CN114153591A - Host migration device and method and readable storage medium - Google Patents

Host migration device and method and readable storage medium Download PDF

Info

Publication number
CN114153591A
CN114153591A CN202111274532.0A CN202111274532A CN114153591A CN 114153591 A CN114153591 A CN 114153591A CN 202111274532 A CN202111274532 A CN 202111274532A CN 114153591 A CN114153591 A CN 114153591A
Authority
CN
China
Prior art keywords
trusted
host
cloud
migration
hosts
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111274532.0A
Other languages
Chinese (zh)
Inventor
邱军婷
苏广峰
马豹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN202111274532.0A priority Critical patent/CN114153591A/en
Publication of CN114153591A publication Critical patent/CN114153591A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5083Techniques for rebalancing the load in a distributed system
    • G06F9/5088Techniques for rebalancing the load in a distributed system involving task migration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a host migration device, a host migration method and a readable storage medium, and relates to the field of network information. The host migration method is applied to an OpenStack cloud platform, a preset filter screens out the trusted hosts contained in a cluster in a mode of determining the trusted identifiers, the trusted identifiers are used for indicating that the hosts contain the trusted platform module and/or the virtual trusted platform module, and after the migration instruction is received, the trusted cloud hosts are migrated to one trusted host added with the trusted identifiers, so that the hosts during migration contain the TPM and/or the VTPM through the trusted identifiers, the online migration credibility of the hosts during the online migration of the trusted cloud hosts is guaranteed, the credibility of the cloud hosts is not changed, and the leakage and loss of data are prevented. The host migration device and the readable storage medium provided by the application correspond to the host migration method, and have the same beneficial effects.

Description

Host migration device and method and readable storage medium
Technical Field
The present application relates to the field of network information, and in particular, to a host migration apparatus, method and readable storage medium.
Background
In recent years, with the progress of computer technology, cloud computing technology is becoming more mature, and the cloud computing technology is provided to users through a network by gathering all computing resources. This makes the application provider need not be worried for tedious details, can concentrate on own business more, is favorable to innovation and reduce cost. With the rise of cloud computing technology, more and more cloud platforms are applied as the cloud computing technology comes along, and a common cloud platform in the market is an OpenStack cloud platform at present.
When the existing OpenStack cloud platform technology executes host migration, a host is directly selected from a cluster as a target host for migration, so that the problem of migration failure frequently occurs in the migration process, and the reliability of migration is low.
In view of the above-mentioned technologies, a reliable host migration method is an urgent problem to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide host migration so as to solve the problem that the current host migration is low in reliability.
In order to solve the above technical problem, the present application provides a host migration method, which is applied to an OpenStack cloud platform, and includes:
screening out the trusted hosts included in the cluster through a preset filter, wherein the trusted hosts add a trusted identifier, the trusted identifier is used for representing that the trusted hosts include TPM and/or VTPM, and the filter condition of the filter is that the hosts include the trusted identifier;
after receiving a migration instruction, migrating a trusted cloud host to one trusted host added with the trusted identifier, wherein the trusted cloud host is a cloud host created on an original host.
Preferably, creating the trusted cloud host comprises the following steps:
simulating the TPM on the original host machine based on virtualization technology, and integrating the simulated TPM to the OpenStack cloud platform to serve as the VTPM;
and creating the trusted cloud host according to the VTPM.
Preferably, the method further comprises:
generating an account and a password to create a key;
encrypting the trusted cloud host through the key;
and saving the account and the password to a database.
Preferably, after the migrating the trusted cloud host to the one trusted host added with the trusted identifier, the method further includes:
and creating the secret key on the trusted host according to the account and the password of the database, wherein the secret key is used for starting the trusted cloud host.
Preferably, the account and the password are generated by a key management component Barbican of the OpenStack cloud platform, and the database is a database of the Barbican.
Preferably, before the migrating the trusted cloud host to the one trusted host added with the trusted identifier, the method further includes:
judging whether the migration cloud host is the trusted cloud host or not according to host system metadata, wherein the host system metadata is metadata generated when the trusted cloud host is generated;
if yes, the step of migrating the trusted cloud host to the trusted host added with the trusted identifier is carried out.
Preferably, after the migrating the trusted cloud host to the one trusted host added with the trusted identifier, the migrating further includes;
deleting the key on the original host.
In order to solve the above problem, the present application further provides a host migration apparatus, including:
the filtering module is used for filtering out the trusted hosts included in the cluster, wherein the trusted hosts add trusted identifiers, the trusted identifiers are used for representing that the trusted hosts include TPM and/or VTPM, and the filtering condition of the filter is that the hosts include the trusted identifiers;
and the migration module is used for migrating the trusted cloud host to the trusted host added with the trusted identifier after receiving the migration instruction, wherein the trusted cloud host is a cloud host created on the original host.
Preferably, the host migration apparatus further includes:
a generation module to generate an account and a password to create a key;
the encryption module is used for encrypting the trusted cloud host through the secret key;
and the storage module is used for storing the account and the password to a database.
Preferably, the host migration apparatus further includes:
and the creating module is used for creating the secret key on the trusted host according to the account and the password of the database, wherein the secret key is used for starting the trusted cloud host.
Preferably, the host migration apparatus further includes:
the judging module is used for judging whether the migration cloud host is the credible cloud host or not according to host system metadata, wherein the host system metadata is metadata generated when the credible cloud host is generated;
preferably, the host migration apparatus further includes: and the deleting module is used for deleting the key on the original host.
In order to solve the above problem, the present application further provides a host migration apparatus, which includes a memory for storing a computer program;
and the processor is used for realizing the steps of the host migration method when executing the computer program.
To solve the above problem, the present application further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the host migration method described above.
The host migration method is applied to an OpenStack cloud platform, a preset filter screens out the trusted hosts contained in a cluster in a mode of determining the trusted identifiers, the trusted identifiers are used for indicating that the hosts contain the trusted platform module and/or the virtual trusted platform module, and after the migration instruction is received, the trusted cloud hosts are migrated to one trusted host added with the trusted identifiers, so that the hosts during migration contain the TPM and/or the VTPM through the trusted identifiers, the online migration credibility of the hosts during the online migration of the trusted cloud hosts is guaranteed, the credibility of the cloud hosts is not changed, and the leakage and loss of data are prevented.
The host migration device and the readable storage medium provided by the application correspond to the host migration method, and have the same beneficial effects.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a host migration method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a filter workflow provided by an embodiment of the present application;
fig. 3 is a structural diagram of a host migration apparatus according to an embodiment of the present application;
fig. 4 is a structural diagram of a host migration apparatus according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The core of the application is to provide a host migration method to solve the problem of reliability during host migration, and cloud computing refers to a delivery and use mode of an IT infrastructure and refers to acquiring required resources (hardware, a platform and software) in an on-demand and easily-extensible mode through a network. The network that provides the resources is referred to as the "cloud". Resources in the "cloud" appear to the user as being infinitely expandable and available at any time, available on demand, expandable at any time, and paid for on-demand. A "cloud" is a pool of computing resources, typically a large cluster of servers, including compute servers, storage servers, bandwidth resources, and so forth. Cloud computing centralizes all computing resources and provides the centralized computing resources to users through a network. This makes the application provider not need to be worried for the tedious details, can concentrate on oneself business more, is favorable to innovate and reduce cost, this is a new direction that can replace the existing server. It should be noted that the host migration is to transfer a cloud host in a server or a cloud platform from one device to another device, and the application is applied to an OpenStack cloud platform, so the host migration is directed to the cloud host in the cloud platform.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
Fig. 1 is a flowchart of a host migration method provided in an embodiment of the present application, applied to an OpenStack cloud platform, and includes:
s10: and screening out the trusted hosts contained in the cluster through a preset filter.
The Trusted host adds a Trusted identifier, the Trusted identifier is used for representing that the Trusted host comprises a Trusted Platform Module (TPM) and/or a Virtual Trusted Platform Module (VTPM), and the filter condition of the filter is that the host comprises the Trusted identifier;
it should be noted that the OpenStack cloud platform is an open-source cloud computing management platform project, and several main components are combined to complete specific work. The TPM is a trusted platform module and is an international standard of a secure cryptographic processor. The TPM is an encryption key that is subjected to security verification to provide stronger security for the device, and is also a core of many security applications, where the TPM is an entity device, such as a chip including a trusted module, and the like, and the VTPM is a virtualized TPM, and is a virtual device, such as a virtual machine in a computer, and is not described in detail hereinafter.
In practical application, a filter searches for a corresponding trusted host by searching for a trusted identifier on the host, fig. 2 is a schematic diagram of a filter workflow provided in an embodiment of the present application, where when a physical TPM chip or a simulated TPM device exists on a host, an attribute TPM _ enable is added to a host database of the host, and accordingly, a TPM _ enable ═ tube is added to a host configuration file of the host, an OpenStack cloud platform host upload mechanism is used to report TPM _ enable information in the host to a database, and update a data record TPM _ enable ═ tube, before host migration, the filter determines whether data of each host is TPM _ enable ═ tube, if not, the host is discarded, and if yes, the host is added to a trusted host list. Fig. 2 is only an exemplary filter design, and the filter and the trusted identifier are not limited in this embodiment.
The cluster mentioned in this embodiment is a computer cluster, that is, all computers under the authentication of the OpenStack cloud platform.
S11: and migrating the trusted cloud host to a trusted host added with the trusted identifier.
The step S11 is performed after the OpenStack cloud platform receives the migration instruction, and the trusted cloud host is a cloud host created on the original host. The trusted cloud host is a cloud host containing VTPM, the original host is a host used in the creation of the cloud host, the trusted cloud host is generated by an OpenStack cloud platform, and the specific process of the creation of the trusted cloud host is not limited.
It should be noted that, when there are multiple trusted hosts, the target trusted host for migration of the trusted cloud host may be determined by an administrator, randomly determined by a database, or determined by the OpenStack cloud platform as the trusted host that is screened first, where, for the existence of multiple trusted hosts, the migration manner of the trusted cloud host and the target trusted host are not limited herein.
The host migration method provided by the embodiment is applied to an OpenStack cloud platform, a preset filter screens out the trusted hosts included in a cluster by determining a trusted identifier, the trusted identifier is used for indicating that the hosts include a trusted platform module and/or a virtual trusted platform module, and after receiving the migration instruction, the trusted cloud hosts are migrated to one trusted host added with the trusted identifier, so that the hosts during migration contain a TPM and/or a VTPM through the trusted identifier, the online migration credibility of the hosts during the online migration of the trusted cloud hosts is guaranteed, the credibility of the cloud hosts is not changed, and the leakage and loss of data are prevented.
In the foregoing embodiment, a specific process of creating a trusted cloud host is not limited, and a preferred scheme is proposed in this embodiment, that is, creating a trusted cloud host includes the following steps:
simulating a TPM on an original host machine based on a virtualization technology, and integrating the simulated TPM into an OpenStack cloud platform to serve as a VTPM;
and creating a trusted cloud host according to the VTPM.
It should be noted that, the virtualization technologies used in this embodiment include, but are not limited to, virtualization technologies such as libvirt virtual machine manager, qemu universal simulator, and the like, when creating a trusted cloud host, a trusted host including a TPM is used, and the TPM integration on the host is used as a VTPM to ensure the credibility of the generated cloud host, so that the creation of the trusted cloud host is facilitated, and the VTPM is generated by TPM integration, so that the VTPM is more credible.
In practical applications, in consideration of the security required by the cloud host as a server, a preferred scheme is provided, and the method further includes:
generating an account and a password to create a key;
encrypting the trusted cloud host through a secret key;
the account and password are saved to a database.
It should be noted that, in this embodiment, a generation manner and specific contents of the account and the password are not limited, and may be created by an administrator using a virtual machine, or generated by using an OpenStack cloud platform, the contents of the account and the password may be characters, numbers, or a combination thereof, and the like, and a time for creating the key is not limited here, and may be created when the trusted cloud host is generated, or created when the trusted cloud host is migrated. The present embodiment is also not limited to the type of the database, and the database may be created by the user, or a database of the OpenStack cloud platform may be used.
According to the preferred scheme provided by the embodiment, the trusted cloud host is encrypted, and the account and the password are stored in the database, so that the security of the cloud host can be optimized, and information leakage is prevented.
In the foregoing embodiment, since the cloud host is encrypted, and it is considered that the trusted host needs to start the trusted cloud host after the migration, an optimal scheme is proposed herein, and after the trusted cloud host is migrated to a trusted host to which a trusted identifier is added, the method further includes:
and creating a secret key on the trusted host according to the account and the password of the database, wherein the secret key is used for starting the trusted cloud host.
It should be noted that, in this embodiment, after the database is called, a secret key is created on the trusted host, so that when the host migrates, the trusted host can directly open the trusted cloud host through the secret key, thereby preventing data loss.
In the above embodiment, the generation manner of the account and the password and the type of the database are not limited, and a preferred scheme is proposed in this embodiment, the account and the password are generated by a key management component Barbican of an OpenStack cloud platform, and the database is a database of Barbican.
In this embodiment, when creating a trusted cloud host, an account and a password of a key are generated from a key management component Barbican of the OpenStack cloud platform, and the key information is stored in a Barbican database. And creating a key of a libvirt private type according to the key account and the password to encrypt the VTPM device of the trusted cloud host.
The encryption mode provided by the embodiment does not need a user to set an account and a password, does not need to newly build a database, and can be completed by the OpenStack cloud platform to generate and store the key, so that the workload of the user is reduced.
In practical applications, considering that the OpenStack cloud platform may have more than one cloud host, after receiving the request instruction, the trustworthiness of the cloud host needs to be determined first, so that the preferred scheme provided in this embodiment further includes, before migrating the trusted cloud host to a trusted host to which a trusted identifier is added:
judging whether the migration cloud host is a trusted cloud host or not according to the host system metadata, wherein the host system metadata is metadata generated when the trusted cloud host is generated;
if yes, the step of migrating the trusted cloud host to a trusted host added with the trusted identifier is carried out.
It should be noted that, when creating the trusted cloud host, the version number (TPM _ version) and TPM type (TPM _ model) of the attribute VTPM of the cloud host are set, and the trusted cloud host system metadata VTPM _ secret _ uuid is generated, where the metadata corresponds to the VTPM of the cloud host, and therefore, it is only necessary to detect whether the metadata is included, and it is possible to determine whether the cloud host is trusted.
According to the preferred scheme provided by the embodiment, the credibility of the cloud host is verified through the identification metadata, when the untrusted cloud host is migrated, the subsequent screening step mentioned in the embodiment of the application is not needed, the processing mode is optimized, so that the OpenStack cloud platform can adopt different schemes for different cloud hosts when the hosts are migrated, and the host migration efficiency is improved.
In consideration of the security problem after the trusted cloud host is encrypted, the embodiment provides a preferable scheme, and after the trusted cloud host is migrated to a trusted host added with a trusted identifier, the method further includes the following steps;
the key on the original host is deleted.
By deleting the key on the original host, the key is guaranteed to be stored on the current host of the trusted cloud host, the leakage of the account and the password of the key is prevented, and the safety of the application is improved.
In the foregoing embodiments, detailed descriptions are given to a host migration method, and the present application also provides embodiments corresponding to a host migration apparatus. It should be noted that the present application describes the embodiments of the apparatus portion from two perspectives, one from the perspective of the function module and the other from the perspective of the hardware.
Fig. 3 is a structural diagram of a host migration apparatus according to an embodiment of the present application, where the apparatus includes:
the screening module 10 is configured to screen out trusted hosts included in the cluster, where the trusted hosts add trusted identifiers, the trusted identifiers are used to represent that the trusted hosts include TPM and/or VTPM, and the filtering condition of the filter is that the hosts include the trusted identifiers;
and the migration module 11 is configured to migrate, after receiving the migration instruction, the trusted cloud host to a trusted host to which the trusted identifier is added, where the trusted cloud host is a cloud host created on the original host.
Preferably, the host migration apparatus further includes:
a generation module to generate an account and a password to create a key;
the encryption module is used for encrypting the trusted cloud host through a secret key;
and the storage module is used for storing the account and the password to the database.
Preferably, the host migration apparatus further includes:
and the creating module is used for creating a secret key on the trusted host according to the account and the password of the database, and the secret key is used for starting the trusted cloud host.
Preferably, the host migration apparatus further includes:
the judging module is used for judging whether the migration cloud host is a credible cloud host or not according to the host system metadata, and the host system metadata is metadata generated when the credible cloud host is generated;
preferably, the host migration apparatus further includes:
and the deleting module is used for deleting the key on the original host.
Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.
The host migration device provided by the embodiment comprises a screening module, wherein the migration module is used for realizing the steps of a host migration method and is applied to an OpenStack cloud platform, a preset filter screens out trusted hosts included in a cluster in a mode of determining a trusted identifier, the trusted identifier is used for indicating that the hosts include the trusted platform module and/or a virtual trusted platform module, and after a migration instruction is received, the trusted cloud hosts are migrated to one trusted host added with the trusted identifier.
Fig. 4 is a structural diagram of a host migration apparatus according to another embodiment of the present application, and as shown in fig. 4, the host migration apparatus includes: a memory 20 for storing a computer program;
a processor 21, configured to implement the steps of the host migration method as mentioned in the above embodiments when executing the computer program.
The host migration apparatus provided in this embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, or a desktop computer.
The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 21 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 21 may further include an AI (Artificial Intelligence) processor for processing a calculation operation related to machine learning.
The memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing the following computer program 201, wherein after being loaded and executed by the processor 21, the computer program can implement the relevant steps of the host migration method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may also include an operating system 202, data 203, and the like, and the storage manner may be a transient storage manner or a permanent storage manner. Operating system 202 may include, among others, Windows, Unix, Linux, and the like. Data 203 may include, but is not limited to, data related to host migration methods, and the like.
In some embodiments, the host migration apparatus may further include a display 22, an input/output interface 23, a communication interface 24, a power supply 25, and a communication bus 26.
Those skilled in the art will appreciate that the configuration shown in FIG. 4 does not constitute a limitation of the host migration apparatus and may include more or fewer components than those shown.
The host migration device provided by the embodiment of the application comprises a memory and a processor, wherein when the processor executes a program stored in the memory, the following method can be realized: the embodiments described above refer to a method of host migration.
The host migration apparatus provided in this embodiment includes a memory and a processor, where the memory is used to store a computer program, and the processor is used to implement the steps of the host migration method when executing the computer program, and is applied to an OpenStack cloud platform, a preset filter screens out trusted hosts included in a cluster by determining a trusted identifier, the trusted identifier is used to indicate that the host contains a trusted platform module and/or a virtual trusted platform module, migrating a trusted cloud host to one of the trusted hosts to which the trusted identifier is added upon receiving the migration instruction, such that, the trusted identifier ensures that the host computer contains the TPM and/or the VTPM during migration, the credibility of the online migration of the host computer in the trusted cloud host is ensured, the credibility of the cloud host is not changed, and the leakage and the loss of data are prevented.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps as set forth in the above-mentioned method embodiments.
It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Therefore, the computer-readable storage medium provided by this embodiment stores a computer program, the computer program is applied to an OpenStack cloud platform by a processor, a preset filter screens out trusted hosts included in a cluster by determining a trusted identifier, the trusted identifier is used to indicate that the hosts include a trusted platform module and/or a virtual trusted platform module, and after receiving the migration instruction, the trusted cloud host is migrated to one of the trusted hosts added with the trusted identifier, so that the hosts during migration include a TPM and/or a VTPM by the trusted identifier, the online migration credibility of the hosts during migration of the trusted cloud host is ensured, the credibility of the cloud host is not changed, and leakage and loss of data are prevented.
The host migration method provided by the present application is described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1.一种主机迁移方法,其特征在于,应用于OpenStack云平台,包括:1. a host migration method, is characterized in that, is applied to OpenStack cloud platform, comprises: 通过预先设置的过滤器筛选出集群中的包含的可信宿主机,其中,所述可信宿主机添加可信标识符,所述可信标识符用于表征所述可信宿主机包含有TPM和/或VTPM,所述过滤器的过滤条件为宿主机包含有所述可信标识符;The trusted hosts included in the cluster are filtered out by a preset filter, wherein the trusted hosts are added with a trusted identifier, and the trusted identifiers are used to indicate that the trusted hosts contain TPM and/or VTPM, the filter condition of the filter is that the host contains the trusted identifier; 在接收到迁移指令后,将可信云主机迁移至添加有所述可信标识符的一台所述可信宿主机,其中,所述可信云主机为在原宿主机上创建的云主机。After receiving the migration instruction, migrate the trusted cloud host to one of the trusted hosts added with the trusted identifier, where the trusted cloud host is a cloud host created on the original host. 2.根据权利要求1所述的主机迁移方法,其特征在于,创建所述可信云主机包括如下步骤:2. The host migration method according to claim 1, wherein creating the trusted cloud host comprises the following steps: 基于虚拟化技术对所述原宿主机上的所述TPM模拟,并将模拟后的所述TPM集成到所述OpenStack云平台作为所述VTPM;The TPM on the original host is simulated based on the virtualization technology, and the simulated TPM is integrated into the OpenStack cloud platform as the VTPM; 根据所述VTPM创建所述可信云主机。The trusted cloud host is created according to the VTPM. 3.根据权利要求2所述的主机迁移方法,其特征在于,还包括:3. The host migration method according to claim 2, further comprising: 生成账户和密码以创建密钥;Generate account and password to create keys; 通过所述密钥对所述可信云主机进行加密;encrypting the trusted cloud host with the key; 将所述账户和密码保存至数据库。Save the account and password to the database. 4.根据权利要求3所述的主机迁移方法,其特征在于,在所述将可信云主机迁移至添加有所述可信标识符的一台所述可信宿主机之后,还包括:4. The host migration method according to claim 3, characterized in that, after migrating the trusted cloud host to one of the trusted hosts added with the trusted identifier, further comprising: 根据所述数据库的所述账户和所述密码在所述可信宿主机上创建所述密钥,所述密钥用于启动所述可信云主机。The key is created on the trusted host according to the account and the password of the database, and the key is used to start the trusted cloud host. 5.根据权利要求4所述的主机迁移方法,其特征在于,所述账户和所述密码为所述OpenStack云平台的密钥管理组件Barbican所生成,所述数据库为所述Barbican的数据库。5 . The host migration method according to claim 4 , wherein the account and the password are generated by the key management component Barbican of the OpenStack cloud platform, and the database is a database of the Barbican. 6 . 6.根据权利要求1-5任意一项所述的主机迁移方法,其特征在于,在所述将可信云主机迁移至添加有所述可信标识符的一台所述可信宿主机之前,还包括:6. The host migration method according to any one of claims 1-5, characterized in that, before migrating a trusted cloud host to one of the trusted hosts added with the trusted identifier, Also includes: 根据主机系统元数据判断迁移云主机是否为所述可信云主机,所述主机系统元数据为生成所述可信云主机时生成的元数据;Determine whether the migrating cloud host is the trusted cloud host according to the host system metadata, and the host system metadata is the metadata generated when the trusted cloud host is generated; 若是,则进入所述将可信云主机迁移至添加有所述可信标识符的一台所述可信宿主机步骤。If so, enter the step of migrating the trusted cloud host to one of the trusted hosts added with the trusted identifier. 7.根据权利要求3-5任意一项所述的主机迁移方法,其特征在于,在所述将可信云主机迁移至添加有所述可信标识符的一台所述可信宿主机之后,还包括;7. The host migration method according to any one of claims 3-5, wherein after the trusted cloud host is migrated to one of the trusted hosts added with the trusted identifier, Also includes; 删除所述原宿主机上的所述密钥。Delete the key on the original host. 8.一种主机迁移装置,其特征在于,包括:8. A host migration device, comprising: 筛选模块,用于筛选出集群中的包含的可信宿主机,其中,所述可信宿主机添加可信标识符,所述可信标识符用于表征所述可信宿主机包含有TPM和/或VTPM,所述过滤器的过滤条件为宿主机包含有所述可信标识符;A screening module, configured to screen out the trusted hosts included in the cluster, wherein the trusted hosts are added with a trusted identifier, and the trusted identifiers are used to indicate that the trusted hosts contain TPM and/or VTPM , the filter condition of the filter is that the host contains the trusted identifier; 迁移模块,用于在接收到迁移指令后,将可信云主机迁移至添加有所述可信标识符的一台所述可信宿主机,其中,所述可信云主机为在原宿主机上创建的云主机。The migration module is used to migrate the trusted cloud host to one of the trusted hosts added with the trusted identifier after receiving the migration instruction, wherein the trusted cloud host is created on the original host cloud hosting. 9.一种主机迁移装置,其特征在于,包括存储器,用于存储计算机程序;9. A host migration device, comprising a memory for storing a computer program; 处理器,用于执行所述计算机程序时实现如权利要求1至7任一项所述的主机迁移方法的步骤。The processor is configured to implement the steps of the host migration method according to any one of claims 1 to 7 when executing the computer program. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至7任一项所述的主机迁移方法的步骤。10. A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the host computer according to any one of claims 1 to 7 is implemented The steps of the migration method.
CN202111274532.0A 2021-10-29 2021-10-29 Host migration device and method and readable storage medium Pending CN114153591A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111274532.0A CN114153591A (en) 2021-10-29 2021-10-29 Host migration device and method and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111274532.0A CN114153591A (en) 2021-10-29 2021-10-29 Host migration device and method and readable storage medium

Publications (1)

Publication Number Publication Date
CN114153591A true CN114153591A (en) 2022-03-08

Family

ID=80458892

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111274532.0A Pending CN114153591A (en) 2021-10-29 2021-10-29 Host migration device and method and readable storage medium

Country Status (1)

Country Link
CN (1) CN114153591A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108255579A (en) * 2018-01-11 2018-07-06 浪潮(北京)电子信息产业有限公司 A kind of virtual machine management method and device based on KVM platforms
CN108733453A (en) * 2018-05-11 2018-11-02 国网信息通信产业集团有限公司 The operating method and system of credible cloud platform virtual credible root example
CN111683052A (en) * 2020-05-13 2020-09-18 国网山东省电力公司 Method and system for protecting private information of trusted virtual machine vTPM based on tenant identity information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108255579A (en) * 2018-01-11 2018-07-06 浪潮(北京)电子信息产业有限公司 A kind of virtual machine management method and device based on KVM platforms
CN108733453A (en) * 2018-05-11 2018-11-02 国网信息通信产业集团有限公司 The operating method and system of credible cloud platform virtual credible root example
CN111683052A (en) * 2020-05-13 2020-09-18 国网山东省电力公司 Method and system for protecting private information of trusted virtual machine vTPM based on tenant identity information

Similar Documents

Publication Publication Date Title
US10033730B2 (en) Cached credentials for offline domain join and login without local access to the domain controller
CN113544675B (en) Secure Execution Client Owner Environment Control Character
US8954760B2 (en) Authentication of solution topology
US9231923B1 (en) Secure data destruction in a distributed environment using key protection mechanisms
US10079850B1 (en) Systems and methods for provisioning cyber security simulation exercises
US11194913B2 (en) Unsecure to secure transition of mutable core root of trust
US20140156705A1 (en) Hybrid file systems
US10846463B2 (en) Document object model (DOM) element location platform
TW202038114A (en) Binding secure keys of secure guests to a hardware security module
CN113544674B (en) Secure Execution Client Owner Control for Secure Interface Controls
TWI737172B (en) Computer system, computer program product and computer implement method for incremental decryption and integrity verification of a secure operating system image
US11093272B2 (en) Virtual machine allocation and migration between hardware devices by destroying and generating enclaves using transmitted datafiles and cryptographic keys
CN107704308B (en) Virtual platform vTPM management system, trust chain construction method and device, storage medium
US20150040125A1 (en) Allowing management of a virtual machine by multiple cloud providers
CN108229162B (en) Method for realizing integrity check of cloud platform virtual machine
CN109995814A (en) Moving method and device, communication equipment, the storage medium of cloud host resource
WO2015176359A1 (en) Android system-based multiuser management method, device, and computer storage medium
JP2023551124A (en) self-audit blockchain
CN114205367A (en) Data synchronization method, device and medium for upper-level platform and lower-level platform
TW202307711A (en) Secure guest image and metadata update
TWI868448B (en) Computer program product, computer system, and computer-implemented method for facilitating processing within a computing environment
CN108139868A (en) For the system and method for image segment frequently used from cache supply
CN113946854B (en) File access control method and device and computer readable storage medium
CN103713952B (en) Virtual disk distributed-memory method based on UFS (Universal Flash Storage)
WO2022001135A1 (en) Service orchestration method, apparatus and device for physical machine, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination