CN114244548A - Cloud IDE-oriented dynamic scheduling and user authentication method - Google Patents
Cloud IDE-oriented dynamic scheduling and user authentication method Download PDFInfo
- Publication number
- CN114244548A CN114244548A CN202110387706.8A CN202110387706A CN114244548A CN 114244548 A CN114244548 A CN 114244548A CN 202110387706 A CN202110387706 A CN 202110387706A CN 114244548 A CN114244548 A CN 114244548A
- Authority
- CN
- China
- Prior art keywords
- development
- service
- user
- authentication
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a dynamic scheduling and user authentication method facing to cloud IDE, which comprises the following steps: s1, the user inputs the unified login address and the appointed service port in the browser, and inputs the user name and the password; s2, the Nginx service takes the user name and the password received from S1 as authentication information and authenticates the authentication information; s3, the development service on the development server receives the request information, detects whether the development environment tool service is started successfully or not, if not, reports an error, and if so, carries the user information to send a request to the Nginx service; s4, calculating the development environment tool service to be transferred to a fixed development server according to the transfer strategy; and S5, realizing user authentication by using the user information, and entering a development interface if the authentication is passed. The invention solves the problems of dynamic scheduling, user authentication service and resource load balancing of development tools.
Description
Technical Field
The invention relates to a dynamic scheduling and user authentication method facing to a cloud IDE, and belongs to the technical field of cloud IDE.
Background
Currently, there are several mainstream products in cloud IDE on the market, such as Visual Studio Online, thia, etc., which are all based on the mode of browser usage. Among them, Theia is an extensible platform for developing multilingual cloud IDE and desktop IDE using the latest web technology, although its interface is similar to VS Code, and uses many things in VS Code, even directly supporting the extension of VS Code, so that many VS Code users can directly use IDE products developed by Theia. However, the thia service is started on the server, and the browser can be directly used only by inputting the ip and the specified port number of the server, so that a great safety problem exists; meanwhile, a load balancing mechanism is introduced to solve the problem of server load imbalance caused by multi-user use.
At present, a cloud IDE tool is still in a single-user mode, namely, one user has a set of complete cloud service and related environments, and multiple sets of environments need to be configured for multiple user use; meanwhile, because a browser-based mode is used, a safety problem exists, the port exposure can cause that anyone can access all files under the user, and the potential safety hazard is great. In a server cluster, a plurality of users use development tools in the same server, so that the server load is unbalanced.
At present, a mode of remote development based on a server is more and more popular, and the development environment deployed on the server can reduce the dependence on a local environment, but a user configures one set of environment for use only by the user, and the simultaneous use of multiple users cannot be realized. For a cluster server, multiple users may concentrate on some servers to use development tools, and some servers may use less users.
Disclosure of Invention
The invention aims to provide a dynamic scheduling and user authentication method facing to a cloud IDE (integrated development environment) so as to solve the problems of dynamic scheduling, user authentication service and resource load balancing of a development tool.
In order to achieve the purpose, the invention adopts the technical scheme that: the dynamic scheduling and user authentication method facing the cloud IDE is provided and is based on the following configuration:
the Nginx service is deployed on a special server to obtain a Nginx server which is used as a login and forwarding node, and a development server address needing to be forwarded is set in a configuration file;
deploying development services on other servers in the cluster to obtain development servers, wherein the development services are mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development service;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, the user inputs the unified login address and the appointed service port in the browser, and inputs the user name and the password according to the requirements in the displayed user login interface;
s2, Nginx service takes the user name and password received from S1 as authentication information, authenticates the authentication information, if the authentication fails, the authentication information is required to be input continuously, if the authentication fails for many times, the authentication information is required to be input continuously for authentication after waiting for a certain time; if the authentication is passed, forwarding the request to a development service on a development server according to a forwarding strategy;
s3, the development service on the development server receives the request information, and firstly, whether the started development environment tool service exists under the server is checked;
if the Nginx service exists, acquiring the port information of the development environment tool service and carrying the user information to send a request to the Nginx service;
if not, taking out an idle port from the reserved port pool, starting the development environment tool service and designating the port number as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting an error, and if so, carrying user information to send a request to an Nginx service;
s4, the Nginx service receives the user information, and calculates the development environment tool service to be forwarded to a certain fixed development server according to the forwarding strategy;
and S5, the development environment tool service receives the user request, realizes user authentication by using the user information, enters a development interface if the user request passes the authentication, and reports an error if the user request fails the authentication.
Due to the application of the technical scheme, compared with the prior art, the invention has the following advantages:
aiming at a server cluster and a multi-user use mode, the invention provides a frame with centralized management, dynamic scheduling and user authentication functions, and the frame is provided for multiple users to use, thereby not only reducing links of disk space and environment configuration, but also enhancing the use safety, and avoiding the safety problem existing in single-user use; the real ip address of the server can be hidden, the unified login address is always displayed in the url, and the centralized management is realized, so that the updating and the maintenance are convenient.
Drawings
Fig. 1 is a schematic diagram of a cloud IDE-oriented dynamic scheduling and user authentication method according to the present invention.
Detailed Description
Example (b): the invention provides a dynamic scheduling and user authentication method facing to cloud IDE, which is based on the following configuration:
the Nginx service is deployed on a special server to obtain a Nginx server which is used as a login and forwarding node, and a development server address needing to be forwarded is set in a configuration file;
deploying development services on other servers in the cluster to obtain development servers, wherein the development services are mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development service;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, the user inputs a unified login address (a unified login point provided by the Nginx service) and a designated service port in the browser, and inputs a user name and a password according to the requirements in the displayed user login interface;
s2, Nginx service takes the user name and password received from S1 as authentication information, authenticates the authentication information, if the authentication fails, the authentication information is required to be input continuously, if the authentication fails for many times, the authentication information is required to be input continuously for authentication after waiting for a certain time; if the authentication is passed, forwarding the request to the development service on one development server according to a forwarding strategy (such as a Hash strategy and a minimum connection number strategy);
s3, the development service on the development server receives the request information, and firstly, whether the started development environment tool service exists under the server is checked;
if the Nginx service exists, acquiring the port information of the development environment tool service and carrying the user information to send a request to the Nginx service;
if not, taking out an idle port from the reserved port pool, starting the development environment tool service and designating the port number as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting an error, and if so, carrying user information to send a request to an Nginx service;
s4, the Nginx service receives the user information, and calculates the development environment tool service to be forwarded to a certain fixed development server according to the forwarding strategy;
and S5, the development environment tool service receives the user request, realizes user authentication by using the user information, enters a development interface if the user request passes the authentication, and reports an error if the user request fails the authentication.
The above embodiments are further explained as follows:
the invention aims to provide services for multiple users, provide a safety mechanism and realize load balance through a set of development tool environment.
1) Nginx, server, development environment deployment
The Nginx service is deployed on a special server to serve as a login and forwarding node, and a development server address needing to be forwarded is set in a configuration file; the development service is deployed on other servers in the cluster, and the development service is mainly responsible for port management and management of development environment tools; and reserving a part of ports on the development server as a port resource pool for the development service to use.
2) Starting up
When a user inputs a unified login address (a unified login point provided by Nginx) and a specified service port in a browser, a user login interface is displayed, and the user is required to input a user name and a password.
3) Authentication and forwarding
The Nginx service takes the received user name and the password as authentication information, authenticates the authentication information, if the authentication does not pass, the authentication information is required to be input continuously, and if the authentication fails for multiple times, the authentication information can be input continuously for authentication after waiting for a certain time; if the authentication is passed, the request is forwarded to a development service on a development server according to a forwarding policy.
4) Server processing mechanism
The development server receives the request information, and firstly checks whether the development environment tool service is started under the server. If the service exists, acquiring the port information of the service and carrying the user information to send a request to the Nginx service; if the port number does not exist, an idle port needs to be taken out from the port resource pool, the development environment tool service is started, the port number is designated as the port number which is just obtained, whether the development environment tool service is started successfully or not is detected, an error is reported unsuccessfully, and a request is sent to Nginx with user information successfully.
5) Nginx second forwarding
And Nginx receives the user information, and calculates the development environment tool service to be forwarded to a certain fixed development server according to a forwarding strategy, wherein the port number is the port number returned by the received development server.
6) Development tool authentication
The development environment tool receives the user request, realizes user authentication by using user information, and enters a development interface after the authentication is passed; authentication failure will report an error.
Nginx can forward to the determined local service for the determined subscriber; through calling Nginx for forwarding twice, the development environment tool service can be accessed, the real IP of the server can be hidden, and the protection effect is achieved.
When the cloud IDE-oriented dynamic scheduling and user authentication method is adopted, a centralized management, dynamic scheduling and user authentication function framework is provided for a server cluster and a multi-user use mode, and the framework is provided for multiple users to use, so that not only are links of disk space and environment configuration reduced, but also the use safety is enhanced, and the safety problem existing in single-user use does not exist; the real ip address of the server can be hidden, the unified login address is always displayed in the url, and the centralized management is realized, so that the updating and the maintenance are convenient.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and the purpose thereof is to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the protection scope of the present invention. All equivalent changes and modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.
Claims (1)
1. A dynamic scheduling and user authentication method facing to a cloud IDE is characterized by being based on the following configurations:
the Nginx service is deployed on a special server to obtain a Nginx server which is used as a login and forwarding node, and a development server address needing to be forwarded is set in a configuration file;
deploying development services on other servers in the cluster to obtain development servers, wherein the development services are mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development service;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, the user inputs the unified login address and the appointed service port in the browser, and inputs the user name and the password according to the requirements in the displayed user login interface;
s2, Nginx service takes the user name and password received from S1 as authentication information, authenticates the authentication information, if the authentication fails, the authentication information is required to be input continuously, if the authentication fails for many times, the authentication information is required to be input continuously for authentication after waiting for a certain time; if the authentication is passed, forwarding the request to a development service on a development server according to a forwarding strategy;
s3, the development service on the development server receives the request information, and firstly, whether the started development environment tool service exists under the server is checked;
if the Nginx service exists, acquiring the port information of the development environment tool service and carrying the user information to send a request to the Nginx service;
if not, taking out an idle port from the reserved port pool, starting the development environment tool service and designating the port number as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting an error, and if so, carrying user information to send a request to an Nginx service;
s4, the Nginx service receives the user information, and calculates the development environment tool service to be forwarded to a certain fixed development server according to the forwarding strategy;
and S5, the development environment tool service receives the user request, realizes user authentication by using the user information, enters a development interface if the user request passes the authentication, and reports an error if the user request fails the authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110387706.8A CN114244548B (en) | 2021-04-12 | 2021-04-12 | Cloud IDE-oriented dynamic scheduling and user authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110387706.8A CN114244548B (en) | 2021-04-12 | 2021-04-12 | Cloud IDE-oriented dynamic scheduling and user authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114244548A true CN114244548A (en) | 2022-03-25 |
| CN114244548B CN114244548B (en) | 2023-10-13 |
Family
ID=80742821
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110387706.8A Active CN114244548B (en) | 2021-04-12 | 2021-04-12 | Cloud IDE-oriented dynamic scheduling and user authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114244548B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114844859A (en) * | 2022-05-05 | 2022-08-02 | 北京达佳互联信息技术有限公司 | Domain name configuration method and device, electronic equipment and storage medium |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007293760A (en) * | 2006-04-27 | 2007-11-08 | Hitachi Ltd | Single sign-on cooperation method and system using individual authentication |
| US20140090037A1 (en) * | 2012-09-21 | 2014-03-27 | Intuit Inc. | Single sign-on in multi-tenant environments |
| CN104639325A (en) * | 2014-12-31 | 2015-05-20 | 广州蓝海彤翔网络科技有限公司 | Cloud game system and cloud game method based on unified certification |
| CN104660409A (en) * | 2013-11-25 | 2015-05-27 | 北京神州泰岳软件股份有限公司 | System login method in cluster environment and authentication server cluster |
| CN105099690A (en) * | 2014-05-19 | 2015-11-25 | 江苏博智软件科技有限公司 | OTP and user behavior-based certification and authorization method in mobile cloud computing environment |
| WO2017186005A1 (en) * | 2016-04-29 | 2017-11-02 | 中兴通讯股份有限公司 | Method, server, and terminal for cloud desktop authentication |
| EP3316544A1 (en) * | 2015-07-24 | 2018-05-02 | Huawei Technologies Co., Ltd. | Token generation and authentication method, and authentication server |
| CN109639746A (en) * | 2017-10-09 | 2019-04-16 | 北京安软天地科技有限公司 | A kind of load-balancing method towards safety certification transport gateway cluster |
| EP3493463A1 (en) * | 2017-11-30 | 2019-06-05 | Canon Kabushiki Kaisha | System and control method therefor |
| CN110120946A (en) * | 2019-04-29 | 2019-08-13 | 武汉理工大学 | A kind of Centralized Authentication System and method of Web and micro services |
| CN110493352A (en) * | 2019-08-30 | 2019-11-22 | 南京联创互联网技术有限公司 | A kind of unified gateway service system and its method of servicing based on WEB middleware |
| US20200021587A1 (en) * | 2018-07-13 | 2020-01-16 | Trustview Inc. | Managing system and managing method for managing authentication for cloud service system |
| US20200304853A1 (en) * | 2017-09-05 | 2020-09-24 | Wangsu Science & Technology Co., Ltd. | Internet anti-attack method and authentication server |
-
2021
- 2021-04-12 CN CN202110387706.8A patent/CN114244548B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007293760A (en) * | 2006-04-27 | 2007-11-08 | Hitachi Ltd | Single sign-on cooperation method and system using individual authentication |
| US20140090037A1 (en) * | 2012-09-21 | 2014-03-27 | Intuit Inc. | Single sign-on in multi-tenant environments |
| CN104660409A (en) * | 2013-11-25 | 2015-05-27 | 北京神州泰岳软件股份有限公司 | System login method in cluster environment and authentication server cluster |
| CN105099690A (en) * | 2014-05-19 | 2015-11-25 | 江苏博智软件科技有限公司 | OTP and user behavior-based certification and authorization method in mobile cloud computing environment |
| CN104639325A (en) * | 2014-12-31 | 2015-05-20 | 广州蓝海彤翔网络科技有限公司 | Cloud game system and cloud game method based on unified certification |
| EP3316544A1 (en) * | 2015-07-24 | 2018-05-02 | Huawei Technologies Co., Ltd. | Token generation and authentication method, and authentication server |
| WO2017186005A1 (en) * | 2016-04-29 | 2017-11-02 | 中兴通讯股份有限公司 | Method, server, and terminal for cloud desktop authentication |
| US20200304853A1 (en) * | 2017-09-05 | 2020-09-24 | Wangsu Science & Technology Co., Ltd. | Internet anti-attack method and authentication server |
| CN109639746A (en) * | 2017-10-09 | 2019-04-16 | 北京安软天地科技有限公司 | A kind of load-balancing method towards safety certification transport gateway cluster |
| EP3493463A1 (en) * | 2017-11-30 | 2019-06-05 | Canon Kabushiki Kaisha | System and control method therefor |
| US20200021587A1 (en) * | 2018-07-13 | 2020-01-16 | Trustview Inc. | Managing system and managing method for managing authentication for cloud service system |
| CN110120946A (en) * | 2019-04-29 | 2019-08-13 | 武汉理工大学 | A kind of Centralized Authentication System and method of Web and micro services |
| CN110493352A (en) * | 2019-08-30 | 2019-11-22 | 南京联创互联网技术有限公司 | A kind of unified gateway service system and its method of servicing based on WEB middleware |
Non-Patent Citations (3)
| Title |
|---|
| 彭勇;黄剑华;王?;王全亮;王欢;: "分布式协同统一身份认证平台的设计与实现", 软件工程, no. 10 * |
| 李文峰;范黎明;肖书春;雷文礼;: "基于车载指挥调度系统的动态口令认证方法", 采矿技术, no. 02 * |
| 黄逸之;苏丹;: "用SSH构建安全的集成网络开发环境", 计算机与信息技术, no. 12 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114844859A (en) * | 2022-05-05 | 2022-08-02 | 北京达佳互联信息技术有限公司 | Domain name configuration method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114244548B (en) | 2023-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109743415B (en) | Public cloud network elastic IP implementation method and system | |
| US8028334B2 (en) | Automated generation of configuration elements of an information technology system | |
| US7246174B2 (en) | Method and system for accessing and managing virtual machines | |
| Yang et al. | Blockchain-based secure distributed control for software defined optical networking | |
| US7502850B2 (en) | Verifying resource functionality before use by a grid job submitted to a grid environment | |
| CN102377814B (en) | Remote assistance service method aiming at embedded operation system | |
| CN112448856B (en) | Method and system for providing public network access for external through intranet kubernets | |
| CN109660466A (en) | A kind of more live load balance realizing methods towards cloud data center tenant | |
| JP2010521761A (en) | Management layer method and apparatus for dynamic allocation of remote computer resources | |
| CN108833462A (en) | A kind of system and method found from registration service towards micro services | |
| CN113596110A (en) | Heterogeneous cloud-oriented cloud native micro-service platform | |
| CN110995545B (en) | Cloud network configuration testing method and device | |
| CN109656688A (en) | A kind of method that realizing distributed service rule, system and server | |
| CN101753359B (en) | Method and system for dynamically distributing components | |
| US20110153826A1 (en) | Fault tolerant and scalable load distribution of resources | |
| CN104363306A (en) | Private cloud management control method for enterprise | |
| CN114244548A (en) | Cloud IDE-oriented dynamic scheduling and user authentication method | |
| CN101771724A (en) | Heterogeneous distributed information integration method, device and system | |
| CN104809026B (en) | A kind of method that CPU computing resources are borrowed using remote node | |
| CN108616398A (en) | A kind of container dynamic capacity reduction method based on DNS load-balancing techniques | |
| CN102611758B (en) | A kind of method utilizing load equalizer synchronized clusters data | |
| CN101309262A (en) | Network platform and method for implementing multi-station cooperative service | |
| CN107071020A (en) | Load balancing framework applied to cloud computing server | |
| CN104994137B (en) | A kind of method of network readezvous point agency | |
| EP4122151A1 (en) | Dynamic authentication scheme selection in computing systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |