CN110502315A - A kind of method, apparatus and system remotely accessing physical machine - Google Patents

A kind of method, apparatus and system remotely accessing physical machine Download PDF

Info

Publication number
CN110502315A
CN110502315A CN201910788191.5A CN201910788191A CN110502315A CN 110502315 A CN110502315 A CN 110502315A CN 201910788191 A CN201910788191 A CN 201910788191A CN 110502315 A CN110502315 A CN 110502315A
Authority
CN
China
Prior art keywords
physical machine
cloud
sent
client
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910788191.5A
Other languages
Chinese (zh)
Inventor
蒋善坤
彭海燕
于昊
高传集
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Cloud Information Technology Co Ltd
Original Assignee
Inspur Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Cloud Information Technology Co Ltd filed Critical Inspur Cloud Information Technology Co Ltd
Priority to CN201910788191.5A priority Critical patent/CN110502315A/en
Publication of CN110502315A publication Critical patent/CN110502315A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention provides a kind of method, apparatus and system for remotely accessing physical machine, this method comprises: the log-on message of cloud console verifying client, controls client when being verified and log in;When client sends the remote connection request for physical machine, cloud background server is triggered to return it to the URL for being directed to remote connection request, token is generated according to log-on message, and URL and token are sent to client;When client is sent for the physical machine and carries the access request of token, cloud background server is triggered to authenticate token, and when the authentication is passed, using the Shell In A Box of installation, remotely connecting and being sent to client for the physical machine is generated by IPMI.The remote access to physical machine can be realized using the browser in client independent of public network IP, user for the implementation of this remote access physical machine, therefore can reduce expense investment.

Description

A kind of method, apparatus and system remotely accessing physical machine
Technical field
The present invention relates to field of computer technology, in particular to a kind of method, apparatus and system for remotely accessing physical machine.
Background technique
Virtualization technology is by virtual machine management program (Hypervisor) a physical machine virtually for multiple independences The technology of host, each unique host are referred to as virtual machine (Virtual Machine, VM), and cloud service provider passes through virtual Change technology provides the user with virtual machine service.
Currently, user can be remotely accessed by public network IP based on SSH (Secure Shell, safety shell protocol) Physical machine, to realize the management to physical machine.
But public network IP is registered and applies just can get, therefore the expense of existing implementation investment is higher.
Summary of the invention
The present invention provides a kind of method, apparatus and system for remotely accessing physical machine, can reduce expense investment.
In order to achieve the above object, the present invention is achieved through the following technical solutions:
In a first aspect, being applied to cloud console the present invention provides a kind of method for remotely accessing physical machine, comprising:
Receive the log-on message that external client is sent;
The log-on message is verified, and when being verified, controls the client and log in the cloud console;
Receive that the client sends for the first physical machine remote connection request when, after triggering external cloud Platform server;
Receive URL (the Uniform Resource for the remote connection request that the cloud background server returns Locator, uniform resource locator);
Token (token) is generated according to the log-on message;
The URL and the token are sent to the client;
Receiving what the client was sent, for the first physical machine and when carrying the access request of the token, Trigger the cloud background server;
When receiving that the cloud background server sends to the token notice that the authentication is passed, installation is utilized Shell In A Box passes through IPMI (Intelligent Platform Management Interface, intelligent platform pipe Manage interface), generate remotely connecting and be sent to the client for first physical machine.
It further, include user information corresponding to the log-on message and user right in the token.
Further, the cloud console is the cloud console based on OpenStack, and uses the OpenStack's Ironic and nova manages each physical machine;
It is described by IPMI, generate remotely connecting and be sent to the client for first physical machine, comprising: according to The console function of the ipmitool of IPMI obtains the long-range connection of first physical machine, and passes through the long-range connection It is forwarded in the network service of the Shell In A Box starting, to be sent to the client.
Second aspect, the present invention provides a kind of methods for remotely accessing physical machine, are applied to client, comprising:
Externally input log-on message is sent to external cloud console;
When the log-on message is verified, the cloud console is logged in;
Pass through the long-range connection button of each external physical machine of browser-presented;
When monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console is sent for described The remote connection request of first physical machine;
Token token that the cloud console is sent, generating according to the log-on message is recorded by browser, and Uniform resource position mark URL that the cloud console is sent, for the remote connection request is opened in new window;
When monitoring URL described in outside access, will be asked for the access of first physical machine and the carrying token It asks and is sent to the cloud console;
The long-range connection of first physical machine sent based on the cloud console, described accesses described by browser One physical machine.
The third aspect, the present invention provides a kind of cloud consoles, comprising:
User logs in control unit, the log-on message sent for receiving external client;The log-on message is carried out Verifying, and when being verified, it controls the client and logs in the cloud console;
Remote connection request processing unit, for receiving that the client sends for the long-range of the first physical machine When connection request, external cloud background server is triggered;Receive the cloud background server return is directed to the long-range connection The uniform resource position mark URL of request;Token token is generated according to the log-on message;The URL and token is sent out Give the client;
Access request processing unit for the first physical machine and is carried for receiving what the client was sent When the access request of the token, the cloud background server is triggered;Receiving that the cloud background server sends to institute It is raw by Intelligent Platform Management Interface IPMI using the Shell In A Box of installation when stating the token notice that the authentication is passed Remotely connecting and be sent to the client at first physical machine.
Further, the cloud console is the cloud console based on OpenStack, and uses the OpenStack's Ironic and nova manages each physical machine;
The access request processing unit obtains described first for the console function according to the ipmitool of IPMI The long-range connection of physical machine, and a network by the way that the long-range connection is forwarded to the Shell In A Box starting takes In business, to be sent to the client.
Fourth aspect, the present invention provides a kind of clients, comprising:
User logs in unit, for externally input log-on message to be sent to external cloud console;In the login When Information Authentication passes through, the cloud console is logged in;
Remote connection request unit, for passing through the long-range connection button of each external physical machine of browser-presented;In When monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console, which is sent, is directed to first physical machine Remote connection request;Token that the cloud console is sent, generating according to the log-on message is recorded by browser Token, and uniform resource locator that the cloud console is sent, for the remote connection request is opened in new window URL;
Access request unit, for first physical machine and carrying will to be directed to when monitoring URL described in outside access The access request of the token is sent to the cloud console;First physical machine sent based on the cloud console, described Long-range connection, accesses first physical machine by browser.
5th aspect, the present invention provides a kind of systems for remotely accessing physical machine, comprising: any of the above-described cloud control Platform processed and at least one above-mentioned client.
Further, the system of the remote access physical machine further include: cloud background server;
Wherein, the cloud background server, for monitoring external touching of the cloud console based on a remote connection request When hair operation, generates according to the first targeted physical machine of the remote connection request using zuul and be directed to the long-range connection The uniform resource position mark URL of request;The URL is returned into the cloud console;Monitoring that the cloud console is based on It is right according to targeted first physical machine of the access request using the zuul when trigger action of one access request Token token entrained by the access request carries out authentication process;If the authentication is passed, Xiang Suoshu cloud console is sent to described The token notice that the authentication is passed.
Further, the system of the remote access physical machine further include: at least one physical machine;
The cloud console is the cloud console based on OpenStack;
The cloud console, for managing each described physics using the Ironic of the OpenStack and nova Machine.
The present invention provides a kind of method, apparatus and system for remotely accessing physical machine, this method comprises: cloud console is tested The log-on message for demonstrate,proving client controls client when being verified and logs in;Client sends the long-range connection for physical machine When request, cloud background server is triggered to return it to the URL for being directed to remote connection request, token is generated according to log-on message, And URL and token are sent to client;When client is sent for the physical machine and carries the access request of token, touching It sends out cloud background server to authenticate token, and when the authentication is passed, it is raw by IPMI using the Shell In A Box of installation Remotely connecting and be sent to client at the physical machine.The implementation of this remote access physical machine is independent of public network The remote access to physical machine can be realized using the browser in client by IP, user, therefore can reduce expense investment.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is a kind of flow chart of the method for remote access physical machine that one embodiment of the invention provides;
Fig. 2 is the flow chart of the method for another remote access physical machine that one embodiment of the invention provides;
Fig. 3 is the flow chart of the method for another remote access physical machine that one embodiment of the invention provides;
Fig. 4 is a kind of schematic diagram for cloud console that one embodiment of the invention provides;
Fig. 5 is a kind of schematic diagram for client that one embodiment of the invention provides;
Fig. 6 is a kind of schematic diagram of the system for remote access physical machine that one embodiment of the invention provides;
Fig. 7 is the schematic diagram of the system for another remote access physical machine that one embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, it is applied to cloud console the embodiment of the invention provides a kind of method for remotely accessing physical machine, It may comprise steps of:
Step 101: receiving the log-on message that external client is sent.
Step 102: the log-on message being verified, and when being verified, controlled described in the client login Cloud console.
Step 103: receive that the client sends for the first physical machine remote connection request when, triggering is outer The cloud background server in portion.
Step 104: receiving the URL for the remote connection request that the cloud background server returns.
Step 105: token is generated according to the log-on message.
Step 106: the URL and the token are sent to the client.
Step 107: receiving what the client was sent, for the first physical machine and carrying the visit of the token When asking request, the cloud background server is triggered.
Step 108: when receiving that the cloud background server sends to the token notice that the authentication is passed, benefit Remotely connecting and be sent to the client for first physical machine is generated by IPMI with the Shell In A Box of installation End.
The embodiment of the invention provides a kind of methods for remotely accessing physical machine, this method comprises: cloud console verifying visitor The log-on message at family end controls client when being verified and logs in;Client sends the remote connection request for physical machine When, cloud background server is triggered to return it to the URL for being directed to remote connection request, token is generated according to log-on message, and will URL and token are sent to client;When client is sent for the physical machine and carries the access request of token, cloud is triggered Background server authenticates token, and when the authentication is passed, and using the Shell In A Box of installation, being generated by IPMI should Physical machine remotely connects and is sent to client.The implementation of this remote access physical machine is used independent of public network IP The remote access to physical machine can be realized using the browser in client for family, therefore can reduce expense investment.
In detail, the realization of this physical machine remote access, depends on client, cloud console, cloud background service Information exchange between these three executing subjects of device.
In detail, user is remote access physical machine, can log on cloud console based on the log-on message of itself first Operating system.User can usually open login page on the browser of client, and input log-on message.In this way, cloud Console can verify its log-on message, and verification is by then allowing to log in.
After client logins successfully, user is it can be seen that the long-range connection of each physical machine shown on browser page is pressed Button.Which physical machine user needs to access, and can click corresponding long-range connection button.Accordingly, client can will be accordingly remote Journey connection request is sent to cloud console, to return it to corresponding URL.In this way, the remote connection request can usually carry The physical machine of requested physical machine identifies.
After cloud console receives remote connection request, that is, it can trigger cloud background server and return to corresponding URL.Specifically, may be used Physical machine therein mark is sent to cloud background server, to return it to the URL of respective physical machine.Cloud console again will The URL received returns to client, so that user accesses physical machine based on the URL.
Certainly, physical machine is not whose Internet access, therefore for equally can be with after avoiding other users from intercepting or obtain the URL Respective physical machine is accessed, therefore while returning to URL to client, the access credentials that user accesses physical machine can also be returned.
This voucher can be for token.Accordingly, filter can be added in cloud console, it is desirable that user accesses URL When, the token for providing cloud user is used to do Authority Verification, to protect long-range connection safety.
Generation for token since cloud console verifies the log-on message of each user, therefore can be obtained according to log-on message The internal respective user information prestored and user right are taken, and token is generated based on this.After token is sent to client, lead to It is often directly recorded in the browser of client, and and is not applied to user.In this way, when client sends access request, The token recorded in browser can be carried.
In addition, cloud console can generate token for it, therefore user steps on next time when user logs in and requests access to physical machine When record, token can be regenerated, and when user logs off, the token recorded in client browser would generally fail.Such as This, even if other people have known URL, but due to not holding token, therefore can not equally access physical machine.
Based on this, in the embodiment of the present invention, user can log in physical machine browser in a manner of remotely connecting Operating system, and include Authority Verification during creation long-range connection, safety is realized while guaranteeing convenient.
Based on above content, when user opens URL and requests access to respective physical machine, client can issue access request, The access request can carry the token recorded in respective physical machine mark and browser, so as to used in subsequent authentication.
After cloud console receives access request, that is, it can trigger cloud background server and make authentication process.It specifically, can be object Reason machine mark and token are sent to cloud background server, so that it examines whether relative users have access authority to the physical machine, If having permission can the authentication is passed, otherwise do not pass through.
After the authentication is passed, cloud console using preparatory mounted Shell In A Box, passes through IPMI, Lai Shengcheng The long-range connection of respective physical machine, and return to client.In this way, user can be based on the long-range connection, to remotely access object Reason machine.
In detail, Shell In A Box is the terminal emulator of a Ajax based on Web freely to increase income.It makes With AJAX technology, the appearance and impression of similar primary Shell are provided by Web browser.In detail, AJAX (Asynchronous Javascript And XML, asynchronous JavaScript and XML), refers to a kind of creation interaction network page The web development technologies of application.
In detail, the basis of IPMI is to run on BMC (Baseboard Management Controller, substrate pipe Manage controller) professional firmware.This management subsystem independently of CPU, BIOS (Basic Input Output System, substantially Input-output system) and operating system.These " autonomy " characteristics eliminate all limitations encountered according to operating system, such as grasp The case where being not responding to as system or not loading.
It in one embodiment of the invention, in the token include that the log-on message institute is right based on above content The user information and user right answered.
It in one embodiment of the invention, is the calculation amount for reducing cloud console, cloud console also can trigger cloud backstage Server generates token.In this way, user information corresponding to each user login information and user right can be in Yun Houtai It is stored in advance in server.
In one embodiment of the invention, the cloud console is the cloud console based on OpenStack, and uses institute The Ironic and nova of OpenStack is stated to manage each physical machine;
It is described by IPMI, generate remotely connecting and be sent to the client for first physical machine, comprising: according to The console function of the ipmitool of IPMI obtains the long-range connection of first physical machine, and passes through the long-range connection It is forwarded in the network service of the Shell In A Box starting, to be sent to the client.
In detail, OpenStack is the cloud computing management platform project of an open source, and Ironic is managed in OpenStack The plug-in unit of physical machine is managed, the driving that Ironic can be used in OpenStack manages physical machine as management virtual machine.
In detail, Shell In A Box, Shell In A Box can be installed in the cloud Intranet of cloud controller to pass through The console function of ipmi generates the long-range connection of physical machine.Ipmitool is a kind of order that can be used under Linux system The ipmi platform management tool of line mode, the function of physical machine can be remotely connected by it in fact.In detail, Shell In A Box can obtain the long-range connection of physical machine by impitool, and long-range connection is forwarded to Shell In A Box starting A network service on.
Therefore, the embodiment of the invention provides the linux physical machine managed for ironic, the long-range connection that can be authenticated is provided Implementation.
With the above-mentioned implementation applied to cloud console correspondingly, as shown in Fig. 2, one embodiment of the invention provide A kind of method remotely accessing physical machine, is applied to client, may comprise steps of:
Step 201: externally input log-on message is sent to external cloud console.
Step 202: when the log-on message is verified, logging in the cloud console.
Step 203: passing through the long-range connection button of each external physical machine of browser-presented.
Step 204: when monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console is sent For the remote connection request of first physical machine.
Step 205: by browser record it is that the cloud console is sent, generated according to the log-on message Token, and URL that the cloud console is sent, for the remote connection request is opened in new window.
Step 206: when monitoring URL described in outside access, for first physical machine and the token will be carried Access request be sent to the cloud console.
Step 207: the long-range connection of first physical machine sent based on the cloud console, described is visited by browser Ask first physical machine.
In the embodiment of the present invention, it is based on client, user logs in cloud console firstly the need of the log-on message using itself Operating system;Then, the long-range connection button based on each physical machine shown on the cloud consing page, user can be by Any physical machine need to be requested access to;When user requests access to a physical machine, needed first into its operation interface, therefore cloud console meeting First return to the URL of the physical machine;When user needs to access physical machine to manage based on URL, cloud console can authenticate it, After only the authentication is passed, cloud console just can further return to the long-range connection of the physical machine, in this way, user is based on long-range connection To manipulate physical machine.
Based on above content, as shown in figure 3, one embodiment of the invention provides a kind of side for remotely accessing physical machine Method may comprise steps of:
Step 301: externally input log-on message is sent to cloud console by client.
Step 302: cloud console verifies log-on message, and when being verified, and control client logs in cloud control Platform processed.
Step 303: after client logs in cloud console, being pressed by long-range connect of browser-presented each physical machine Button, and when monitoring the long-range connection button of the first physical machine of external trigger, remote connection request is sent to cloud console, it should Remote connection request carries the physical machine mark of the first physical machine.
Step 304: cloud console receives remote connection request, and physical machine therein mark is sent to cloud background service Device.
Step 305: cloud background server utilizes zuul, is identified according to the physical machine received, generates the first physical machine URL simultaneously returns to cloud console.
Step 306: cloud console receives URL, and generates token according to log-on message, and URL and token are sent to visitor Family end.
It may include user information corresponding to log-on message and user right in the token, be based on this in order to subsequent Token is authenticated.
Step 307: client records the token that cloud console is sent by browser, and opens cloud control in new window The URL that platform is sent.
Step 308: client sends access request, the access request when monitoring outside access URL, to cloud console Carry the token of record and the physical machine mark of the first physical machine.
Step 309: when cloud console receives access request, after token therein and physical machine mark are sent to cloud Platform server.
Step 310: cloud background server utilizes zuul, is identified according to the physical machine that receives, to the token received into Row authentication process, if the authentication is passed, the authentication is passed for notice cloud console.
Step 311: when cloud console receives notice, using the Shell In A Box of installation, by IPMI, generating the One physical machine remotely connects and is sent to client.
Step 312: the long-range connection that client is sent based on cloud console accesses the first physical machine by browser.
As shown in figure 4, one embodiment of the invention provides a kind of cloud console, may include:
User logs in control unit 401, the log-on message sent for receiving external client;To the log-on message into Row verifying, and when being verified, it controls the client and logs in the cloud console;
Remote connection request processing unit 402, for receiving that the client sends for the first physical machine When remote connection request, external cloud background server is triggered;It is described long-range to receive being directed to for the cloud background server return The URL of connection request;Token is generated according to the log-on message;The URL and the token are sent to the client;
Access request processing unit 403, for receiving what the client was sent, for the first physical machine and carrying When having the access request of the token, the cloud background server is triggered;In pair for receiving the cloud background server and sending When the token notice that the authentication is passed, using the Shell In A Box of installation, by Intelligent Platform Management Interface IPMI, Generate remotely connecting and be sent to the client for first physical machine.
In an embodiment of the invention, the cloud console is the cloud console based on OpenStack, and described in use The Ironic and nova of OpenStack manages each physical machine;
The access request processing unit 403, for the console function according to the ipmitool of IPMI, described in acquisition The long-range connection of first physical machine, and a net by the way that the long-range connection to be forwarded to the Shell In A Box starting In network service, to be sent to the client.
As shown in figure 5, one embodiment of the invention provides a kind of client, comprising:
User logs in unit 501, for externally input log-on message to be sent to external cloud console;It is stepped on described When record Information Authentication passes through, the cloud console is logged in;
Remote connection request unit 502, for passing through the long-range connection button of each external physical machine of browser-presented; When monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console, which is sent, is directed to first physics The remote connection request of machine;By browser record it is that the cloud console is sent, generated according to the log-on message Token, and URL that the cloud console is sent, for the remote connection request is opened in new window;
Access request unit 503, for when monitoring URL described in outside access, will for first physical machine and The access request for carrying the token is sent to the cloud console;First physics sent based on the cloud console, described The long-range connection of machine accesses first physical machine by browser.
As shown in fig. 6, one embodiment of the invention provide it is a kind of remotely access physical machine system, may include: on State any cloud console 601 and at least one above-mentioned client 602.
In an embodiment of the invention, referring to FIG. 7, the system of the remote access physical machine further include: cloud backstage takes Business device 701;
Wherein, the cloud background server 701, for monitoring that external cloud console 601 is based on a long-range connection and asks When the trigger action asked, using zuul, according to the first targeted physical machine of the remote connection request, generate for described remote The URL of journey connection request;The URL is returned into the cloud console 601;Monitoring the cloud console 601 based on one When the trigger action of access request, using the zuul, according to targeted first physical machine of the access request, to institute It states token entrained by access request and carries out authentication process;If the authentication is passed, Xiang Suoshu cloud console 601 is sent to described The token notice that the authentication is passed.
In detail, zuul is the micro services gateway of Netflix open source, can be carried out to the request for being sent to server-side Pretreatment, such as safety verification, dynamic routing, load distribution etc..In the embodiment of the present invention, zuul can be used will be inside Intranet Shell In A Box network service, agency to public network URL user provided above access.
In an embodiment of the invention, referring to FIG. 7, the system of the remote access physical machine further include: at least one Physical machine 702;
The cloud console 601 is the cloud console based on OpenStack;
The cloud console 601, for managing each described object using the Ironic of the OpenStack and nova Reason machine 702.
The contents such as the information exchange between each unit, implementation procedure in above-mentioned apparatus, system, due to the method for the present invention Embodiment is based on same design, and for details, please refer to the description in the embodiment of the method for the present invention, and details are not described herein again.
In conclusion the embodiment of the present invention have it is at least following the utility model has the advantages that
1, in the embodiment of the present invention, cloud console verifies the log-on message of client, and client is controlled when being verified It logs in;When client sends the remote connection request for physical machine, triggers cloud background server and be directed to remotely with returning it to The URL of connection request generates token according to log-on message, and URL and token is sent to client;Client, which is sent, to be directed to The physical machine and when carrying the access request of token, triggering cloud background server authenticates token, and when the authentication is passed, Using the Shell In A Box of installation, remotely connecting and being sent to client for the physical machine is generated by IPMI.This is remote Journey accesses the implementation of physical machine independent of public network IP, and user can be realized using the browser in client to physical machine Remote access, therefore can reduce expense investment.
2, in the embodiment of the present invention, user can log in the operation system of physical machine browser in a manner of remotely connecting System, and include Authority Verification during creation long-range connection, safety is realized while guaranteeing convenient.
It should be noted that, in this document, such as first and second etc relational terms are used merely to an entity Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non- It is exclusive to include, so that the process, method, article or equipment for including a series of elements not only includes those elements, It but also including other elements that are not explicitly listed, or further include solid by this process, method, article or equipment Some elements.In the absence of more restrictions, the element limited by sentence " including one ", is not arranged Except there is also other identical factors in the process, method, article or apparatus that includes the element.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can store in computer-readable storage medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light In the various media that can store program code such as disk.
Finally, it should be noted that the foregoing is merely presently preferred embodiments of the present invention, it is merely to illustrate skill of the invention Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention, Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.

Claims (10)

1. a kind of method for remotely accessing physical machine, which is characterized in that be applied to cloud console, comprising:
Receive the log-on message that external client is sent;
The log-on message is verified, and when being verified, controls the client and log in the cloud console;
Receive that the client sends for the first physical machine remote connection request when, trigger external cloud backstage and take Business device;
Receive the uniform resource position mark URL for the remote connection request that the cloud background server returns;
Token token is generated according to the log-on message;
The URL and the token are sent to the client;
Receiving what the client was sent, for the first physical machine and when carrying the access request of the token, triggering The cloud background server;
When receiving that the cloud background server sends to the token notice that the authentication is passed, the Shell of installation is utilized In A Box generates remotely connecting and be sent to the visitor for first physical machine by Intelligent Platform Management Interface IPMI Family end.
2. the method according to claim 1, wherein
It include user information corresponding to the log-on message and user right in the token.
3. method according to claim 1 or 2, which is characterized in that
The cloud console is the cloud console based on OpenStack, and is come using the Ironic and nova of the OpenStack Manage each physical machine;
It is described by IPMI, generate remotely connecting and be sent to the client for first physical machine, comprising: according to IPMI Ipmitool console function, obtain the long-range connection of first physical machine, and by will the long-range connection forwarding In the network service started to the Shell In A Box, to be sent to the client.
4. a kind of method for remotely accessing physical machine, which is characterized in that be applied to client, comprising:
Externally input log-on message is sent to external cloud console;
When the log-on message is verified, the cloud console is logged in;
Pass through the long-range connection button of each external physical machine of browser-presented;
When monitoring the long-range connection button of the first physical machine of external trigger, Xiang Suoshu cloud console, which is sent, is directed to described first The remote connection request of physical machine;
Token token that the cloud console is sent, generating according to the log-on message is recorded by browser, and new Window opens uniform resource position mark URL that the cloud console is sent, for the remote connection request;
When monitoring URL described in outside access, will be sent out for the access request of first physical machine and the carrying token Give the cloud console;
The long-range connection of first physical machine sent based on the cloud console, described accesses first object by browser Reason machine.
5. a kind of cloud console characterized by comprising
User logs in control unit, the log-on message sent for receiving external client;The log-on message is verified, And when being verified, controls the client and log in the cloud console;
Remote connection request processing unit, in the long-range connection for the first physical machine for receiving the client and sending When request, external cloud background server is triggered;Receive the cloud background server return is directed to the remote connection request Uniform resource position mark URL;Token token is generated according to the log-on message;The URL and the token are sent to The client;
Access request processing unit for the first physical machine and carries described for receiving what the client was sent When the access request of token, the cloud background server is triggered;Receiving that the cloud background server sends to described When the token notice that the authentication is passed, institute is generated by Intelligent Platform Management Interface IPMI using the ShellIn A Box of installation State remotely connecting and be sent to the client for the first physical machine.
6. cloud console according to claim 5, which is characterized in that
The cloud console is the cloud console based on OpenStack, and is come using the Ironic and nova of the OpenStack Manage each physical machine;
The access request processing unit obtains first physics for the console function according to the ipmitool of IPMI The long-range connection of machine, and a network service by the way that the long-range connection to be forwarded to the Shell In A Box starting On, to be sent to the client.
7. a kind of client characterized by comprising
User logs in unit, for externally input log-on message to be sent to external cloud console;In the log-on message When being verified, the cloud console is logged in;
Remote connection request unit, for passing through the long-range connection button of each external physical machine of browser-presented;It is monitoring To the first physical machine of external trigger long-range connection button when, Xiang Suoshu cloud console sends remote for first physical machine Journey connection request;Token that the cloud console is sent, generating according to the log-on message is recorded by browser Token, and uniform resource locator that the cloud console is sent, for the remote connection request is opened in new window URL;
Access request unit, for that will be directed to described in first physical machine and carrying when monitoring URL described in outside access The access request of token is sent to the cloud console;First physical machine sent based on the cloud console, described it is long-range Connection, accesses first physical machine by browser.
8. a kind of system for remotely accessing physical machine characterized by comprising
Such as cloud console described in claim 5 or 6 and at least one client as claimed in claim 7.
9. the system of remote access physical machine according to claim 8, which is characterized in that
Further include: cloud background server;
Wherein, the cloud background server, for monitoring triggering behaviour of the external cloud console based on a remote connection request When making, generates according to the first targeted physical machine of the remote connection request using zuul and be directed to the remote connection request Uniform resource position mark URL;The URL is returned into the cloud console;Monitoring the cloud console based on a visit When asking the trigger action of request, using the zuul, according to targeted first physical machine of the access request, to described Token token entrained by access request carries out authentication process;If the authentication is passed, Xiang Suoshu cloud console is sent to described The token notice that the authentication is passed.
10. the system of remote access physical machine according to claim 8 or claim 9, which is characterized in that
Further include: at least one physical machine;
The cloud console is the cloud console based on OpenStack;
The cloud console, for managing each described physical machine using the Ironic of the OpenStack and nova.
CN201910788191.5A 2019-08-26 2019-08-26 A kind of method, apparatus and system remotely accessing physical machine Pending CN110502315A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910788191.5A CN110502315A (en) 2019-08-26 2019-08-26 A kind of method, apparatus and system remotely accessing physical machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910788191.5A CN110502315A (en) 2019-08-26 2019-08-26 A kind of method, apparatus and system remotely accessing physical machine

Publications (1)

Publication Number Publication Date
CN110502315A true CN110502315A (en) 2019-11-26

Family

ID=68589418

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910788191.5A Pending CN110502315A (en) 2019-08-26 2019-08-26 A kind of method, apparatus and system remotely accessing physical machine

Country Status (1)

Country Link
CN (1) CN110502315A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111182071A (en) * 2019-12-31 2020-05-19 畅捷通信息技术股份有限公司 Method for intranet penetration and service release
CN111314452A (en) * 2020-02-11 2020-06-19 安超云软件有限公司 Shell access method, device, equipment and storage medium of cloud mobile phone
CN111683091A (en) * 2020-06-08 2020-09-18 平安科技(深圳)有限公司 Method, device, equipment and storage medium for accessing cloud host console
CN115134344A (en) * 2022-06-29 2022-09-30 济南浪潮数据技术有限公司 Control method and component of virtual machine console

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420326A (en) * 2008-12-02 2009-04-29 华为技术有限公司 Method, system and apparatus for implementing failure restoration and data backup
CN102984282A (en) * 2012-12-20 2013-03-20 青岛海信传媒网络技术有限公司 Method and device of intelligent terminal for acquiring media data of cloud storage file
CN104486662A (en) * 2014-12-15 2015-04-01 四川长虹电器股份有限公司 Method for remotely controlling TV and TV
CN104901923A (en) * 2014-03-04 2015-09-09 杭州华三通信技术有限公司 Virtual machine access device and method
CN104917727A (en) * 2014-03-12 2015-09-16 中国移动通信集团福建有限公司 Account authentication method, system and apparatus
CN105162831A (en) * 2015-07-27 2015-12-16 北京京东尚科信息技术有限公司 Operation method of mobile end for realizing remote virtual desktop, mobile end apparatus, operation method of service end for realizing remote virtual desktop, service end apparatus
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end
CN105450748A (en) * 2015-11-23 2016-03-30 国云科技股份有限公司 Remote desktop method for physical machine based on Openstack
CN105791409A (en) * 2016-03-30 2016-07-20 北京小米移动软件有限公司 Remote connection establishment method and device
CN106603721A (en) * 2017-01-19 2017-04-26 济南浪潮高新科技投资发展有限公司 Remote control method and system and remote control client
CN106778345A (en) * 2016-12-19 2017-05-31 网易(杭州)网络有限公司 The treating method and apparatus of the data based on operating right
CN107105046A (en) * 2017-05-05 2017-08-29 中国联合网络通信集团有限公司 Remotely access the method and system of big data
CN108512784A (en) * 2018-06-21 2018-09-07 珠海宏桥高科技有限公司 Authentication method based on gateway routing forwarding
CN109120620A (en) * 2018-08-17 2019-01-01 成都品果科技有限公司 A kind of server management method and system

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420326A (en) * 2008-12-02 2009-04-29 华为技术有限公司 Method, system and apparatus for implementing failure restoration and data backup
CN102984282A (en) * 2012-12-20 2013-03-20 青岛海信传媒网络技术有限公司 Method and device of intelligent terminal for acquiring media data of cloud storage file
CN104901923A (en) * 2014-03-04 2015-09-09 杭州华三通信技术有限公司 Virtual machine access device and method
CN104917727A (en) * 2014-03-12 2015-09-16 中国移动通信集团福建有限公司 Account authentication method, system and apparatus
CN104486662A (en) * 2014-12-15 2015-04-01 四川长虹电器股份有限公司 Method for remotely controlling TV and TV
CN105162831A (en) * 2015-07-27 2015-12-16 北京京东尚科信息技术有限公司 Operation method of mobile end for realizing remote virtual desktop, mobile end apparatus, operation method of service end for realizing remote virtual desktop, service end apparatus
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end
CN105450748A (en) * 2015-11-23 2016-03-30 国云科技股份有限公司 Remote desktop method for physical machine based on Openstack
CN105791409A (en) * 2016-03-30 2016-07-20 北京小米移动软件有限公司 Remote connection establishment method and device
CN106778345A (en) * 2016-12-19 2017-05-31 网易(杭州)网络有限公司 The treating method and apparatus of the data based on operating right
CN106603721A (en) * 2017-01-19 2017-04-26 济南浪潮高新科技投资发展有限公司 Remote control method and system and remote control client
CN107105046A (en) * 2017-05-05 2017-08-29 中国联合网络通信集团有限公司 Remotely access the method and system of big data
CN108512784A (en) * 2018-06-21 2018-09-07 珠海宏桥高科技有限公司 Authentication method based on gateway routing forwarding
CN109120620A (en) * 2018-08-17 2019-01-01 成都品果科技有限公司 A kind of server management method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111182071A (en) * 2019-12-31 2020-05-19 畅捷通信息技术股份有限公司 Method for intranet penetration and service release
CN111314452A (en) * 2020-02-11 2020-06-19 安超云软件有限公司 Shell access method, device, equipment and storage medium of cloud mobile phone
CN111314452B (en) * 2020-02-11 2022-08-26 安超云软件有限公司 Shell access method, device, equipment and storage medium of cloud mobile phone
CN111683091A (en) * 2020-06-08 2020-09-18 平安科技(深圳)有限公司 Method, device, equipment and storage medium for accessing cloud host console
CN115134344A (en) * 2022-06-29 2022-09-30 济南浪潮数据技术有限公司 Control method and component of virtual machine console

Similar Documents

Publication Publication Date Title
CN107948203B (en) A kind of container login method, application server, system and storage medium
CN110502315A (en) A kind of method, apparatus and system remotely accessing physical machine
US10015157B2 (en) Multi-domain applications with authorization and authentication in cloud environment
JP6556943B2 (en) Single sign-on method for appliance secure shell
CN105991734B (en) A kind of cloud platform management method and system
CN105577665B (en) Identity and access control management system and method under a kind of cloud environment
US9043591B2 (en) Image forming apparatus, information processing method, and storage medium
US9584615B2 (en) Redirecting access requests to an authorized server system for a cloud service
CN112035215B (en) Node autonomous method, system and device of node cluster and electronic equipment
US8145450B2 (en) Techniques for distributed testing
CN106856476A (en) Authorization server and certification cooperative system
CN105049427B (en) The management method and device of application system login account
JP2017107342A (en) Authentication cooperation system, authentication cooperation method, authorization server, application server, and program
US9462068B2 (en) Cross-domain inactivity tracking for integrated web applications
EP4120109A1 (en) Cluster access method and apparatus, electronic device, and medium
CN102111406A (en) Authentication method, system and DHCP proxy server
US7496761B2 (en) Method and system for batch task creation and execution
CN106656927A (en) Method and device for enabling Linux account to be added to AD domain
CN101548263B (en) Method and system for modeling options for opaque management data for a user and/or an owner
US20140007197A1 (en) Delegation within a computing environment
CN106302479B (en) A kind of single-point logging method and system for multi-service internet site
CN116170234B (en) Single sign-on method and system based on virtual account authentication
CN105763532B (en) A kind of method and device logging in virtual desktop
CN114282200A (en) Method for unified integrated authentication of multiple authentication protocols
Huang et al. Research on Single Sign-on Technology for Educational Administration Information Service Platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191126

RJ01 Rejection of invention patent application after publication