CN110502315A - A kind of method, apparatus and system remotely accessing physical machine - Google Patents
A kind of method, apparatus and system remotely accessing physical machine Download PDFInfo
- Publication number
- CN110502315A CN110502315A CN201910788191.5A CN201910788191A CN110502315A CN 110502315 A CN110502315 A CN 110502315A CN 201910788191 A CN201910788191 A CN 201910788191A CN 110502315 A CN110502315 A CN 110502315A
- Authority
- CN
- China
- Prior art keywords
- physical machine
- cloud
- sent
- client
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
- G06F21/43—User authentication using separate channels for security data wireless channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of method, apparatus and system for remotely accessing physical machine, this method comprises: the log-on message of cloud console verifying client, controls client when being verified and log in;When client sends the remote connection request for physical machine, cloud background server is triggered to return it to the URL for being directed to remote connection request, token is generated according to log-on message, and URL and token are sent to client;When client is sent for the physical machine and carries the access request of token, cloud background server is triggered to authenticate token, and when the authentication is passed, using the Shell In A Box of installation, remotely connecting and being sent to client for the physical machine is generated by IPMI.The remote access to physical machine can be realized using the browser in client independent of public network IP, user for the implementation of this remote access physical machine, therefore can reduce expense investment.
Description
Technical field
The present invention relates to field of computer technology, in particular to a kind of method, apparatus and system for remotely accessing physical machine.
Background technique
Virtualization technology is by virtual machine management program (Hypervisor) a physical machine virtually for multiple independences
The technology of host, each unique host are referred to as virtual machine (Virtual Machine, VM), and cloud service provider passes through virtual
Change technology provides the user with virtual machine service.
Currently, user can be remotely accessed by public network IP based on SSH (Secure Shell, safety shell protocol)
Physical machine, to realize the management to physical machine.
But public network IP is registered and applies just can get, therefore the expense of existing implementation investment is higher.
Summary of the invention
The present invention provides a kind of method, apparatus and system for remotely accessing physical machine, can reduce expense investment.
In order to achieve the above object, the present invention is achieved through the following technical solutions:
In a first aspect, being applied to cloud console the present invention provides a kind of method for remotely accessing physical machine, comprising:
Receive the log-on message that external client is sent;
The log-on message is verified, and when being verified, controls the client and log in the cloud console;
Receive that the client sends for the first physical machine remote connection request when, after triggering external cloud
Platform server;
Receive URL (the Uniform Resource for the remote connection request that the cloud background server returns
Locator, uniform resource locator);
Token (token) is generated according to the log-on message;
The URL and the token are sent to the client;
Receiving what the client was sent, for the first physical machine and when carrying the access request of the token,
Trigger the cloud background server;
When receiving that the cloud background server sends to the token notice that the authentication is passed, installation is utilized
Shell In A Box passes through IPMI (Intelligent Platform Management Interface, intelligent platform pipe
Manage interface), generate remotely connecting and be sent to the client for first physical machine.
It further, include user information corresponding to the log-on message and user right in the token.
Further, the cloud console is the cloud console based on OpenStack, and uses the OpenStack's
Ironic and nova manages each physical machine;
It is described by IPMI, generate remotely connecting and be sent to the client for first physical machine, comprising: according to
The console function of the ipmitool of IPMI obtains the long-range connection of first physical machine, and passes through the long-range connection
It is forwarded in the network service of the Shell In A Box starting, to be sent to the client.
Second aspect, the present invention provides a kind of methods for remotely accessing physical machine, are applied to client, comprising:
Externally input log-on message is sent to external cloud console;
When the log-on message is verified, the cloud console is logged in;
Pass through the long-range connection button of each external physical machine of browser-presented;
When monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console is sent for described
The remote connection request of first physical machine;
Token token that the cloud console is sent, generating according to the log-on message is recorded by browser, and
Uniform resource position mark URL that the cloud console is sent, for the remote connection request is opened in new window;
When monitoring URL described in outside access, will be asked for the access of first physical machine and the carrying token
It asks and is sent to the cloud console;
The long-range connection of first physical machine sent based on the cloud console, described accesses described by browser
One physical machine.
The third aspect, the present invention provides a kind of cloud consoles, comprising:
User logs in control unit, the log-on message sent for receiving external client;The log-on message is carried out
Verifying, and when being verified, it controls the client and logs in the cloud console;
Remote connection request processing unit, for receiving that the client sends for the long-range of the first physical machine
When connection request, external cloud background server is triggered;Receive the cloud background server return is directed to the long-range connection
The uniform resource position mark URL of request;Token token is generated according to the log-on message;The URL and token is sent out
Give the client;
Access request processing unit for the first physical machine and is carried for receiving what the client was sent
When the access request of the token, the cloud background server is triggered;Receiving that the cloud background server sends to institute
It is raw by Intelligent Platform Management Interface IPMI using the Shell In A Box of installation when stating the token notice that the authentication is passed
Remotely connecting and be sent to the client at first physical machine.
Further, the cloud console is the cloud console based on OpenStack, and uses the OpenStack's
Ironic and nova manages each physical machine;
The access request processing unit obtains described first for the console function according to the ipmitool of IPMI
The long-range connection of physical machine, and a network by the way that the long-range connection is forwarded to the Shell In A Box starting takes
In business, to be sent to the client.
Fourth aspect, the present invention provides a kind of clients, comprising:
User logs in unit, for externally input log-on message to be sent to external cloud console;In the login
When Information Authentication passes through, the cloud console is logged in;
Remote connection request unit, for passing through the long-range connection button of each external physical machine of browser-presented;In
When monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console, which is sent, is directed to first physical machine
Remote connection request;Token that the cloud console is sent, generating according to the log-on message is recorded by browser
Token, and uniform resource locator that the cloud console is sent, for the remote connection request is opened in new window
URL;
Access request unit, for first physical machine and carrying will to be directed to when monitoring URL described in outside access
The access request of the token is sent to the cloud console;First physical machine sent based on the cloud console, described
Long-range connection, accesses first physical machine by browser.
5th aspect, the present invention provides a kind of systems for remotely accessing physical machine, comprising: any of the above-described cloud control
Platform processed and at least one above-mentioned client.
Further, the system of the remote access physical machine further include: cloud background server;
Wherein, the cloud background server, for monitoring external touching of the cloud console based on a remote connection request
When hair operation, generates according to the first targeted physical machine of the remote connection request using zuul and be directed to the long-range connection
The uniform resource position mark URL of request;The URL is returned into the cloud console;Monitoring that the cloud console is based on
It is right according to targeted first physical machine of the access request using the zuul when trigger action of one access request
Token token entrained by the access request carries out authentication process;If the authentication is passed, Xiang Suoshu cloud console is sent to described
The token notice that the authentication is passed.
Further, the system of the remote access physical machine further include: at least one physical machine;
The cloud console is the cloud console based on OpenStack;
The cloud console, for managing each described physics using the Ironic of the OpenStack and nova
Machine.
The present invention provides a kind of method, apparatus and system for remotely accessing physical machine, this method comprises: cloud console is tested
The log-on message for demonstrate,proving client controls client when being verified and logs in;Client sends the long-range connection for physical machine
When request, cloud background server is triggered to return it to the URL for being directed to remote connection request, token is generated according to log-on message,
And URL and token are sent to client;When client is sent for the physical machine and carries the access request of token, touching
It sends out cloud background server to authenticate token, and when the authentication is passed, it is raw by IPMI using the Shell In A Box of installation
Remotely connecting and be sent to client at the physical machine.The implementation of this remote access physical machine is independent of public network
The remote access to physical machine can be realized using the browser in client by IP, user, therefore can reduce expense investment.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is a kind of flow chart of the method for remote access physical machine that one embodiment of the invention provides;
Fig. 2 is the flow chart of the method for another remote access physical machine that one embodiment of the invention provides;
Fig. 3 is the flow chart of the method for another remote access physical machine that one embodiment of the invention provides;
Fig. 4 is a kind of schematic diagram for cloud console that one embodiment of the invention provides;
Fig. 5 is a kind of schematic diagram for client that one embodiment of the invention provides;
Fig. 6 is a kind of schematic diagram of the system for remote access physical machine that one embodiment of the invention provides;
Fig. 7 is the schematic diagram of the system for another remote access physical machine that one embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, it is applied to cloud console the embodiment of the invention provides a kind of method for remotely accessing physical machine,
It may comprise steps of:
Step 101: receiving the log-on message that external client is sent.
Step 102: the log-on message being verified, and when being verified, controlled described in the client login
Cloud console.
Step 103: receive that the client sends for the first physical machine remote connection request when, triggering is outer
The cloud background server in portion.
Step 104: receiving the URL for the remote connection request that the cloud background server returns.
Step 105: token is generated according to the log-on message.
Step 106: the URL and the token are sent to the client.
Step 107: receiving what the client was sent, for the first physical machine and carrying the visit of the token
When asking request, the cloud background server is triggered.
Step 108: when receiving that the cloud background server sends to the token notice that the authentication is passed, benefit
Remotely connecting and be sent to the client for first physical machine is generated by IPMI with the Shell In A Box of installation
End.
The embodiment of the invention provides a kind of methods for remotely accessing physical machine, this method comprises: cloud console verifying visitor
The log-on message at family end controls client when being verified and logs in;Client sends the remote connection request for physical machine
When, cloud background server is triggered to return it to the URL for being directed to remote connection request, token is generated according to log-on message, and will
URL and token are sent to client;When client is sent for the physical machine and carries the access request of token, cloud is triggered
Background server authenticates token, and when the authentication is passed, and using the Shell In A Box of installation, being generated by IPMI should
Physical machine remotely connects and is sent to client.The implementation of this remote access physical machine is used independent of public network IP
The remote access to physical machine can be realized using the browser in client for family, therefore can reduce expense investment.
In detail, the realization of this physical machine remote access, depends on client, cloud console, cloud background service
Information exchange between these three executing subjects of device.
In detail, user is remote access physical machine, can log on cloud console based on the log-on message of itself first
Operating system.User can usually open login page on the browser of client, and input log-on message.In this way, cloud
Console can verify its log-on message, and verification is by then allowing to log in.
After client logins successfully, user is it can be seen that the long-range connection of each physical machine shown on browser page is pressed
Button.Which physical machine user needs to access, and can click corresponding long-range connection button.Accordingly, client can will be accordingly remote
Journey connection request is sent to cloud console, to return it to corresponding URL.In this way, the remote connection request can usually carry
The physical machine of requested physical machine identifies.
After cloud console receives remote connection request, that is, it can trigger cloud background server and return to corresponding URL.Specifically, may be used
Physical machine therein mark is sent to cloud background server, to return it to the URL of respective physical machine.Cloud console again will
The URL received returns to client, so that user accesses physical machine based on the URL.
Certainly, physical machine is not whose Internet access, therefore for equally can be with after avoiding other users from intercepting or obtain the URL
Respective physical machine is accessed, therefore while returning to URL to client, the access credentials that user accesses physical machine can also be returned.
This voucher can be for token.Accordingly, filter can be added in cloud console, it is desirable that user accesses URL
When, the token for providing cloud user is used to do Authority Verification, to protect long-range connection safety.
Generation for token since cloud console verifies the log-on message of each user, therefore can be obtained according to log-on message
The internal respective user information prestored and user right are taken, and token is generated based on this.After token is sent to client, lead to
It is often directly recorded in the browser of client, and and is not applied to user.In this way, when client sends access request,
The token recorded in browser can be carried.
In addition, cloud console can generate token for it, therefore user steps on next time when user logs in and requests access to physical machine
When record, token can be regenerated, and when user logs off, the token recorded in client browser would generally fail.Such as
This, even if other people have known URL, but due to not holding token, therefore can not equally access physical machine.
Based on this, in the embodiment of the present invention, user can log in physical machine browser in a manner of remotely connecting
Operating system, and include Authority Verification during creation long-range connection, safety is realized while guaranteeing convenient.
Based on above content, when user opens URL and requests access to respective physical machine, client can issue access request,
The access request can carry the token recorded in respective physical machine mark and browser, so as to used in subsequent authentication.
After cloud console receives access request, that is, it can trigger cloud background server and make authentication process.It specifically, can be object
Reason machine mark and token are sent to cloud background server, so that it examines whether relative users have access authority to the physical machine,
If having permission can the authentication is passed, otherwise do not pass through.
After the authentication is passed, cloud console using preparatory mounted Shell In A Box, passes through IPMI, Lai Shengcheng
The long-range connection of respective physical machine, and return to client.In this way, user can be based on the long-range connection, to remotely access object
Reason machine.
In detail, Shell In A Box is the terminal emulator of a Ajax based on Web freely to increase income.It makes
With AJAX technology, the appearance and impression of similar primary Shell are provided by Web browser.In detail, AJAX
(Asynchronous Javascript And XML, asynchronous JavaScript and XML), refers to a kind of creation interaction network page
The web development technologies of application.
In detail, the basis of IPMI is to run on BMC (Baseboard Management Controller, substrate pipe
Manage controller) professional firmware.This management subsystem independently of CPU, BIOS (Basic Input Output System, substantially
Input-output system) and operating system.These " autonomy " characteristics eliminate all limitations encountered according to operating system, such as grasp
The case where being not responding to as system or not loading.
It in one embodiment of the invention, in the token include that the log-on message institute is right based on above content
The user information and user right answered.
It in one embodiment of the invention, is the calculation amount for reducing cloud console, cloud console also can trigger cloud backstage
Server generates token.In this way, user information corresponding to each user login information and user right can be in Yun Houtai
It is stored in advance in server.
In one embodiment of the invention, the cloud console is the cloud console based on OpenStack, and uses institute
The Ironic and nova of OpenStack is stated to manage each physical machine;
It is described by IPMI, generate remotely connecting and be sent to the client for first physical machine, comprising: according to
The console function of the ipmitool of IPMI obtains the long-range connection of first physical machine, and passes through the long-range connection
It is forwarded in the network service of the Shell In A Box starting, to be sent to the client.
In detail, OpenStack is the cloud computing management platform project of an open source, and Ironic is managed in OpenStack
The plug-in unit of physical machine is managed, the driving that Ironic can be used in OpenStack manages physical machine as management virtual machine.
In detail, Shell In A Box, Shell In A Box can be installed in the cloud Intranet of cloud controller to pass through
The console function of ipmi generates the long-range connection of physical machine.Ipmitool is a kind of order that can be used under Linux system
The ipmi platform management tool of line mode, the function of physical machine can be remotely connected by it in fact.In detail, Shell In A
Box can obtain the long-range connection of physical machine by impitool, and long-range connection is forwarded to Shell In A Box starting
A network service on.
Therefore, the embodiment of the invention provides the linux physical machine managed for ironic, the long-range connection that can be authenticated is provided
Implementation.
With the above-mentioned implementation applied to cloud console correspondingly, as shown in Fig. 2, one embodiment of the invention provide
A kind of method remotely accessing physical machine, is applied to client, may comprise steps of:
Step 201: externally input log-on message is sent to external cloud console.
Step 202: when the log-on message is verified, logging in the cloud console.
Step 203: passing through the long-range connection button of each external physical machine of browser-presented.
Step 204: when monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console is sent
For the remote connection request of first physical machine.
Step 205: by browser record it is that the cloud console is sent, generated according to the log-on message
Token, and URL that the cloud console is sent, for the remote connection request is opened in new window.
Step 206: when monitoring URL described in outside access, for first physical machine and the token will be carried
Access request be sent to the cloud console.
Step 207: the long-range connection of first physical machine sent based on the cloud console, described is visited by browser
Ask first physical machine.
In the embodiment of the present invention, it is based on client, user logs in cloud console firstly the need of the log-on message using itself
Operating system;Then, the long-range connection button based on each physical machine shown on the cloud consing page, user can be by
Any physical machine need to be requested access to;When user requests access to a physical machine, needed first into its operation interface, therefore cloud console meeting
First return to the URL of the physical machine;When user needs to access physical machine to manage based on URL, cloud console can authenticate it,
After only the authentication is passed, cloud console just can further return to the long-range connection of the physical machine, in this way, user is based on long-range connection
To manipulate physical machine.
Based on above content, as shown in figure 3, one embodiment of the invention provides a kind of side for remotely accessing physical machine
Method may comprise steps of:
Step 301: externally input log-on message is sent to cloud console by client.
Step 302: cloud console verifies log-on message, and when being verified, and control client logs in cloud control
Platform processed.
Step 303: after client logs in cloud console, being pressed by long-range connect of browser-presented each physical machine
Button, and when monitoring the long-range connection button of the first physical machine of external trigger, remote connection request is sent to cloud console, it should
Remote connection request carries the physical machine mark of the first physical machine.
Step 304: cloud console receives remote connection request, and physical machine therein mark is sent to cloud background service
Device.
Step 305: cloud background server utilizes zuul, is identified according to the physical machine received, generates the first physical machine
URL simultaneously returns to cloud console.
Step 306: cloud console receives URL, and generates token according to log-on message, and URL and token are sent to visitor
Family end.
It may include user information corresponding to log-on message and user right in the token, be based on this in order to subsequent
Token is authenticated.
Step 307: client records the token that cloud console is sent by browser, and opens cloud control in new window
The URL that platform is sent.
Step 308: client sends access request, the access request when monitoring outside access URL, to cloud console
Carry the token of record and the physical machine mark of the first physical machine.
Step 309: when cloud console receives access request, after token therein and physical machine mark are sent to cloud
Platform server.
Step 310: cloud background server utilizes zuul, is identified according to the physical machine that receives, to the token received into
Row authentication process, if the authentication is passed, the authentication is passed for notice cloud console.
Step 311: when cloud console receives notice, using the Shell In A Box of installation, by IPMI, generating the
One physical machine remotely connects and is sent to client.
Step 312: the long-range connection that client is sent based on cloud console accesses the first physical machine by browser.
As shown in figure 4, one embodiment of the invention provides a kind of cloud console, may include:
User logs in control unit 401, the log-on message sent for receiving external client;To the log-on message into
Row verifying, and when being verified, it controls the client and logs in the cloud console;
Remote connection request processing unit 402, for receiving that the client sends for the first physical machine
When remote connection request, external cloud background server is triggered;It is described long-range to receive being directed to for the cloud background server return
The URL of connection request;Token is generated according to the log-on message;The URL and the token are sent to the client;
Access request processing unit 403, for receiving what the client was sent, for the first physical machine and carrying
When having the access request of the token, the cloud background server is triggered;In pair for receiving the cloud background server and sending
When the token notice that the authentication is passed, using the Shell In A Box of installation, by Intelligent Platform Management Interface IPMI,
Generate remotely connecting and be sent to the client for first physical machine.
In an embodiment of the invention, the cloud console is the cloud console based on OpenStack, and described in use
The Ironic and nova of OpenStack manages each physical machine;
The access request processing unit 403, for the console function according to the ipmitool of IPMI, described in acquisition
The long-range connection of first physical machine, and a net by the way that the long-range connection to be forwarded to the Shell In A Box starting
In network service, to be sent to the client.
As shown in figure 5, one embodiment of the invention provides a kind of client, comprising:
User logs in unit 501, for externally input log-on message to be sent to external cloud console;It is stepped on described
When record Information Authentication passes through, the cloud console is logged in;
Remote connection request unit 502, for passing through the long-range connection button of each external physical machine of browser-presented;
When monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console, which is sent, is directed to first physics
The remote connection request of machine;By browser record it is that the cloud console is sent, generated according to the log-on message
Token, and URL that the cloud console is sent, for the remote connection request is opened in new window;
Access request unit 503, for when monitoring URL described in outside access, will for first physical machine and
The access request for carrying the token is sent to the cloud console;First physics sent based on the cloud console, described
The long-range connection of machine accesses first physical machine by browser.
As shown in fig. 6, one embodiment of the invention provide it is a kind of remotely access physical machine system, may include: on
State any cloud console 601 and at least one above-mentioned client 602.
In an embodiment of the invention, referring to FIG. 7, the system of the remote access physical machine further include: cloud backstage takes
Business device 701;
Wherein, the cloud background server 701, for monitoring that external cloud console 601 is based on a long-range connection and asks
When the trigger action asked, using zuul, according to the first targeted physical machine of the remote connection request, generate for described remote
The URL of journey connection request;The URL is returned into the cloud console 601;Monitoring the cloud console 601 based on one
When the trigger action of access request, using the zuul, according to targeted first physical machine of the access request, to institute
It states token entrained by access request and carries out authentication process;If the authentication is passed, Xiang Suoshu cloud console 601 is sent to described
The token notice that the authentication is passed.
In detail, zuul is the micro services gateway of Netflix open source, can be carried out to the request for being sent to server-side
Pretreatment, such as safety verification, dynamic routing, load distribution etc..In the embodiment of the present invention, zuul can be used will be inside Intranet
Shell In A Box network service, agency to public network URL user provided above access.
In an embodiment of the invention, referring to FIG. 7, the system of the remote access physical machine further include: at least one
Physical machine 702;
The cloud console 601 is the cloud console based on OpenStack;
The cloud console 601, for managing each described object using the Ironic of the OpenStack and nova
Reason machine 702.
The contents such as the information exchange between each unit, implementation procedure in above-mentioned apparatus, system, due to the method for the present invention
Embodiment is based on same design, and for details, please refer to the description in the embodiment of the method for the present invention, and details are not described herein again.
In conclusion the embodiment of the present invention have it is at least following the utility model has the advantages that
1, in the embodiment of the present invention, cloud console verifies the log-on message of client, and client is controlled when being verified
It logs in;When client sends the remote connection request for physical machine, triggers cloud background server and be directed to remotely with returning it to
The URL of connection request generates token according to log-on message, and URL and token is sent to client;Client, which is sent, to be directed to
The physical machine and when carrying the access request of token, triggering cloud background server authenticates token, and when the authentication is passed,
Using the Shell In A Box of installation, remotely connecting and being sent to client for the physical machine is generated by IPMI.This is remote
Journey accesses the implementation of physical machine independent of public network IP, and user can be realized using the browser in client to physical machine
Remote access, therefore can reduce expense investment.
2, in the embodiment of the present invention, user can log in the operation system of physical machine browser in a manner of remotely connecting
System, and include Authority Verification during creation long-range connection, safety is realized while guaranteeing convenient.
It should be noted that, in this document, such as first and second etc relational terms are used merely to an entity
Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation
Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-
It is exclusive to include, so that the process, method, article or equipment for including a series of elements not only includes those elements,
It but also including other elements that are not explicitly listed, or further include solid by this process, method, article or equipment
Some elements.In the absence of more restrictions, the element limited by sentence " including one ", is not arranged
Except there is also other identical factors in the process, method, article or apparatus that includes the element.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can store in computer-readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light
In the various media that can store program code such as disk.
Finally, it should be noted that the foregoing is merely presently preferred embodiments of the present invention, it is merely to illustrate skill of the invention
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention,
Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.
Claims (10)
1. a kind of method for remotely accessing physical machine, which is characterized in that be applied to cloud console, comprising:
Receive the log-on message that external client is sent;
The log-on message is verified, and when being verified, controls the client and log in the cloud console;
Receive that the client sends for the first physical machine remote connection request when, trigger external cloud backstage and take
Business device;
Receive the uniform resource position mark URL for the remote connection request that the cloud background server returns;
Token token is generated according to the log-on message;
The URL and the token are sent to the client;
Receiving what the client was sent, for the first physical machine and when carrying the access request of the token, triggering
The cloud background server;
When receiving that the cloud background server sends to the token notice that the authentication is passed, the Shell of installation is utilized
In A Box generates remotely connecting and be sent to the visitor for first physical machine by Intelligent Platform Management Interface IPMI
Family end.
2. the method according to claim 1, wherein
It include user information corresponding to the log-on message and user right in the token.
3. method according to claim 1 or 2, which is characterized in that
The cloud console is the cloud console based on OpenStack, and is come using the Ironic and nova of the OpenStack
Manage each physical machine;
It is described by IPMI, generate remotely connecting and be sent to the client for first physical machine, comprising: according to IPMI
Ipmitool console function, obtain the long-range connection of first physical machine, and by will the long-range connection forwarding
In the network service started to the Shell In A Box, to be sent to the client.
4. a kind of method for remotely accessing physical machine, which is characterized in that be applied to client, comprising:
Externally input log-on message is sent to external cloud console;
When the log-on message is verified, the cloud console is logged in;
Pass through the long-range connection button of each external physical machine of browser-presented;
When monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console, which is sent, is directed to described first
The remote connection request of physical machine;
Token token that the cloud console is sent, generating according to the log-on message is recorded by browser, and new
Window opens uniform resource position mark URL that the cloud console is sent, for the remote connection request;
When monitoring URL described in outside access, will be sent out for the access request of first physical machine and the carrying token
Give the cloud console;
The long-range connection of first physical machine sent based on the cloud console, described accesses first object by browser
Reason machine.
5. a kind of cloud console characterized by comprising
User logs in control unit, the log-on message sent for receiving external client;The log-on message is verified,
And when being verified, controls the client and log in the cloud console;
Remote connection request processing unit, in the long-range connection for the first physical machine for receiving the client and sending
When request, external cloud background server is triggered;Receive the cloud background server return is directed to the remote connection request
Uniform resource position mark URL;Token token is generated according to the log-on message;The URL and the token are sent to
The client;
Access request processing unit for the first physical machine and carries described for receiving what the client was sent
When the access request of token, the cloud background server is triggered;Receiving that the cloud background server sends to described
When the token notice that the authentication is passed, institute is generated by Intelligent Platform Management Interface IPMI using the ShellIn A Box of installation
State remotely connecting and be sent to the client for the first physical machine.
6. cloud console according to claim 5, which is characterized in that
The cloud console is the cloud console based on OpenStack, and is come using the Ironic and nova of the OpenStack
Manage each physical machine;
The access request processing unit obtains first physics for the console function according to the ipmitool of IPMI
The long-range connection of machine, and a network service by the way that the long-range connection to be forwarded to the Shell In A Box starting
On, to be sent to the client.
7. a kind of client characterized by comprising
User logs in unit, for externally input log-on message to be sent to external cloud console;In the log-on message
When being verified, the cloud console is logged in;
Remote connection request unit, for passing through the long-range connection button of each external physical machine of browser-presented;It is monitoring
To the first physical machine of external trigger long-range connection button when, Xiang Suoshu cloud console sends remote for first physical machine
Journey connection request;Token that the cloud console is sent, generating according to the log-on message is recorded by browser
Token, and uniform resource locator that the cloud console is sent, for the remote connection request is opened in new window
URL;
Access request unit, for that will be directed to described in first physical machine and carrying when monitoring URL described in outside access
The access request of token is sent to the cloud console;First physical machine sent based on the cloud console, described it is long-range
Connection, accesses first physical machine by browser.
8. a kind of system for remotely accessing physical machine characterized by comprising
Such as cloud console described in claim 5 or 6 and at least one client as claimed in claim 7.
9. the system of remote access physical machine according to claim 8, which is characterized in that
Further include: cloud background server;
Wherein, the cloud background server, for monitoring triggering behaviour of the external cloud console based on a remote connection request
When making, generates according to the first targeted physical machine of the remote connection request using zuul and be directed to the remote connection request
Uniform resource position mark URL;The URL is returned into the cloud console;Monitoring the cloud console based on a visit
When asking the trigger action of request, using the zuul, according to targeted first physical machine of the access request, to described
Token token entrained by access request carries out authentication process;If the authentication is passed, Xiang Suoshu cloud console is sent to described
The token notice that the authentication is passed.
10. the system of remote access physical machine according to claim 8 or claim 9, which is characterized in that
Further include: at least one physical machine;
The cloud console is the cloud console based on OpenStack;
The cloud console, for managing each described physical machine using the Ironic of the OpenStack and nova.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910788191.5A CN110502315A (en) | 2019-08-26 | 2019-08-26 | A kind of method, apparatus and system remotely accessing physical machine |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910788191.5A CN110502315A (en) | 2019-08-26 | 2019-08-26 | A kind of method, apparatus and system remotely accessing physical machine |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110502315A true CN110502315A (en) | 2019-11-26 |
Family
ID=68589418
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910788191.5A Pending CN110502315A (en) | 2019-08-26 | 2019-08-26 | A kind of method, apparatus and system remotely accessing physical machine |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110502315A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111182071A (en) * | 2019-12-31 | 2020-05-19 | 畅捷通信息技术股份有限公司 | Method for intranet penetration and service release |
CN111314452A (en) * | 2020-02-11 | 2020-06-19 | 安超云软件有限公司 | Shell access method, device, equipment and storage medium of cloud mobile phone |
CN111683091A (en) * | 2020-06-08 | 2020-09-18 | 平安科技(深圳)有限公司 | Method, device, equipment and storage medium for accessing cloud host console |
CN115134344A (en) * | 2022-06-29 | 2022-09-30 | 济南浪潮数据技术有限公司 | Control method and component of virtual machine console |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101420326A (en) * | 2008-12-02 | 2009-04-29 | 华为技术有限公司 | Method, system and apparatus for implementing failure restoration and data backup |
CN102984282A (en) * | 2012-12-20 | 2013-03-20 | 青岛海信传媒网络技术有限公司 | Method and device of intelligent terminal for acquiring media data of cloud storage file |
CN104486662A (en) * | 2014-12-15 | 2015-04-01 | 四川长虹电器股份有限公司 | Method for remotely controlling TV and TV |
CN104901923A (en) * | 2014-03-04 | 2015-09-09 | 杭州华三通信技术有限公司 | Virtual machine access device and method |
CN104917727A (en) * | 2014-03-12 | 2015-09-16 | 中国移动通信集团福建有限公司 | Account authentication method, system and apparatus |
CN105162831A (en) * | 2015-07-27 | 2015-12-16 | 北京京东尚科信息技术有限公司 | Operation method of mobile end for realizing remote virtual desktop, mobile end apparatus, operation method of service end for realizing remote virtual desktop, service end apparatus |
CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
CN105450748A (en) * | 2015-11-23 | 2016-03-30 | 国云科技股份有限公司 | Remote desktop method for physical machine based on Openstack |
CN105791409A (en) * | 2016-03-30 | 2016-07-20 | 北京小米移动软件有限公司 | Remote connection establishment method and device |
CN106603721A (en) * | 2017-01-19 | 2017-04-26 | 济南浪潮高新科技投资发展有限公司 | Remote control method and system and remote control client |
CN106778345A (en) * | 2016-12-19 | 2017-05-31 | 网易(杭州)网络有限公司 | The treating method and apparatus of the data based on operating right |
CN107105046A (en) * | 2017-05-05 | 2017-08-29 | 中国联合网络通信集团有限公司 | Remotely access the method and system of big data |
CN108512784A (en) * | 2018-06-21 | 2018-09-07 | 珠海宏桥高科技有限公司 | Authentication method based on gateway routing forwarding |
CN109120620A (en) * | 2018-08-17 | 2019-01-01 | 成都品果科技有限公司 | A kind of server management method and system |
-
2019
- 2019-08-26 CN CN201910788191.5A patent/CN110502315A/en active Pending
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101420326A (en) * | 2008-12-02 | 2009-04-29 | 华为技术有限公司 | Method, system and apparatus for implementing failure restoration and data backup |
CN102984282A (en) * | 2012-12-20 | 2013-03-20 | 青岛海信传媒网络技术有限公司 | Method and device of intelligent terminal for acquiring media data of cloud storage file |
CN104901923A (en) * | 2014-03-04 | 2015-09-09 | 杭州华三通信技术有限公司 | Virtual machine access device and method |
CN104917727A (en) * | 2014-03-12 | 2015-09-16 | 中国移动通信集团福建有限公司 | Account authentication method, system and apparatus |
CN104486662A (en) * | 2014-12-15 | 2015-04-01 | 四川长虹电器股份有限公司 | Method for remotely controlling TV and TV |
CN105162831A (en) * | 2015-07-27 | 2015-12-16 | 北京京东尚科信息技术有限公司 | Operation method of mobile end for realizing remote virtual desktop, mobile end apparatus, operation method of service end for realizing remote virtual desktop, service end apparatus |
CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
CN105450748A (en) * | 2015-11-23 | 2016-03-30 | 国云科技股份有限公司 | Remote desktop method for physical machine based on Openstack |
CN105791409A (en) * | 2016-03-30 | 2016-07-20 | 北京小米移动软件有限公司 | Remote connection establishment method and device |
CN106778345A (en) * | 2016-12-19 | 2017-05-31 | 网易(杭州)网络有限公司 | The treating method and apparatus of the data based on operating right |
CN106603721A (en) * | 2017-01-19 | 2017-04-26 | 济南浪潮高新科技投资发展有限公司 | Remote control method and system and remote control client |
CN107105046A (en) * | 2017-05-05 | 2017-08-29 | 中国联合网络通信集团有限公司 | Remotely access the method and system of big data |
CN108512784A (en) * | 2018-06-21 | 2018-09-07 | 珠海宏桥高科技有限公司 | Authentication method based on gateway routing forwarding |
CN109120620A (en) * | 2018-08-17 | 2019-01-01 | 成都品果科技有限公司 | A kind of server management method and system |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111182071A (en) * | 2019-12-31 | 2020-05-19 | 畅捷通信息技术股份有限公司 | Method for intranet penetration and service release |
CN111314452A (en) * | 2020-02-11 | 2020-06-19 | 安超云软件有限公司 | Shell access method, device, equipment and storage medium of cloud mobile phone |
CN111314452B (en) * | 2020-02-11 | 2022-08-26 | 安超云软件有限公司 | Shell access method, device, equipment and storage medium of cloud mobile phone |
CN111683091A (en) * | 2020-06-08 | 2020-09-18 | 平安科技(深圳)有限公司 | Method, device, equipment and storage medium for accessing cloud host console |
CN115134344A (en) * | 2022-06-29 | 2022-09-30 | 济南浪潮数据技术有限公司 | Control method and component of virtual machine console |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107948203B (en) | A kind of container login method, application server, system and storage medium | |
CN110502315A (en) | A kind of method, apparatus and system remotely accessing physical machine | |
US10015157B2 (en) | Multi-domain applications with authorization and authentication in cloud environment | |
JP6556943B2 (en) | Single sign-on method for appliance secure shell | |
CN105991734B (en) | A kind of cloud platform management method and system | |
CN105577665B (en) | Identity and access control management system and method under a kind of cloud environment | |
US9043591B2 (en) | Image forming apparatus, information processing method, and storage medium | |
US9584615B2 (en) | Redirecting access requests to an authorized server system for a cloud service | |
CN112035215B (en) | Node autonomous method, system and device of node cluster and electronic equipment | |
US8145450B2 (en) | Techniques for distributed testing | |
CN106856476A (en) | Authorization server and certification cooperative system | |
CN105049427B (en) | The management method and device of application system login account | |
JP2017107342A (en) | Authentication cooperation system, authentication cooperation method, authorization server, application server, and program | |
US9462068B2 (en) | Cross-domain inactivity tracking for integrated web applications | |
EP4120109A1 (en) | Cluster access method and apparatus, electronic device, and medium | |
CN102111406A (en) | Authentication method, system and DHCP proxy server | |
US7496761B2 (en) | Method and system for batch task creation and execution | |
CN106656927A (en) | Method and device for enabling Linux account to be added to AD domain | |
CN101548263B (en) | Method and system for modeling options for opaque management data for a user and/or an owner | |
US20140007197A1 (en) | Delegation within a computing environment | |
CN106302479B (en) | A kind of single-point logging method and system for multi-service internet site | |
CN116170234B (en) | Single sign-on method and system based on virtual account authentication | |
CN105763532B (en) | A kind of method and device logging in virtual desktop | |
CN114282200A (en) | Method for unified integrated authentication of multiple authentication protocols | |
Huang et al. | Research on Single Sign-on Technology for Educational Administration Information Service Platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191126 |
|
RJ01 | Rejection of invention patent application after publication |