CN111209088A - Agent-free virtual machine peripheral sealing control method, system and medium - Google Patents

Agent-free virtual machine peripheral sealing control method, system and medium Download PDF

Info

Publication number
CN111209088A
CN111209088A CN202010070059.3A CN202010070059A CN111209088A CN 111209088 A CN111209088 A CN 111209088A CN 202010070059 A CN202010070059 A CN 202010070059A CN 111209088 A CN111209088 A CN 111209088A
Authority
CN
China
Prior art keywords
virtual machine
user
peripheral
virtual
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010070059.3A
Other languages
Chinese (zh)
Other versions
CN111209088B (en
Inventor
胡恒云
李广辉
孙利杰
杨鹏举
欧阳殷朝
胡智峰
夏华
陈松政
刘文清
杨涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Kylin Xinan Technology Co ltd
Original Assignee
Hunan Kylin Xinan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Kylin Xinan Technology Co ltd filed Critical Hunan Kylin Xinan Technology Co ltd
Priority to CN202010070059.3A priority Critical patent/CN111209088B/en
Publication of CN111209088A publication Critical patent/CN111209088A/en
Application granted granted Critical
Publication of CN111209088B publication Critical patent/CN111209088B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/4555Para-virtualisation, i.e. guest operating system has to be modified
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention discloses a proxy-free virtual machine peripheral sealing control method, a system and a medium, wherein the virtual machine peripheral sealing control method comprises the following implementation steps: the virtual desktop client is connected to a virtual desktop of a virtual machine on the virtualization server after a user logs in; the virtual desktop client sends a peripheral access request to a virtualization server to acquire a peripheral access control authority of a user; the virtual desktop client side obtains a local device list of the virtual client machine, redirects each enabled device to the virtual desktop of the virtual machine according to the peripheral access control authority of the user, and sets the read-write authority of the device. The invention can realize the peripheral sealing control on the virtual machine, does not need to change the operating system of the virtual machine, does not need to install any agent program, can realize the safety protection of the peripheral of the virtual machine by depending on the virtual machine monitor, the safety virtual machine and related components of the virtualization server, and has the advantages of flexible use and simple and convenient configuration.

Description

Agent-free virtual machine peripheral sealing control method, system and medium
Technical Field
The invention relates to a virtual machine technology, in particular to a proxy-free virtual machine peripheral sealing control method, a proxy-free virtual machine peripheral sealing control system and a proxy-free virtual machine peripheral sealing control medium.
Background
With the popularization of cloud computing, virtualization technology is beginning to be widely applied. Virtualization relies on software to simulate hardware functions and create virtual computer systems, i.e., virtual machines. Virtualization is a supporting technology for cloud computing. The biggest difference between cloud computing and traditional IT environment is the virtualized environment, and IT is the difference that causes the security problem to be different from the traditional mode.
Conventionally, to control the external devices of the physical hosts, a security product suite, i.e. a so-called "security Agent", needs to be deployed on each physical host, and this security mode is called "Agent-based". But traditional safeguards in a virtual desktop environment face new challenges and even failures. The main body is as follows: traditional security software is developed based on a physical machine, is not specially designed for customization of a virtualization environment, and particularly does not consider optimization aiming at resource sharing in the virtualization environment. Therefore, each virtual machine is provided with a deployment mode of the security software, the storage space and the memory resource of the physical host machine are occupied greatly, the deployment cost is high, the management is complex, and the use efficiency of the virtual desktop is greatly influenced.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the invention can realize the external sealing control on the virtual machine, does not need to change the operating system of the virtual machine, does not need to install any agent program, can realize the safety protection of the external equipment of the virtual machine by depending on a virtual machine monitor, a safety virtual machine and related components of a virtualization server, and has the advantages of flexible use and simple and convenient configuration.
In order to solve the technical problems, the invention adopts the technical scheme that:
an agent-free virtual machine peripheral sealing control method comprises the following implementation steps:
1) the virtual desktop client is connected to a virtual desktop of a virtual machine on the virtualization server after a user logs in;
2) the virtual desktop client sends a peripheral access request to a virtualization server to acquire a peripheral access control authority of a user;
3) the virtual desktop client side obtains a local device list of the virtual client machine, redirects each enabled device to the virtual desktop of the virtual machine according to the peripheral access control authority of the user, and sets the read-write authority of the device.
Optionally, the step 3) further includes setting each non-enabled device to be in an unavailable state in the virtual desktop of the virtual machine according to the peripheral access control authority of the user and performing no redirection operation.
Optionally, the setting of the read-write permission of the device in step 3) specifically includes: and judging whether the equipment in the peripheral access control authority of the user can be written, if so, setting the read-write authority of the equipment as read permission and write permission, otherwise, setting the read-write authority of the equipment as read permission and write incapability.
Optionally, after the virtual desktop client sends the request to the virtualization server in step 2), the step of the virtualization server returning the peripheral access control authority includes:
s1) the virtualization server detects a peripheral access request sent by the virtual desktop client through a probe registered in the virtual machine monitor, and skips to execute the next step when the peripheral access request sent by the virtual desktop client is detected;
s2), the virtual machine monitor of the virtualization server intercepts the peripheral access request and forwards the peripheral access request to the secure virtual machine;
s3), the security virtual machine of the virtualization server acquires a corresponding user and acquires a peripheral sealing control strategy of the user;
s4), the secure virtual machine of the virtualization server acquires the peripheral access control authority of the user according to the peripheral sealing control strategy;
s5), the safety virtual machine of the virtualization server detects whether the virtual machine of the user is in the running state, and if the safety virtual machine of the virtualization server is in the running state, the safety virtual machine of the virtualization server returns the peripheral access control authority of the user to the virtual machine monitor of the virtualization server;
s6) the virtual machine monitor issues the peripheral access control authority of the user to the virtual machine of the user;
s7) the virtual machine of the user issues the peripheral access control authority of the user to the virtual desktop client.
Optionally, the peripheral sealing control policy of the user in step S3) includes: the strategy object comprises the strategy of the user, the strategy object comprises the strategy of the user group in which the user is positioned and the global strategy; step S4), when the peripheral access control authority of the user is obtained according to the peripheral sealing control strategy, the strategy object of any device contains the strategy of the user, the strategy object contains the strategy of the user group where the user is located and the global strategy, and the latest strategy is set as the currently effective strategy based on the latest strategy.
Optionally, the peripheral access control authority in step S3) includes three types of access control authorities, namely disable, read-only and writable.
Optionally, step S3) is preceded by the step of setting, by the administrator, the peripheral sealing policy of the user through the web management interface.
In addition, the invention also provides an agent-free virtual machine peripheral sealing control system, which comprises:
a virtual machine user login program module for connecting to the virtual desktop of the virtual machine on the virtualization server after the user logs in
The peripheral access control system comprises a peripheral access control program module, a virtual server and a peripheral access control program module, wherein the peripheral access control program module is used for sending a peripheral access request to the virtual server to obtain the peripheral access control authority of a user;
and the device redirection program module is used for the virtual desktop client to obtain a local device list of the virtual client, redirect each enabled device to the virtual desktop of the virtual machine according to the peripheral access control authority of the user, and set the read-write authority of the device.
In addition, the invention also provides a virtual machine peripheral sealing system without the agent, which comprises a computer device, wherein the computer device is programmed or configured to execute the steps of the virtual machine peripheral sealing method without the agent, or a computer program which is programmed or configured to execute the virtual machine peripheral sealing method without the agent is stored on a memory of the computer device.
Furthermore, the present invention also provides a computer-readable storage medium having stored thereon a computer program programmed or configured to execute the agent-less virtual machine peripheral sealing method.
Compared with the prior art, the invention has the following advantages: the implementation steps of the virtual machine peripheral sealing control method of the invention comprise: the virtual desktop client is connected to a virtual desktop of a virtual machine on the virtualization server after a user logs in; the virtual desktop client sends a peripheral access request to a virtualization server to acquire a peripheral access control authority of a user; the virtual desktop client side obtains a local device list of the virtual client machine, redirects each enabled device to the virtual desktop of the virtual machine according to the peripheral access control authority of the user, and sets the read-write authority of the device. The invention can realize the peripheral sealing control on the virtual machine, the whole peripheral sealing control only needs the cooperation of the virtual desktop client and the virtualization server, the operating system of the virtual machine does not need to be changed, and any agent program does not need to be installed, the safety protection of the peripheral of the virtual machine can be realized by depending on the virtual machine monitor, the safety virtual machine and related components of the virtualization server, and the invention has the advantages of flexible use and simple and convenient configuration.
Drawings
FIG. 1 is a schematic diagram of a basic flow of a method according to an embodiment of the present invention.
Fig. 2 is a schematic system structure diagram of the method according to the embodiment of the present invention.
Fig. 3 is a schematic basic flow chart of the cooperation between the virtualization server and the virtual desktop client in the embodiment of the present invention.
Fig. 4 is a schematic diagram of a peripheral sealing process of the virtualization server in the embodiment of the present invention.
Detailed Description
As shown in fig. 1, the implementation steps of the proxy-less virtual machine peripheral encapsulation method in this embodiment include:
1) the virtual desktop client is connected to a virtual desktop of a virtual machine on the virtualization server after a user logs in;
2) the virtual desktop client sends a peripheral access request to a virtualization server to acquire a peripheral access control authority of a user;
3) the virtual desktop client side obtains a local device list of the virtual client machine, redirects each enabled device to the virtual desktop of the virtual machine according to the peripheral access control authority of the user, and sets the read-write authority of the device. It should be noted that the device redirection technology is the prior art, and the basic principle thereof is to simulate an external device main controller in a virtual machine, collect a request of a user for an external device through the main controller and send the request to a client, operate a device by a real external device main controller on a client machine, and return an operation result. Essentially, the redirected external device is emulated in the virtual machine. The redirected device is therefore no different in the eye of the operating system within the virtual machine than the real device.
In this embodiment, step 3) further includes setting each device that is not enabled to be in an unavailable state in the virtual desktop of the virtual machine according to the peripheral access control authority of the user and performing no redirection operation, so that the user can still see all local device lists and can clearly know which devices are controlled and disabled by the method. As an optional implementation manner, the setting of the unavailable state in this embodiment specifically means setting of a gray icon, and in addition, other manners may also be adopted to set the unavailable state as a distinguishable manner. By the method, the local device list is filtered according to the peripheral access control authority of the user, the forbidden external devices are grayed when being displayed, the read-only and writable external devices are displayed, the use authority is controlled by the peripheral access control authority, the read-only authority can be read but cannot be written, and the writable authority can be read or written.
As shown in fig. 1, the setting of the read-write permission of the device in step 3) specifically includes: and judging whether the equipment in the peripheral access control authority of the user can be written, if so, setting the read-write authority of the equipment as read permission and write permission, otherwise, setting the read-write authority of the equipment as read permission and write incapability.
As shown in fig. 2, the proxy-less virtual machine peripheral sealing method of this embodiment is implemented by matching a peripheral sealing policy of a virtualization server with a virtualization client, so that the virtualization server and the virtualization client need to be deployed in advance, and the virtualization server and the virtualization client can be connected through a network. The virtualization server needs to support a virtualization function, install components including a virtual machine monitor, a secure virtual machine, a user virtual machine and the like, and provide a web management interface for a manager to manage. The virtual machine monitor is virtualization middleware for managing and running virtual machines, and can acquire virtual machine access requests. The user virtual machine, i.e., the virtual desktop used by the user, does not need to install additional security components on the virtual machine operating system in the agent-less security protection mode. The virtualization client is an ordinary host, can be connected with a desktop environment (virtual desktop) of a user virtual machine on the virtualization server through virtualization client software, has rich external equipment ports, can be connected with various external equipment, and can redirect peripheral equipment on the virtualization client to the virtual desktop for use by a user by adopting a redirection technology. In this embodiment, the security virtual machine is a dedicated virtual machine running on the virtualization server, and is composed of a peripheral sealing control security policy management module, a virtual machine monitoring module, and the like, where the policy management module is used to set a peripheral sealing control policy, and the virtual machine monitoring module is used to monitor the running state of the user virtual machine in real time and receive a request event from the virtual machine monitor. When the policy management module of the security virtual machine sets a policy, the security virtual machine registers a probe of the peripheral corresponding to the policy to the virtual machine monitor. The probe is used as a basis for the virtual machine monitor to intercept the peripheral access request, and when the corresponding peripheral access request exists, the probe can be automatically triggered.
As shown in fig. 3 and 4, in this embodiment, after the step 2) of sending a request to the virtualization server by the virtual desktop client, the step of returning the peripheral access control authority by the virtualization server includes:
s1) the virtualization server detects a peripheral access request sent by the virtual desktop client through a probe registered in the virtual machine monitor, and skips to execute the next step when the peripheral access request sent by the virtual desktop client is detected;
s2), the virtual machine monitor of the virtualization server intercepts the peripheral access request and forwards the peripheral access request to the secure virtual machine;
s3), the security virtual machine of the virtualization server acquires a corresponding user and acquires a peripheral sealing control strategy of the user;
s4), the secure virtual machine of the virtualization server acquires the peripheral access control authority of the user according to the peripheral sealing control strategy;
s5), the safety virtual machine of the virtualization server detects whether the virtual machine of the user is in the running state, and if the safety virtual machine of the virtualization server is in the running state, the safety virtual machine of the virtualization server returns the peripheral access control authority of the user to the virtual machine monitor of the virtualization server;
s6) the virtual machine monitor issues the peripheral access control authority of the user to the virtual machine of the user;
s7) the virtual machine of the user issues the peripheral access control authority of the user to the virtual desktop client.
In this embodiment, the external sealing control policy of the user in step S3) includes: the strategy object comprises the strategy of the user, the strategy object comprises the strategy of the user group in which the user is positioned and the global strategy; step S4), when the peripheral access control authority of the user is obtained according to the peripheral sealing control strategy, the strategy object of any device contains the strategy of the user, the strategy object contains the strategy of the user group where the user is located and the global strategy, and the latest strategy is set as the currently effective strategy based on the latest strategy.
In this embodiment, the peripheral access control permissions in step S3) include three types of access control permissions, namely, disable, read-only and write-capable access control permissions. The forbidden permission does not allow the peripheral equipment of the type to be used, the read-only permission can read the peripheral equipment of the type but cannot write, and the read-only permission can read the peripheral equipment of the type and can write under the writable permission.
In this embodiment, the secure virtual machine provides a web management interface to facilitate management by an administrator, and before the step S3), the method further includes a step in which the administrator sets a peripheral sealing control policy of the user through the web management interface. An administrator can set a peripheral sealing control strategy through a web management interface provided by the security virtual machine and can monitor the running state of the user virtual machine in real time. As an optional implementation manner, in this embodiment, each time the policy management module of the secure virtual machine sets a policy, the secure virtual machine registers a probe of the peripheral device corresponding to the policy with the virtual machine monitor. And starting the virtualization client, and connecting the user virtual machine through the virtualization client. When a user virtual machine has a peripheral access request, a corresponding probe in a virtual machine monitor is triggered, the virtual machine monitor intercepts the peripheral access request according to the probe, and forwards a request event to the secure virtual machine. And finally, the virtual machine monitoring module returns the peripheral access control authority corresponding to the strategy to the virtual machine monitor. And after receiving the peripheral access control authority, the virtual machine monitor sends the authority to the virtual machine of the corresponding user. And the virtual desktop running on the virtualization client receives the access control authority, filters corresponding external equipment according to the access authority, displays the external equipment allowed to be used and allows a user to perform corresponding redirection operation without displaying the external equipment required to be forbidden, and controls the writing operation of the external equipment according to the access control authority so as to realize peripheral sealing control.
To sum up, the method for sealing and controlling the peripheral device of the virtual machine without the agent in this embodiment can realize the sealing and controlling of the peripheral device on the virtual machine, the whole sealing and controlling of the peripheral device is realized only by matching the virtual desktop client and the virtualization server, and the safety protection of the peripheral device of the virtual machine can be realized by depending on the virtual machine monitor, the safety virtual machine and related components of the virtualization server without any change to the operating system of the virtual machine and any agent program, so that the method has the advantages of flexible use and simple and convenient configuration.
In addition, this embodiment further provides an agent-free virtual machine peripheral encapsulation control system, including:
a virtual machine user login program module for connecting to the virtual desktop of the virtual machine on the virtualization server after the user logs in
The peripheral access control system comprises a peripheral access control program module, a virtual server and a peripheral access control program module, wherein the peripheral access control program module is used for sending a peripheral access request to the virtual server to obtain the peripheral access control authority of a user;
and the device redirection program module is used for the virtual desktop client to obtain a local device list of the virtual client, redirect each enabled device to the virtual desktop of the virtual machine according to the peripheral access control authority of the user, and set the read-write authority of the device.
In addition, the embodiment further provides a virtual machine peripheral encapsulation system without an agent, which includes a computer device programmed or configured to execute the steps of the virtual machine peripheral encapsulation method without an agent, or a computer program programmed or configured to execute the virtual machine peripheral encapsulation method without an agent is stored in a memory of the computer device.
In addition, the present embodiment also provides a computer readable storage medium, on which a computer program programmed or configured to execute the above-mentioned proxy-less virtual machine peripheral sealing method is stored.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.

Claims (10)

1. A proxy-free virtual machine peripheral sealing control method is characterized by comprising the following implementation steps:
1) the virtual desktop client is connected to a virtual desktop of a virtual machine on the virtualization server after a user logs in;
2) the virtual desktop client sends a peripheral access request to a virtualization server to acquire a peripheral access control authority of a user;
3) the virtual desktop client side obtains a local device list of the virtual client machine, redirects each enabled device to the virtual desktop of the virtual machine according to the peripheral access control authority of the user, and sets the read-write authority of the device.
2. The method for controlling the peripheral device of the agentless virtual machine according to claim 1, wherein the step 3) further comprises setting each of the devices which are not enabled to be in an unavailable state in the virtual desktop of the virtual machine according to the peripheral access control authority of the user and performing no redirection operation.
3. The method for controlling the external device of the virtual machine without the agent according to claim 1, wherein the setting of the read-write permission of the device in the step 3) specifically includes: and judging whether the equipment in the peripheral access control authority of the user can be written, if so, setting the read-write authority of the equipment as read permission and write permission, otherwise, setting the read-write authority of the equipment as read permission and write incapability.
4. The method for controlling the external device of the agentless virtual machine according to claim 1, wherein the step of the virtualization server returning the access control authority of the external device after the virtual desktop client sends the request to the virtualization server in step 2) comprises:
s1) the virtualization server detects a peripheral access request sent by the virtual desktop client through a probe registered in the virtual machine monitor, and skips to execute the next step when the peripheral access request sent by the virtual desktop client is detected;
s2), the virtual machine monitor of the virtualization server intercepts the peripheral access request and forwards the peripheral access request to the secure virtual machine;
s3), the security virtual machine of the virtualization server acquires a corresponding user and acquires a peripheral sealing control strategy of the user;
s4), the secure virtual machine of the virtualization server acquires the peripheral access control authority of the user according to the peripheral sealing control strategy;
s5), the safety virtual machine of the virtualization server detects whether the virtual machine of the user is in the running state, and if the safety virtual machine of the virtualization server is in the running state, the safety virtual machine of the virtualization server returns the peripheral access control authority of the user to the virtual machine monitor of the virtualization server;
s6) the virtual machine monitor issues the peripheral access control authority of the user to the virtual machine of the user;
s7) the virtual machine of the user issues the peripheral access control authority of the user to the virtual desktop client.
5. The method for encapsulating the external device of the virtual machine without the agent of claim 4, wherein the external device encapsulation policy of the user in step S3) comprises: the strategy object comprises the strategy of the user, the strategy object comprises the strategy of the user group in which the user is positioned and the global strategy; step S4), when the peripheral access control authority of the user is obtained according to the peripheral sealing control strategy, the strategy object of any device contains the strategy of the user, the strategy object contains the strategy of the user group where the user is located and the global strategy, and the latest strategy is set as the currently effective strategy based on the latest strategy.
6. The method for encapsulating the virtual machine peripheral without the agent of claim 4, wherein the peripheral access control authority in the step S3) includes three access control authorities of disable, read-only and write-able.
7. The agentless virtual machine peripheral sealing method according to claim 4, characterized in that step S3) is preceded by the step of setting a user' S peripheral sealing policy by an administrator through a web management interface.
8. The utility model provides a virtual machine peripheral seal accuse system without agent which characterized in that includes:
a virtual machine user login program module for connecting to the virtual desktop of the virtual machine on the virtualization server after the user logs in
The peripheral access control system comprises a peripheral access control program module, a virtual server and a peripheral access control program module, wherein the peripheral access control program module is used for sending a peripheral access request to the virtual server to obtain the peripheral access control authority of a user;
and the device redirection program module is used for the virtual desktop client to obtain a local device list of the virtual client, redirect each enabled device to the virtual desktop of the virtual machine according to the peripheral access control authority of the user, and set the read-write authority of the device.
9. An agent-free virtual machine peripheral sealing system, comprising a computer device, wherein the computer device is programmed or configured to execute the steps of the agent-free virtual machine peripheral sealing method according to any one of claims 1 to 7, or a memory of the computer device has stored thereon a computer program programmed or configured to execute the agent-free virtual machine peripheral sealing method according to any one of claims 1 to 7.
10. A computer-readable storage medium having stored thereon a computer program programmed or configured to perform the agentless virtual machine peripheral sealing method of any one of claims 1-7.
CN202010070059.3A 2020-01-21 2020-01-21 Agent-free virtual machine peripheral sealing control method, system and medium Active CN111209088B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010070059.3A CN111209088B (en) 2020-01-21 2020-01-21 Agent-free virtual machine peripheral sealing control method, system and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010070059.3A CN111209088B (en) 2020-01-21 2020-01-21 Agent-free virtual machine peripheral sealing control method, system and medium

Publications (2)

Publication Number Publication Date
CN111209088A true CN111209088A (en) 2020-05-29
CN111209088B CN111209088B (en) 2023-08-29

Family

ID=70787469

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010070059.3A Active CN111209088B (en) 2020-01-21 2020-01-21 Agent-free virtual machine peripheral sealing control method, system and medium

Country Status (1)

Country Link
CN (1) CN111209088B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110184993A1 (en) * 2010-01-27 2011-07-28 Vmware, Inc. Independent Access to Virtual Machine Desktop Content
CN102707985A (en) * 2011-03-28 2012-10-03 中兴通讯股份有限公司 Access control method and system for virtual machine system
US20150026306A1 (en) * 2013-07-16 2015-01-22 Electronics And Telecommunications Research Institute Method and apparatus for providing virtual desktop service
CN104901923A (en) * 2014-03-04 2015-09-09 杭州华三通信技术有限公司 Virtual machine access device and method
CN105373727A (en) * 2015-12-15 2016-03-02 福建实达电脑设备有限公司 Virtual device redirection based device isolation method
CN105378659A (en) * 2013-06-14 2016-03-02 托加里奥有限责任公司 Method and system for enabling access of client device to remote desktop
CN106254364A (en) * 2016-08-19 2016-12-21 湖南麒麟信安科技有限公司 Computer desktop service access apparatus under a kind of Multi net voting isolation environment and method
CN107239321A (en) * 2017-05-18 2017-10-10 中国科学院软件研究所 A kind of USB storage device safety access control method based on thin monitor of virtual machine
CN109040150A (en) * 2017-06-08 2018-12-18 中国电信股份有限公司 Cloud desktop services method, client platform and system
CN109324873A (en) * 2018-09-21 2019-02-12 郑州云海信息技术有限公司 The equipment and storage medium for virtualizing method for managing security, running kernel-driven
US10216927B1 (en) * 2015-06-30 2019-02-26 Fireeye, Inc. System and method for protecting memory pages associated with a process using a virtualization layer

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110184993A1 (en) * 2010-01-27 2011-07-28 Vmware, Inc. Independent Access to Virtual Machine Desktop Content
CN102707985A (en) * 2011-03-28 2012-10-03 中兴通讯股份有限公司 Access control method and system for virtual machine system
CN105378659A (en) * 2013-06-14 2016-03-02 托加里奥有限责任公司 Method and system for enabling access of client device to remote desktop
US20150026306A1 (en) * 2013-07-16 2015-01-22 Electronics And Telecommunications Research Institute Method and apparatus for providing virtual desktop service
CN104901923A (en) * 2014-03-04 2015-09-09 杭州华三通信技术有限公司 Virtual machine access device and method
US10216927B1 (en) * 2015-06-30 2019-02-26 Fireeye, Inc. System and method for protecting memory pages associated with a process using a virtualization layer
CN105373727A (en) * 2015-12-15 2016-03-02 福建实达电脑设备有限公司 Virtual device redirection based device isolation method
CN106254364A (en) * 2016-08-19 2016-12-21 湖南麒麟信安科技有限公司 Computer desktop service access apparatus under a kind of Multi net voting isolation environment and method
CN107239321A (en) * 2017-05-18 2017-10-10 中国科学院软件研究所 A kind of USB storage device safety access control method based on thin monitor of virtual machine
CN109040150A (en) * 2017-06-08 2018-12-18 中国电信股份有限公司 Cloud desktop services method, client platform and system
CN109324873A (en) * 2018-09-21 2019-02-12 郑州云海信息技术有限公司 The equipment and storage medium for virtualizing method for managing security, running kernel-driven

Also Published As

Publication number Publication date
CN111209088B (en) 2023-08-29

Similar Documents

Publication Publication Date Title
US10469592B2 (en) Virtualizing device management services on a multi-session platform
US9251349B2 (en) Virtual machine migration
US8312471B2 (en) File system independent content aware cache
CA2650463C (en) System and method for tracking the security enforcement in a grid system
US7953833B2 (en) Desktop delivery for a distributed enterprise
CN101257413B (en) Method, apparatus and system for enabling a secure location-aware platform
US8650567B2 (en) Virtual machine monitoring method, system and computer readable storage medium
US20090276774A1 (en) Access control for virtual machines in an information system
US20090307761A1 (en) Access authority setting method and apparatus
US20130152083A1 (en) Virtual computer system and control method of migrating virtual computer
US8090744B1 (en) Method and apparatus for determining compatibility between a virtualized application and a base environment
EP3236353A1 (en) Combined use method and system for voi system and vdi system
CN104268484A (en) Cloud environment data leakage prevention method based on virtual isolation mechanism
US20140047114A1 (en) Virtual desktop policy control
US9244705B1 (en) Intelligent micro-virtual machine scheduling
JP4175083B2 (en) Storage device management computer and program
CN109951337B (en) Virtual operation and maintenance fortress system
CN104516744A (en) Software updating method and system
US9774600B1 (en) Methods, systems, and computer readable mediums for managing infrastructure elements in a network system
CN110807191A (en) Safe operation method and device of application program
CN110795209B (en) Control method and device
CN108366087A (en) A kind of ISCSI service implementing methods and device based on distributed file system
CN111209088A (en) Agent-free virtual machine peripheral sealing control method, system and medium
CN111901343B (en) Data access method, data access device, data transmission method, data access system, electronic device, and readable storage medium
CN112104638A (en) Network equipment safety management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 4 / F, Qilin science and Technology Park, No.20, Qiyun Road, high tech Zone, Changsha City, Hunan Province, 410000

Applicant after: Hunan Qilin Xin'an Technology Co.,Ltd.

Address before: 4 / F, Qilin science and Technology Park, No.20, Qiyun Road, high tech Zone, Changsha City, Hunan Province, 410000

Applicant before: HUNAN KYLIN XINAN TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant