CN108429638A - A kind of server O&M method, apparatus, system and electronic equipment - Google Patents
A kind of server O&M method, apparatus, system and electronic equipment Download PDFInfo
- Publication number
- CN108429638A CN108429638A CN201810153577.4A CN201810153577A CN108429638A CN 108429638 A CN108429638 A CN 108429638A CN 201810153577 A CN201810153577 A CN 201810153577A CN 108429638 A CN108429638 A CN 108429638A
- Authority
- CN
- China
- Prior art keywords
- destination server
- server
- permission
- key
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
An embodiment of the present invention provides a kind of server O&M method, apparatus, system and electronic equipments.Method includes:The O&M instruction that O&M is carried out for destination server is obtained, operational order includes the identification information of destination server;The authentication information to match with identification information is obtained from key management unit, authentication information is that key management unit utilizes the key of the remote control permission for obtaining destination server to generate;Using authentication information, the permission that remote control is carried out to destination server is obtained;Using the permission, by the information exchange between destination server, O&M operation is carried out for destination server.The embodiment of the present invention, it can utilize key management unit that O&M machine and the Key-insulated of the remote control permission for obtaining each server come, O&M machine does not obtain the key of any server during O&M, the risk that the key is revealed during O&M is reduced, the safety of server entirety is effectively improved.
Description
Technical field
The present invention relates to system service technical fields, more particularly to a kind of server O&M method, apparatus, system and electricity
Sub- equipment.
Background technology
In order to maintain the normal operation of server, need periodically or non-periodically to carry out O&M to server.The prior art
In, it is stored with the key for obtaining the permission for carrying out remote control to each server in O&M machine, mesh is directed to getting
After marking the O&M instruction that server carries out O&M, power of the O&M machine from local acquisition for carrying out remote control to destination server
The key of limit completes the authentication of destination server using the key, and remote control is carried out to destination server to obtain
Permission realizes that the O&M for destination server operates by remote control.
However, inventor has found in the implementation of the present invention, at least there are the following problems for the prior art:
The key of each server for needing to carry out O&M is stored in O&M machine, passes through fortune in order to facilitate operation maintenance personnel
Dimension machine carries out O&M to server, and the content in O&M machine is required to be accessed by other equipment, therefore security level is relatively low, non-
The content in O&M machine can be relatively easily accessed in method user, and therefrom gets and carry out remote control to each server
Permission key, and then control each server using these secret key remotes, therefore server overall security is relatively low.
Invention content
The embodiment of the present invention is designed to provide a kind of server O&M method, to reduce server during O&M
Key Exposure risk.Specific technical solution is as follows:
Provided in an embodiment of the present invention in a first aspect, a kind of server O&M method is provided, applied to O&M machine, institute
The method of stating includes:
The operational order that O&M is carried out for destination server is obtained, the operational order includes the destination server
Identification information;
The authentication information to match with the identification information, the authentication information are obtained from key management unit
The key of the remote control permission for obtaining the destination server is utilized to generate for the key management unit;
Using the identity information, the permission that remote control is carried out to the destination server is obtained;
Using the permission, by the information exchange between the destination server, for the destination server into
Row O&M operates.
With reference to first aspect, in the first possible implementation, it is described utilize the permission, by with the target
Information exchange between server carries out O&M operation for the destination server, including:
By O&M script, it is mirrored in the virtualization O&M actuator on the O&M machine, includes in the O&M script
It is useful for carrying out the O&M instruction of O&M operation for the destination server;
Using the permission, by the virtualization O&M actuator, sends the O&M to the destination server and refer to
It enables, for carrying out O&M operation for the destination server.
The possible realization method of with reference to first aspect the first, it is described virtual in second of possible realization method
It is the virtualization O&M actuator generated based on container technique to change O&M actuator.
With reference to first aspect, described to be tested using identification information acquisition identity in the third possible realization method
Information is demonstrate,proved, including:
The authentication of the identity identification information comprising the identification information and the O&M machine is sent to key management unit
Information acquisition request;
Receive the identity identification information phase with the identification information and the O&M machine that the key management unit returns
The authentication information matched, the authentication information are that the key management unit is utilized for obtaining the destination server
What the key of remote control permission generated.
With reference to first aspect, described to utilize the authentication information, acquisition pair in the 4th kind of possible realization method
The destination server carries out the permission of remote control, including:
It obtains and remote control is carried out to the destination server by SSH protocol authentications using the authentication information
Permission.
In the second aspect of the embodiment of the present invention, a kind of server O&M device is provided, described device includes:
Command reception module, for obtaining the operational order for carrying out O&M for destination server, the operational order packet
Include the identification information of the destination server;
Verification information acquisition module, for obtaining the authentication to match with the identification information from key management unit
Information, the authentication information are that the key management unit utilizes the remote control permission for obtaining the destination server
Key life;
Authentication module, for utilizing the authentication information, acquisition remotely to control the destination server
The permission of system;
O&M module, for utilizing the permission, by the information exchange between the destination server, for described
Destination server carries out O&M operation.
In conjunction with second aspect, in the first possible implementation, the O&M module is specifically used for O&M script
It is mirrored in the virtualization O&M actuator on the O&M machine, includes for being taken for the target in the O&M script
Business device carries out the O&M instruction of O&M operation;And the permission is utilized, by the virtualization O&M actuator, to the target
Server sends the O&M instruction, for carrying out O&M operation for the destination server.
It is described virtual in second of possible realization method in conjunction with the first possible realization method of second aspect
It is the virtualization O&M actuator generated based on container technique to change O&M actuator.
In conjunction with second aspect, in the third possible realization method, the verification information acquisition module, be specifically used for
The authentication information acquisition that key management unit sends the identity identification information comprising the identification information and told O&M machine is asked
It asks;And receive that the key management unit returns to match with the identification information and O&M machine identity identification information
Authentication information, the authentication information are that the key management unit is utilized for obtaining the long-range of the destination server
What the key of control authority generated.
In conjunction with second aspect, in the 4th kind of possible realization method, the authentication module is specifically used for utilizing institute
Authentication information is stated, by SSH protocol authentications, obtains the permission for carrying out remote control to the destination server.
In the third aspect of the embodiment of the present invention, a kind of server operational system is provided, the system comprises:
Any of the above-described server O&M device;
Key management unit preserves the close of the remote control permission for obtaining destination server in the key management
Key;
Management platform, for by the server O&M device, O&M operation to be carried out for the destination server.
In the fourth aspect of the embodiment of the present invention, a kind of electronic equipment, including processor, communication interface, storage are provided
Device and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any of the above-described server O&M side
Method.
At the 5th aspect of the embodiment of the present invention, a kind of computer readable storage medium is provided, it is described computer-readable
Instruction is stored in storage medium, when run on a computer so that computer executes any of the above-described server
O&M method.
At the 6th aspect of the embodiment of the present invention, a kind of computer program product including instruction is provided, when it is being counted
When being run on calculation machine so that computer executes any of the above-described server O&M method.
Server O&M method, apparatus, system and electronic equipment provided in an embodiment of the present invention can utilize key management
Device comes O&M machine and the Key-insulated of the remote control permission for obtaining each server, O&M machine during O&M
The key for not obtaining any server reduces the risk that the key is revealed during O&M, is effectively improved server
Whole safety.Certainly, implement any of the products of the present invention or method it is not absolutely required at the same reach above-described institute
There is advantage.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described.
Fig. 1 is a kind of flow diagram of server O&M method provided in an embodiment of the present invention;
Fig. 2 is another flow diagram of server O&M method provided in an embodiment of the present invention;
Fig. 3 is another flow diagram of server O&M method provided in an embodiment of the present invention;
Fig. 4 is another flow diagram of server O&M method provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of server O&M device provided in an embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of server operational system provided in an embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram of server O&M electronic equipment provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention is described.
A kind of flow diagram of server O&M method provided in an embodiment of the present invention is shown referring to Fig. 1, Fig. 1, it can
To include the following steps:
S110 obtains the operational order that O&M is carried out for destination server, and operational order includes the mark of destination server
Know information.
Specifically, can be the operational order for carrying out O&M for destination server for obtaining management platform and sending.Wherein,
The identification information of destination server can be the label of destination server input by user, can also be that pipe is being currently used
The user information of the operation maintenance personnel of platform.It is understood that according to actual demand, different operation maintenance personnels can be arranged negative
It blames and O&M is carried out to different servers, in this case, each operation maintenance personnel corresponds to one that the operation maintenance personnel is responsible for
Or multiple servers, therefore the user information of operation maintenance personnel can be as the identification information of the one or more server, into one
Step, the user information of operation maintenance personnel may include that operation maintenance personnel logs in used account when management platform.
S120, obtains the authentication information to match with identification information from key management unit, and authentication information is
Key management unit utilizes the key of the remote control permission for obtaining destination server to generate.
Wherein, the key of the remote control permission for obtaining each server, Mei Gemi are stored in key management unit
Key is only used for obtaining the remote control permission of a server, and matches with the identification information of the server.It can manage
Solution, due to safety concerns, these keys be it is different, and key management unit only allow O&M machine therefrom obtains and
The authentication information that identification information matches, i.e. O&M machine can not be obtained from key management not to be matched that with identification information
Authentication information.
Specifically, can be that the identification information got is sent to preset key pipe by O&M machine in the present embodiment
Device is managed, key management unit retrieves the key to match with the identification information in local cipher key store, and close using retrieving
Key generates authentication information, and the authentication information of generation is sent to O&M machine.It is understood that in such case
Under, even if disabled user has got authentication information from O&M machine, since what O&M machine obtained is and identification information phase
Matched authentication information, therefore disabled user also can only further get identification information using these authentication informations
The remote control permission of represented destination server can not get the remote control permission of other servers, i.e., other take
Business device is still safe.
Illustratively, it is assumed that identification information is that operation maintenance personnel logs in used account when management platform, can be O&M
The account got is sent to preset key management unit by machine, key management unit access in local cipher key store with the account pair
The file answered, and obtain the key that is preserved in this document folder, as with the matched key of the account, and pressed from both sides using this document
Middle preserved key generates authentication information, and the authentication information of generation is sent to O&M machine.
S130 obtains the permission that remote control is carried out to destination server using authentication information.
In the present embodiment, can obtain the permission that all the elements in destination server are carried out with remote control, also may be used
To be to obtain the permission for carrying out remote control to partial content in destination server.Illustratively, it only obtains to destination server
Neutralize the permission that the relevant content of server O&M carries out remote control.
S140, by the information exchange between destination server, O&M is carried out for destination server using the permission
Operation.
Specifically, can be that the O&M instruction input by user for O&M operation is sent to destination server, target
Server executes the instruction of these O&Ms after receiving the instruction of these O&Ms, to realize the O&M for destination server.
It is understood that using key management unit by O&M machine with for obtaining the remote control permission of each server
Key-insulated come, O&M machine does not obtain the key of any server during O&M, though unauthorized users to access to fortune
The content of dimension machine can not also get the key of any server from O&M machine, further, even if disabled user passes through visit
The content for asking O&M machine has usurped the authentication information of key management unit generation, can only also get and be taken to target in short time
The permission for device progress remote control of being engaged in, and other servers are still safe.Therefore the present embodiment is selected, it can be effectively
Improve the safety of server entirety.
It is understood that key management unit from other equipment can obtain key and preserve with only allowing individual event, no
Allow the content in other equipment access key management device.And if O&M machine does not allow other equipment to access content therein,
Then operation maintenance personnel remotely can not control O&M machine by management platform, and prodigious fiber crops are brought to the maintenance work of server
It is tired.
In a kind of optional embodiment, as shown in Fig. 2, S140 can specifically include following steps:
O&M script is mirrored in the virtualization O&M actuator on O&M machine by S141.
Wherein, include to be instructed for carrying out the O&M of O&M operation for destination server in O&M script.It is exemplary
, it may include deleting the cache file generated in designated time period, the file in specified source folder be moved to specified
Destination folder in.In the present embodiment, O&M script can be related operation maintenance personnel in a computer of management platform
After the completion of editor, it is sent to O&M machine, can also be to be stored directly in local after the completion of being edited on O&M machine.Virtually
It can be in the present embodiment virtual machine to change O&M actuator.
In a kind of optional embodiment, virtualization O&M actuator can be the virtualization fortune generated based on container technique
Tie up actuator.In the present embodiment, docker O&M containers can be used.It is understood that the virtualization layer of virtual machine is structure
It is built on system hardware, needs to build a system before use, and the container floor of container is direct construction in system
On core, therefore the virtualization O&M actuator generated based on container technique is selected, can accelerate to virtualize opening for actuator
Dynamic speed, reduces the resource occupation of virtualization O&M actuator.
S142, by virtualizing O&M actuator, is taken using the permission for carrying out remote control to destination server to target
Business device sends O&M instruction, for for destination server progress O&M operation.
Specifically, in the present embodiment, can virtualize the O&M that O&M actuator is read in O&M script to instruct, will read
The O&M instruction got is sent to destination server, utilizes the permission that remote control is carried out to destination server so that target takes
Business device executes the O&M instruction received, and O&M operation is carried out for destination server to realize.
The embodiment is selected, O&M can be carried out to destination server by virtualizing O&M actuator so that O&M
Script works in an environment with O&M machine relative insulation, and the potential virus reduced in O&M machine makes maintenance work
At the probability of influence, the safety of maintenance work is improved.
In a kind of optional embodiment, as shown in figure 3, S120 can be specifically included:
S121 sends the authentication information of the identity identification information comprising identification information and O&M machine to key management unit
Obtain request.
Wherein, the identity identification information of O&M machine can be O&M machine and destination server, pass through preset protocol conventions
One for enabling destination server to identify that the character string of O&M identity can be illustratively the public affairs of O&M machine
Key.
S122 receives the identity identification information phase with the identification information and the O&M machine that key management unit returns
The authentication information matched, the authentication information are that key management unit utilizes the remote control for obtaining destination server
What the key of permission generated.
In the present embodiment, authentication information can specifically generate in accordance with the following methods:Key management unit is at this
The key that retrieval matches with identification information in the cipher key store on ground, as the remote control permission for obtaining destination server
Key, and using the identity identification information of key encryption O&M machine, to generate authentication information.
The embodiment is selected, includes the identity identification information of O&M machine in authentication information so that authentication is believed
It can be used in determining that the information of authorization object is more abundant in breath, reduce other equipment forged identity verification information to obtain pair
Destination server carries out the success rate of remote control, improves the safety of server.
In a kind of optional embodiment, as shown in figure 4, S130 can be specifically included:
S131 obtains the permission that remote control is carried out to destination server by SSH protocol authentications.
Specifically, the key of the remote control permission for obtaining destination server can be the private key of O&M machine, at this
In the case of kind, authentication information can be the number label generated using the public key of the private key encryption O&M machine of O&M machine
Name, is sent to server, the public key decryptions of the server O&M machine digital signature obtains a decrypted word by the digital signature
Symbol string, which is compared with the public key of O&M machine, if the two is consistent, certification passes through, and O&M machine obtains
The permission of remote control is carried out to destination server, if the two is inconsistent, certification does not pass through.
It is understood that the private key of above-mentioned O&M machine and the public key of O&M machine are a pair of of unsymmetrical key, by wherein appointing
The encrypted information of one key can be decrypted by another key, but be difficult to extrapolate in the case of a known key another
An outer key.The embodiment is selected, due to having used a pair of secret keys simultaneously in authentication process itself, other is reduced and pretends to be
Equipment of the O&M machine to obtain permission ensure that the safety of server by the probability of verification.
A kind of structural schematic diagram of server O&M device provided in an embodiment of the present invention is shown referring to Fig. 5, Fig. 5, it can
To include:
Command reception module 501, for obtaining the operational order for carrying out O&M for destination server;
Verification information acquisition module 502, for obtaining the authentication to match with identification information from key management unit
Information, authentication information are that key management unit utilizes the key of the remote control permission for obtaining destination server to generate
's;
Authentication module 503 obtains the power that remote control is carried out to destination server for utilizing authentication information
Limit;
O&M module 504, for utilizing permission, by the information exchange between destination server, for destination service
Device carries out O&M operation.
In a kind of optional embodiment, O&M module 504 can be specifically used for O&M script being mirrored on O&M machine
Virtualization O&M actuator in, include in O&M script for for destination server carry out O&M operation O&M refer to
It enables;And permission is utilized, by virtualizing O&M actuator, O&M instruction is sent to destination server, for being directed to destination service
Device carries out O&M operation.
Further, virtualization O&M actuator can be the virtualization O&M actuator generated based on container technique.
In a kind of optional embodiment, verification information acquisition module 502 can be specifically used for sending to key management unit
Including the authentication information of the identity identification information of told O&M machine obtains request;And receive the basis of key management unit return
The identity identification information of O&M machine and for obtain destination server remote control permission key generate authentication letter
Breath.
In a kind of optional embodiment, authentication module 503 can be specifically used for utilizing authentication information, lead to
SSH protocol authentications are crossed, the permission for carrying out remote control to destination server is obtained.
A kind of structural schematic diagram of server operational system provided in an embodiment of the present invention is shown referring to Fig. 6, Fig. 6, it can
To include:
Server O&M device 601 can have the technical characteristic of any of the above-described server O&M device;
Key management unit 602 preserves the key of the remote control permission for obtaining destination server in key management;
Management platform 603, for by server O&M device, O&M operation to be carried out for destination server.
The embodiment of the present invention additionally provides a kind of electronic equipment, as shown in figure 5, including processor 701, communication interface 702,
Memory 703 and communication bus 704, wherein processor 701, communication interface 702, memory 703 are complete by communication bus 704
At mutual communication,
Memory 703, for storing computer program;
Processor 701 when for executing the program stored on memory 703, realizes following steps:
The operational order that O&M is carried out for destination server is obtained, operational order includes the mark letter of destination server
Breath;
The authentication information to match with identification information is obtained from key management unit, authentication information is key pipe
Reason device utilizes the key of the remote control permission for obtaining destination server to generate;
Using identity information, the permission that remote control is carried out to destination server is obtained;
Using permission, by the information exchange between destination server, O&M operation is carried out for destination server.
In a kind of optional embodiment, using permission, by the information exchange between destination server, for target
Server carries out O&M operation, may include:
Obtain the operational order that O&M is carried out for destination server;
By O&M script, it is mirrored in the virtualization O&M actuator on O&M machine, includes for needle in O&M script
O&M O&M instruction is carried out to destination server;
Using permission, by virtualizing O&M actuator, O&M instruction is sent to destination server, for being taken for target
Business device carries out O&M operation.
Further, virtualization O&M actuator can be the virtualization O&M actuator generated based on container technique.
In a kind of optional embodiment, the authentication to match with identification information is obtained from key management unit and is believed
It ceases, may include:
The authentication information that the identity identification information comprising identification information and O&M machine is sent to key management unit obtains
Request;
Receive the authentication to match with the identity identification information of identification information and O&M machine that key management unit returns
Information, authentication information are that key management unit utilizes the key of the remote control permission for obtaining destination server to generate
's.
In a kind of optional embodiment, using authentication information, obtains and remote control is carried out to destination server
Permission may include:
The permission that remote control is carried out to destination server is obtained by SSH protocol authentications using authentication information.
The communication bus that above-mentioned electronic equipment is mentioned can be Peripheral Component Interconnect standard (Peripheral Component
Interconnect, PCI) bus or expanding the industrial standard structure (Extended Industry Standard
Architecture, EISA) bus etc..The communication bus can be divided into address bus, data/address bus, controlling bus etc..For just
It is only indicated with a thick line in expression, figure, it is not intended that an only bus or a type of bus.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory may include random access memory (Random Access Memory, RAM), can also include non-easy
The property lost memory (Non-Volatile Memory, NVM), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be at least one storage device for being located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
CPU), network processing unit (Network Processor, NP) etc.;It can also be digital signal processor (Digital Signal
Processing, DSP), it is application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
It is field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete
Door or transistor logic, discrete hardware components.
In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can
It reads to be stored with instruction in storage medium, when run on a computer so that computer executes any clothes in above-described embodiment
Business device O&M method.
In another embodiment provided by the invention, a kind of computer program product including instruction is additionally provided, when it
When running on computers so that computer executes any server O&M method in above-described embodiment.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or its arbitrary combination real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program
Product includes one or more computer instructions.When loading on computers and executing the computer program instructions, all or
It partly generates according to the flow or function described in the embodiment of the present invention.The computer can be all-purpose computer, special meter
Calculation machine, computer network or other programmable devices.The computer instruction can be stored in computer readable storage medium
In, or from a computer readable storage medium to the transmission of another computer readable storage medium, for example, the computer
Instruction can pass through wired (such as coaxial cable, optical fiber, number from a web-site, computer, server or data center
User's line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or
Data center is transmitted.The computer readable storage medium can be any usable medium that computer can access or
It is comprising data storage devices such as one or more usable mediums integrated server, data centers.The usable medium can be with
It is magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state disk
Solid State Disk (SSD)) etc..
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, identical similar portion between each embodiment
Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for device,
System, electronic equipment, computer readable storage medium, computer program product embodiment for, since it is substantially similar to
Embodiment of the method, so description is fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention
It is interior.
Claims (12)
1. a kind of server O&M method is applied to O&M machine, which is characterized in that the method includes:
The operational order that O&M is carried out for destination server is obtained, the operational order includes the mark of the destination server
Information;
The authentication information to match with the identification information is obtained from key management unit, the authentication information is institute
Stating key management unit utilizes the key of the remote control permission for obtaining the destination server to generate;
Using the authentication information, the permission that remote control is carried out to the destination server is obtained;
It is transported for the destination server by the information exchange between the destination server using the permission
Dimension operation.
2. according to the method described in claim 1, it is characterized in that, it is described utilize the permission, by with the destination service
Information exchange between device carries out O&M operation for the destination server, including:
O&M script is mirrored in the virtualization O&M actuator on the O&M machine, comprising useful in the O&M script
It is instructed in the O&M for carrying out O&M operation for the destination server;
Using the permission, by the virtualization O&M actuator, the O&M instruction is sent to the destination server, is used
In for destination server progress O&M operation.
3. according to the method described in claim 2, it is characterized in that, the virtualization O&M actuator is to be given birth to based on container technique
At virtualization O&M actuator.
4. according to the method described in claim 1, it is characterized in that, described obtain and the identification information phase from key management
Matched authentication information, including:
The authentication information of the identity identification information comprising the identification information and the O&M machine is sent to key management unit
Obtain request;
It receives and that the key management unit returns matches with the identification information and O&M machine identity identification information
Authentication information, the authentication information are that the key management unit is utilized for obtaining the long-range of the destination server
What the key of control authority generated.
5. according to the method described in claim 1, it is characterized in that, described utilize the authentication information, acquisition is to described
Destination server carries out the permission of remote control, including:
The power that remote control is carried out to the destination server is obtained by SSH protocol authentications using the authentication information
Limit.
6. a kind of server O&M device, which is characterized in that described device includes:
Command reception module, for obtaining the operational order for carrying out O&M for destination server, the operational order includes institute
State the identification information of destination server;
Verification information acquisition module, for obtaining authentication information using the identification information, the authentication information is
Key management unit utilizes the key of the remote control permission for obtaining the destination server to generate;
Authentication module obtains for utilizing the authentication information and carries out remote control to the destination server
Permission;
O&M module, for utilizing the permission, by the information exchange between the destination server, for the target
Server carries out O&M operation.
7. device according to claim 6, which is characterized in that the O&M module is specifically used for O&M script mirror image
Include for being directed to the destination server in virtualization O&M actuator on to the O&M machine, in the O&M script
Carry out the O&M instruction of O&M operation;And the permission is utilized, by the virtualization O&M actuator, to the destination service
Device sends the O&M instruction, for carrying out O&M operation for the destination server.
8. device according to claim 7, which is characterized in that the virtualization O&M actuator is to be given birth to based on container technique
At virtualization O&M actuator.
9. device according to claim 6, which is characterized in that the verification information acquisition module is specifically used for key
The authentication information that manager sends the identity identification information comprising the identification information and told O&M machine obtains request;And
Receive the identity to match with the identity identification information of the identification information and the O&M machine that the key management unit returns
Verification information, the authentication information are that the key management unit utilizes the remote control for obtaining the destination server
What the key of permission generated.
10. device according to claim 6, which is characterized in that the authentication module is specifically used for utilizing the body
Part verification information, passes through SSH protocol authentications, obtains the permission that remote control is carried out to the destination server.
11. a kind of server operational system, which is characterized in that the system comprises:
Server O&M device as described in any in claim 6-10;
Key management unit preserves the key of the remote control permission for obtaining destination server in the key management unit;
Management platform, for by the server O&M device, O&M operation to be carried out for the destination server.
12. a kind of electronic equipment, which is characterized in that including processor, communication interface, memory and communication bus, wherein processing
Device, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any method and steps of claim 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810153577.4A CN108429638B (en) | 2018-02-22 | 2018-02-22 | Server operation and maintenance method, device and system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810153577.4A CN108429638B (en) | 2018-02-22 | 2018-02-22 | Server operation and maintenance method, device and system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108429638A true CN108429638A (en) | 2018-08-21 |
| CN108429638B CN108429638B (en) | 2021-12-10 |
Family
ID=63157046
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810153577.4A Active CN108429638B (en) | 2018-02-22 | 2018-02-22 | Server operation and maintenance method, device and system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108429638B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768683A (en) * | 2018-03-15 | 2018-11-06 | 北京奇艺世纪科技有限公司 | A kind of automation O&M methods, devices and systems |
| CN109271436A (en) * | 2018-09-25 | 2019-01-25 | 郑州云海信息技术有限公司 | A kind of server host name amending method, device, equipment and readable storage medium storing program for executing |
| CN109491865A (en) * | 2018-10-31 | 2019-03-19 | 中国联合网络通信集团有限公司 | The treating method and apparatus of O&M task |
| CN112257041A (en) * | 2020-10-19 | 2021-01-22 | 当家移动绿色互联网技术集团有限公司 | Item control method and device and electronic equipment |
| CN113282950A (en) * | 2021-07-26 | 2021-08-20 | 阿里云计算有限公司 | Operation and maintenance method, device, equipment and system of encryption machine |
| CN114003424A (en) * | 2021-10-22 | 2022-02-01 | 苏州浪潮智能科技有限公司 | Server access method, device and medium |
| CN114301799A (en) * | 2021-11-23 | 2022-04-08 | 航天信息股份有限公司 | Remote operation and maintenance method and device based on ganymed-ssh2 |
| CN114625539A (en) * | 2022-03-22 | 2022-06-14 | 中国平安人寿保险股份有限公司 | Script tool execution method and device, electronic equipment cluster and storage medium |
| CN114760179A (en) * | 2022-03-28 | 2022-07-15 | 北京汇元网科技股份有限公司 | Interface, method, terminal and medium for batch execution of operation by server |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982215A (en) * | 2017-03-31 | 2017-07-25 | 北京奇艺世纪科技有限公司 | A kind of key management method and device |
| CN107239688A (en) * | 2017-06-30 | 2017-10-10 | 平安科技(深圳)有限公司 | The purview certification method and system in Docker mirror images warehouse |
| CN107480509A (en) * | 2017-09-22 | 2017-12-15 | 携程旅游网络技术(上海)有限公司 | O&M safety auditing system logs in vessel process, system, equipment and storage medium |
| CN107634951A (en) * | 2017-09-22 | 2018-01-26 | 携程旅游网络技术(上海)有限公司 | Docker vessel safeties management method, system, equipment and storage medium |
-
2018
- 2018-02-22 CN CN201810153577.4A patent/CN108429638B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982215A (en) * | 2017-03-31 | 2017-07-25 | 北京奇艺世纪科技有限公司 | A kind of key management method and device |
| CN107239688A (en) * | 2017-06-30 | 2017-10-10 | 平安科技(深圳)有限公司 | The purview certification method and system in Docker mirror images warehouse |
| CN107480509A (en) * | 2017-09-22 | 2017-12-15 | 携程旅游网络技术(上海)有限公司 | O&M safety auditing system logs in vessel process, system, equipment and storage medium |
| CN107634951A (en) * | 2017-09-22 | 2018-01-26 | 携程旅游网络技术(上海)有限公司 | Docker vessel safeties management method, system, equipment and storage medium |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768683A (en) * | 2018-03-15 | 2018-11-06 | 北京奇艺世纪科技有限公司 | A kind of automation O&M methods, devices and systems |
| CN109271436A (en) * | 2018-09-25 | 2019-01-25 | 郑州云海信息技术有限公司 | A kind of server host name amending method, device, equipment and readable storage medium storing program for executing |
| CN109491865A (en) * | 2018-10-31 | 2019-03-19 | 中国联合网络通信集团有限公司 | The treating method and apparatus of O&M task |
| CN109491865B (en) * | 2018-10-31 | 2022-04-15 | 中国联合网络通信集团有限公司 | Operation and maintenance task processing method and device |
| CN112257041A (en) * | 2020-10-19 | 2021-01-22 | 当家移动绿色互联网技术集团有限公司 | Item control method and device and electronic equipment |
| CN113282950A (en) * | 2021-07-26 | 2021-08-20 | 阿里云计算有限公司 | Operation and maintenance method, device, equipment and system of encryption machine |
| CN114003424A (en) * | 2021-10-22 | 2022-02-01 | 苏州浪潮智能科技有限公司 | Server access method, device and medium |
| CN114301799A (en) * | 2021-11-23 | 2022-04-08 | 航天信息股份有限公司 | Remote operation and maintenance method and device based on ganymed-ssh2 |
| CN114625539A (en) * | 2022-03-22 | 2022-06-14 | 中国平安人寿保险股份有限公司 | Script tool execution method and device, electronic equipment cluster and storage medium |
| CN114625539B (en) * | 2022-03-22 | 2024-04-05 | 中国平安人寿保险股份有限公司 | Script tool execution method and device, electronic equipment cluster and storage medium |
| CN114760179A (en) * | 2022-03-28 | 2022-07-15 | 北京汇元网科技股份有限公司 | Interface, method, terminal and medium for batch execution of operation by server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108429638B (en) | 2021-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108429638A (en) | A kind of server O&M method, apparatus, system and electronic equipment | |
| CN103701611B (en) | Method for accessing and uploading data in data storage system | |
| CN105378744B (en) | User and device authentication in business system | |
| EP2973158B1 (en) | Delegating authorization to applications on a client device in a networked environment | |
| Razouk et al. | A new security middleware architecture based on fog computing and cloud to support IoT constrained devices | |
| CN103649950B (en) | Multiple layer of security are provided for the file storage that is carried out by external storage provider | |
| US20140282840A1 (en) | Managing data handling policies | |
| CN107294721A (en) | The method and apparatus of identity registration, certification based on biological characteristic | |
| CN110049016A (en) | Data query method, apparatus, system, equipment and the storage medium of block chain | |
| CN105229987A (en) | The initiatively mobile authentication of associating | |
| US10789386B2 (en) | Dispatching identity information from secure hardware appliance | |
| CN108768963A (en) | The communication means and system of trusted application and safety element | |
| CN106302328A (en) | Sensitive user data processing system and method | |
| CN106462423A (en) | System and method for integrating web and native applications from web-based contexts | |
| US10990692B2 (en) | Managing data handling policies | |
| CN107135233A (en) | Safe transmission method and device, the server and storage medium of information | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| US11281759B2 (en) | Segmented key authentication system | |
| CN107786343A (en) | A kind of access method and system in privately owned mirror image warehouse | |
| KR20150026587A (en) | Apparatus, method and computer readable recording medium for providing notification of log-in from new equipments | |
| CN106295386A (en) | The guard method of data file, device and terminal unit | |
| CN104935548A (en) | Identity verification method, device and system based on intelligent tattooing equipment | |
| CN106549760A (en) | Auth method and device based on cookie | |
| KR101831381B1 (en) | Method of smart login using messenger service and device thereof | |
| Cha et al. | A blockchain-enabled IoT auditing management system complying with ISO/IEC 15408-2 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |