network vpn tunneling between virtual gateway.Cloud access terminal device provided by the embodiments of the present application can access
Authentication information is sent to control layout platform after network.And according to control layout platform to being sent out after cloud access terminal device authentication
The cloud access terminal equipment configuration information sent, automatically between the cloud access virtual gateway in the cloud resource of foundation and private clound
Virtual Private Network vpn tunneling, so that cloud access terminal device be allow to access private clound by the vpn tunneling.And then it realizes
Private clound resource is accessed by the cloud access terminal of plug and play, and user is allow more easily to access private clound money
Source.
Fourth aspect, the embodiment of the present application provide a kind of cloud resource data center, comprising: receiving module, for receiving control
The cloud resource configuration information that layout platform processed is sent;Processing module, for receiving what control layout platform was sent in receiving module
After cloud resource configuration information, the cloud resource of corresponding private clound is distributed for user, and is established cloud in the cloud resource of private clound and connect
Enter virtual gateway, by the corresponding virtual router vRouter of the cloud resource of private clound establish cloud access virtual gateway with it is privately owned
Routing between cloud host in the cloud resource of cloud is directed toward;Processing module is also used to establish cloud access terminal device and cloud access is empty
Virtual Private Network vpn tunneling between quasi- gateway.
5th aspect, the embodiment of the present application provide a kind of cloud access virtual gateway, comprising: resource link block is used for
Cloud resource data center receives the cloud resource configuration information that control layout platform is sent and distributes corresponding private clound for user
After cloud resource, cloud access virtual gateway and private clound are established by the corresponding virtual router vRouter of the cloud resource of private clound
Cloud resource in cloud host between routing be directed toward;Tunnel termination block is used in the control layout platform to cloud access
After terminal is authenticated, the Virtual Private Network vpn tunneling between cloud access virtual gateway and cloud access terminal device is established.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described.
Fig. 1 is a kind of structural schematic diagram for network system that embodiments herein provides;
Fig. 2 is a kind of flow diagram of the method for privately owned cloud access that embodiments herein provides;
Fig. 3 is a kind of structural schematic diagram for control layout platform that embodiments herein provides;
Fig. 4 is a kind of structural schematic diagram for cloud access terminal device that embodiments herein provides;
Fig. 5 is a kind of structural schematic diagram for cloud resource data center that embodiments herein provides;
Fig. 6 is a kind of structural schematic diagram for cloud access virtual gateway that embodiments herein provides.
Specific embodiment
With reference to the accompanying drawing, embodiments herein is described.Embodiments herein is applied to provide for user
In the scene of privately owned cloud service.
As shown in Figure 1, being a kind of structural schematic diagram of network system provided by the embodiments of the present application.It is wrapped in the network system
It includes cloud resource data center, control layout platform, internet, cloud access terminal device and is accessed by cloud access terminal device
The user branch of private clound.Wherein, a user may include multiple user branches (the user branch -1 of party A-subscriber and A in such as figure
The user branch -2 of user), it may include multiple user equipmenies in a user branch.May include in cloud resource data center
Have the private clound of multiple and different users cloud resource (such as figure medium cloud resource data center include the privately owned cloud resource of party A-subscriber with
And the privately owned cloud resource of party B-subscriber).It is mentioned in the cloud resource of each private clound including corresponding virtual router vRouter, for user
Cloud host for cloud service and the cloud access virtual gateway for connecting user equipment.Wherein, vRouter respectively with interconnection
Net, cloud access virtual gateway, the connection of cloud host.Control layout platform respectively with cloud access terminal device, cloud resource data center
Connection.The corresponding cloud access terminal device of each user branch is connected through the internet to virtual in corresponding user's private clound
Router vRouter.
Specifically, user equipment first passes through cloud access terminal device and cloud access virtual net when user accesses private clound
Virtual Private Network vpn tunneling between pass encapsulates data as vpn tunneling data packet and is transmitted to the cloud access in private clound
Virtual gateway.Cloud access virtual gateway will decapsulate vpn tunneling data packet, and the data after decapsulation are passed through
The routing direction that vRouter is established forwards the data to corresponding cloud host.Conversely, the road that cloud host is established by vRouter
By being directed toward, the data transmitted will be needed to be sent to cloud access virtual gateway.Cloud access virtual gateway is encapsulated data again as VPN tunnel
Track data packet, and vpn tunneling data packet is sent to by cloud access terminal device by vpn tunneling, cloud access terminal device is to VPN
Tunneling data packet forwards the data to corresponding user equipment after being decapsulated again.And then realize user equipment access private clound
Process.
Based on above-mentioned network architecture, the embodiment of the present application provides a kind of method of privately owned cloud access, referring to Fig. 2 institute
Show, comprising the following steps:
S101, control layout platform obtain the ordering information of user.
Specifically, the ordering information that control layout platform can be directly transmitted by receiving user by client device,
The ordering information of user can also be obtained by special service order system by controlling layout platform.
Layout platform is controlled after the ordering information for obtaining user, cloud access terminal device can be generated according to ordering information
Configuration template, the configuration template in the steps afterwards to cloud access terminal device carry out certification and to cloud access terminal
Equipment carries out configuration upstream and downstream bandwidth, opening network address conversion nat feature etc..
S102, control layout platform generate cloud resource configuration information according to ordering information, and cloud resource configuration information is sent out
It send to cloud resource data center.
S103, cloud resource data center distribute the cloud resource of corresponding private clound for user according to cloud resource configuration information.
Wherein, cloud resource data center can generate the cloud resource for opening private clound after receiving cloud resource configuration information
Life cycle and complete the initial configuration of vRouter, the cloud resource of corresponding private clound is distributed for user.
S104, cloud access virtual gateway is established in the cloud resource of private clound.
After distributing private clound cloud resource for user, cloud access virtual gateway vCPE is established in private clound cloud resource.
Specifically, the mirror image of cloud access virtual gateway vCPE can be sent to cloud resource data center, cloud by control layout platform
The mirror image of cloud access virtual gateway is installed at resource data center in the cloud resource of private clound, establishes cloud access virtual gateway
vCPE。
S105, cloud access virtual gateway and private are established by the corresponding virtual router vRouter of cloud resource of private clound
There is the routing between the cloud host in the cloud resource of cloud to be directed toward.
Specifically, vRouter is according to cloud access virtual gateway and private clound after establishing cloud access virtual gateway vCPE
In each cloud host address, establish routing between cloud access virtual gateway and each cloud host and be directed toward.
S106, cloud access terminal device send certification request to control layout platform.
Cloud access terminal device is used to provide the physical channel of access private clound for user, illustratively as shown in Figure 1, one
A user can have multiple user branches, and each user branch can access the user's by corresponding cloud access terminal device
The cloud resource of private clound.
Specifically, cloud access terminal device is main from trend dynamic in cloud access terminal device after powering on and accessing network
Machine configuration protocol DHCP server sends address acquisition request, and Dynamic Host Configuration Protocol server is that cloud access terminal is set according to address acquisition request
Back-up matches IP address, and the uniform resource position mark URL of the control layout platform is sent to the cloud access terminal device;
Cloud access terminal device parses the address of control layout platform by domain name system DNS, establishes cloud access terminal device and control
The connection of layout platform.Cloud access terminal device sends certification request to control layout platform later.
After S107, control layout platform receive certification request, cloud access terminal device is recognized according to ordering information
Card, and cloud access terminal equipment configuration information is generated, cloud access terminal equipment configuration information is sent to cloud access terminal device.
Wherein, control layout platform, can be by the cloud access that is generated according to ordering information after receiving certification request
The configuration template of terminal device authenticates cloud access terminal device.After to cloud access terminal device authentication, to cloud access
Terminal device cloud access terminal equipment configuration information.
It should be noted that can be authenticated in control layout platform to cloud access terminal device in the embodiment of the present application
Afterwards, it then executes step S105 the cloud access is established by the corresponding virtual router vRouter of cloud resource of the private clound
Routing between cloud host in the cloud resource of virtual gateway and the private clound is directed toward.To avoid because whole without cloud access
End equipment needs to access the cloud host in private clound, to make between the cloud access virtual gateway having had built up and cloud host
The problem of routing direction is nonsensical, wastes operation, storage resource.
S108, cloud access terminal device establish cloud access terminal device and cloud according to cloud access terminal equipment configuration information
Virtual Private Network vpn tunneling between access of virtual gateway.
Exemplary, cloud access terminal device is after receiving cloud access terminal equipment configuration information, according to cloud access end
End equipment configuration information first carries out initial configuration to cloud access terminal device, and the physics that user branch access private clound is arranged is logical
Upstream and downstream bandwidth, the opening network address conversion nat feature in road etc..After carrying out initial configuration to cloud access terminal device, benefit
With the IP address of the cloud access virtual gateway carried in cloud access terminal equipment configuration information, cloud access terminal device and cloud are established
Virtual Private Network vpn tunneling between access of virtual gateway.
Wherein, the Virtual Private Network vpn tunneling between cloud access terminal device and cloud access virtual gateway is established, specifically
It include: VxLAN (the Virtual Extensible Local established between cloud access terminal device and cloud access virtual gateway
Area Network, empty like extension local area network) tunnel.
In addition, in the embodiment of the present application, by establishing cloud access virtual gateway in private clound, and by cloud access virtual net
Close the terminating node as vpn tunneling.So as in a user there are in the case where multiple user branches, by will be each
The cloud access terminal device and cloud access virtual gateway of user branch establish vpn tunneling, to provide multiple users point for user
The cloud access service of branch.
The method of privately owned cloud access provided by the embodiments of the present application passes through the esteemed favor by control layout platform according to user
Breath, distributes the cloud resource of private clound unitedly and establishes the Internet resources between user and the cloud resource of private clound, and then realizes
Cloud resource access automatically configure and it is quickly open-minded, improve the efficiency for opening private clound business.Meanwhile the embodiment of the present application
It is middle to provide the physical channel of access private clound using cloud access terminal device for user.To need to access private as user
When having cloud, as long as control layout platform will authenticate cloud access terminal device by cloud access terminal equipment access network
And cloud access terminal device is connected in private clound.And then realize the object provided by the cloud access terminal device of plug and play
Manage the cloud resource of channel access private clound.
The embodiment of the present application provides a kind of control layout platform, the method for executing above-mentioned privately owned cloud access.Fig. 3 shows
A kind of possible structural schematic diagram of related control layout platform is gone out.Specifically, the control layout platform 10 includes:
Obtain module 101, processing module 102, sending module 103, authentication module 104, receiving module 105.Wherein,
Module 101 is obtained, for obtaining the ordering information of user.
Processing module 102, for generating cloud money according to ordering information after obtaining module 101 and obtaining the ordering information
Source configuration information.
Sending module 103, the cloud resource configuration information for generating processing module 102 are sent in cloud resource data
The heart;So that cloud resource data center distributes the cloud resource of corresponding private clound for user according to cloud resource configuration information, and in private
Have and establish cloud access virtual gateway in the cloud resource of cloud, is built by the corresponding virtual router vRouter of the cloud resource of private clound
The routing between cloud host in the cloud resource of vertical cloud access virtual gateway and private clound is directed toward.
Receiving module 105, for receiving the certification request of cloud access terminal device transmission.
Authentication module 104, for after the certification request that receiving module 105 receives the transmission of cloud access terminal, according to obtaining
The ordering information that modulus block obtains, authenticates cloud access terminal device.
Processing module 102 is also used to after authentication module 104 authenticates cloud access terminal device, is generated cloud and is connect
Enter terminal equipment configuration information.
Sending module 103 is also used to after processing module 102 generates cloud access terminal equipment configuration information, by cloud access
Terminal equipment configuration information is sent to cloud access terminal device, so that cloud access terminal device is matched according to cloud access terminal device
Confidence breath, establishes the Virtual Private Network vpn tunneling between cloud access terminal device and cloud access virtual gateway;Cloud access terminal
Equipment is used to provide the physical channel of access private clound for an enterprise branch.
Optionally, sending module 103 are also used to the mirror image of cloud access virtual gateway being sent to cloud resource data center;
So that the mirror image of cloud access virtual gateway is installed in the cloud resource of private clound by cloud resource data center, it is virtual to establish cloud access
Gateway.
The embodiment of the present application provides a kind of cloud access terminal device, the method for executing above-mentioned privately owned cloud access.Fig. 4
A kind of possible structural schematic diagram of cloud access terminal device involved in showing.Specifically, the cloud access terminal device
20 include: sending module 201, receiving module 202, link block 203.Wherein,
Sending module 201, for sending authentication information to control layout platform.
Receiving module 202, for receiving control and compiling after sending module 201 sends authentication information to control layout platform
Arrange the cloud access terminal equipment configuration information that platform is sent.
Link block 203, for receiving the cloud access terminal equipment configuration that control layout platform is sent in receiving module 202
After information, the Virtual Private Network between the cloud access virtual gateway in the cloud resource of cloud access terminal device and private clound is established
Network vpn tunneling.
In a kind of achievable mode, sending module 201 is also used to send out to dynamic host configuration protocol DHCP server
Address acquisition request is sent, so that Dynamic Host Configuration Protocol server is that cloud access terminal device distributes between network mutually according to address acquisition request
Even Protocol IP address, and the uniform resource position mark URL for controlling layout platform is sent to cloud access terminal device.Receive mould
Block 202 is also used to after sending module 201 sends address acquisition request, receives the control layout platform that Dynamic Host Configuration Protocol server is sent
URL.Sending module 201 is also used to after the URL that receiving module 202 receives the control layout platform that Dynamic Host Configuration Protocol server is sent,
Behind the address for parsing control layout platform by domain name system DNS, authentication information is sent to control layout platform.
The embodiment of the present application provides a kind of cloud resource data center, the method for executing above-mentioned privately owned cloud access.Fig. 5
A kind of possible structural schematic diagram of cloud resource data center involved in showing.Specifically, the cloud resource data center
30 include: receiving module 301, processing module 302.Wherein,
Receiving module 301, the cloud resource configuration information sent for receiving control layout platform;
Processing module 302, for receiving module 301 receive control layout platform send cloud resource configuration information it
Afterwards, the cloud resource of corresponding private clound is distributed for user, and establishes cloud access virtual gateway in the cloud resource of private clound, passes through private
There is the corresponding virtual router vRouter of the cloud resource of cloud to establish the cloud master in the cloud resource of cloud access virtual gateway and private clound
Routing between machine is directed toward;
Processing module 302 is also used to establish the Virtual Private Network between cloud access terminal device and cloud access virtual gateway
Network vpn tunneling.
The embodiment of the present application provides a kind of cloud access virtual gateway, the method for executing above-mentioned privately owned cloud access.Fig. 6
A kind of possible structural schematic diagram of cloud access virtual gateway involved in showing.Specifically, the cloud access virtual gateway
40 include: resource link block 401, tunnel termination block 402.Wherein,
Resource link block 401, for receiving the cloud resource configuration that control layout platform is sent in cloud resource data center
Information and after distributing the cloud resource of corresponding private clound for user, passes through the corresponding virtual router of the cloud resource of private clound
VRouter establishes the direction of the routing between the cloud host in the cloud resource of cloud access virtual gateway and private clound.
Tunnel termination block 402, for establishing cloud access void after control layout platform authenticates cloud access terminal
Virtual Private Network vpn tunneling between quasi- gateway and cloud access terminal device.
It should be noted that the control layout platform, cloud access terminal device, the cloud resource number that are provided in the embodiment of the present application
According to corresponding to each unit in center, cloud access virtual gateway other it is corresponding describe, can be with reference to Fig. 1-Fig. 2 and above right
The correspondence description content of Fig. 1-Fig. 2, details are not described herein.In addition, above-mentioned integrated module both can take the form of hardware reality
It is existing, it can also be realized in the form of software function module.It should be noted that being to the division of module in the embodiment of the present application
Schematically, only a kind of logical function partition, there may be another division manner in actual implementation.For example, can correspond to
Two or more functions can also be integrated in a processing module by each each functional module of function division.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.
Claims (10)
1. a kind of private clound cut-in method characterized by comprising
Control the ordering information that layout platform obtains user;
The control layout platform generates cloud resource configuration information according to the ordering information, and by the cloud resource configuration information
It is sent to cloud resource data center;
The cloud resource data center distributes the cloud money of corresponding private clound for the user according to the cloud resource configuration information
Source, and cloud access virtual gateway is established in the cloud resource of the private clound, pass through the corresponding void of the cloud resource of the private clound
Quasi- router vRouter establishes the routing between the cloud host in the cloud resource of the cloud access virtual gateway and the private clound
It is directed toward;
Cloud access terminal device sends certification request to the control layout platform;The control layout platform is recognized described in receiving
After card request, the cloud access terminal device is authenticated according to the ordering information, and generate cloud access terminal device and match
Confidence breath, is sent to the cloud access terminal device for the cloud access terminal equipment configuration information;The cloud access terminal is set
It is standby according to the cloud access terminal equipment configuration information, establish the cloud access terminal device and the cloud access virtual gateway it
Between Virtual Private Network vpn tunneling;The cloud access terminal device is used to provide access private clound for the user
Physical channel, the cloud access terminal device belong to any enterprise branch.
2. method according to claim 1, which is characterized in that described to establish cloud access void in the cloud resource of the private clound
Quasi- gateway, comprising:
The mirror image of the cloud access virtual gateway is sent to the cloud resource data center, the cloud by the control layout platform
The mirror image of the cloud access virtual gateway is installed at resource data center in the cloud resource of the private clound, establishes the cloud access
Virtual gateway.
3. method according to claim 1, which is characterized in that the control layout platform is according to the ordering information to described
Before cloud access terminal device is authenticated, which comprises
After the cloud access terminal equipment access network, the cloud access terminal device takes to dynamic host configuration protocol DHCP
Business device sends address acquisition request, and the Dynamic Host Configuration Protocol server is the cloud access terminal device point according to the address acquisition request
Interconnection agreement IP address between distribution network, and the uniform resource position mark URL of the control layout platform is sent to the cloud
Access terminal equipment;The cloud access terminal device parses the address of the control layout platform by domain name system DNS, establishes
The connection of the cloud access terminal device and the control layout platform, and certification request is sent to the control layout platform.
4. method according to claim 1 characterized by comprising
After the control layout platform authenticates cloud access terminal device according to the ordering information, the cloud resource
Data center established by the vRouter cloud host in the cloud resource of the cloud access virtual gateway and the private clound it
Between routing be directed toward.
5. a kind of control layout platform characterized by comprising
Module is obtained, for obtaining the ordering information of user;
Processing module, for generating cloud resource according to the ordering information after the acquisition module obtains the ordering information
Configuration information;
Sending module, the cloud resource configuration information for generating the processing module are sent to cloud resource data center;
So that the cloud resource data center distributes the cloud money of corresponding private clound for the user according to the cloud resource configuration information
Source, and cloud access virtual gateway is established in the cloud resource of the private clound, pass through the corresponding void of the cloud resource of the private clound
Quasi- router vRouter establishes the routing between the cloud host in the cloud resource of the cloud access virtual gateway and the private clound
It is directed toward;
Receiving module, for receiving the certification request of cloud access terminal device transmission;
Authentication module, for the receiving module receive cloud access terminal device transmission certification request after, according to described
The ordering information that module obtains is obtained, cloud access terminal device is authenticated;
The processing module is also used to after the authentication module authenticates the cloud access terminal device, generates institute
State cloud access terminal equipment configuration information;
The sending module is also used to after the processing module generates the cloud access terminal equipment configuration information, will be described
Cloud access terminal equipment configuration information is sent to the cloud access terminal device, so that the cloud access terminal device is according to institute
Cloud access terminal equipment configuration information is stated, is established virtual between the cloud access terminal device and the cloud access virtual gateway
Dedicated network vpn tunneling;The cloud access terminal device is used to provide the physics of access private clound for an enterprise branch
Channel.
6. controlling layout platform according to claim 5 characterized by comprising
The sending module is also used to the mirror image of the cloud access virtual gateway being sent to cloud resource data center;So that
The mirror image of the cloud access virtual gateway is installed in the cloud resource of the private clound by the cloud resource data center, described in foundation
Cloud access virtual gateway.
7. a kind of cloud access terminal device characterized by comprising
Sending module, for sending authentication information to control layout platform;
Receiving module is used for after the sending module sends the authentication information to the control layout platform, described in reception
Control the cloud access terminal equipment configuration information that layout platform is sent;
Link block is matched for receiving the cloud access terminal device that the control layout platform is sent in the receiving module
After confidence breath, establish virtual between the cloud access virtual gateway in the cloud resource of the cloud access terminal device and private clound
Dedicated network vpn tunneling.
8. cloud access terminal device according to claim 7 characterized by comprising
The sending module is also used to send address acquisition request to dynamic host configuration protocol DHCP server, so that institute
It is that the cloud access terminal device distributes interconnection agreement IP between network that Dynamic Host Configuration Protocol server, which is stated, according to the address acquisition request
Location, and the uniform resource position mark URL of the control layout platform is sent to the cloud access terminal device;
The receiving module is also used to after sending module sends the address acquisition request, receives the Dynamic Host Configuration Protocol server hair
The URL of the control layout platform sent;
The sending module is also used to receive the control layout platform that the Dynamic Host Configuration Protocol server is sent in receiving module
After URL, behind the address for parsing the control layout platform by domain name system DNS, recognize to control layout platform transmission
Demonstrate,prove information.
9. a kind of cloud resource data center characterized by comprising
Receiving module, the cloud resource configuration information sent for receiving control layout platform;
Processing module, for the receiving module receive it is described control layout platform send the cloud resource configuration information it
Afterwards, the cloud resource of corresponding private clound is distributed for user, and establishes cloud access virtual gateway in the cloud resource of the private clound, is led to
The corresponding virtual router vRouter of cloud resource for crossing the private clound establishes the cloud access virtual gateway and the private clound
Cloud resource in cloud host between routing be directed toward;
The processing module is also used to establish the Virtual Private Network between cloud access terminal device and the cloud access virtual gateway
Network vpn tunneling.
10. a kind of cloud access virtual gateway characterized by comprising
Resource link block, for receiving the cloud resource configuration information that control layout platform is sent in cloud resource data center and being
After user distributes the cloud resource of corresponding private clound, pass through the corresponding virtual router vRouter of the cloud resource of the private clound
The routing established between the cloud host in the cloud resource of the cloud access virtual gateway and the private clound is directed toward;
Tunnel termination block, for establishing the cloud after the control layout platform authenticates cloud access terminal device
Virtual Private Network vpn tunneling between access of virtual gateway and cloud access terminal device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710840882.6A CN107580065B (en) | 2017-09-15 | 2017-09-15 | A kind of private clound cut-in method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710840882.6A CN107580065B (en) | 2017-09-15 | 2017-09-15 | A kind of private clound cut-in method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107580065A CN107580065A (en) | 2018-01-12 |
| CN107580065B true CN107580065B (en) | 2019-06-14 |
Family
ID=61036378
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710840882.6A Active CN107580065B (en) | 2017-09-15 | 2017-09-15 | A kind of private clound cut-in method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107580065B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3750283B1 (en) | 2018-02-20 | 2023-10-04 | Huawei Technologies Co., Ltd. | Stitching enterprise virtual private networks (vpns) with cloud virtual private clouds (vpcs) |
| CN108494894A (en) * | 2018-03-27 | 2018-09-04 | 快云信息科技有限公司 | A kind of privately owned cloud cluster access system and cut-in method |
| CN109120444B (en) * | 2018-08-21 | 2021-06-29 | 陆明 | Cloud resource management method, processor and storage medium |
| CN109218099A (en) * | 2018-09-20 | 2019-01-15 | 犀思云(苏州)云计算有限公司 | A kind of cloud exchange network platform based on SDN/NFV |
| CN111031528B (en) * | 2018-10-10 | 2022-05-10 | 中国移动通信有限公司研究院 | Connection establishment method and device for private network |
| CN109104442A (en) * | 2018-10-25 | 2018-12-28 | 南京燚麒智能科技有限公司 | A kind of method and system having secure access to cloud storage data |
| CN109361555A (en) * | 2018-12-03 | 2019-02-19 | 中国联合网络通信集团有限公司 | The method and apparatus that cloud network service is opened |
| CN109617906B (en) * | 2019-01-03 | 2020-12-29 | 中国联合网络通信集团有限公司 | Access method and device of hybrid cloud |
| CN109587290B (en) * | 2019-01-04 | 2022-06-28 | 平安科技(深圳)有限公司 | Domain name resolution method and related device |
| CN109561171B (en) * | 2019-01-22 | 2021-11-16 | 北京百度网讯科技有限公司 | Configuration method and device of virtual private cloud service |
| CN110225127A (en) * | 2019-06-14 | 2019-09-10 | 北京首都在线科技股份有限公司 | Resource allocation methods and device and Network Management System with it |
| CN112751694A (en) * | 2019-10-30 | 2021-05-04 | 北京金山云网络技术有限公司 | Management method and device of exclusive host and electronic equipment |
| CN111343070B (en) * | 2020-03-03 | 2021-07-09 | 深圳市吉祥腾达科技有限公司 | Communication control method for sdwan network |
| CN113709194B (en) * | 2020-05-20 | 2023-07-14 | 中国移动通信集团浙江有限公司 | Cloud resource access method, device, system and computing equipment |
| CN112104490B (en) * | 2020-09-03 | 2022-10-21 | 杭州安恒信息安全技术有限公司 | Network communication method and device based on cloud server and electronic device |
| CN113395220B (en) * | 2021-06-10 | 2022-12-27 | 中国建设银行股份有限公司 | Network resource allocation method and device and electronic equipment |
| CN113645271B (en) * | 2021-06-30 | 2023-11-07 | 济南浪潮数据技术有限公司 | Resource expansion device and method |
| CN113783741B (en) * | 2021-11-10 | 2022-03-11 | 云丁网络技术(北京)有限公司 | Method, device, server, gateway equipment and system for configuring gateway equipment |
| CN114401188A (en) * | 2022-01-18 | 2022-04-26 | 中国联合网络通信集团有限公司 | Method for changing cloud network edge integrated service, management equipment and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102891790A (en) * | 2012-09-21 | 2013-01-23 | 中国电信股份有限公司云计算分公司 | VPN (Virtual Private Network) virtualization method and system of visiting virtual private cloud |
| CN105406987A (en) * | 2015-10-22 | 2016-03-16 | 广州云晫信息科技有限公司 | Method for external network client to access private cloud desktop |
| CN105610675A (en) * | 2016-01-28 | 2016-05-25 | 浪潮(北京)电子信息产业有限公司 | Creating method and device of virtual VPN gateway |
| CN106792858A (en) * | 2016-12-30 | 2017-05-31 | 南京邮电大学 | A kind of super-intensive wireless network architecture and implementation method based on software definition |
| CN106998284A (en) * | 2016-01-25 | 2017-08-01 | 阿里巴巴集团控股有限公司 | The network system and method for private network are connected by virtual private networks |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10268492B2 (en) * | 2014-05-20 | 2019-04-23 | Amazon Technologies, Inc. | Low latency connections to workspaces in a cloud computing environment |
-
2017
- 2017-09-15 CN CN201710840882.6A patent/CN107580065B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102891790A (en) * | 2012-09-21 | 2013-01-23 | 中国电信股份有限公司云计算分公司 | VPN (Virtual Private Network) virtualization method and system of visiting virtual private cloud |
| CN105406987A (en) * | 2015-10-22 | 2016-03-16 | 广州云晫信息科技有限公司 | Method for external network client to access private cloud desktop |
| CN106998284A (en) * | 2016-01-25 | 2017-08-01 | 阿里巴巴集团控股有限公司 | The network system and method for private network are connected by virtual private networks |
| CN105610675A (en) * | 2016-01-28 | 2016-05-25 | 浪潮(北京)电子信息产业有限公司 | Creating method and device of virtual VPN gateway |
| CN106792858A (en) * | 2016-12-30 | 2017-05-31 | 南京邮电大学 | A kind of super-intensive wireless network architecture and implementation method based on software definition |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107580065A (en) | 2018-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107580065B (en) | A kind of private clound cut-in method and equipment | |
| CN107959654B (en) | Data transmission method and device and mixed cloud system | |
| CN106533883B (en) | A kind of method for building up, the apparatus and system of network special line | |
| CN102577256B (en) | For the method and apparatus of transparent cloud computing in virtual network infrastructure situation | |
| CN103580980B (en) | The method and device thereof that virtual network finds and automatically configures automatically | |
| CN103036784B (en) | Method and apparatus for two layers of enterprise network infrastructure of self-organizing | |
| CN103039038B (en) | Method and system for efficient use of a telecommunication network and the connection between the telecommunications network and a customer premises equipment | |
| US10454880B2 (en) | IP packet processing method and apparatus, and network system | |
| CN103685026A (en) | Virtual network access method and system | |
| CN107666419B (en) | Virtual broadband access method, controller and system | |
| CN105721306A (en) | Configuration information transmission method and device | |
| EP3282667A1 (en) | Method, device and system for authorizing service of user | |
| CN107770012A (en) | A kind of broad band access method, device and virtual broadband RAS system | |
| CN107241454B (en) | A kind of method, apparatus that realizing address administration, aaa server and SDN controller | |
| CN104113602B (en) | Object name based Internet of Things device access management system and method | |
| CN103166909B (en) | The cut-in method of a kind of Virtual Networking System, device and system | |
| CN104301129A (en) | Dynamic host configuration method and system in software defined network | |
| CN104184663A (en) | Communication method and device based on software-defined network and integrated identification network | |
| EP2747350A1 (en) | Method and system for access to cloud network services | |
| CN109743244A (en) | A kind of system and method for realizing that high speed interconnects based on SDN and NFV technology | |
| JP2016531464A (en) | Secure service management in communication networks | |
| CN107659930A (en) | A kind of AP connection control methods and device | |
| EP3086508B1 (en) | Fiber-to-the-distribution point device and communication method therefor | |
| CN107547403A (en) | Message forwarding method, assisted method, device, controller and main frame | |
| CN105871676B (en) | The method for connecting network and system of distal end virtual machine in a kind of desktop cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |