CN114827162A - Migratable cloud desktop system based on edge computing - Google Patents
Migratable cloud desktop system based on edge computing Download PDFInfo
- Publication number
- CN114827162A CN114827162A CN202210356546.5A CN202210356546A CN114827162A CN 114827162 A CN114827162 A CN 114827162A CN 202210356546 A CN202210356546 A CN 202210356546A CN 114827162 A CN114827162 A CN 114827162A
- Authority
- CN
- China
- Prior art keywords
- cloud desktop
- edge computing
- migration
- user
- configuration file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013508 migration Methods 0.000 claims abstract description 176
- 230000005012 migration Effects 0.000 claims abstract description 175
- 238000012545 processing Methods 0.000 claims abstract description 29
- 238000013507 mapping Methods 0.000 claims abstract description 5
- 238000007726 management method Methods 0.000 claims description 85
- 238000000034 method Methods 0.000 claims description 61
- 230000008569 process Effects 0.000 claims description 46
- 239000003795 chemical substances by application Substances 0.000 claims description 16
- 238000009434 installation Methods 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 9
- 239000003999 initiator Substances 0.000 claims description 8
- 238000013500 data storage Methods 0.000 claims description 7
- 238000012423 maintenance Methods 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 claims description 4
- 230000003111 delayed effect Effects 0.000 claims description 3
- 230000002085 persistent effect Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 238000013509 system migration Methods 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000011900 installation process Methods 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 208000003028 Stuttering Diseases 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000008570 general process Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/101—Server selection for load balancing based on network conditions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention belongs to the technical field of cloud desktops, and particularly relates to a migratable cloud desktop system based on edge computing. The cloud desktop comprises a cloud desktop unified management center and a plurality of edge computing nodes, wherein the edge computing node management module, a mapping warehouse module, an application warehouse module, a cloud desktop instance management module and a storage volume management module are arranged in the same management center of the cloud desktop, and the edge computing nodes comprise a node agent module, a desktop supporting module and a storage supporting module. The cloud desktop system is actually deployed on the edge computing nodes close to different users, so that traffic unloading is realized, namely, the users can use the cloud desktop only through a network from a terminal to the edge computing nodes, traffic transmission of a core network is reduced, and the problems of network overhead, time delay and reliability of the core network are solved. Moreover, after the user changes the position, the user desktop can be moved or copied to a new position in a system migration mode, and migration processing of the cloud desktop is achieved.
Description
Technical Field
The invention belongs to the technical field of cloud desktops, and particularly relates to a migratable cloud desktop system based on edge computing.
Background
A cloud desktop is a remote desktop system (centrally managed virtual desktop system) implemented using virtualization and cloud computing technologies. The basic method is to utilize a cloud computing platform to realize a plurality of virtual cloud desktops, and provide the virtual cloud desktops for individuals or groups to use through a remote access technology. The cloud computing platform can be used for realizing centralized generation, configuration, use and management of the cloud desktop, and a virtualization technology can be used for realizing rapid generation of a system, rapid adjustment of resources and the like.
Generally speaking, the client of the virtual desktop is built in an inexpensive and low-performance manner, and may even be built in a mobile phone (plus a dedicated app), and the main functions of the client are to realize the presentation of remote desktop contents and the submission of local keyboard-mouse (or touch) behaviors. Actual software business logic, data storage and the like are realized on a remote cloud computing platform.
Cloud computing platforms are typically large-scale, centralized IT clusters. If the cloud computing platform is small in size and distributed in layout, IT is difficult to maintain cost advantages and IT is not possible to provide IT requirements for large enterprises or large numbers of users. The user generally accesses through the internet or a wide area network, that is, the cloud computing platform generally does not access through a local area network or the like.
The greatest advantage of the cloud desktop is rapid unified management. For example, an administrator can quickly generate a plurality of identical desktop instances (and can arbitrarily adjust the number of the instances) through one virtual machine template on the cloud platform, and the desktop instances are provided for scenes such as a business hall foreground, a customer service center, a virtual laboratory and the like. The functions of unified patching, unified software installation or upgrade, unified configuration, unified user authority management and the like can be realized, so that an administrator does not need to upgrade, maintain and limit the computers of business personnel one by one (for example, the business personnel are prevented from installing software privately, company data are copied and the like). In the application scenario of the unified management, each cloud desktop system is the same or similar, data of a user is generally stored in the unified business system through the business system, after a business person remotely shuts down or logs out, the cloud platform can directly destroy the instance (namely, the user data, the use state and the like are not stored), and when a new business person applies for the cloud desktop instance, a background can directly generate a brand-new instance by using a virtualization technology and deliver the instance through a network.
Cloud desktops may also be provided for use by individual users. Unlike the unified management scenario, the cloud desktop system of an individual user is generally personalized and customized. When the user logs off or remotely shuts down, the cloud computing platform should save the state (possibly including user data) of the desktop system, user configuration, software installed by the user, and the like). The main advantage of using the cloud desktop by an individual is location independence, i.e., a user can remotely connect to the cloud desktop at any place, use software functions therein, access data therein, and the like. For example: the user has installed a fee-based software that, if installed on a physical computer, is not available off the computer. If the software is installed on the cloud desktop, it is not so limited.
The existing cloud desktop solution mainly consists of: the system comprises three entities of a terminal, a wide area network access and a cloud computing platform. The main problem is the various problems that may occur with remote access: (1) the problem of network overhead. Since the terminal is far away from the cloud computing platform, remote access by a large number of users may operate a large network overhead cost (user usage cost and operation and maintenance cost of a network operator). (2) Delay and reliability issues. Remote connections may generate large and uncontrollable time delays, which may cause problems of system stutter, service interruption, poor user experience, etc. at a critical time. And remote connections may span multiple operator networks, causing uncontrolled failures and reliability problems, and problems may be difficult to locate and recover quickly. (3) The safety problem. The problem of potential safety hazard is more likely to occur due to a longer network access path, and the problem of intrusion or improper configuration may occur in more links.
If the cloud desktop system is self-maintained by a certain using unit, namely a private cloud mode is adopted, the problems of network, time delay and safety can be solved, but larger construction cost and operation and maintenance expenditure are brought.
Disclosure of Invention
The invention aims to provide a migratable cloud desktop system based on edge computing, which is used for solving the problems of poor time delay and reliability, and high construction cost and operation and maintenance expenditure of the cloud desktop system in the prior art.
In order to solve the technical problems, the technical scheme provided by the invention and the corresponding beneficial effects of the technical scheme are as follows:
the invention discloses a migratable cloud desktop system based on edge computing, which comprises a cloud desktop unified management center and a plurality of edge computing nodes, wherein the cloud desktop unified management center is in communication connection with each edge computing node; the cloud desktop unified management center comprises an edge computing node management module, a mapping warehouse module, an application warehouse module, a cloud desktop instance management module and a storage volume management module; the edge computing node management module is used for realizing various kinds of management of a cloud desktop of a certain edge computing node by a user, sending corresponding management information to the node agent module of the appointed edge computing node, and migrating the cloud desktop to a target edge computing node corresponding to a new position of the user after the user changes the position, so as to realize migration processing of the cloud desktop; the image warehouse module is used for realizing various management processing of the cloud desktop images; the application warehouse module is used for realizing various management processing of various application software of a user; the cloud desktop instance management module is used for realizing various management processing of each cloud desktop instance; the storage volume management module is used for realizing various management processing of a user storage volume; the edge computing node comprises a node agent module, a desktop support module and a storage support module; the node agent module performs data interaction with the edge computing node management module; the desktop supporting module is used for establishing and operating an actual cloud desktop instance and completing actual cloud desktop operation; the storage support module is used for realizing various management processes of user data storage.
The beneficial effects of the above technical scheme are: the cloud-edge-integrated-based system architecture comprises a cloud desktop unified management center and a plurality of edge computing nodes, wherein the cloud desktop unified management center is in communication connection with the edge computing nodes, and a user and an administrator can apply for, configure and the like for a cloud desktop system through a cloud. The cloud desktop system is actually deployed on edge computing nodes close to different users, so that traffic unloading is achieved, namely the users can use the cloud desktop only through a network from a terminal to the edge computing nodes, traffic transmission of a core network is reduced, and the problems of network overhead, time delay and reliability of the core network are solved. Moreover, after the user changes the position, the user desktop can be moved or copied to the position near the new position of the user in a system migration mode, and the cloud desktop migration processing is achieved.
The method is further improved, and various management processes of the cloud desktop image comprise storage, management, query and acquisition of the cloud desktop image, and maintenance, upgrading and calling of the cloud desktop image; various management processes of the application software comprise release, storage, inquiry, acquisition and management of the application software; the various management processes of the cloud desktop instance comprise establishment, deployment, resource adjustment and instance migration of the cloud desktop instance, and information management and query of the cloud desktop instance; the various management processes of the storage volume comprise generation, deployment, adjustment and migration management of the storage volume, and storage volume information management and query; various management processes of the user data storage comprise establishment, provision and management of user data; the actual cloud desktop operation comprises at least one of cloud desktop migration, storage volume mounting and application installation and deployment.
The beneficial effects of the above technical scheme are: the management processing of the cloud desktop image, the application software, the cloud desktop instance, the storage volume and the user data storage is perfected, and the safe and reliable operation of the cloud desktop system is ensured. Actual cloud desktop operations including cloud desktop migration, storage volume mounting and application installation and deployment can meet different requirements according to different requirements of users.
The method is further improved, and in the process of migrating the cloud desktop, only different resources on the target edge computing node and the original edge computing node are migrated.
The beneficial effects of the above technical scheme are: when the corresponding images, applications, cloud desktop instances and storage volumes are migrated to the edge computing nodes close to the user for deployment, the same resources are not transmitted according to the existing configuration of the edge computing nodes, so that the migration processing efficiency is accelerated.
The method is further improved, and the business process of the cloud desktop system executing part of all businesses comprises the following steps: 1) editing, signing and submitting the configuration file; 2) according to the content of part of the business process, the target edge computing node executes corresponding operation; 3) after the target edge computing node successfully executes the corresponding operation, the target edge computing node stores the executed configuration file, and sends the configuration file and the information of successful execution to the cloud desktop unified management center, and the cloud desktop unified management center stores the configuration file; the part of services are cloud desktop instance creation and delivery, storage volume creation and mounting use, application software acquisition and security, updating side rate, instance temporary migration in temporary migration or storage volume temporary migration in temporary migration; and the temporary migration refers to temporary migration of the cloud desktop caused by the user changing the position temporarily, and the cloud desktop on the primary edge computing node is inaccessible during the temporary migration.
The beneficial effects of the above technical scheme are: the processing flow aiming at partial services is improved, the configuration file needs to be signed, and the reliability of communication between the cloud desktop unified management center and the edge computing node is guaranteed.
The method is further improved, and the configuration file comprises configuration instructions, range information, service information, authority limit and signature information; the configuration instruction comprises at least one of a configuration file level, a configuration file generator UserID, a UserID of a creator of the object, a UserID of a user of the object, a template id and an object id; the configuration files comprise a configuration file adminProfile generated by a creator and a configuration file UserProfile generated by a user; a communication mechanism between the cloud desktop unified management center and each edge computing node generates a user ID of each user; the user ID of the configuration file generator is the user ID of the creator or the user ID of the user; the template id is imageID of the image or defaultappID of the application software; the object id is an InstanceID of the cloud desktop instance, an AppID of application software installed on the cloud desktop instance or a StorageID of the storage volume; the range information comprises at least one of carrier id, validity period range, migration id, temporary migration bearer id and expiration limit policy; the carrier id is a Nodeid of an edge computing node or an instanceID of a cloud desktop instance; the validity range is the validity of the configuration file; the migration id is an InstanceID of the temporary cloud desktop instance generated by the temporary migration; the temporary migration bearing id is a Nodeid of the target edge computing node or an instanceID of the cloud desktop instance after migration; the expiration limiting strategy comprises immediate execution, reminding and delayed execution and next starting execution; the permission limit comprises a permission limit of a deployment configuration file, a permission limit of an application configuration file and a permission limit of a storage volume configuration file; the signature information includes a summary calculated and digitally signed with a private key of a profile creator for the configuration instructions, the scope information, the service information, and the content of the rights restrictions, and a public key of the profile creator.
The beneficial effects of the above technical scheme are: the configuration file is relatively comprehensive in content, and safe and reliable operation of the cloud desktop system is guaranteed.
The method is further improved, and after the step 3) of the business process of the cloud desktop instance temporary migration and the storage volume temporary migration, the method further comprises a step 4) of processing after the migration is finished, wherein the processing after the migration is finished comprises the following steps: the configuration file adminProfile generated by the creator is pulled to a new edge computing node, and the target edge computing node checks the validity period range in the configuration file adminProfile generated by the creator; after the validity period is over or a user applies for migration termination to the cloud desktop unified management center, deleting a cloud desktop instance, a storage volume or an application-related configuration file by the new edge computing node, and informing the cloud desktop unified management center; and the cloud desktop unified management center deletes the temporary migration information.
The beneficial effects of the above technical scheme are: compared with the conventional business processing flow, the processing flow after the migration is finished is added for the business processing flows of the example temporary migration processing and the storage volume temporary migration, so that the temporary migration processing is realized.
The method is further improved, all services also comprise a permanent migration service, wherein the permanent migration refers to the permanent migration of the storage volume and the cloud desktop instance to the target edge computing node, and the cloud desktop on the original edge computing node is deleted; the business process for executing the permanent migration business comprises the following steps: after an initiator initiates a permanent migration, the cloud desktop unified management center sends a permanent migration instruction, an object id and a Nodeid of a primary edge computing node to a target edge computing node; the initiator is a creator or a user, if the initiator is the user, the cloud desktop unified management center needs to query whether the permission limit of the application configuration file and the permission limit of the storage volume configuration file in the configuration file AdminProfile generated by the creator corresponding to the object are met, and the query is continued under the condition of meeting; copying a storage volume and/or a cloud desktop instance of an original target node, a configuration file adminProfile generated by a creator and a configuration file UserProfile generated by a user by a target edge computing node; after copying is completed, the target edge computing node modifies the load-bearing id in the configuration file adminProfile generated by the creator and the configuration file UserProfile generated by the user into the Nodeid of the edge computing node, and informs the cloud desktop unified management center.
The beneficial effects of the above technical scheme are: the processing flow of the permanent migration service is improved, and the safe and reliable operation of the cloud desktop system is ensured.
The method is further improved, all services further comprise application temporary migration services in temporary migration, and the service flow for executing the application temporary migration services comprises the following steps: the cloud desktop unified management center provides the migrated instance id and the defaultappID of the application software according to an application installation instruction initiated by a user; the cloud desktop unified management center inquires the AppID of the corresponding application software if the application software is installed in the cloud desktop instance corresponding to the primary edge computing node, and informs the AppID of the application software of the node where the cloud desktop instance is located after the migration, the original bearing node information and the cloud desktop instance id after the migration; and after the migration is finished, sending the App ID of the application software to the remote bearing node to obtain an App software package and a corresponding configuration file, and installing the App software package and the corresponding configuration file in the migrated cloud desktop instance.
The beneficial effects of the above technical scheme are: the processing flow of the application temporary migration service is improved, and the safe and reliable operation of the cloud desktop system is guaranteed.
The method is further improved, and the digest is calculated by adopting a hash algorithm.
The beneficial effects of the above technical scheme are: by adopting the Hash algorithm, the accuracy and the reliability of the abstract calculation are ensured, and the data transmission reliability is further ensured.
Drawings
FIG. 1 is a block diagram of an edge computing based migratable cloud desktop system of the present invention;
FIG. 2 is a schematic diagram of the main behavior of the cloud desktop system and the user of the present invention;
FIG. 3 is a relational diagram of a cloud desktop instance and configuration files of the present invention;
fig. 4 is a schematic service flow diagram of a part of the service of the present invention.
Detailed Description
The invention will be described in detail below with respect to a migratable cloud desktop system based on edge computing (hereinafter referred to as a cloud desktop system).
Firstly, the whole system architecture.
As shown in fig. 1, the cloud desktop system includes a cloud desktop unified management center (deployed on a cloud computing platform) and a plurality of edge computing nodes.
1. And a cloud desktop unified management center. The cloud desktop unified management center is deployed on a cloud computing platform, and realizes overall user operation and management functions (but does not include the use of an actual cloud desktop). The cloud desktop unified management center comprises an edge computing node management module, a mapping warehouse module, an application warehouse module, a cloud desktop instance management module and a storage volume management module.
1) The edge computing node management module has the following functions and functions: load registers, manages and monitors the state of edge computing nodes. A node proxy module responsible for sending messages to designated edge compute nodes. And managing and inquiring information related to the edge computing node.
2) The image warehouse module, its function and effect are as follows: the system is responsible for storing, managing, inquiring and acquiring images. The images are virtual machine templates of the cloud desktop, the modules are responsible for storing the cloud desktop templates, managing, maintaining, upgrading and the like the templates, browsing and calling the templates and the like, and different images comprise different types and versions of operating systems and different pre-installed software; the image is used to build a cloud desktop instance. Image has a unique imageID, and when using it to generate an instance, the cloud desktop instance will have an InstanceID.
3) The application warehouse module has the following functions and functions: the cloud desktop publishing and managing system is responsible for publishing, storing, acquiring and managing various application software, wherein the application software is constructed in a container mode and can be downloaded to a certain cloud desktop instance in a streaming mode for use; the application software is supported to be constructed and used in a universal container mode, and the specific container technology is the prior art and is not described in detail herein. ② each application software in the application repository has a defaultAppID, and after the application is installed on the instance, it will have a unique AppID.
4) The cloud desktop instance management module has the following functions and effects: the cloud desktop instance management method is responsible for functions of establishment, deployment, resource adjustment, instance migration and the like of the cloud desktop instance. And the second unit is responsible for information management and query related to the example. The cloud desktop instance refers to an actual cloud desktop object established according to the mapping; the actual cloud desktop instance runs on the edge computing node, and a user is directly connected with the edge computing node for use.
5) The storage volume management module has the following functions and functions: the method is responsible for generation, deployment, adjustment, migration management and the like of a user storage volume. And the storage volume management and query are responsible for information related to the storage volume. And thirdly, the actual storage volume runs on the edge computing node, and the user is directly connected with the edge computing node for use.
2. And calculating nodes by the edge. There are an indefinite number of multiple edge compute nodes in the system, which are built in a distributed fashion (distributed over different geographical or network locations). The edge compute nodes provide the actual computing, storage, and network resources to build cloud desktops and to build storage volumes, etc., as well as provide the necessary network access. The cloud desktop unified management center can register, manage and monitor the accessed edge computing nodes through the edge computing node management module. The edge computing node accessed to the cloud desktop unified management center can establish (deploy) a cloud desktop instance according to the instruction of the edge computing node, is connected with edge computing nodes of other access systems, and completes migration of a virtual desktop, hooking of a storage volume and the like. The edge computing node mainly comprises a node agent module, a desktop support module and a storage support module.
1) The node agent module has the following functions and functions: and the system is responsible for interacting with an edge computing node management module in the cloud desktop unified management center to complete actual node management and monitoring.
2) The desktop support module has the following functions and functions: and the cloud desktop management system is responsible for establishing and operating an actual cloud desktop instance, and completing actual cloud desktop migration, storage volume mounting, application installation and deployment and other operations. When a cloud desktop instance is created, an instanceID is generated.
3) The storage support module has the following functions and functions: responsible for establishing, providing and managing the storage of user data. The system provides storage resources to users in a mode of providing storage resources (called storage volumes) according to volumes, and the storage volumes can be mounted and used in cloud desktop instances but are not necessary components of the cloud desktop instances. When a storage volume is created, a StorageID is generated.
3. And the cloud desktop unified management center manages the secure communication between the edge computing nodes. The communication between the cloud desktop unified management center and each edge computing node is supported by a PKI/CA system, and identity authentication, key exchange and encrypted communication based on a digital certificate are realized.
And II, users in the system.
Each specific user in the system has a corresponding UserID and private key (based on the standard PKI/CA mechanism), and the edge computing node in the system also has a corresponding id (nodeid) and private key. The ID and private key are used to identify the identity and digitally sign (on the configuration file). The user may be the creator or the user, or both. The creator role is responsible for creating cloud desktop instances, storage volume instances, and performing application installation. The cloud desktop system of the present invention has no restrictions on the actual identity of the creator or user. For example: the user may be an enterprise user or an individual user, for example in an enterprise scenario, with a unified creator creating multiple cloud desktop instances for distribution to different employees. In a personal scenario, the creator and the user may be the same person. Further, the creator role of creating the cloud desktop, the creator of the distribution application, and the creator role of creating the storage volume may not be the same person. The main behaviors of the various components and users included in the cloud desktop system are shown in fig. 2.
And thirdly, a cloud desktop instance structure.
The relationship of the cloud desktop instance and the configuration file is shown in fig. 3. A cloud desktop instance is a virtual computer system built from cloud desktop templates (images) that contain various virtualization hardware and corresponding operating systems, application software, application data, and the like.
1) The cloud desktop infrastructure comprises standard virtual machine components such as an operating system of a cloud desktop instance and the like, and can also comprise pre-installed application software. The cloud desktop infrastructure fully inherits the self-image content.
2) And the cloud desktop configuration agent (module) is a pre-installed agent program (in the image) and is responsible for interacting with the cloud desktop supporting module of the edge computing node to complete functions of application management, user storage management and the like.
3) The application software refers to application software deployed in a container mode. The application system itself contains two storage areas, a program directory and a data directory. The former inhibits user modification, and the latter can allow user modification according to instance configuration.
4) User data storage (module): i.e., externally hooked storage volumes, see fig. 2 and 3. The storage of the user cloud desktop may come from the same edge computing node or from other edge computing nodes. The storage volume is not from an image, but is created separately and attached to the cloud desktop instance according to the associated policy.
The cloud desktop instance is used in conjunction with a variety of configuration files, which may be understood as business configuration parameters and rights management parameters of the cloud desktop instance (as well as applications and storage volumes). The configuration file is described in detail below.
Fourthly, configuration file content and structure.
1. And (5) user instructions.
The user designates an operation or management situation submitted by the user through the cloud desktop management system, which typically includes: 0-0-1 instance deployment/update configuration, 0-0-2 storage volume deployment, 0-0-3 application deployment, 0-1-1 instance temporary migration, 0-1-2 storage volume temporary migration, 0-1-3 application temporary migration, 0-2-1 permanent migration.
And the specific general condition and the configuration file are submitted to a cloud desktop unified management center together, and the individual execution does not need the cooperation of the configuration file, which is referred to the flow description of the following 5.1-5.6 parts.
2. Configuration file base structure.
1) Basic information.
A 0 configuration command, which is one of the following:
1-1 profile level, being one of the following: the profile has three levels, or the same object may have 2 profiles: AdminProfile, userpprofile.
The creator of the profile may modify the profile created by the creator.
AdminProfile is a configuration file generated by the creator. AdminProfile contains "4) rights restrictions" content.
UserProfile is a configuration file generated by a user. The 'basic information' of the adminProfile must be completely inherited, and when an inconsistency occurs, the system directly discards the UserProfile configuration file. UserProfile does not contain the "4) rights restrictions" content.
If the creator role and the user role are actually the same user, the UserProfile configuration file has no meaning, but its presence does not create a logical conflict.
1-2 this configuration file generator UserID. Typically the creator UserID. The UserID of the user may be used when performing an update policy or migration.
1-3 UserID of creator of object (cloud desktop instance, application or storage volume).
1-4 UserID of a user of an object (cloud desktop instance, application, or storage volume).
1-5 template id: for a cloud desktop instance configuration file, here imageID; the application software is defaultappID (which shows that after the application is deployed to a cloud desktop instance, a new AppID is generated); for a storage volume: are ignored.
1-6 object id: there are three cases: instanceID of the cloud desktop instance; AppID of application software (authorized instance of application); the StorageID of the storage volume.
2) And (4) range information.
2-1 vector id: for the cloud desktop instance, the carrier id is the Nodeid of the edge computing node; for application software, the carrier id is the cloud desktop instance InstanceID; for a storage volume, the carrier id is the Nodeid of the edge compute node.
2-2 validity period range: the method supports the setting of the validity period by taking the hour as the minimum unit, and if the setting is 0, the validity period is permanent; both adminProfile and UserProfile can be set with validity periods, and the effective range of the actual validity period is the intersection of 2 effective ranges; when the validity range is exceeded, the cloud desktop terminal cannot be used or migrated unless the validity information is extended (by the corresponding profile creator).
2-3 migration id: the temporary InstanceID generated when the object is temporarily migrated remains empty when not temporarily migrated, and is only useful for temporary migration of the instance and is not useful for other migration methods, but there is no logical contradiction.
2-4 temporary migration bearer id: for instance migration, a node Nodeid is calculated for a migration target edge; for the storage volume migration, a node id is calculated for a migration target edge; for application migration, the InstanceID of the migrated cloud desktop instance is recorded in 2-3.
2-5 expiration limit policy, i.e. one of three cases after reaching the 2-2 validity period range: immediate execution, blocking access to stale (e.g., past expiration) objects by the "configuration agent" implementation in the instance; reminding and delaying execution, setting a delay time limit, reminding a user through a 'configuration agent module' in an example, and immediately blocking access to an invalid (for example, exceeding the validity period) object after the delay time limit is reached; and starting execution next time, namely, the execution is used when the instance is started next time, the software is started next time, and the storage volume is mounted next time.
3) And (4) service information.
Basic configuration entries: that is, the examples, the storage volumes, and the basic service parameters required for normal operation of the application, which is not described in this embodiment.
The form is as follows: entry-value-read-only flag, triplet form.
If a read-only mark is set for an entry in the admin profile, the numerical value in the UserProfile is not read any more, and if the read-only mark is not set in the admin profile, the value of the UserProfile can cover the admin profile and be adopted by the system.
4) And (4) limiting the authority. This content exists only in the AdminProfile profile, i.e.: constructed by the creator and constrained to the user. Other entries are found in the subsequent section 3 deployment configuration file (example configuration file) "permission limits", section 4 "4, application configuration file" permission limits ", and section 5 storage volume configuration file" permission limits ".
5) And (4) signature information. For all of 1) to 4), a digest is computed with a hash algorithm and digitally signed with the private key of the "profile creator". The hash algorithm may employ any standard hash algorithm. Finally, the public key of the "profile creator" can be attached, or the public key can be queried from the PKI/CA system, which is the requisite content of the PKI/CA system.
3. Deployment configuration file (instance configuration file) "permission restrictions".
4-1-1 allows the user to migrate the instance. One of four cases: not/allowed temporary/allowed permanent/all allowed:
the 4-1-2 instance may deploy (migrate) or prohibit deployment (migrate) of the list of edge compute nodes. And can be configured as a white list or a black list, or both.
The 4-1-4 instance may mount or prohibit a list of mounted storage volumes. And can be configured as a white list or a black list, or both.
4-1-5 examples may use or prohibit the use of a list of application systems (software). And can be configured as a white list or a black list, or both.
4. The "permission restrictions" of the application profile.
List of cloud desktop image types that the 4-2-1 application can deploy: the list content corresponds to the 'template id' (1-5) of the cloud desktop instance, and is configured as a white list.
List of cloud desktop instances that 4-2-2 applications can be deployed: "template id" (1-5) for instance profile. The white list mode, and 4-1-5 form a bi-directional restriction.
5. "Authority limits" for storage volume profiles.
4-3-1 allows the user to migrate the storage volume. One of four cases: temporary migration is not allowed/permanent migration is allowed/full permission.
The 4-3-2 storage volume may deploy (migrate) or prohibit deployment (migrate) of the list of edge compute nodes. And can be configured as a white list or a black list, or both.
4-3-3 storage volumes can be mounted on a list of cloud desktop instances, and cannot be mounted if empty. The list contents correspond to the "template id" (1-5) of the instance profile. The white list mode, and 4-1-4 form a bi-directional restriction.
And fifthly, carrying out main flow.
The method comprises six business processes: example creation and delivery (below, part 5.1 content), storage volume creation and mount usage (below, part 5.2 content), application acquisition and installation (below, part 5.3 content), update policy (below, part 5.4 content), temporary migration (below, part 5.5 content), and permanent migration (below, part 5.6 content). In which, besides the temporary migration business process and the permanent migration process of the application in the temporary migration (see the contents of the following sections 5.5.3 and 5.6), other processes follow the following general process, as shown in fig. 4, where the numerical representation is divided into 4 stages.
0 precondition: firstly, the system needs to establish IDs, private keys and digital certificates (public keys) for all users and edge computing nodes based on a standard PKI/CA system; the system can judge the authority of the user according to the user id, such as whether a cloud desktop terminal can be created or not, whether a certain edge computing node can be accessed or not, and the like.
Stage 1, editing, signing and submitting of configuration files.
And (6) editing a configuration file (editing different contents according to different services). Typically, the configuration file is generated or modified for the creator, i.e. of the AdminProfile type. If it is a policy update or migration, the profile may be initiated by the user. Specific description will be made for the phase according to different business processes.
And secondly, calculating the abstract by using a Hash algorithm before submitting the configuration file, and signing by using a private key of a creator. The hash algorithm, signature algorithm, and the like are not particularly specified.
And the cloud desktop unified management center verifies that the contents mainly refer to the legality of the file, whether the creator and the user have the access right of the target edge computing node and the like, and the contents are not specially regulated.
And fourthly, the cloud desktop unified management center forwards the configuration file to the target edge computing node after auditing. The target node is selected from all edge compute nodes for the creator. The instruction is directly sent to the node indicated by 2-1, and if 2-4 is not empty, the instruction is also sent to the node shown by 2-4. For application updates, 2-1 and the middle records are the id of the bearer instance. At this time, the cloud desktop management system queries the id of the corresponding edge computing node from the stored database entry and sends the id. If 2-4 is not empty, the same operation is performed.
And 2, in the 2 nd stage, the target edge computing node executes specific operation, and the operation object is an instance, an application, a storage volume or a policy file. The operands are running or residing on the target edge compute node. Specific description will be made for the phase according to different business processes.
And 3, executing the successful processing in the 3 rd stage.
After the execution is finished, the edge computing node executing the operation saves the executed configuration file.
And secondly, after the execution is finished, the edge computing node sends a notice and the executed configuration file to the cloud desktop unified management center, and the cloud desktop unified management center further informs the creator and the user.
And the cloud desktop unified management center arranges the information in the configuration file into a database table for storage and provides information query service.
If the execution fails, the notification only contains the prompt information and does not store the information any more.
4 stage 4, user use and access. Specific description will be made for the stage according to different business processes.
The flow will be described from three aspects below, the other undescribed parts being identical to the basic flow above (except for 5.5.3 and 5.6): 1-part: editing an adminProfile configuration file; 2: specific execution process of the target edge computing node; 4: user access and usage patterns.
5.1 flow of establishing and using cloud desktop instances.
1) 1-1, editing AdminProfile configuration file.
(ii) edit "basic information" and "scope information". Setting and sending a 0-0-1 instruction; 1-2 and 1-3 are set to their UserID; appointing a user id, and writing 1-4; selecting an image, reading imageID and writing 1-5; generating a new instanceID, and writing 1-6; a default carrier is designated, an existing edge computing node id is selected and written into 2-1; setting a 2-2 validity period range; and editing the service information and the authority limit in the configuration file.
2) And 2, the edge computing node creates a cloud desktop instance according to the configuration file.
Determining whether a corresponding instance exists on the node or not by judging the object id (1-6) of the cloud desktop instance, and if so, determining to update the configuration file, and executing the configuration updating process instead of the subsequent creating process.
And downloading 1-5 specified images from the image warehouse.
Creating a cloud desktop instance according to the requirement of the Admin Profile configuration file.
Mounting a storage volume: if the creator generates the instance configuration file and simultaneously requires to mount the storage volume through the configuration file, namely, the edge computing node mounts the storage volume according to the 5.2 part of content-related flow, and then delivers the storage volume after the mounting is finished; an example may mount multiple storage volumes, which may be on the current edge compute node or on other nodes.
And fifthly, installing the application software. If the creator generates the instance configuration file and simultaneously generates the application configuration file, namely, the plurality of application systems are required to be installed after the cloud desktop instance is generated, the edge computing node installs corresponding application software according to the 5.3 related flow, and the delivery is carried out after the installation is finished.
3) Stage 4, use of cloud desktop instances.
Firstly, a user directly accesses the cloud desktop instance through a network access path, and ensures information security (for example, self-setting a power-on password) through a security mechanism of the instance, and the system is not responsible for the information security problem related to the instance.
Secondly, when a user accesses the cloud desktop instance, the edge computing node firstly queries whether a migration instance associated with the current instance id exists or not from the cloud desktop unified management center before establishing connection, and if so, the user is prohibited from accessing the current instance (the user can only access the post-migration instance) (see section 5.5 specifically).
After the user modifies the instance content, the current instance content is stored in the current edge computing node (at this time, the instance content is changed compared with the image content). When the user shuts down the instance, the instance is still stored in the current edge computing node and cannot be deleted.
And 5.2, application, mounting and management of the storage volume.
1) 1-1, editing AdminProfile configuration file.
(ii) edit "basic information" and "scope information". Setting and sending a 0-0-2 instruction; 1-2 and 1-2 are set to their UserID; appointing a user id, and writing 1-4; ignoring 1-5; generating a new StorageID, writing 1-6; specifying a default carrier, selecting an existing edge compute node id, writing 2-1 (not instance id); setting a 2-2 validity period range; and editing the service information and the authority limit in the configuration file.
2) And 2, the edge computing node creates a storage volume according to the configuration file.
Judging the business capability in an external mode, namely judging whether the edge computing node has the capability of creating the storage volume.
And if the corresponding id 1-6 exists in the database of the current edge computing node, executing policy updating, and if the id does not exist, executing an application installation process.
Creating storage volume according to the requirement of Admin Profile configuration file.
3) Phase 4, use of storage volume: and mounting to the cloud desktop mirror.
The user uses the storage volume in the example by mounting network storage.
Secondly, when a user mounts a storage volume, an edge computing node where the storage volume is located firstly queries whether a migration storage volume associated with the current instance id exists or not from the cloud desktop unified management center before connection is established, and if so, the user is prohibited from accessing the current storage volume (see section 5.5 specifically).
And thirdly, detecting a mounting process by a cloud desktop configuration agent in the example, checking configuration files related to the example through a carried edge computing node, and checking whether the storage volume is allowed to be mounted or not (4-1-4 configuration items).
And fourthly, when the storage volume is mounted, the node where the storage volume is located reversely checks the instance id of the node according to the source of the mounting request (namely the network access path of the instance) in the cloud desktop unified management center, and inquires whether the instance id has the permission to mount the storage volume (whether the instance id exists in a 4-3-3 list of the configuration file of the storage volume).
The cloud desktop configuration agent can cache the mounting information, and automatically execute the a-c process after each starting of the instance to realize automatic mounting.
And 5.3, installation, use and management of application software.
1) Stage 1-r, AdminProfile configuration file.
Applicant creates an AdminProfile profile as a "creator" (the creator is actually understood to be the distributor, not the developer of the application, here for consistency with previous nomenclature).
Setting and sending 0-0-3 instructions; 1-2 and 1-3 are set to their UserID; appointing a user id, and writing 1-4; 1-5 writing defaultappID; generating AppID and writing 1-6; 2-1 filling the default carrier into the specified cloud desktop instance id; setting a 2-2 validity period range; and editing the service information and the authority information in the configuration file.
2) Stage 2, installation of application software.
Firstly, after a cloud desktop management center, a configuration file is sent to 2-1 edge computing nodes where designated cloud desktop instances are located, and the corresponding relation between the instances and the nodes can be obtained by inquiring a database of the cloud desktop management center.
And if the corresponding 1-6id exists in the database of the current edge computing node, executing policy updating, and if the corresponding 1-6id does not exist, executing an application installation process.
Checking the configuration file of the cloud desktop instance by the edge computing node, and checking whether the applied 1-5 template id (default application id) exists in a 4-1-5 white list or a black list configured by the cloud desktop instance according to the priority sequence: in the white list mode, only the installation of the specified application is allowed; in the blacklist mode, its designated application is not allowed to be installed.
And fourthly, downloading the application container specified by the application configuration 1-5(defaultAppid) from the application repository by the edge computing node.
Checking the application configuration file by the edge computing node, and checking whether the '1-5 template id (imageID)' of the target cloud desktop instance exists in a 4-2-1 white list or a black list of the application configuration according to the priority sequence.
Sixthly, the edge computing node checks the configuration file of the application and checks whether the object id (1-6) of the target cloud desktop instance exists in a 4-2-2 white list of the application configuration according to the priority sequence.
And seventhly, interacting the 'desktop support module' of the edge computing node with the 'cloud desktop configuration agent' in the example, and deploying application software according to the 1-1-1 and the adminProfile configuration file. Wherein the AdminProfile file has a higher priority. Because the application is configured in a container mode, the deployment mode is that the application container is downloaded and copied to the specified position of the configuration file, and the configuration is carried out according to the configuration file.
If the instance is in a power-off state, the step (c) is delayed until the next instance is started.
3) Phase 4, application software usage and access control.
In the example, a cloud desktop configuration agent records the application installed in the example, and the program directory is prohibited from being copied and copied.
And secondly, each time the application is started, the current edge computing node is contacted through a cloud desktop configuration agent, a 2-2 validity period range is checked, and the application cannot be started if the validity period is expired.
5.4 configuration file update and execution.
1) Stages 1-1, AdminProfile or UserProfile configuration file.
All types and priorities of configuration files can be updated. The basic requirements of the configuration file are consistent with the description of the 1-r stages in 5.1-5.3.
2) Stage 2, updating of the policy.
And sending the policy file to the target edge computing node and the edge computing node of the temporary migration instance according to the general flow.
And after receiving the configuration file, if the corresponding 1-6id exists in the database of the current edge computing node, the edge computing node executes policy updating, and if the corresponding 1-6id does not exist, the edge computing node executes a creating process. The "basic information" of the updated AdminProfile and UserProfile profiles must be consistent with that of the original AdminProfile type.
And the updated strategy replaces the old strategy of the same type and keeps the same priority as the old strategy.
3) And 4, executing the strategy.
The execution time of the new strategy is 'next start': starting an instance or instance at a next time, mounting a storage volume at a next time, and opening an application at a next time
If the 2-2 time range is found to be expired when the new policy is checked, the policy is executed according to the 2-5 policy.
5.5 temporary migration.
The temporary migration refers to that the distance between the edge computing node where the instance originally is located and the new location of the user is far due to the temporary geographic location of the user due to business trip and the like, and further delay or safety problems are caused, so that the cloud desktop instance is temporarily reconstructed at a place close to the user through the temporary migration, and the temporary instance is deleted after a certain time. During the lifetime of the temporary instance, the original instance is not accessible, but the content is not deleted.
5.5.1 example migration temporarily.
1) 1-1 stage, UserProfile configuration file.
Setting and sending: 0-1-1 instance temporary migration instructions; migration is user initiated, so 1-2 is set to applicant UserID; 1-3 writing UserID of Admin; setting as user UserID; 1-5, the imageID can be written or not, see the strategy of the 2 nd stage below; 1-6 write instance id, must fill in; 2-1 filling the default carrier into the id of the edge computing node where the original instance is located; setting a 2-2 validity period range, wherein the validity period refers to a temporary migration validity period, and the adjustment granularity of the migration validity period is 1 hour; generating a temporary migration instance id, and writing the temporary migration instance id into a 2-3 migration id; writing the target edge computing node id into a 2-4 migration bearing id; the service information is valid only during the temporary migration.
2) Stage 2, implementation of instance migration.
Firstly, a target edge computing node verifies a configuration file, firstly, through the id recorded by 1-6, the cloud desktop unified management center is inquired about the AdminProfile related to the configuration file, and whether a user has a migration right is checked: 4-1-1 and 4-1-2.
Secondly, the target edge computing node inquires whether a migration instance related to 1-6id exists from the cloud desktop unified management center, if so, the migration is not carried out, namely, only one migration instance exists at the same time.
Checking the received user profile configuration file by the target edge computing node: according to 1-6 and 2-1, pulling the corresponding adminProfile and UserProfile of 1-6 from the edge computing node shown in 2-1; the migration target node may abandon the original UserProfile and instead execute a new UserProfile, but still need to follow the priority selection. UserProfile on the original node is not replaced.
Selecting a migration strategy:
i.1-r configuration files if there is a 1-5imageID, then: downloading the image from the image warehouse according to the 1-5imageID, and generating a new instance by combining the configuration file; the generation process of the instance is the same as that of section 5.1, namely that the edge computing node creates the cloud desktop instance according to the configuration file, but the configuration file is associated with instance id from 1 to 6; the user should proceed to perform application installation and storage volume mount operations.
ii.1-phi configuration file if there is no 1-5 write imageID, then perform: according to the 1-6 instance id, pulling the instance file and all related application configuration files from the primary edge computing node recorded in the 2-1; the instance file can be directly run and used, and internally contains all installed software and storage volume hooking information. The user does not need to install the application, and the installation operation (optional) of the storage volume can be omitted.
in general, the way (i) is faster than the way (ii); secondly, all installed application software is included, so that the embodiment is completely cloned, and firstly, partial software needs to be installed at a migration position subsequently.
Fifthly, if the process of the fourth to the first step is executed, the user needs to continue to install the application in the migrated instance and mount the application for storage.
After the migration is successful, the migration information is stored in the cloud desktop management system so as to realize the restriction policy of 5.1 section and 3-two. And stage 2, strategy 2-2 in section 5.5.1, etc.
3) Stage 4, use and protection are examples after migration.
After migration is completed, a user can query the addresses of the migrated instances through the cloud desktop unified management center and access and use the addresses.
And secondly, after the migration is finished, the user is refused to access the original embodiment according to the strategy of section 5.1 and section 3.
4) Supplement fifth phase, end of migration.
After the migration is completed, the adminProfile is pulled to a new edge compute node in the 2-r stage. The new edge calculation phase will check the 2-2 validity range in the AdminProfile. The intersection of the range and the 2-2 validity ranges in the UserProfile submitted by 1-r is the available time (migration termination time) of the instance after migration.
And secondly, the user can apply for migration termination to the cloud desktop unified management center.
And if one of the conditions is triggered, the new edge computing node deletes the instance and the related configuration file and informs the cloud desktop unified management center.
And fourthly, the cloud desktop unified management center deletes the temporary migration information. At this time, no restriction policy of section 5.1, section 3- ② exists, and the original example can be continuously used.
5.5.2 storage volumes are temporarily migrated.
1) 1-1 stage, UserProfile configuration file.
Setting sending: 0-1-2 storage volume temporary migration instructions; the other contents are consistent with the 1-phi requirements of 5.5.1.
2) And 2, implementing the storage volume migration.
The process is the same as the process of the 2 nd stage in 5.5.1.
② same as that of the 2 nd stage in 5.5.1.
(iii) the same as that of stage 2 in 5.5.1.
And fourthly, copying the data of the storage volume to the primary edge computing node recorded in the 2-1 mode to a new node according to the id recorded in the 1-6 mode.
And fifthly, after the migration is successful, the migration information is stored in the cloud desktop management system so as to realize the restriction policy of the section 5.1, the section 3 and the section III. And stage 2, 2-2 policies in section 5.5.2 (while there can only be one migrating storage volume at a time).
3) Stage 4, use and protection of storage volumes after migration.
After migration is completed, a user can inquire the address of the storage volume after migration through the cloud desktop unified management center, and the storage volume is connected and used.
Secondly, after the migration is finished, according to the strategy of 5.2, 3-2, the user is refused to access (articulate) the original storage volume.
And thirdly, the modification of the migrated storage volume by the user is continuously updated to the original storage volume, and the synchronization process may last for a period of time in consideration of the network overhead.
4) Supplement phase 5, end of migration.
The 5 th stage is supplemented with the 5.5.1.
② the 5 th stage of ② is added to the 5.5.1.
If one of the conditions is triggered, the new edge computing node checks whether the data in the migrated storage volume and the original storage volume are consistent (whether synchronization is completed), and if not, the new edge computing node continues checking after delaying for a certain time.
And if one of the conditions is triggered and the condition is met, deleting the migration storage volume and the related configuration file by the new edge computing node, and informing the cloud desktop unified management center.
Fifthly, the cloud desktop unified management center can temporarily transfer the information. At this time, the restriction policy of section 5.2, section 3-c does not exist, and the original storage volume can be continuously used.
5.5.3 application temporary migration.
Description of the drawings: when the application is performed, the 2 nd stage in 5.5.1 is required to execute the process of the fourth to the i, at this time, a user performs migration based on an original image, and only part of application software can be installed on a migration node or can be installed at any time. ② if the installed software is installed in the original instance, the following application temporary migration process is executed. This process is different from the general flow before. The main difference is that the relevant adminProfile and UserProfile are obtained directly from the original node and used. And thirdly, if the installed software is not installed in the original example, the software is installed as a new application, namely 5.3 process.
And (3) temporary migration flow: firstly, a user applies for installing an application (setting and sending a 0-1-3 instruction) to a cloud desktop unified management center, and provides an instance id and a defaultAppid of the application after migration. Secondly, inquiring the Appid when the application is installed in the corresponding original instance by the cloud desktop unified management center, and informing the nodes where the migrated instances are located of the following triples: appid, original bearing node information and migrated instance id. And thirdly, the transferred node sends Appid to the remote bearing node to obtain an App software package and a corresponding configuration file, and the App software package and the corresponding configuration file are installed in the transfer instance and can be used by a user. And fourthly, when the migration instance is deleted, the application software and the associated configuration file are also deleted.
Installing a new application in the temporary migration instance: there is no support to directly install new applications in section 5.3 in the temporary migration instance. ② the new application can be installed in the original instance after 5.3 steps are executed. Since the original instance is in the inaccessible state at this time, the step of phase 2 of 5.3 is not actually executed, but the step of delaying installation is executed, but the relevant configuration file already exists at this time, and the relevant information is already stored in the cloud desktop unified management center. And after the step is finished, the step of application migration of 5.5.3 is executed, and the new application can be installed in the temporary migration example.
5.6 permanent migration.
Description of the drawings: the permanent migration refers to the permanent migration of the storage volume and the instance to other edge computing nodes and the deletion of old data. There is no permanent migration of applications. ② the process is different from the general flow.
Permanent migration flow:
both the creator and the user of the instance or storage volume can initiate the persistent migration. The initiator initiates a permanent migration instruction (0-2-1 permanent migration instruction) to the cloud desktop unified management center, and adds 2-tuple information: 1-6id (InstanceID or StorageID) in AdminProfile, Nodeid of target node.
Secondly, if the initiator is a user, the cloud desktop unified management center needs to inquire whether the limitation of 4-1-1, 4-1-2 or 4-3-2, 4-3-1 in the adminProfile corresponding to the object is met.
The cloud desktop unified management center sends a permanent migration instruction to the target node, and the following 2 tuples: 1-6id (InstanceID or StorageID) in AdminProfile, Nodeid of the original bearer node.
And the target node copies the storage volume or the instance, and the corresponding adminProfile and UserProfile from the remote node according to the information.
Fifthly, after copying is finished: changing the bearing id of 2-1 in AdminProfile and UserProfile into the node id of the AdminProfile and the UserProfile; and sending information to the cloud desktop unified management center, and updating the relevant information stored by the cloud desktop unified management center.
It should be noted that, in the migration processing process of the cloud desktop, only different resources on the target edge computing node and different resources on the primary edge computing node are migrated, that is, when the corresponding image, application, cloud desktop instance, and storage volume are migrated to the edge computing node adjacent to the user for deployment, the same resources are not transmitted any more according to the existing configuration of the edge computing node, so as to accelerate the migration processing efficiency.
In summary, the migratable cloud desktop system based on edge computing of the present invention has the following features:
1) cloud-edge integrated system architecture. Namely, by using centralized cloud management and a decentralized edge computing platform, a user and an administrator can apply for, configure and the like for the cloud desktop system through the cloud. The cloud desktop system is actually deployed on edge computing nodes close to different users, so that traffic unloading is achieved, namely the users can use the cloud desktop only through a network from a terminal to the edge computing nodes, traffic transmission of a core network is reduced, and the problems of network overhead, time delay and reliability of the core network are solved.
2) An edge cloud desktop system supporting modular migration. That is, after the user changes the use position, the user desktop can be moved or copied to the vicinity of the new position of the user in a system migration manner. The migrated content can be customized to implement functions such as strategic customization and rapid customization.
3) Supporting multiple policy management. And the establishment, management, deployment and migration strategies of the hierarchical cloud desktop are supported. And a manageable cloud desktop system is realized.
4) For solving the problems of safety, performance, data synchronization and the like, a unified management strategy suitable for the system architecture is provided, and the performance and the safety characteristics which are the same as or better than those of the traditional cloud desktop are realized.
Claims (9)
1. The migratable cloud desktop system based on edge computing is characterized by comprising a cloud desktop unified management center and a plurality of edge computing nodes, wherein the cloud desktop unified management center is in communication connection with each edge computing node;
the cloud desktop unified management center comprises an edge computing node management module, a mapping warehouse module, an application warehouse module, a cloud desktop instance management module and a storage volume management module; the edge computing node management module is used for realizing various kinds of management of a cloud desktop of a certain edge computing node by a user, sending a corresponding management message to the node agent module of the appointed edge computing node, and migrating the cloud desktop to a target edge computing node corresponding to a new position of the user after the position is changed by the user to realize migration processing of the cloud desktop; the image warehouse module is used for realizing various management processing of the cloud desktop images; the application warehouse module is used for realizing various management processing of various application software of a user; the cloud desktop instance management module is used for realizing various management processing of each cloud desktop instance; the storage volume management module is used for realizing various management processing of a user storage volume;
the edge computing node comprises a node agent module, a desktop support module and a storage support module; the node agent module performs data interaction with the edge computing node management module; the desktop supporting module is used for establishing and operating an actual cloud desktop instance and completing actual cloud desktop operation; the storage support module is used for realizing various management processes of user data storage.
2. The migratable cloud desktop system based on edge computing of claim 1 wherein the various management processes of the cloud desktop image include storage, management, querying and retrieval of the cloud desktop image, and maintenance, upgrading and invocation of the cloud desktop image; various management processes of the application software comprise release, storage, inquiry, acquisition and management of the application software; the various management processes of the cloud desktop instance comprise establishment, deployment, resource adjustment and instance migration of the cloud desktop instance, and information management and query of the cloud desktop instance; the various management processes of the storage volume comprise generation, deployment, adjustment and migration management of the storage volume, and storage volume information management and query; various management processes of the user data storage comprise establishment, provision and management of user data; the actual cloud desktop operation comprises at least one of cloud desktop migration, storage volume mounting and application installation and deployment.
3. The edge computing-based migratable cloud desktop system of claim 1 wherein only different resources on the target edge computing node than on the primary edge computing node are migrated during the migration process of the cloud desktop.
4. The migratable cloud desktop system based on edge computing according to any one of claims 1 to 3, wherein the business process of the cloud desktop system executing part of all the businesses comprises:
1) editing, signing and submitting the configuration file;
2) according to the content of part of the business process, the target edge computing node executes corresponding operation;
3) after the target edge computing node successfully executes the corresponding operation, the target edge computing node stores the executed configuration file, and sends the configuration file and the information of successful execution to the cloud desktop unified management center, and the cloud desktop unified management center stores the configuration file;
the part of services are cloud desktop instance creation and delivery, storage volume creation and mounting use, application software acquisition and security, updating side rate, instance temporary migration in temporary migration or storage volume temporary migration in temporary migration; and the temporary migration refers to temporary migration of the cloud desktop caused by the user changing the position temporarily, and the cloud desktop on the primary edge computing node is inaccessible during the temporary migration.
5. The edge computing-based migratable cloud desktop system of claim 4 wherein the configuration file includes configuration instructions, scope information, business information, permission restrictions, and signature information;
the configuration instruction comprises at least one of a configuration file level, a configuration file generator UserID, a UserID of a creator of the object, a UserID of a user of the object, a template id and an object id; the configuration files comprise a configuration file adminProfile generated by a creator and a configuration file UserProfile generated by a user; a communication mechanism between the cloud desktop unified management center and each edge computing node generates a user ID of each user; the user ID of the configuration file generator is the user ID of the creator or the user ID of the user; the template id is imageID of the image or defaultappID of the application software; the object id is an InstanceID of the cloud desktop instance, an AppID of application software installed on the cloud desktop instance or a StorageID of the storage volume;
the range information comprises at least one of carrier id, validity period range, migration id, temporary migration bearer id and expiration limit policy; the carrier id is a Nodeid of an edge computing node or an instanceID of a cloud desktop instance; the validity period is the validity period of the configuration file; the migration id is an InstanceID of the temporary cloud desktop instance generated by the temporary migration; the temporary migration bearing id is a Nodeid of the target edge computing node or an instanceID of the cloud desktop instance after migration; the expiration limit policy comprises immediate execution, reminding and delayed execution and next starting execution;
the permission limit comprises a permission limit of a deployment configuration file, a permission limit of an application configuration file and a permission limit of a storage volume configuration file;
the signature information includes a summary calculated and digitally signed with a private key of a profile creator for the configuration instructions, the scope information, the service information, and the content of the rights restrictions, and a public key of the profile creator.
6. The migratable cloud desktop system according to claim 5, wherein after step 3) of the business process of the cloud desktop instance temporary migration and the storage volume temporary migration, the method further comprises step 4) of processing after the migration is finished, and the processing after the migration is finished comprises: the configuration file adminProfile generated by the creator is pulled to a new edge computing node, and the target edge computing node checks the validity period range in the configuration file adminProfile generated by the creator; after the validity period is over or a user applies for migration termination to the cloud desktop unified management center, deleting a cloud desktop instance, a storage volume or an application-related configuration file by the new edge computing node, and informing the cloud desktop unified management center; and the cloud desktop unified management center deletes the temporary migration information.
7. The edge computing-based migratable cloud desktop system of claim 5, wherein all services further include a persistent migration service, wherein the persistent migration is to permanently migrate a storage volume and a cloud desktop instance to a target edge computing node and delete a cloud desktop on the original edge computing node; the business process for executing the permanent migration business comprises the following steps:
after an initiator initiates a permanent migration, the cloud desktop unified management center sends a permanent migration instruction, an object id and a Nodeid of a primary edge computing node to a target edge computing node; the initiator is a creator or a user, if the initiator is the user, the cloud desktop unified management center needs to query whether the permission limit of the application configuration file and the permission limit of the storage volume configuration file in the configuration file AdminProfile generated by the creator corresponding to the object are met, and the query is continued under the condition of meeting;
copying a storage volume and/or a cloud desktop instance of an original target node, a configuration file adminProfile generated by a creator and a configuration file UserProfile generated by a user by a target edge computing node;
after copying is completed, the target edge computing node modifies the bearing id in the configuration file adminProfile generated by the creator and the configuration file UserProfile generated by the user into the node id of the edge computing node of the target edge computing node, and informs the cloud desktop unified management center.
8. The migratable cloud desktop system of claim 5 wherein the total services further include an application temporary migration service in the temporary migration, and the service flow for executing the application temporary migration service includes:
the cloud desktop unified management center provides the migrated instance id and the defaultappID of the application software according to an application installation instruction initiated by a user;
the cloud desktop unified management center inquires the AppID of the corresponding application software if the application software is installed in the cloud desktop instance corresponding to the primary edge computing node, and informs the AppID of the application software of the node where the cloud desktop instance is located after the migration, the original bearing node information and the cloud desktop instance id after the migration;
and after the migration is finished, sending the App ID of the application software to the remote bearing node to obtain an App software package and a corresponding configuration file, and installing the App software package and the corresponding configuration file in the migrated cloud desktop instance.
9. The migratable cloud desktop system based on edge computing of claim 5 wherein the digest is computed using a hashing algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210356546.5A CN114827162A (en) | 2022-03-30 | 2022-03-30 | Migratable cloud desktop system based on edge computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210356546.5A CN114827162A (en) | 2022-03-30 | 2022-03-30 | Migratable cloud desktop system based on edge computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114827162A true CN114827162A (en) | 2022-07-29 |
Family
ID=82532129
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210356546.5A Pending CN114827162A (en) | 2022-03-30 | 2022-03-30 | Migratable cloud desktop system based on edge computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114827162A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100150A (en) * | 2014-05-13 | 2015-11-25 | 中兴通讯股份有限公司 | Cloud desktop migration method and apparatus, and distributed cloud desktop system |
| WO2016078460A1 (en) * | 2014-11-21 | 2016-05-26 | 中兴通讯股份有限公司 | Method and apparatus for processing cloud desktop |
| CN106716353A (en) * | 2014-09-23 | 2017-05-24 | 亚马逊技术股份有限公司 | Virtual desktop migration |
| CN108804189A (en) * | 2018-06-01 | 2018-11-13 | 成都雨云科技有限公司 | A kind of cloud desktop management method and system |
| US20180329647A1 (en) * | 2017-05-12 | 2018-11-15 | International Business Machines Corporation | Distributed storage system virtual and storage data migration |
| CN113835822A (en) * | 2020-06-23 | 2021-12-24 | 中兴通讯股份有限公司 | Cross-cloud-platform virtual machine migration method and device, storage medium and electronic device |
-
2022
- 2022-03-30 CN CN202210356546.5A patent/CN114827162A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100150A (en) * | 2014-05-13 | 2015-11-25 | 中兴通讯股份有限公司 | Cloud desktop migration method and apparatus, and distributed cloud desktop system |
| CN106716353A (en) * | 2014-09-23 | 2017-05-24 | 亚马逊技术股份有限公司 | Virtual desktop migration |
| WO2016078460A1 (en) * | 2014-11-21 | 2016-05-26 | 中兴通讯股份有限公司 | Method and apparatus for processing cloud desktop |
| US20180329647A1 (en) * | 2017-05-12 | 2018-11-15 | International Business Machines Corporation | Distributed storage system virtual and storage data migration |
| CN108804189A (en) * | 2018-06-01 | 2018-11-13 | 成都雨云科技有限公司 | A kind of cloud desktop management method and system |
| CN113835822A (en) * | 2020-06-23 | 2021-12-24 | 中兴通讯股份有限公司 | Cross-cloud-platform virtual machine migration method and device, storage medium and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10601875B2 (en) | Automated multi-level federation and enforcement of information management policies in a device network | |
| CN109995594B (en) | Block chain network resource management method, device and block chain system | |
| US9171172B2 (en) | Automated multi-level federation and enforcement of information management policies in a device network | |
| US7823186B2 (en) | System and method for applying security policies on multiple assembly caches | |
| US7953833B2 (en) | Desktop delivery for a distributed enterprise | |
| CN109189334B (en) | Block chain network service platform, capacity expansion method thereof and storage medium | |
| US10768903B2 (en) | Virtualization layer for mobile applications | |
| US20150067167A1 (en) | Hot pluggable extensions for access management system | |
| US20140380411A1 (en) | Techniques for workload spawning | |
| WO2007080044A1 (en) | Method and system for sharing files among different virtual machine images | |
| WO2019154202A1 (en) | Security protection method and apparatus | |
| JP7493053B2 (en) | Image file generating method, device and computer program | |
| US20220277071A1 (en) | Enforcing policies for unmanaged applications | |
| US10430166B2 (en) | Resource injection for application wrapping | |
| CN110764918A (en) | Method for managing main nodes in container cluster | |
| US8726277B2 (en) | Domain controller safety-features and cloning | |
| US20170115979A1 (en) | Enforcement of updates for devices unassociated with a directory service | |
| KR101638689B1 (en) | System and method for providing client terminal to user customized synchronization service | |
| CN114827162A (en) | Migratable cloud desktop system based on edge computing | |
| CN115604120A (en) | Multi-cloud cluster resource sharing method, device, equipment and storage medium | |
| US11636068B2 (en) | Distributed file locking for a network file share | |
| KR100586486B1 (en) | Automatic patch management/distribution system and patch distribution method using the same | |
| US11868494B1 (en) | Synchronization of access management tags between databases | |
| CN116467280A (en) | Distributed version control method based on object storage and fine granularity access control | |
| CN117909027A (en) | Hierarchical container arrangement system and container arrangement method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 461000 plant 3, Xuchang Overseas Students Pioneer Park, Shangde Road, urban and rural integration demonstration zone, Xuchang City, Henan Province Applicant after: Henan Hongshuo Electric Co.,Ltd. Address before: 461000 plant 3, Xuchang Overseas Students Pioneer Park, Shangde Road, urban and rural integration demonstration zone, Xuchang City, Henan Province Applicant before: Henan BAOYING electromechanical Co.,Ltd. |