CN114153591A - Host migration device and method and readable storage medium - Google Patents

Host migration device and method and readable storage medium Download PDF

Info

Publication number
CN114153591A
CN114153591A CN202111274532.0A CN202111274532A CN114153591A CN 114153591 A CN114153591 A CN 114153591A CN 202111274532 A CN202111274532 A CN 202111274532A CN 114153591 A CN114153591 A CN 114153591A
Authority
CN
China
Prior art keywords
trusted
host
cloud
migration
hosts
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111274532.0A
Other languages
Chinese (zh)
Inventor
邱军婷
苏广峰
马豹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN202111274532.0A priority Critical patent/CN114153591A/en
Publication of CN114153591A publication Critical patent/CN114153591A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5083Techniques for rebalancing the load in a distributed system
    • G06F9/5088Techniques for rebalancing the load in a distributed system involving task migration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a host migration device, a host migration method and a readable storage medium, and relates to the field of network information. The host migration method is applied to an OpenStack cloud platform, a preset filter screens out the trusted hosts contained in a cluster in a mode of determining the trusted identifiers, the trusted identifiers are used for indicating that the hosts contain the trusted platform module and/or the virtual trusted platform module, and after the migration instruction is received, the trusted cloud hosts are migrated to one trusted host added with the trusted identifiers, so that the hosts during migration contain the TPM and/or the VTPM through the trusted identifiers, the online migration credibility of the hosts during the online migration of the trusted cloud hosts is guaranteed, the credibility of the cloud hosts is not changed, and the leakage and loss of data are prevented. The host migration device and the readable storage medium provided by the application correspond to the host migration method, and have the same beneficial effects.

