CN115982688A - System for providing dongle for virtual machine and dongle centralized manager - Google Patents
System for providing dongle for virtual machine and dongle centralized manager Download PDFInfo
- Publication number
- CN115982688A CN115982688A CN202211708208.XA CN202211708208A CN115982688A CN 115982688 A CN115982688 A CN 115982688A CN 202211708208 A CN202211708208 A CN 202211708208A CN 115982688 A CN115982688 A CN 115982688A
- Authority
- CN
- China
- Prior art keywords
- usb
- encryption
- information
- virtual machine
- dongle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The application discloses system for providing USB dongle for virtual machine includes: the USB dongle client in the virtual machine server generates encryption request information according to a request of a corresponding virtual machine, and then sends the information to the USB dongle server in the USB centralized manager through the switch, and the USB dongle server accesses first encryption information stored in a specified USB encryption port in the USB centralized manager according to the received encryption request information, and then provides the first encryption information to the USB dongle client which sends the USB encryption request information to the USB encryption port through the switch and is positioned in the virtual machine server. The problem that the existing virtual machine server does not have enough USB interfaces so that the virtual machine in the existing virtual machine server cannot provide the dongle service is solved. The method realizes the virtualization of the dongle port, is convenient for centralized management, and provides enough dongle service for the virtual machine in the virtual machine server.
Description
Technical Field
The application relates to a computer encryption system, in particular to a system for providing a dongle for a virtual machine; the application also relates to a dongle centralized manager.
Background
The application of the dongle is almost everywhere in life, and equipment manufacturers generally encrypt and authorize and manage equipment or data use and operation control in order to protect intellectual property and core technologies of the manufacturers, so the dongle is required.
Modern enterprises cannot manage large software without running them on virtual machines. Generally, a dongle corresponds to a virtual machine, the dongle is usually inserted into a computer and accessed through an external port of the computer, the external port used by the dongle may be a parallel port or a serial port, and currently, a universal USB interface is generally used; when a USB interface is used, the dongle is essentially a dedicated USB disk, commonly referred to as a USB dongle.
However, in the prior art, several virtual machines are often deployed centrally in a virtual machine server of one entity. At this time, since a plurality of virtual machines arranged in one virtual machine server respectively correspond to dedicated dongles, it is generally impossible for the server to arrange sufficient external ports. Therefore, how to provide multiple dongles for multiple virtual machines in the virtual machine server simultaneously under the condition that the virtual machine server does not have enough external ports is a problem to be solved.
Disclosure of Invention
The application provides a system for providing a dongle for a virtual machine to solve the problem that hardware of an existing virtual machine server does not have enough external ports and cannot provide the dongle for a plurality of virtual machines simultaneously.
A system for providing a dongle for a virtual machine, comprising: the system comprises a USB centralized manager, a switch and a virtual machine server;
the USB centralized manager is connected with a virtual machine server through the switch; at least one industrial virtual machine is configured in the virtual machine server;
the USB centralized manager comprises at least one USB encrypted port, and a USB dongle server is arranged in the USB centralized manager and used for realizing interaction with the USB encrypted port; the USB dongle server receives USB encryption request information from the switch, accesses the specified USB encryption port according to the information, reads first encryption information in the USB disk from the USB encryption port, and provides the first encryption information to a USB dongle client which sends the USB encryption request information to the USB encryption port and is positioned in the virtual machine server through a communication channel provided by the switch;
the virtual machine server comprises at least one USB dongle client, each USB dongle client corresponds to a virtual machine running in the virtual machine server, and sends USB encryption request information through the switch according to a request of the first virtual machine, receives the first encryption information uploaded by the switch, and provides the first encryption information to the first virtual machine corresponding to the USB dongle client.
Optionally, the USB dongle server receives USB encryption request information from the switch, and accesses its designated USB encryption port according to the information, including:
receiving USB encryption request information from a switch, and analyzing the USB encryption request information to obtain target information containing a specified USB encryption port;
accessing the designated USB encryption port based on the target information.
Optionally, the reading the first encryption information in the USB disk from the USB encryption port includes:
judging whether key information matched with a first virtual machine exists in the USB equipment connected with the specified USB encryption port or not based on identification information of the first virtual machine sending the USB encryption request information, wherein the identification information is contained in the received USB encryption request information;
and if so, reading the key information as first encryption information in the USB disk.
Optionally, the step of sending, by the USB dongle client, USB encryption request information through the switch according to the request of the first virtual machine includes:
generating the encryption request information through the USB dongle client bound with the first virtual machine based on the binding information of the virtual machine and the USB dongle client;
the binding information is a preset corresponding relation between the virtual machine and the USB client; the encryption request information comprises identification information of the first virtual machine;
and sending the USB encryption request information to a USB dongle server in the USB centralized manager through the switch.
Optionally, the receiving the first encryption information uploaded by the switch, and providing the first encryption information to a virtual machine corresponding to the USB dongle client includes:
determining matching information contained in the first encryption information based on the first encryption information uploaded by the switch;
determining a USB dongle client matched with the first encryption information based on the matching information; providing the first encryption information to a USB dongle client matched with the first encryption information; and the USB dongle client provides the first encryption information to the corresponding first virtual machine.
Optionally, the USB dongle server is WiUSBShare virtualized linux server software.
A USB dongle centralized manager comprising:
at least one USB encryption port, a USB encryption dog server configured in a software form based on a basic computer system, and a communication end;
the USB dongle server is used for realizing interaction with the USB dongle port, and comprises a USB encryption request message received from a switch, a USB encryption port appointed by the switch according to the message, a first encryption message in a USB disk read from the USB encryption port, and a USB dongle client software which sends the USB encryption request message to the USB encryption port and is positioned in a virtual machine server, wherein the switch connected with the communication terminal provides the first encryption message to the switch;
the USB encryption port is used for providing a USB interface and receiving the access of the USB dongle server, so that the USB dongle server can access the USB disk stored with the encryption information through the USB encryption port;
and the communication terminal is used for providing communication connection with the switch module.
Optionally, the USB dongle server receives USB encryption request information from the switch, and accesses its designated USB encryption port according to the information, including:
the USB dongle server receives USB encryption request information from a switch through the communication terminal, sends the USB encryption request information to the USB dongle server, and analyzes the USB encryption request information to obtain target information containing a specified USB encryption port;
accessing the designated USB encryption port based on the target information.
Optionally, the reading of the first encryption information in the USB disk from the USB encryption port includes:
judging whether key information matched with a first virtual machine exists in the USB encryption port or not based on identification information of the first virtual machine sending the USB encryption request information contained in the received USB encryption request information,
if yes, reading the key information as the first encryption information in the USB disk.
The system for providing the dongle for the virtual machine comprises a USB centralized manager, a switch and a virtual machine server; the USB centralized manager is connected with a virtual machine server through the switch; at least one industrial virtual machine is configured in the virtual machine server; the USB centralized manager comprises at least one USB encryption port, and a USB dongle server is arranged in the USB centralized manager and used for realizing interaction with the USB encryption port; the USB dongle server receives USB encryption request information from the switch, accesses the specified USB encryption port according to the information, reads first encryption information in the USB disk from the USB encryption port, and provides the first encryption information to a USB dongle client which sends the USB encryption request information to the USB encryption port and is positioned in the virtual machine server through a communication channel provided by the switch; the virtual machine server comprises at least one USB dongle client, each USB dongle client corresponds to a virtual machine running in the virtual machine server, sends USB encryption request information through the switch according to a request of a first virtual machine, receives the first encryption information uploaded by the switch, and provides the first encryption information to the first virtual machine corresponding to the USB dongle client. According to the method and the device, the dongle can be suitable for the situation that the virtual machines are arranged in the virtual machine server, and the USB dongle is subjected to centralized unified management, so that the dongle of the virtual machines on the virtual machine server can be normally accessed at the same time, and the problem of hardware interfaces is avoided, and the virtual machines cannot normally run.
Drawings
Fig. 1 shows a schematic diagram of the devices included in the encryption system of the present application.
Fig. 2 is a schematic diagram showing the operation of the encryption system of the present application.
Fig. 3 shows a schematic diagram of a USB centralized manager of the present application including specific devices.
Fig. 4 is a schematic diagram illustrating the operation of the USB centralized manager of the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of implementation in many different ways than those herein set forth and of similar import by those skilled in the art without departing from the spirit of this application and is therefore not limited to the specific implementations disclosed below.
When a modern enterprise operates, in order to save cost and space, a virtual machine server can be directly and intensively deployed in a machine room. A plurality of virtual machines are deployed in one virtual machine server, and at the moment, the cooperation of a plurality of dongles is needed, so that different software on the plurality of virtual machines can work smoothly. However, there is not enough USB interfaces on the hardware devices of the virtual machine server to provide it with the dongle service.
A typical scenario is that an industrial personal computer in a factory workshop is centralized on a virtual machine server in the form of a virtual machine for centralized management, and such a virtual machine is called an industrial virtual machine; in this case, a plurality of industrial virtual machines may be installed on one virtual machine server, and each industrial virtual machine server corresponds to a controller for controlling the machine tool of each industrial controller. These industrial computers themselves generally require dongles using USB interfaces for reliable operation and management, and these machines need to work simultaneously; however, it is clear that the virtual machine server cannot provide so many USB interfaces.
Based on the above problem, the present application provides a system for performing centralized management on USB dongle and providing the USB dongle for use by a virtual machine configured in a virtual machine server. The system is characterized in that the core of the system is a USB centralized manager which is provided with a plurality of USB interfaces and a server which is arranged in the USB centralized manager and used for managing USB dongles and realizing client-server interaction with each virtual machine. Although only USB dongle is mentioned herein, the methods provided herein are also applicable to other dongle types that employ external ports, and these types of dongle are within the scope of the present application. The system is described below.
The application provides a system for providing a dongle for a virtual machine, which comprises a USB centralized manager, a switch and a virtual machine server; the Core component is a USB centralized manager, the hardware of the USB centralized manager comprises a plurality of USB ports for USB softdogs to access, the hardware is embedded hardware, an Ubuntu Core Server Linux system is deployed on the hardware, and the hardware and software are used for realizing the concentration of the USB ports of the softdogs. The virtual machine server is provided with a dongle client corresponding to each virtual machine, and after the virtual machine is started, the corresponding virtualized USB port can be selected on a software interface, so that the corresponding relationship is established between the virtual machine and the selected USB port; by the method, the virtual machine server is virtualized by the dongle, so that the corresponding virtual machine or application software in the virtual machine can have the dongle in one-to-one correspondence with the virtual machine, and management is facilitated.
In order to facilitate understanding of the technical scheme of the present application, a process of deploying the environment is briefly described herein.
The USB centralized manager is used as a server of the system, the hardware of the USB centralized manager can adopt various general computer systems, and a typical configuration is J1900X 86 architecture embedded hardware which is provided with 2 Ethernet ports and at least 4 USB interfaces; for the purpose of this application, multiple USB interfaces may be additionally configured (the hardware herein is for ease of understanding, and a simple example is provided, and in other embodiments, the number of ethernet ports and the number of USB ports are not specifically limited herein).
In terms of software, an Ubuntu Core Server Linux system can be deployed on embedded hardware of the USB centralized manager, and based on the Linux system, wiUSBShare virtualized Linux Server software or other virtualized Server software is further deployed, which is only illustrated here for convenience of understanding; executing the following instructions after deployment:
1. opening Shell Command line
2、cd/usr/bin
3、cp WiUsbShare/usr/sbin
4、cd/etc/init.d
5. And starting up self-starting of the sudo update-rcUSBShare service.
The client is deployed in a virtual machine server, and the virtual machine server is mainly used for deploying various virtual machines, such as an industrial virtual machine, as part of the client of the system, and is arranged in each virtual machine as application software of the virtual machine. For example, a Windows operating system virtual machine is deployed in a wicoud virtualization platform system, the operating system of the virtual machine is not lower than Windows7 Professional, and corresponding Windows client software is deployed in the operating system, that is: the 32-bit machine is deployed with 32-bit client software, and the 64-bit system is deployed with 64-bit client software; after the software is deployed, when the virtual machine is started, the corresponding software can be further started, and configuration operation with each USB interface can be carried out.
And after the client and the server deploy the software, respectively starting the software. At this time, a plurality of virtualized USB ports are displayed on a specific virtual machine interface for a user to select, and the user selects one of the USB ports based on his own selection, and uses it as a USB port corresponding to the current virtual machine, so that a one-to-one correspondence is established between the current virtual machine and the selected USB port, and further the virtual machine can read the encrypted information stored in the USB disk inserted into the corresponding USB port through the client-server architecture in the system provided in this embodiment.
As shown in fig. 1, the figure shows that a one-to-one correspondence relationship between USB encrypted ports USB0-4 and virtual machines VM1-5 is established inside the virtual machines.
The system provided by the present application is specifically described below.
FIG. 1 illustrates a system for providing a USB dongle for a virtual machine according to one embodiment of the present application.
As shown in FIG. 1, a virtual machine server 110, an (Ethernet) switch 120, and a USB hub manager 130 are included.
The USB centralized manager 130 uses a computer device as a hardware foundation, and includes a first ethernet interface (Eth 0) 131 and a plurality of USB interface type encryption ports 133, and is configured with a software type USB dongle server 132 based on the computer device; in fig. 1, the encrypted ports 133 include a first encrypted port USB0, a second encrypted port USB1, a third encrypted port USB2, a fourth encrypted port USB3, and a fifth encrypted port USB4; since several encryption ports in the USB centralized manager 130 have the same status in this embodiment, they are collectively referred to as the encryption port 133 hereinafter.
The physical layer of the virtual machine server 110 is a physical server 111, in the physical server 111, a second ethernet interface (Eth 1) 113 is configured, and an internal virtual network 112 and a plurality of virtual machines 114 are configured mainly in a software manner based on the physical server 111; as shown in fig. 1, the virtual machines 114 specifically include a first virtual machine VM1, a second virtual machine VM2, a third virtual machine VM3, a fourth virtual machine VM4, and a fifth virtual machine VM5; several of the virtual machines 114 have the same role in this embodiment and are collectively referred to hereinafter as virtual machines 114.
The USB centralized manager 130 connects, through its configured first ethernet interface 131, to the second ethernet interface 113 of the virtual machine server 110 through the switch 120; the virtual machine server 110 is configured with at least one virtual machine 114, and the virtual machine 114 may be an industrial virtual machine.
For ease of understanding, the functions and roles of the USB centralized manager 130, the ethernet switch 120, and the virtual machine server 110 included in the above system are explained herein one by one.
The USB centralized manager 130 is a special server formed by combining embedded hardware and software, and generally includes at least one USB encryption port — in an example, the USB centralized manager generally includes a plurality of USB encryption ports, and rarely includes only one USB encryption port and is deployed with a USB dongle server; the hardware and software basis of which has been described above, the following is a brief description of the USB centralized manager, mainly from the functional point of view.
The dongle is a software and hardware combined dongle product that can be inserted into a parallel port or a USB port of a computer, and is a popular identity authentication security tool at present, and the dongle is currently and generally used with a USB interface as an access port, and the hardware entity of the dongle is similar to a USB flash disk in size and can be directly inserted into and pulled out of the USB interface of the computer and accessed into the computer through the USB interface; the encryption system provided by the application provides external port service for the identity authentication security tool; each dongle has an independent product identification code and built-in specially-provided cryptographic algorithm software, and when a user logs in a platform, normal login is allowed only after accurate verification provided by specific cryptographic algorithm software (the dongle) is detected and the identification of the hardware ID of the dongle is combined. The common USB dongle generally adopts the form of a USB disk, stores encrypted information in the USB disk, and provides encrypted services for specific service software in the computer device by accessing a USB interface of the computer device in combination with a device ID of the USB disk itself. The USB centralized manager 130 in the present application is configured with a plurality of USB ports as encrypted ports (encrypted ports U1-U5), and a unified server configured with each encrypted port interface is configured inside, so as to form an independent device dedicated to serving a plurality of USB dongle, where the dongle provides required encrypted authentication information for different virtual machines on the virtual machine server; through the USB centralized manager 130, multiple USB dongles can be accessed through multiple USB ports of one device, and the encryption information can be accurately provided to the corresponding virtual machines.
A switch is a network device used for the forwarding of electrical (optical) signals. It may provide an exclusive electrical signal path for any two network nodes accessing the switch. The most common switch is an ethernet switch. In this application, the switch 120 is an ethernet switch, and one end of the ethernet switch is connected to the second ethernet interface 113 of the virtual machine server 110, and the other end of the ethernet switch is connected to the first ethernet interface 131 of the USB centralized manager 130, so that the virtual machines 114 in the virtual machine server 110 send encryption requests generated by their respective USB dongle clients to the USB dongle server disposed in the USB centralized manager 130, and return the first encryption information returned by the USB dongle server to the USB dongle client that sent the USB dongle request information, and the USB dongle client sends the first encryption information to the virtual machines, so as to implement communication between the USB dongle 133 and the corresponding virtual machines 114 in the virtual machine server 110.
The virtual machine server (VM server) generally has an internal structure including a physical server, an internal virtual network, and a plurality of virtual machines (the number of virtual machines is set according to actual needs, and is not limited herein). The physical server can use software called virtual machine hypervisor virtualization, and the server can be freely divided into multiple VPSs (virtual servers), each for different parallel services. A virtual layer is implemented on top of the host servers to manage the virtual servers on the host. The internal virtual network is used for virtualizing a physical device into a plurality of virtual machines, the virtual machines are naturally isolated, and each virtual machine is allocated with a certain amount of CPU/storage/memory resources and network bandwidth resources. VM servers are a system that uses Virtual Machine (VM) technology to divide a server into multiple Virtual machines (VM servers) to share hardware, software, licenses, and management resources with maximum efficiency; for users and applications, the operation and management of each VM server platform are completely the same as that of an independent host, because each VM can be restarted independently and has its own Root access authority, user, IP address, memory, process, file, application, system function library, and configuration file. The typical scene used by the method is mainly an industrial virtual machine scene, and the industrial virtual machine can be used for replacing a PLC (programmable logic controller) or an industrial personal computer and the like of each machine tool.
The specific working process of the encryption system provided by the application is shown in fig. 2, and is explained in detail as follows:
the USB centralized manager 130 comprises at least one USB encryption port 133, and a USB dongle server 132 is arranged in the USB centralized manager 130 and is used for realizing interaction and management of the USB encryption port 133; the USB dongle server 132 receives the USB encryption request message from the switch 120, and accesses the USB encryption port 133 specified by the USB dongle server according to the USB encryption request message, specifically, any one of USB0 to USB4; the first encryption information in the USB disk is read from the USB encryption port 133 and provided to the USB dongle client 133 located at the virtual machine server, which issues the USB encryption request information to the USB encryption port 133, through the communication channel provided by the switch 120.
The virtual machine server 110 includes at least one USB dongle client 115, each USB dongle client 115 corresponding to one virtual machine (e.g., dongle client 1 in fig. 2 corresponds to virtual machine V1) operating in the virtual machine server, and issues USB encryption request information through the (ethernet) switch 120 in response to a request of a first virtual machine (here, the first virtual machine is a reference to a specific virtual machine issuing a USB encryption request, and is not a certain virtual machine), and receives first encryption information uploaded by the switch 120 and provides the first encryption information to the first virtual machine (V1 or V2 in fig. 2) corresponding to the USB dongle client 115. Of course, different application software may be simultaneously run in one virtual machine, and a USB dongle client may be provided for each application software. The specific number of USB encryption ports, i.e. USB interfaces, can be set according to actual needs, as shown in fig. 1, with 5 USB ports USB0-4. Inserting the corresponding USB disk into the USB encryption port can enable the encryption information in the USB disk to be provided for the corresponding virtual machine.
The USB dongle Server 132 is in a software form (e.g., wiUSBShare virtualized Linux Server software), and is disposed on embedded hardware of the Ubuntu Core Server Linux system, and the USB dongle Server 132 may interact with the USB dongle inserted in the USB dongle port 133 through the USB port 133, and may provide the cryptographic information obtained through the USB dongle ports to a client of a virtual machine matching a specific USB port in a client-Server manner.
The USB dongle client 115, disposed in the virtual machine in the form of software, is connected to the switch 120 through the ethernet interface (Eth 1) 113 of the virtual machine server, and implements transmission of the encryption request information and reception of the encryption information. The software can be configured according to the actual needs of the virtual machine or the application software.
It can be seen that, in the system for providing a USB dongle for a virtual machine in this embodiment, a client-server architecture is adopted, where a client is a USB dongle client 115 that is set for each virtual machine 114 (or application software that needs to use a special dongle in the virtual machine 114); the server is a USB dongle server 132 disposed in the USB centralized manager 130, and is implemented to provide USB dongles for the respective virtual machines 114 through the above-described architecture.
The encryption request information is key request information for starting the virtual machine; a virtual machine that specifically needs the encryption information of the USB dongle sends an encryption request message to the USB dongle server 132 of the system through the USB dongle client 115 of the system (i.e., the system provided in this embodiment) that provides the dongle for the virtual machine. Taking the first virtual machine VM1 as an example (assuming that the first virtual machine VM1 is a currently running virtual machine, in fact, the virtual machine may be any currently running virtual machine), a process of specifically generating and sending the encryption request information will be described:
the step of the USB dongle client 115 sending the USB encryption request information through the switch according to the request of the first virtual machine VM1 includes:
generating encryption request information by the USB dongle client USB0 bound with the first virtual machine VM1 based on the binding information of the virtual machine 114 and the USB dongle client 115; wherein, the binding information is a preset corresponding relationship between the virtual machine 114 and the USB client 115; the encryption request information comprises identification information of the first virtual machine VM 1;
the USB dongle server 132 in the USB centralized manager 130 sends USB dongle request information through the switch 120.
The binding information is a corresponding relationship between the virtual machine 114 and the dongle client 115, different virtual machines 114 or different application software on the same virtual machine all have the USB dongle client 115 corresponding thereto, and the corresponding relationship may be configured in the setting of the virtual machine 114 according to actual needs. The corresponding relationship is set so that the USB dongle client 115 can send the generated encryption request information through the switch 120 according to the corresponding relationship, and then timely read the encryption information and the USB disk hardware ID stored in the USB disk of the USB encryption port 133 corresponding to the virtual machine 114 or the application software, and provide the encryption information and the USB disk hardware ID to the corresponding virtual machine 114, so that the virtual machine 114 can timely and normally operate.
After a user clicks and opens the first virtual machine VM1 (which refers to a currently running virtual machine), the inside of the first virtual machine VM1 automatically generates encryption request information according to the stored binding information between the USB dongle client 115 and the first virtual machine VM1, and sends the encryption request information to the switch. Since there is a corresponding relationship between different virtual machines 114 and the USB encryption port 133, the generated encryption request information includes information of the USB encryption port 133 that currently has a corresponding relationship with the first virtual machine VM1, and includes identification information of the current first virtual machine VM 1.
As shown in fig. 2, after receiving the encryption request message sent by the USB dongle client 115, the switch 120 sends the encryption request message to the USB dongle server 132 in the USB centralized manager 130, and after receiving the USB encryption request message, the USB dongle server 132 specifically processes the following steps:
the USB dongle server 132 receives the USB encryption request message from the switch 120, and accesses its designated USB encryption port according to the message, including:
receiving the USB encryption request information from the switch 120, and analyzing the USB encryption request information to obtain target information including the designated USB encryption port 133;
based on the target information, the specified USB encryption port 133 is accessed.
The target information generally includes identification information of the first virtual machine VM1 that issued the encryption request information, and USB encryption port information (i.e., identification information of the USB encryption port 133) corresponding to the identification of the first virtual machine VM 1. After receiving the encryption request information, the USB dongle server 132 parses the encryption request information to obtain the first virtual machine VM1 identification information, further obtains the USB encryption port information corresponding to the first virtual machine VM1, immediately packages the obtained USB encryption port information and the first virtual machine VM1 identification information, generates access information, and accesses the USB encryption port 133 specified in the USB encryption port information.
After receiving the access information sent by the USB dongle server 132, the specified USB encryption port 133 determines whether key information matching the first virtual machine VM1 exists in the USB disk connected to the specified USB encryption port 133 based on the identification information of the first virtual machine VM1 that sends the USB encryption request information, which is included in the received USB encryption request information, and if so, reads the key information as the first encryption information in the USB disk. The key information provides verification information for the virtual machine 114 which sends the encryption request, so that the virtual machine 114 can operate normally, and the key information is stored in a USB disk similar to the USB disk in size, specifically, the key information may be a return value of a software function executed by the virtual machine, or a part of an algorithm and a code in software of the developer of the encryption system may be downloaded to a chip for execution. For example, in a specific application scheme, in an actual operation process of software, a program segment in the dongle is operated by calling a function mode, and an operation result is obtained, and the operation result is used as input data for further operation of the user program, or other verification information that may be provided for normal operation of the virtual machine, which is not limited specifically herein. Of course, the above encryption information generally needs to be combined with the hardware ID information of a specific USB disk to achieve security and uniqueness of the encryption process.
After the USB dongle server 132 sends the first encrypted information to the switch 120, the switch 120 uploads the first encrypted information to the virtual machine server 110. After receiving the first encryption information uploaded by the switch 120, the virtual machine server 110 performs the following processing:
the virtual machine server 110 analyzes the first encryption information to obtain client matching information included in the first encryption information, determines the USB dongle client 115 that receives the first encryption request information based on the matching information, and provides the first encryption information to the USB dongle client 115 corresponding to the first encryption information in a matching manner after determining the dongle client 115 of the first encryption request information. The USB dongle client 115 that receives the first encryption information sends the first encryption information to the first virtual machine VM1 that has a corresponding relationship with the USB dongle client 115, and after receiving the first encryption information, the first virtual machine VM1 starts to use the first encryption information for verification, and after successful verification, the first virtual machine starts to operate normally. Through the process, the whole work of the encryption system is completed.
The present application further provides a USB dongle centralized manager 130, and the following second embodiment introduces an implementation manner of the dongle centralized manager.
As shown in fig. 3, the USB centralized manager 130 includes: at least one USB dongle server 132 configured in software based on the underlying computer system and at least one USB encryption port 133, and a communication port 134.
The USB encryption ports 133, which are generally USB interfaces, may be specifically set according to actual needs, and as shown in fig. 3, have 5 USB ports USB0-4. Inserting the corresponding USB disk into the USB encryption port 133 may cause the encrypted information in the USB disk to be provided to the corresponding virtual machine 114. That is, the USB hub manager 130 of FIG. 3 may provide encryption information for 5 different virtual machines 114, or 5 different applications on one or more virtual machines 114, simultaneously.
The above-mentioned computer system based on the foundation and configuring the USB dongle server 132 in the form of software for realizing the interaction with the USB encryption port 133 includes receiving the USB encryption request information from the switch 120, accessing the USB encryption port 133 designated by the computer system according to the received encryption request information, reading the first encryption information stored in the USB disk from the designated USB encryption port 133, and providing the first encryption information to the USB dongle client 115 which sends the USB encryption request information to the USB encryption port and is located in the virtual machine server through the switch 120 connected to the communication terminal.
The USB dongle Server 132 is deployed on embedded hardware of the Ubuntu Core Server Linux system in a software form (e.g., wiUSBShare virtualized Linux Server software), and the USB dongle Server 132 may interact with a USB dongle inserted into the USB dongle encrypted port 133 through a USB port, and may provide encrypted information obtained by the USB dongle ports 133 to the client 115 of the virtual machine 114 matching a specific USB dongle port 133 in a client-Server manner.
The communication terminal 134 receives the encryption request information sent by the switch 120 and uploads the first encryption information to implement communication connection with the switch, and the specific type of the communication device is not specifically limited herein; the port of the communication end generally adopts an ethernet interface, such as the first ethernet interface 131.
The USB dongle client 115 is disposed in the virtual machine server in the form of software, and is connected to the switch 120 through an ethernet interface (Eth 1) 113 of the virtual machine server to implement transmission of the encryption request information and reception of the first encryption information. The software may be self-configuring according to the actual needs of the virtual machine 114 or application software. Of course, different application software may be simultaneously run in one virtual machine 114, and the USB dongle client 115 may be provided for each application software.
After the virtual machine 114 is started, it needs the corresponding key information to operate normally, and this key information is actually stored in the corresponding USB dongle, and is actually a USB disk loaded with encryption software, and accesses the USB centralized manager 130 through the USB encryption port 133. Therefore, the encryption request information can be simply understood as key request information for starting the currently running virtual machine 114. The virtual machine 114, which specifically needs the encryption information of the USB dongle, sends the encryption request information to the server (i.e., the USB dongle server 132) of the system through the client 115 of the system (i.e., the system provided in this embodiment) that provides the dongle for the virtual machine 114 inside the virtual machine.
The encryption request information is sent to the switch 120 through the dongle client 115, the switch 120 is then sent to the communication terminal 134 in the USB centralized manager 130, as shown in fig. 4, the communication terminal 134 immediately sends the received encryption request information to the USB dongle server 132, and after the USB dongle server 132 receives the USB encryption request information, the specific processing steps are as follows:
the USB dongle server 132 receives the USB encryption request message from the switch 120 through the communication port 134 and accesses the designated USB encryption port 133 according to the message, including:
receiving the USB encryption request information from the switch 120, and analyzing the USB encryption request information to obtain target information including the designated USB encryption port 133;
based on the target information, the specified USB encryption port 133 is accessed.
The target information generally includes identification information of the first virtual machine VM1 that issued the encryption request information, and USB encryption port information corresponding to the identification of the first virtual machine VM 1. After receiving the encryption request information, the USB dongle server 132 analyzes the encryption request information in a specific decoding manner to obtain information including the identifier information of the first virtual machine VM1 and the USB encryption port information corresponding to the first virtual machine VM1, immediately packages the first virtual machine identifier information according to the obtained specified USB encryption port information to generate target information, and accesses the specified USB encryption port 133.
As shown in fig. 4, after receiving the target information sent by the USB dongle server 132, the specified USB dongle port 133 obtains the first encryption information stored in the USB disk corresponding to the specified USB dongle port 133, and sends the first encryption information to the USB dongle server 132.
The specific process of the USB encryption port 133 acquiring the first encryption information stored in the disc corresponding to the specified USB port according to the target access information is as follows:
the designated USB encryption port 133 determines, based on the identification information of the first virtual machine VM1 sending the encryption request information included in the received USB encryption request information, whether there is key information matching with the first virtual machine VM1 in the corresponding USB disk connected to the designated USB encryption port, and if there is key information matching with the first virtual machine VM1, reads the key information as the first encryption information in the USB disk, and sends the first encryption information to the USB dongle server 132. The key information provides verification information for the virtual machine VM1 which sends out the encryption request, so that the virtual machine VM1 can normally run; specifically, the return value of the software function run by the virtual machine may be used, or a developer of the encryption system may download a part of the algorithm and code in the software of the developer to the chip for running. The specific application scheme may be to run a program segment in the dongle by calling a function mode in the actual running process of the software, obtain a running result, and use the running result as input data for further running of the user program, or may be other verification information that may be provided for normal running of the virtual machine, which is not limited specifically herein. Of course, the above encryption information generally needs to be combined with the hardware ID information of a specific USB disk to implement security and uniqueness of the encryption process.
As shown in fig. 4, the USB dongle server 132 receives the first encryption information returned from the designated USB encryption port 133 and then sends the first encryption information to the communication port 134. To this end, the USB centralized manager 130 completes the overall work of receiving the encryption request information, and based on the USB port specified in the encryption request information, obtaining the first encryption information from the specified USB port and returning it to the switch.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Although the present application has been described with reference to the preferred embodiments, it is not intended to limit the present application, and those skilled in the art can make variations and modifications without departing from the spirit and scope of the present application, therefore, the scope of the present application should be determined by the claims that follow.
Claims (9)
1. A system for providing a dongle for a virtual machine, comprising: a USB centralized manager, a switch and a virtual machine server;
the USB centralized manager is connected with a virtual machine server through the switch; at least one industrial virtual machine is configured in the virtual machine server;
the USB centralized manager comprises at least one USB encrypted port, and a USB dongle server is arranged in the USB centralized manager and used for realizing interaction with the USB encrypted port; the USB dongle server receives USB encryption request information from the switch, accesses the specified USB encryption port according to the information, reads first encryption information in the USB disk from the USB encryption port, and provides the first encryption information to a USB dongle client which sends the USB encryption request information to the USB encryption port and is positioned in the virtual machine server through a communication channel provided by the switch;
the virtual machine server comprises at least one USB dongle client, each USB dongle client corresponds to a virtual machine running in the virtual machine server, sends USB encryption request information through the switch according to a request of a first virtual machine, receives the first encryption information uploaded by the switch, and provides the first encryption information to the first virtual machine corresponding to the USB dongle client.
2. The system of claim 1, wherein the USB dongle server receives USB encryption request information from the switch and accesses its designated USB encryption port according to the information, comprising:
receiving USB encryption request information from a switch, and analyzing the USB encryption request information to obtain target information containing a specified USB encryption port;
accessing the designated USB encryption port based on the target information.
3. The system according to claim 2, wherein said reading the first encrypted information in the USB disk from the USB encryption port comprises:
judging whether key information matched with a first virtual machine exists in the USB equipment connected with the specified USB encryption port or not based on identification information of the first virtual machine sending the USB encryption request information, wherein the identification information is contained in the received USB encryption request information;
and if so, reading the key information as first encryption information in the USB disk.
4. The system according to claim 1, wherein the step of the USB dongle client issuing USB encryption request information through the switch according to the request of the first virtual machine comprises:
generating the encryption request information through the USB dongle client bound with the first virtual machine based on the binding information of the virtual machine and the USB dongle client; the binding information is a preset corresponding relation between the virtual machine and the USB client; the encryption request information comprises identification information of the first virtual machine;
and sending the USB encryption request information to a USB dongle server in the USB centralized manager through the switch.
5. The system according to claim 1, wherein the receiving the first encryption information uploaded by the switch and providing the first encryption information to the virtual machine corresponding to the USB dongle client comprises:
determining matching information contained in the first encryption information based on the first encryption information uploaded by the switch;
determining a USB dongle client matched with the first encryption information based on the matching information;
providing the first encryption information to a USB dongle client matched with the first encryption information;
and the USB dongle client provides the first encryption information to the corresponding first virtual machine.
6. The system of claim 1, wherein the USB dongle server is WiUSBShare virtualized linux server software.
7. A dongle centralized manager, comprising: at least one USB encrypted port, a USB encrypted dog server configured in a software form based on a basic computer system, and a communication terminal;
the USB dongle server is used for realizing interaction with the USB encrypted port, and comprises a USB encrypted request message received from a switch, an appointed USB encrypted port accessed according to the message, first encrypted message in a USB disk read from the USB encrypted port, and a USB dongle client software which sends the USB encrypted request message to the USB encrypted port and is positioned in a virtual machine server, wherein the switch is connected with the first encrypted message through a communication terminal;
the USB encryption port is used for providing a USB interface and receiving the access of the USB dongle server, so that the USB dongle server can access the USB disk stored with encryption information through the USB encryption port;
and the communication terminal is used for providing communication connection with the switch module.
8. A dongle centralized manager according to claim 7, wherein the USB dongle server receives USB encryption request information from the switch and accesses its designated USB encryption port according to the information, comprising:
the USB dongle server receives USB encryption request information from the switch through the communication terminal, and analyzes the USB encryption request information to obtain target information containing a specified USB encryption port;
accessing the designated USB encryption port based on the target information.
9. A dongle centralized manager according to claim 8, wherein said reading the first encryption information in the USB disk from the USB encryption port comprises:
judging whether key information matched with a first virtual machine exists in the USB encryption port or not based on identification information of the first virtual machine which sends the USB encryption request information, wherein the identification information is contained in the received USB encryption request information;
if yes, reading the key information as first encryption information in the USB disk.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211708208.XA CN115982688A (en) | 2022-12-29 | 2022-12-29 | System for providing dongle for virtual machine and dongle centralized manager |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211708208.XA CN115982688A (en) | 2022-12-29 | 2022-12-29 | System for providing dongle for virtual machine and dongle centralized manager |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115982688A true CN115982688A (en) | 2023-04-18 |
Family
ID=85957651
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211708208.XA Pending CN115982688A (en) | 2022-12-29 | 2022-12-29 | System for providing dongle for virtual machine and dongle centralized manager |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115982688A (en) |
-
2022
- 2022-12-29 CN CN202211708208.XA patent/CN115982688A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8443365B2 (en) | Methods and systems to clone a virtual machine instance | |
| RU2406113C2 (en) | Systems and methods for dual-mode virtualisation of real and idealised hardware devices | |
| TWI526931B (en) | Inherited product activation for virtual machines | |
| CN100555298C (en) | The method and apparatus of virtulizing personal office environment | |
| EP2973147B1 (en) | Policy-based secure web boot | |
| US11113046B1 (en) | Integration and remote control of a pre-assembled computer system into a server for a virtualization service | |
| RU2640653C2 (en) | Network management of data protection kits | |
| US11243589B1 (en) | Remote power button actuation device for a pre-assembled computer system integrated into a server for a virtualization service | |
| CN113626133B (en) | Virtual machine control method, device, equipment and computer readable storage medium | |
| US11537732B2 (en) | Unlocking access of information responsive to validation of program codes of virtual entities | |
| CN113946854B (en) | File access control method and device and computer readable storage medium | |
| US11321109B2 (en) | Container engine for selecting driver based on container metadata | |
| JP5220675B2 (en) | Thin client master rewrite system, thin client master rewrite method, and thin client | |
| US10979289B2 (en) | Apparatuses and methods for remote computing node registration and authentication | |
| CN115442083B (en) | Device access method, data exchange method, device and storage medium | |
| CN111158857A (en) | Data encryption method, device, equipment and storage medium | |
| US10635467B1 (en) | Deployable console-based virtual application deployment and configuration systems and methods | |
| Rothman et al. | Harnessing the UEFI Shell: Moving the platform beyond DOS | |
| CN115982688A (en) | System for providing dongle for virtual machine and dongle centralized manager | |
| US20220308907A1 (en) | Injection and execution of workloads into virtual machines | |
| CN113810209B (en) | Initial configuration of a server via an out-of-band channel | |
| CN116069584A (en) | Extending monitoring services into trusted cloud operator domains | |
| EP1969465A2 (en) | Transparent intellectual network storage device | |
| US11113227B2 (en) | Erasing device for long-term memory devices | |
| CN113642050B (en) | Self-configuration encrypted hard disk, configuration method and system thereof, and starting method of system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |