CN108021426A - A kind of desktop cloud system - Google Patents

A kind of desktop cloud system Download PDF

Info

Publication number
CN108021426A
CN108021426A CN201711485986.6A CN201711485986A CN108021426A CN 108021426 A CN108021426 A CN 108021426A CN 201711485986 A CN201711485986 A CN 201711485986A CN 108021426 A CN108021426 A CN 108021426A
Authority
CN
China
Prior art keywords
virtual
desktop
module
resource
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711485986.6A
Other languages
Chinese (zh)
Inventor
郑朝晖
张勇进
贾璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Haijia Network Science & Technology Co Ltd Shanghai
Original Assignee
Haijia Network Science & Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Haijia Network Science & Technology Co Ltd Shanghai filed Critical Haijia Network Science & Technology Co Ltd Shanghai
Priority to CN201711485986.6A priority Critical patent/CN108021426A/en
Publication of CN108021426A publication Critical patent/CN108021426A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

Present invention is disclosed a kind of desktop cloud system, including at least one virtual resource pool unit, cloud management platform unit and security authentication mechanism unit, the virtual resource pool unit is used to create virtual hardware resource and virtual server, and at least one virtual desktop is created on the virtual server according to the virtual hardware resource;Cloud management platform unit is used to managing the virtual desktop concentratedly and providing the interactive interface for accessing virtual desktop;Security authentication mechanism unit is used to provide the access virtual desktop that security strategy makes user security.The present invention provides virtual desktop by virtualization technology, and virtual desktop can be managed concentratedly, and safe.

Description

A kind of desktop cloud system
Technical field
The present invention relates to a kind of Internet technical field, more particularly, to a kind of desktop cloud system.
Background technology
In traditional PC (Personal Computer, personal computer) office mode, PC hardware damages, operating system event The workload that barrier, the problems such as software upgrading is cumbersome increase administrator also increases the maintenance cost of company at the same time.For needing frequency Numerous to replace, for the enterprise of renewal PC, since each PC cannot be managed concentratedly, administrator then needs to be each PC identical work Make.Such as company is trained, it is frequently necessary to configure the different operating system program different with operation to meet different training sessions The needs of journey, when there is hundreds of PC, administrator needs to carry out each PC the installation of system and the installation of program, and workload is non- Chang Fanchong.
In addition, network security is the most important thing of each enterprise, confidential data, such as the credit card of the client in banking system Information, User Detail in insurance system, source code in software enterprise etc. need to lay special stress on protecting, and prevent from revealing.How to protect Protect these confidential datas and be not leaked be urgent need to resolve a problem.
The content of the invention
A kind of the defects of it is an object of the invention to overcome the prior art, there is provided safe, centralized management desktop Cloud system.
To achieve the above object, the following technical solutions are proposed by the present invention:A kind of desktop cloud system, including
At least one virtual resource pool unit, for creating virtual hardware resource and virtual server, and according to the void Intend hardware resource and at least one virtual desktop is created on the virtual server;
Cloud management platform unit, for being managed and being provided concentratedly the interaction of access virtual desktop to the virtual desktop Interface;
Security authentication mechanism unit, the access virtual desktop for making user security for providing security strategy.
Preferably, the security authentication mechanism unit includes policy management module, and the policy management module is known including USB Other control module, the USB identifications control module are used to control enabling or disabling for USB peripheral, and control to enable or disable USB peripheral type.
Preferably, the policy management module further includes access time control module, for controlling user to access virtual table The period in face.
Preferably, the security authentication mechanism unit further includes virtual desktop control module, and the virtual desktop controls mould Block is used to enable virtual desktop or forces to disconnect virtual desktop or disabling virtual desktop.
Preferably, the security authentication mechanism unit further includes user name password authentication module and session control module, institute State user name password authentication module to be used to verify whether user name matches with login password, the session control module is used for real-time Monitor the link information of virtual desktop and disconnection virtual desktop is forced by the desktop control module when for illegal connection.
Preferably, the cloud management platform unit includes desktop cloud module, and the desktop cloud module is used for virtual desktop Link information be packaged and manage.
Preferably, the virtual resource pool unit includes virtual hardware creation module and cloud computing platform module, the void Intend hardware creation module to be used to create virtual hardware resource and virtual server, the cloud computing platform module is used to coordinate and manage The virtual hardware resource and virtual server simultaneously create at least one virtual desktop on the virtual server.
Preferably, the virtual hardware resource includes virtual processor, virtual memory, virtual storage medium, and virtually Network interface card.
Preferably, the cloud management platform unit further includes system setup module and scheduling of resource module, and the system is set Module is put to be used to carry out parameter setting to cloud management platform unit;Scheduling of resource module is used to call virtual hardware resource, it is wrapped Include the virtual processor calling module for calling the virtual processor, the virtual memory calling module for calling virtual memory, call The virtual storage medium calling module of virtual storage medium, and call the Microsoft Loopback Adapter calling module of Microsoft Loopback Adapter.
Preferably, the desktop cloud system further includes portal user unit, and the portal user unit includes administrator's door Family, ordinary user's door and auditor's door, administrator's door carry out resource management, examination & approval after being logged in by interactive interface Management, monitoring management, tenant's system pipe;Ordinary user's door carries out the use of resource after being logged in by interactive interface;Auditor Door can check the operation note of user after being logged in by interactive interface.
The beneficial effects of the invention are as follows:
Compared with prior art, disclosed desktop cloud system, (1) provide virtual table by virtualization technology Face, and virtual desktop is managed concentratedly, upgrade, is easy to maintain;(2) only transmitted between the two when user accesses virtual desktop Dynamic image instructs, and the transmission without any data, ensures that the security (3) of data by setting USB to set control mould Block and access time control module improve the security of desktop cloud system.
Brief description of the drawings
Fig. 1 is the structure diagram schematic diagram of the present invention.
Embodiment
Below in conjunction with the attached drawing of the present invention, clear, complete description is carried out to the technical solution of the embodiment of the present invention.
As shown in Figure 1, a kind of disclosed desktop cloud system, including at least one virtual resource pool unit, cloud Management platform unit, and security authentication mechanism unit.Wherein, virtual resource pool unit is used to create virtual hardware resource and void Intend server, and at least one virtual desktop is created on virtual server according to virtual hardware resource;Cloud management platform unit, For being managed and being provided concentratedly the interactive interface of access virtual desktop to the virtual desktop;Security authentication mechanism unit is used Safe access virtual desktop is allowed users in providing security strategy.
Specifically, virtual resource pool unit includes virtual hardware creation module and cloud computing platform module, virtual hardware wound Modeling block is used to create virtual hardware resource and virtual server, wherein, virtual hardware resource include virtual processor, it is virtual in Deposit, virtual storage medium, and Microsoft Loopback Adapter etc..Cloud computing platform is used to collect virtual hardware resource and virtual server Middle management, and on virtual server at least one virtual machine can be created using virtual resource.It can be installed by virtual machine Various operating systems such as install windows operating systems, then can provide windows desktops to provide different virtual desktops, Linux system is such as installed, then Linux desktops can be provided.The virtual machine of operating system was installed, various programs can be installed, Data can also be stored.
After important data are stored in virtual machine, when user accesses the virtual desktop that the virtual machine is provided, user Only it is the transmission of dynamic image instruction between the client and virtual machine that use, the transmission without any data, ensures that number According to security.
In the present embodiment, cloud computing platform module can use Openstack cloud computing platforms, and virtual hardware creation module can Using KVM virtual modules.
As shown in Figure 1, cloud management platform unit is used to manage virtual desktop concentratedly and provide access virtual desktop Interactive interface.Differential shading between each virtual desktop can externally be provided unified API and connect by cloud management platform unit Mouthful.Api interface is used for the management of virtual machine, it includes virtual machine storage correlation API, virtual machine correlation API, virtualization pool pipe Manage API etc..At the same time it can also be allocated using dispatching algorithm to the hardware resource in virtualization pool, resource profit is improved With rate.Cloud management platform unit can also when user asks virtual machine service designated virtual machine scheduling strategy, such as based on negative The scheduling strategy of load or the scheduling measurement based on energy consumption, meet different use demands.
Further, cloud management platform unit includes desktop cloud module, system setup module, and scheduling of resource module. Wherein, desktop cloud module is used to the link information of virtual desktop is packaged and managed, and ensures to be used to connect virtual desktop Security.System setup module is used to carry out parameter setting to cloud management platform unit;Scheduling of resource module is used to call virtual Hardware resource, it includes virtual processor calling module, virtual memory calling module, virtual storage medium calling module, and Microsoft Loopback Adapter calling module.
As shown in Figure 1, desktop cloud system further includes portal user unit, it includes administrator's door, ordinary user's door With auditor's door.Wherein, administrator's door possesses highest administration authority, after administrator's door is logged in by interactive interface, Resource management can be carried out, the startup of such as virtual machine, stop, and can also carry out examination & approval management, monitoring management, tenant's system management Deng.Ordinary user's door possesses relatively low authority, after ordinary user's door is logged in by interactive interface, can carry out making for resource With the startup of such as virtual machine, stop.After auditor's door is logged in by interactive interface, the operation note of user can be checked.
As shown in Figure 1, security authentication mechanism includes policy management module, when it includes USB identification control modules and accesses Between control module.After user accesses virtual desktop, it will usually be inserted into the mobile memory mediums such as USB flash disk.Control mould is identified by USB Block can control enabling or disabling for USB peripheral, at the same time it can also control the USB peripheral type enabled or disabled.Such as pass through USB Identification control module can forbid the use of USB peripheral or forbid the use of flash disk, and enable mobile hard disk etc..
Access time control module is used for the period for controlling user to access virtual desktop, i.e. user can be in which period Virtual desktop is accessed, which period cannot access virtual desktop in.
Pass through the security for setting USB to set control module and access time control module can improve desktop cloud system.
Further, security authentication mechanism unit further includes virtual desktop control module, its be used to enabling virtual desktop or Force to disconnect virtual desktop or disabling virtual desktop.Only administrator's door could be by carrying out virtual desktop control module control Virtual desktop.
Security authentication mechanism unit further includes user name password authentication module and session control module.User name password authentification Module is used to verify username and password.Forbid user when being mismatched there is no user name or user name with password Access virtual desktop.Session control module is used for the link information for implementing monitoring virtual desktop, and is sentenced according to the link information Whether disconnected user accesses virtual desktop legal, and passes through desktop control module when illegal and force to disconnect virtual desktop or disabling Virtual desktop, makes user not access.
The technology contents and technical characteristic of the present invention have revealed that as above, but those skilled in the art still may base Make a variety of replacements and modification without departing substantially from spirit of the present invention, therefore, the scope of the present invention in teachings of the present invention and announcement The revealed content of embodiment should be not limited to, and various replacements and modification without departing substantially from the present invention should be included, and is this patent Shen Please claim covered.

Claims (10)

  1. A kind of 1. desktop cloud system, it is characterised in that including
    At least one virtual resource pool unit, for creating virtual hardware resource and virtual server, and according to described virtual hard Part resource creates at least one virtual desktop on the virtual server;
    Cloud management platform unit, for being managed and being provided concentratedly interaction circle of access virtual desktop to the virtual desktop Face;
    Security authentication mechanism unit, the access virtual desktop for making user security for providing security strategy.
  2. 2. desktop cloud system according to claim 1, it is characterised in that the security authentication mechanism unit includes strategy and manages Module is managed, the policy management module includes USB identification control modules, and the USB identifications control module is used to control USB peripheral Enable or disable, and the USB peripheral type that enables or disables of control.
  3. 3. desktop cloud system according to claim 2, it is characterised in that the policy management module further includes access time Control module, for controlling user to access the period of virtual desktop.
  4. 4. desktop cloud system according to claim 1, it is characterised in that the security authentication mechanism unit further includes virtually Desktop control module, the virtual desktop control module are used to enable virtual desktop or force to disconnect virtual desktop or disabling virtually Desktop.
  5. 5. desktop cloud system according to claim 4, it is characterised in that the security authentication mechanism unit further includes user Name password authentication module and session control module, the user name password authentication module are used to verify that user name is with login password No matching, the session control module are used to monitor the link information of virtual desktop in real time and for passing through institute during illegal connection Desktop control module is stated to force to disconnect virtual desktop.
  6. 6. desktop cloud system according to claim 5, it is characterised in that the cloud management platform unit includes desktop cloud mould Block, the desktop cloud module are used to the link information of the virtual desktop is packaged and managed.
  7. 7. desktop cloud system according to claim 1, it is characterised in that the virtual resource pool unit includes virtual hardware Creation module and cloud computing platform module, the virtual hardware creation module are used to create virtual hardware resource and Virtual Service Device, the cloud computing platform module are used to coordinate and manage the virtual hardware resource and virtual server and in the Virtual Service At least one virtual desktop is created on device.
  8. 8. desktop cloud system according to claim 1, it is characterised in that the virtual hardware resource includes virtual processing Device, virtual memory, virtual storage medium, and Microsoft Loopback Adapter.
  9. 9. desktop cloud system according to claim 8, it is characterised in that the cloud management platform unit further includes system and sets Module and scheduling of resource module are put, the system setup module is used to carry out parameter setting to cloud management platform unit;Resource tune Degree module is used to call virtual hardware resource, it includes calling the virtual processor calling module of the virtual processor, calls The virtual memory calling module of virtual memory, the virtual storage medium calling module for calling virtual storage medium, and call empty Intend the Microsoft Loopback Adapter calling module of network interface card.
  10. 10. desktop cloud system according to claim 1, it is characterised in that the desktop cloud system further includes portal user Unit, the portal user unit include administrator's door, ordinary user's door and auditor's door, and administrator's door leads to Cross after interactive interface logs in and carry out resource management, examination & approval management, monitoring management, tenant's system pipe;Ordinary user's door passes through friendship Mutual interface carries out the use of resource after logging in;Auditor's door can check the operation note of user after being logged in by interactive interface.
CN201711485986.6A 2017-12-29 2017-12-29 A kind of desktop cloud system Pending CN108021426A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711485986.6A CN108021426A (en) 2017-12-29 2017-12-29 A kind of desktop cloud system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711485986.6A CN108021426A (en) 2017-12-29 2017-12-29 A kind of desktop cloud system

Publications (1)

Publication Number Publication Date
CN108021426A true CN108021426A (en) 2018-05-11

Family

ID=62071142

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711485986.6A Pending CN108021426A (en) 2017-12-29 2017-12-29 A kind of desktop cloud system

Country Status (1)

Country Link
CN (1) CN108021426A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109213555A (en) * 2018-08-16 2019-01-15 北京交通大学 A kind of resource dynamic dispatching method of Virtual desktop cloud
CN109388470A (en) * 2018-10-13 2019-02-26 成都云雾数据科技有限公司 It is a kind of that the desktop cloud computing system of physical host service is provided
CN109739594A (en) * 2018-12-14 2019-05-10 北京恒远志成信息服务有限公司 Cloud desktop system
CN111459607A (en) * 2020-03-03 2020-07-28 湖南麒麟信安科技有限公司 Virtual server cluster building method, system and medium based on cloud desktop virtualization

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104144172A (en) * 2013-05-06 2014-11-12 上海宏第网络科技有限公司 Cloud platform system and method based on desktop virtualization technology
CN104753887A (en) * 2013-12-31 2015-07-01 中国移动通信集团黑龙江有限公司 Safety control implementation method and system and cloud desktop system
CN105100157A (en) * 2014-05-15 2015-11-25 中兴通讯股份有限公司 USB equipment mapping and interaction methods, apparatuses, cloud terminal, and cloud server
CN106961361A (en) * 2016-01-08 2017-07-18 中兴通讯股份有限公司 From detection/processing method, apparatus and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104144172A (en) * 2013-05-06 2014-11-12 上海宏第网络科技有限公司 Cloud platform system and method based on desktop virtualization technology
CN104753887A (en) * 2013-12-31 2015-07-01 中国移动通信集团黑龙江有限公司 Safety control implementation method and system and cloud desktop system
CN105100157A (en) * 2014-05-15 2015-11-25 中兴通讯股份有限公司 USB equipment mapping and interaction methods, apparatuses, cloud terminal, and cloud server
CN106961361A (en) * 2016-01-08 2017-07-18 中兴通讯股份有限公司 From detection/processing method, apparatus and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109213555A (en) * 2018-08-16 2019-01-15 北京交通大学 A kind of resource dynamic dispatching method of Virtual desktop cloud
CN109213555B (en) * 2018-08-16 2020-04-10 北京交通大学 Resource dynamic scheduling method for virtual desktop cloud
CN109388470A (en) * 2018-10-13 2019-02-26 成都云雾数据科技有限公司 It is a kind of that the desktop cloud computing system of physical host service is provided
CN109739594A (en) * 2018-12-14 2019-05-10 北京恒远志成信息服务有限公司 Cloud desktop system
CN111459607A (en) * 2020-03-03 2020-07-28 湖南麒麟信安科技有限公司 Virtual server cluster building method, system and medium based on cloud desktop virtualization

Similar Documents

Publication Publication Date Title
CN105095768B (en) Virtualization-based trusted server trust chain construction method
CN108021426A (en) A kind of desktop cloud system
CN107634951A (en) Docker vessel safeties management method, system, equipment and storage medium
US8839234B1 (en) System and method for automated configuration of software installation package
CN107480509A (en) O&M safety auditing system logs in vessel process, system, equipment and storage medium
CN102281286A (en) Flexible end-point compliance and strong authentication for distributed hybrid enterprises
CN106446638A (en) Cloud computing operation system security access method and device
CN103763369B (en) A kind of multiple authority distributing method based on SAN storage system
CN104320389A (en) Fusion identify protection system and fusion identify protection method based on cloud computing
TW201627910A (en) Methods, apparatus, and systems for resource access permission management
CN107506624A (en) A kind of Windows system safe login methods based on short message verification code
CN106612280A (en) Virtualization management method and system of terminal equipment
CN105959309A (en) User permission management method and system
CN106502927B (en) Trusted end-user calculating and data inactivity security system and method
JP2015531517A (en) System control
WO2017004918A1 (en) Security control method and device, and computer storage medium
CN111294373B (en) Information management and control system based on mobile industry cloud desktop architecture
CN105610839A (en) Controlling method and device for accessing network by terminal
CN106453425A (en) Multiuser right management method and multiuser right management system for using host plugin
US11170080B2 (en) Enforcing primary and secondary authorization controls using change control record identifier and information
CN110659095A (en) Desktop virtualization system and method for desktop virtualization
CN105550566B (en) A kind of method of multiple users share soft ware authorization USB device
CN106537873A (en) Establishing secure computing devices for virtualization and administration
CN107294959A (en) The method of inside and outside Network Communication, apparatus and system
CN111723401A (en) Data access authority control method, device, system, storage medium and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180511

RJ01 Rejection of invention patent application after publication