Description

Host migration device and method and readable storage medium
Technical Field
The present application relates to the field of network information, and in particular, to a host migration apparatus, method and readable storage medium.
Background
In recent years, with the progress of computer technology, cloud computing technology is becoming more mature, and the cloud computing technology is provided to users through a network by gathering all computing resources. This makes the application provider need not be worried for tedious details, can concentrate on own business more, is favorable to innovation and reduce cost. With the rise of cloud computing technology, more and more cloud platforms are applied as the cloud computing technology comes along, and a common cloud platform in the market is an OpenStack cloud platform at present.
When the existing OpenStack cloud platform technology executes host migration, a host is directly selected from a cluster as a target host for migration, so that the problem of migration failure frequently occurs in the migration process, and the reliability of migration is low.
In view of the above-mentioned technologies, a reliable host migration method is an urgent problem to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide host migration so as to solve the problem that the current host migration is low in reliability.
In order to solve the above technical problem, the present application provides a host migration method, which is applied to an OpenStack cloud platform, and includes:
screening out the trusted hosts included in the cluster through a preset filter, wherein the trusted hosts add a trusted identifier, the trusted identifier is used for representing that the trusted hosts include TPM and/or VTPM, and the filter condition of the filter is that the hosts include the trusted identifier;
after receiving a migration instruction, migrating a trusted cloud host to one trusted host added with the trusted identifier, wherein the trusted cloud host is a cloud host created on an original host.
Preferably, creating the trusted cloud host comprises the following steps:
simulating the TPM on the original host machine based on virtualization technology, and integrating the simulated TPM to the OpenStack cloud platform to serve as the VTPM;
and creating the trusted cloud host according to the VTPM.
Preferably, the method further comprises:
generating an account and a password to create a key;
encrypting the trusted cloud host through the key;
and saving the account and the password to a database.
Preferably, after the migrating the trusted cloud host to the one trusted host added with the trusted identifier, the method further includes:
and creating the secret key on the trusted host according to the account and the password of the database, wherein the secret key is used for starting the trusted cloud host.
Preferably, the account and the password are generated by a key management component Barbican of the OpenStack cloud platform, and the database is a database of the Barbican.
Preferably, before the migrating the trusted cloud host to the one trusted host added with the trusted identifier, the method further includes:
judging whether the migration cloud host is the trusted cloud host or not according to host system metadata, wherein the host system metadata is metadata generated when the trusted cloud host is generated;
if yes, the step of migrating the trusted cloud host to the trusted host added with the trusted identifier is carried out.
Preferably, after the migrating the trusted cloud host to the one trusted host added with the trusted identifier, the migrating further includes;
deleting the key on the original host.
In order to solve the above problem, the present application further provides a host migration apparatus, including:
the filtering module is used for filtering out the trusted hosts included in the cluster, wherein the trusted hosts add trusted identifiers, the trusted identifiers are used for representing that the trusted hosts include TPM and/or VTPM, and the filtering condition of the filter is that the hosts include the trusted identifiers;
and the migration module is used for migrating the trusted cloud host to the trusted host added with the trusted identifier after receiving the migration instruction, wherein the trusted cloud host is a cloud host created on the original host.
Preferably, the host migration apparatus further includes:
a generation module to generate an account and a password to create a key;
the encryption module is used for encrypting the trusted cloud host through the secret key;
and the storage module is used for storing the account and the password to a database.
Preferably, the host migration apparatus further includes:
and the creating module is used for creating the secret key on the trusted host according to the account and the password of the database, wherein the secret key is used for starting the trusted cloud host.
Preferably, the host migration apparatus further includes:
the judging module is used for judging whether the migration cloud host is the credible cloud host or not according to host system metadata, wherein the host system metadata is metadata generated when the credible cloud host is generated;
preferably, the host migration apparatus further includes: and the deleting module is used for deleting the key on the original host.
In order to solve the above problem, the present application further provides a host migration apparatus, which includes a memory for storing a computer program;
and the processor is used for realizing the steps of the host migration method when executing the computer program.
To solve the above problem, the present application further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the host migration method described above.
The host migration method is applied to an OpenStack cloud platform, a preset filter screens out the trusted hosts contained in a cluster in a mode of determining the trusted identifiers, the trusted identifiers are used for indicating that the hosts contain the trusted platform module and/or the virtual trusted platform module, and after the migration instruction is received, the trusted cloud hosts are migrated to one trusted host added with the trusted identifiers, so that the hosts during migration contain the TPM and/or the VTPM through the trusted identifiers, the online migration credibility of the hosts during the online migration of the trusted cloud hosts is guaranteed, the credibility of the cloud hosts is not changed, and the leakage and loss of data are prevented.
The host migration device and the readable storage medium provided by the application correspond to the host migration method, and have the same beneficial effects.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a host migration method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a filter workflow provided by an embodiment of the present application;
fig. 3 is a structural diagram of a host migration apparatus according to an embodiment of the present application;
fig. 4 is a structural diagram of a host migration apparatus according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The core of the application is to provide a host migration method to solve the problem of reliability during host migration, and cloud computing refers to a delivery and use mode of an IT infrastructure and refers to acquiring required resources (hardware, a platform and software) in an on-demand and easily-extensible mode through a network. The network that provides the resources is referred to as the "cloud". Resources in the "cloud" appear to the user as being infinitely expandable and available at any time, available on demand, expandable at any time, and paid for on-demand. A "cloud" is a pool of computing resources, typically a large cluster of servers, including compute servers, storage servers, bandwidth resources, and so forth. Cloud computing centralizes all computing resources and provides the centralized computing resources to users through a network. This makes the application provider not need to be worried for the tedious details, can concentrate on oneself business more, is favorable to innovate and reduce cost, this is a new direction that can replace the existing server. It should be noted that the host migration is to transfer a cloud host in a server or a cloud platform from one device to another device, and the application is applied to an OpenStack cloud platform, so the host migration is directed to the cloud host in the cloud platform.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
Fig. 1 is a flowchart of a host migration method provided in an embodiment of the present application, applied to an OpenStack cloud platform, and includes:
s10: and screening out the trusted hosts contained in the cluster through a preset filter.
The Trusted host adds a Trusted identifier, the Trusted identifier is used for representing that the Trusted host comprises a Trusted Platform Module (TPM) and/or a Virtual Trusted Platform Module (VTPM), and the filter condition of the filter is that the host comprises the Trusted identifier;
it should be noted that the OpenStack cloud platform is an open-source cloud computing management platform project, and several main components are combined to complete specific work. The TPM is a trusted platform module and is an international standard of a secure cryptographic processor. The TPM is an encryption key that is subjected to security verification to provide stronger security for the device, and is also a core of many security applications, where the TPM is an entity device, such as a chip including a trusted module, and the like, and the VTPM is a virtualized TPM, and is a virtual device, such as a virtual machine in a computer, and is not described in detail hereinafter.
In practical application, a filter searches for a corresponding trusted host by searching for a trusted identifier on the host, fig. 2 is a schematic diagram of a filter workflow provided in an embodiment of the present application, where when a physical TPM chip or a simulated TPM device exists on a host, an attribute TPM _ enable is added to a host database of the host, and accordingly, a TPM _ enable ═ tube is added to a host configuration file of the host, an OpenStack cloud platform host upload mechanism is used to report TPM _ enable information in the host to a database, and update a data record TPM _ enable ═ tube, before host migration, the filter determines whether data of each host is TPM _ enable ═ tube, if not, the host is discarded, and if yes, the host is added to a trusted host list. Fig. 2 is only an exemplary filter design, and the filter and the trusted identifier are not limited in this embodiment.
The cluster mentioned in this embodiment is a computer cluster, that is, all computers under the authentication of the OpenStack cloud platform.
S11: and migrating the trusted cloud host to a trusted host added with the trusted identifier.
The step S11 is performed after the OpenStack cloud platform receives the migration instruction, and the trusted cloud host is a cloud host created on the original host. The trusted cloud host is a cloud host containing VTPM, the original host is a host used in the creation of the cloud host, the trusted cloud host is generated by an OpenStack cloud platform, and the specific process of the creation of the trusted cloud host is not limited.
It should be noted that, when there are multiple trusted hosts, the target trusted host for migration of the trusted cloud host may be determined by an administrator, randomly determined by a database, or determined by the OpenStack cloud platform as the trusted host that is screened first, where, for the existence of multiple trusted hosts, the migration manner of the trusted cloud host and the target trusted host are not limited herein.
The host migration method provided by the embodiment is applied to an OpenStack cloud platform, a preset filter screens out the trusted hosts included in a cluster by determining a trusted identifier, the trusted identifier is used for indicating that the hosts include a trusted platform module and/or a virtual trusted platform module, and after receiving the migration instruction, the trusted cloud hosts are migrated to one trusted host added with the trusted identifier, so that the hosts during migration contain a TPM and/or a VTPM through the trusted identifier, the online migration credibility of the hosts during the online migration of the trusted cloud hosts is guaranteed, the credibility of the cloud hosts is not changed, and the leakage and loss of data are prevented.
In the foregoing embodiment, a specific process of creating a trusted cloud host is not limited, and a preferred scheme is proposed in this embodiment, that is, creating a trusted cloud host includes the following steps:
simulating a TPM on an original host machine based on a virtualization technology, and integrating the simulated TPM into an OpenStack cloud platform to serve as a VTPM;
and creating a trusted cloud host according to the VTPM.
It should be noted that, the virtualization technologies used in this embodiment include, but are not limited to, virtualization technologies such as libvirt virtual machine manager, qemu universal simulator, and the like, when creating a trusted cloud host, a trusted host including a TPM is used, and the TPM integration on the host is used as a VTPM to ensure the credibility of the generated cloud host, so that the creation of the trusted cloud host is facilitated, and the VTPM is generated by TPM integration, so that the VTPM is more credible.
In practical applications, in consideration of the security required by the cloud host as a server, a preferred scheme is provided, and the method further includes:
generating an account and a password to create a key;
encrypting the trusted cloud host through a secret key;
the account and password are saved to a database.
It should be noted that, in this embodiment, a generation manner and specific contents of the account and the password are not limited, and may be created by an administrator using a virtual machine, or generated by using an OpenStack cloud platform, the contents of the account and the password may be characters, numbers, or a combination thereof, and the like, and a time for creating the key is not limited here, and may be created when the trusted cloud host is generated, or created when the trusted cloud host is migrated. The present embodiment is also not limited to the type of the database, and the database may be created by the user, or a database of the OpenStack cloud platform may be used.
According to the preferred scheme provided by the embodiment, the trusted cloud host is encrypted, and the account and the password are stored in the database, so that the security of the cloud host can be optimized, and information leakage is prevented.
In the foregoing embodiment, since the cloud host is encrypted, and it is considered that the trusted host needs to start the trusted cloud host after the migration, an optimal scheme is proposed herein, and after the trusted cloud host is migrated to a trusted host to which a trusted identifier is added, the method further includes:
and creating a secret key on the trusted host according to the account and the password of the database, wherein the secret key is used for starting the trusted cloud host.
It should be noted that, in this embodiment, after the database is called, a secret key is created on the trusted host, so that when the host migrates, the trusted host can directly open the trusted cloud host through the secret key, thereby preventing data loss.
In the above embodiment, the generation manner of the account and the password and the type of the database are not limited, and a preferred scheme is proposed in this embodiment, the account and the password are generated by a key management component Barbican of an OpenStack cloud platform, and the database is a database of Barbican.
In this embodiment, when creating a trusted cloud host, an account and a password of a key are generated from a key management component Barbican of the OpenStack cloud platform, and the key information is stored in a Barbican database. And creating a key of a libvirt private type according to the key account and the password to encrypt the VTPM device of the trusted cloud host.
The encryption mode provided by the embodiment does not need a user to set an account and a password, does not need to newly build a database, and can be completed by the OpenStack cloud platform to generate and store the key, so that the workload of the user is reduced.
In practical applications, considering that the OpenStack cloud platform may have more than one cloud host, after receiving the request instruction, the trustworthiness of the cloud host needs to be determined first, so that the preferred scheme provided in this embodiment further includes, before migrating the trusted cloud host to a trusted host to which a trusted identifier is added:
judging whether the migration cloud host is a trusted cloud host or not according to the host system metadata, wherein the host system metadata is metadata generated when the trusted cloud host is generated;
if yes, the step of migrating the trusted cloud host to a trusted host added with the trusted identifier is carried out.
It should be noted that, when creating the trusted cloud host, the version number (TPM _ version) and TPM type (TPM _ model) of the attribute VTPM of the cloud host are set, and the trusted cloud host system metadata VTPM _ secret _ uuid is generated, where the metadata corresponds to the VTPM of the cloud host, and therefore, it is only necessary to detect whether the metadata is included, and it is possible to determine whether the cloud host is trusted.
According to the preferred scheme provided by the embodiment, the credibility of the cloud host is verified through the identification metadata, when the untrusted cloud host is migrated, the subsequent screening step mentioned in the embodiment of the application is not needed, the processing mode is optimized, so that the OpenStack cloud platform can adopt different schemes for different cloud hosts when the hosts are migrated, and the host migration efficiency is improved.
In consideration of the security problem after the trusted cloud host is encrypted, the embodiment provides a preferable scheme, and after the trusted cloud host is migrated to a trusted host added with a trusted identifier, the method further includes the following steps;
the key on the original host is deleted.
By deleting the key on the original host, the key is guaranteed to be stored on the current host of the trusted cloud host, the leakage of the account and the password of the key is prevented, and the safety of the application is improved.
In the foregoing embodiments, detailed descriptions are given to a host migration method, and the present application also provides embodiments corresponding to a host migration apparatus. It should be noted that the present application describes the embodiments of the apparatus portion from two perspectives, one from the perspective of the function module and the other from the perspective of the hardware.
Fig. 3 is a structural diagram of a host migration apparatus according to an embodiment of the present application, where the apparatus includes:
the screening module 10 is configured to screen out trusted hosts included in the cluster, where the trusted hosts add trusted identifiers, the trusted identifiers are used to represent that the trusted hosts include TPM and/or VTPM, and the filtering condition of the filter is that the hosts include the trusted identifiers;
and the migration module 11 is configured to migrate, after receiving the migration instruction, the trusted cloud host to a trusted host to which the trusted identifier is added, where the trusted cloud host is a cloud host created on the original host.
Preferably, the host migration apparatus further includes:
a generation module to generate an account and a password to create a key;
the encryption module is used for encrypting the trusted cloud host through a secret key;
and the storage module is used for storing the account and the password to the database.
Preferably, the host migration apparatus further includes:
and the creating module is used for creating a secret key on the trusted host according to the account and the password of the database, and the secret key is used for starting the trusted cloud host.
Preferably, the host migration apparatus further includes:
the judging module is used for judging whether the migration cloud host is a credible cloud host or not according to the host system metadata, and the host system metadata is metadata generated when the credible cloud host is generated;
preferably, the host migration apparatus further includes:
and the deleting module is used for deleting the key on the original host.
Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.
The host migration device provided by the embodiment comprises a screening module, wherein the migration module is used for realizing the steps of a host migration method and is applied to an OpenStack cloud platform, a preset filter screens out trusted hosts included in a cluster in a mode of determining a trusted identifier, the trusted identifier is used for indicating that the hosts include the trusted platform module and/or a virtual trusted platform module, and after a migration instruction is received, the trusted cloud hosts are migrated to one trusted host added with the trusted identifier.
Fig. 4 is a structural diagram of a host migration apparatus according to another embodiment of the present application, and as shown in fig. 4, the host migration apparatus includes: a memory 20 for storing a computer program;
a processor 21, configured to implement the steps of the host migration method as mentioned in the above embodiments when executing the computer program.
The host migration apparatus provided in this embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, or a desktop computer.
The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 21 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 21 may further include an AI (Artificial Intelligence) processor for processing a calculation operation related to machine learning.
The memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing the following computer program 201, wherein after being loaded and executed by the processor 21, the computer program can implement the relevant steps of the host migration method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may also include an operating system 202, data 203, and the like, and the storage manner may be a transient storage manner or a permanent storage manner. Operating system 202 may include, among others, Windows, Unix, Linux, and the like. Data 203 may include, but is not limited to, data related to host migration methods, and the like.
In some embodiments, the host migration apparatus may further include a display 22, an input/output interface 23, a communication interface 24, a power supply 25, and a communication bus 26.
Those skilled in the art will appreciate that the configuration shown in FIG. 4 does not constitute a limitation of the host migration apparatus and may include more or fewer components than those shown.
The host migration device provided by the embodiment of the application comprises a memory and a processor, wherein when the processor executes a program stored in the memory, the following method can be realized: the embodiments described above refer to a method of host migration.
The host migration apparatus provided in this embodiment includes a memory and a processor, where the memory is used to store a computer program, and the processor is used to implement the steps of the host migration method when executing the computer program, and is applied to an OpenStack cloud platform, a preset filter screens out trusted hosts included in a cluster by determining a trusted identifier, the trusted identifier is used to indicate that the host contains a trusted platform module and/or a virtual trusted platform module, migrating a trusted cloud host to one of the trusted hosts to which the trusted identifier is added upon receiving the migration instruction, such that, the trusted identifier ensures that the host computer contains the TPM and/or the VTPM during migration, the credibility of the online migration of the host computer in the trusted cloud host is ensured, the credibility of the cloud host is not changed, and the leakage and the loss of data are prevented.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps as set forth in the above-mentioned method embodiments.
It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Therefore, the computer-readable storage medium provided by this embodiment stores a computer program, the computer program is applied to an OpenStack cloud platform by a processor, a preset filter screens out trusted hosts included in a cluster by determining a trusted identifier, the trusted identifier is used to indicate that the hosts include a trusted platform module and/or a virtual trusted platform module, and after receiving the migration instruction, the trusted cloud host is migrated to one of the trusted hosts added with the trusted identifier, so that the hosts during migration include a TPM and/or a VTPM by the trusted identifier, the online migration credibility of the hosts during migration of the trusted cloud host is ensured, the credibility of the cloud host is not changed, and leakage and loss of data are prevented.
The host migration method provided by the present application is described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A host migration method is applied to an OpenStack cloud platform and comprises the following steps:
screening out the trusted hosts included in the cluster through a preset filter, wherein the trusted hosts add a trusted identifier, the trusted identifier is used for representing that the trusted hosts include TPM and/or VTPM, and the filter condition of the filter is that the hosts include the trusted identifier;
after receiving a migration instruction, migrating a trusted cloud host to one trusted host added with the trusted identifier, wherein the trusted cloud host is a cloud host created on an original host.
2. The host migration method according to claim 1, wherein creating the trusted cloud host comprises the steps of:
simulating the TPM on the original host machine based on virtualization technology, and integrating the simulated TPM to the OpenStack cloud platform to serve as the VTPM;
and creating the trusted cloud host according to the VTPM.
3. The host migration method according to claim 2, further comprising:
generating an account and a password to create a key;
encrypting the trusted cloud host through the key;
and saving the account and the password to a database.
4. The host migration method according to claim 3, wherein after the migrating the trusted cloud host to the one trusted host added with the trusted identifier, further comprising:
and creating the secret key on the trusted host according to the account and the password of the database, wherein the secret key is used for starting the trusted cloud host.
5. The host migration method according to claim 4, wherein the account and the password are generated by a key management component, Barbican, of the OpenStack cloud platform, and the database is a database of the Barbican.
6. The host migration method according to any one of claims 1 to 5, wherein before the migrating the trusted cloud host to the one trusted host added with the trusted identifier, further comprising:
judging whether the migration cloud host is the trusted cloud host or not according to host system metadata, wherein the host system metadata is metadata generated when the trusted cloud host is generated;
if yes, the step of migrating the trusted cloud host to the trusted host added with the trusted identifier is carried out.
7. The host migration method according to any one of claims 3-5, further comprising, after the migrating the trusted cloud host to the one of the trusted hosts to which the trusted identifier is added;
deleting the key on the original host.
8. A host migration apparatus, comprising:
the filtering module is used for filtering out the trusted hosts included in the cluster, wherein the trusted hosts add trusted identifiers, the trusted identifiers are used for representing that the trusted hosts include TPM and/or VTPM, and the filtering condition of the filter is that the hosts include the trusted identifiers;
and the migration module is used for migrating the trusted cloud host to the trusted host added with the trusted identifier after receiving the migration instruction, wherein the trusted cloud host is a cloud host created on the original host.
9. A host migration apparatus comprising a memory for storing a computer program;
a processor for implementing the steps of the host migration method according to any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the host migration method according to any one of claims 1 to 7.
CN202111274532.0A 2021-10-29 2021-10-29 Host migration device and method and readable storage medium Pending CN114153591A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111274532.0A CN114153591A (en) 2021-10-29 2021-10-29 Host migration device and method and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111274532.0A CN114153591A (en) 2021-10-29 2021-10-29 Host migration device and method and readable storage medium

Publications (1)

Publication Number Publication Date
CN114153591A true CN114153591A (en) 2022-03-08

Family

ID=80458892

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111274532.0A Pending CN114153591A (en) 2021-10-29 2021-10-29 Host migration device and method and readable storage medium

Country Status (1)

Country Link
CN (1) CN114153591A (en)

Similar Documents

Publication Publication Date Title
CN107408064B (en) Method for executing commands in virtual machine instances and system for implementing the method
US10079850B1 (en) Systems and methods for provisioning cyber security simulation exercises
US9471802B2 (en) Hybrid file systems
US8954760B2 (en) Authentication of solution topology
CN109165079B (en) Cloud data center trusted platform based on virtualization and method for building trust chain
US11194913B2 (en) Unsecure to secure transition of mutable core root of trust
TW202038114A (en) Binding secure keys of secure guests to a hardware security module
US20150128131A1 (en) Managing virtual machine patterns
TWI737172B (en) Computer system, computer program product and computer implement method for incremental decryption and integrity verification of a secure operating system image
CN113544675A (en) Secure execution of client owner environment control symbols
US9710292B2 (en) Allowing management of a virtual machine by multiple cloud providers
CN107704308B (en) Virtual platform vTPM management system, trust chain construction method and device, and storage medium
US11093272B2 (en) Virtual machine allocation and migration between hardware devices by destroying and generating enclaves using transmitted datafiles and cryptographic keys
EP3935536B1 (en) Secure execution guest owner controls for secure interface control
CN113626133B (en) Virtual machine control method, device, equipment and computer readable storage medium
CN108229162B (en) Method for realizing integrity check of cloud platform virtual machine
WO2015176359A1 (en) Android system-based multiuser management method, device, and computer storage medium
TW202307711A (en) Secure guest image and metadata update
TWI840804B (en) Computer program product, computer system and computer-implemented method related to deferred reclaiming of secure guest resources
CN114153591A (en) Host migration device and method and readable storage medium
US20230044731A1 (en) Attestation of a secure guest
US11847240B2 (en) System and method for matching, grouping and recommending computer security rules
CN114205367A (en) Data synchronization method, device and medium for upper-level platform and lower-level platform
CN116566629A (en) Security testing method and device, computer equipment and storage medium
CN115202817A (en) Migration method, device and medium for trusted virtual machine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination