CN116015892A - Intranet remote desktop access method based on private encryption protocol flow agent - Google Patents
Intranet remote desktop access method based on private encryption protocol flow agent Download PDFInfo
- Publication number
- CN116015892A CN116015892A CN202211691896.3A CN202211691896A CN116015892A CN 116015892 A CN116015892 A CN 116015892A CN 202211691896 A CN202211691896 A CN 202211691896A CN 116015892 A CN116015892 A CN 116015892A
- Authority
- CN
- China
- Prior art keywords
- intranet
- connection
- agent
- control center
- websocket
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses an intranet remote desktop access method based on a private encryption protocol flow agent, which comprises the following steps: and the control center: a customer-oriented self-service system; the connection and corresponding relation between the management browser WebSocket and the intranet Agent are hubs for data bidirectional communication; and (3) a control node: the system is a transversely-extensible intranet Agent communication system and bears a bridge for communication between the control center and intranet agents; message queues: the method is used for transmitting information between the intranet Agent and the control node; intranet Agent: the network is deployed in an intranet and is used for processing a control instruction carrier and a data transmission hub of a target service and a control center; the invention realizes the remote desktop connection of the intranet host based on Web, and does not need any port exposed by the intranet and any server or client installed on the target host.
Description
Technical Field
The invention relates to the technical field of I T cloud computing, in particular to an intranet remote desktop access method based on a private encryption protocol flow agent.
Background
When a public cloud manufacturer provides a cloud server, a public network remote desktop connection scheme based on Web is needed, a browser is connected with a cloud manufacturer service platform, access control is performed on the cloud server of a client through the service platform, referring to the figure 1, when the client needs to access an edge cloud intranet host, the prior art scheme cannot meet the client requirement, and the intranet remote desktop access method based on a private encryption protocol flow agent is provided.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides an intranet remote desktop access method based on a private encryption protocol flow agent, which aims to solve the problems in the background art.
In order to solve the technical problems, the invention provides the following technical scheme: an intranet remote desktop access method based on a private encryption protocol flow agent comprises the following steps:
and the control center: a customer-oriented self-service system; the connection and corresponding relation between the management browser WebSocket and the intranet Agent are hubs for data bidirectional communication;
and (3) a control node: the system is a transversely-extensible intranet Agent communication system and bears a bridge for communication between the control center and intranet agents;
message queues: the method is used for transmitting information between the intranet Agent and the control node;
intranet Agent: the network is deployed in an intranet and is used for processing a control instruction carrier and is also used as a data transmission hub of a target service and a control center.
As a preferable technical scheme of the invention, the browser initiates an access request through a WebSocket, and transmits a unique identifier corresponding to a host device needing to access an intranet;
the control center analyzes the input parameters and requests corresponding control nodes through an HTTP interface;
after receiving the request, the control node sends an MQ message to the corresponding intranet Agent;
after receiving the MQ message, the intranet Agent establishes an encrypted private protocol connection with the control center and establishes a connection for accessing the target server;
and (5) completing the establishment of the connection.
As a preferred technical solution of the present invention, when establishing a connection, the method includes detecting whether a network connection is normal or not and distinguishing protocol types (1 Byte) of different types of protocols, distinguishing WebSocket unique identifiers (4 Byte) of different client browsers, and reading data length (4 Byte) and data content of transmission data content by a program.
As a preferable technical scheme of the invention, the intranet Agent is respectively connected with the control center and the intranet host;
and (3) connecting: the intranet Agent is connected with the control center;
and (2) connection II: and the intranet Agent is connected with the intranet host.
As a preferable technical scheme of the invention, the specific connection process comprises the following steps:
the browser initiates an access request through a WebSocket, a control center generates a unique identifier (session I D) according to the connection of the WebSocket, stores the corresponding relation between the session I D and the WebSocket, finds out an intranet Agent corresponding to the UUI according to the UUI (unique identifier of the target server), and sends an HTTP request to a control node;
the control node finds out a corresponding intranet Agent according to the UUI D and sends an MQ message notification;
the intranet Agent establishes connection (connection one) with the control center based on the encryption private protocol according to the received MQ message, and sends a heartbeat packet, when the connection one is established successfully, the intranet Agent establishes a connection (connection two) with the intranet host, writes the data read by the connection one into the connection two, writes the data read by the connection two into the connection one, completes the establishment of the connection two, and completes the connection establishment of the MQ with the control center in response to success;
after the establishment is completed, when the control center receives the heartbeat packet, the association relation between the connection one and the session I d is stored in the Server;
the browser sends the user's instruction to the control center through the WebSocket, the control center encapsulates the data into an encrypted private protocol data packet according to the session I d, and sends the encrypted private protocol data packet through the Server, and the Server sends the data to the intranet Agent through the connection according to the corresponding relation between the session I d and the connection one;
the intranet Agent receives the data packet and writes the data into the connection two, the returned data in the connection two is written into the connection one, the connection one encapsulates the data into an encrypted private protocol data packet, the encrypted private protocol data packet is sent to the control center, and after the control center receives the data packet, the control center sends the data to a browser of a client according to a WebSocket unique identifier (session I d) in the data packet.
As a preferred technical solution of the present invention, the method further includes heartbeat detection:
the browser sends heartbeat data to the control center every 5 seconds, and the control center updates the activity time of the connection;
the intranet Agent and the control center (connected one) are provided with a reading idle period of 9 seconds and a writing idle period of 3 seconds, and when the writing idle period exceeds 3 seconds, a heartbeat packet is sent to the control center;
the intranet Agent and the target service (connection two) are set to be free for 9 seconds in reading and free for 3 seconds in writing, and when the writing is free for more than 3 seconds, a heartbeat packet is sent to the intranet Agent.
As a preferred embodiment of the present invention, finally, the method includes a disconnection mechanism:
when a user leaves a browser page, the browser closes the WebSocket connection, triggers a WebSocket disconnection event, closes the WebSocket connection, closes the connection one, and simultaneously closes the connection two established with the target server in the intranet Agent when the intranet Agent detects that the connection one is closed, wherein all the connections are closed at the moment;
the control center is disconnected with the intranet Agent, the connection one is actively closed, the relation between the connection one and the WebSocket is cleared, at the moment, the processing of the heartbeat packet between the browser and the control center is stopped, the browser closes the connection of the WebSocket, the connection two between the intranet Agent and the target server is established, and at the moment, all the connections are closed;
when the intranet Agent is disconnected with the target host VNC, the first connection is actively closed, the second connection is closed, and the control center closes all connections according to a disconnection mechanism.
Compared with the prior art, the invention has the following beneficial effects:
according to the intranet remote desktop access method based on the private encryption protocol flow Agent, when a plurality of users access different intranet cloud hosts, a control center creatively associates WebSocket of different users with corresponding intranet Agent communication connection, so that the private encryption protocol on communication is mutually converted and connected with the WebSocket correspondingly, and remote desktop flow public network Agent and encapsulation and decapsulation are completed;
when a plurality of users access different cloud hosts in the same intranet, the intranet agents creatively associate the VNC connections of the different hosts with the corresponding communication connections of the control center, so that the private encryption protocol on the communication and the VNC connections are mutually converted and connected correspondingly, and the remote desktop flow intranet Agent, encapsulation and decapsulation are completed;
the remote desktop control of the remote intranet host computer through Web is realized through remote desktop protocol encapsulation and flow Agent of two sections of the control center and intranet Agent.
Drawings
FIG. 1 is a prior art system diagram;
FIG. 2 is a software architecture diagram of an intranet remote desktop access method based on a private encryption protocol flow agent of the present invention;
FIG. 3 is a timing diagram of an intranet remote desktop access method based on a private encryption protocol flow agent according to the present invention;
FIG. 4 is a schematic diagram of a 7xForward private protocol of an intranet remote desktop access method based on a private encryption protocol flow agent;
FIG. 5 is a specific flowchart of an intranet remote desktop access method based on a private encryption protocol flow agent according to the present invention;
fig. 6 is a schematic diagram of heartbeat detection of an intranet remote desktop access method based on a private encryption protocol flow proxy.
Detailed Description
In order that the manner in which the above recited features, objects and advantages of the present invention are obtained will become readily apparent, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Based on the examples in the embodiments, those skilled in the art can obtain other examples without making any inventive effort, which fall within the scope of the invention. The experimental methods in the following examples are conventional methods unless otherwise specified, and materials, reagents, etc. used in the following examples are commercially available unless otherwise specified.
Examples:
as shown in fig. 2, the present invention provides an intranet remote desktop access method based on a private encryption protocol flow agent, which includes:
and the control center: a customer-oriented self-service system; the connection and corresponding relation between the management browser WebSocket and the intranet Agent are hubs for data bidirectional communication;
and (3) a control node: the system is a transversely-extensible intranet Agent communication system and bears a bridge for communication between the control center and intranet agents;
message queues: the method is used for transmitting information between the intranet Agent and the control node;
intranet Agent: the network is deployed in an intranet and is used for processing a control instruction carrier and a data transmission hub of a target service and a control center;
in this embodiment, the control center is a platform for a user to manage, through the control center, the user can make the target remote desktop control node cluster of the login network be composed of a plurality of nodes, when the number of agents in the intranet is too large, the network can be expanded laterally, and the security and reliability of the user data can be ensured through the self-developed encryption private protocol;
the intranet Agent is a remote desktop Agent for the user's intranet, so that the user's service can be operated in a safe network environment.
As shown in fig. 3, this embodiment discloses that the browser initiates an access request through WebSocket, and transmits a unique identifier corresponding to the intranet host device to be accessed;
the control center analyzes the input parameters and requests corresponding control nodes through an HTTP interface;
after receiving the request, the control node sends an MQ message to the corresponding intranet Agent;
after receiving the MQ message, the intranet Agent establishes an encrypted private protocol connection with the control center and establishes a connection for accessing the target server;
and (5) completing the establishment of the connection.
As shown in fig. 4, this embodiment discloses that when a connection is established, it includes a protocol type (1 Byte) for detecting whether a network connection is normal or not and for distinguishing different types of protocols, a WebSocket unique identifier (4 Byte) for distinguishing different client browsers, and a data length (4 Byte) and a data content (10 Byte-data length) for program reading transmission data content.
As shown in fig. 5, this embodiment discloses that the intranet agents respectively establish connection with the control center and the intranet host;
and (3) connecting: the intranet Agent is connected with the control center;
and (2) connection II: the connection between the intranet Agent and the intranet host is established;
the specific connection process comprises the following steps:
the browser initiates an access request through a WebSocket, a control center generates a unique identifier (session I D) according to the connection of the WebSocket, stores the corresponding relation between the session I D and the WebSocket, finds an intranet Agent corresponding to the UU ID according to the imported UU ID (unique identifier of the target server), and sends an HTTP request to a control node;
WebSocket request format:
/ws/vm/domai n/vncuu i d=b0d394a9-d7d6-4362-9890-c252bb4c5018;
the parameter content format of the delivery:
{uu i d:b0d394a9-d7d6-4362-9890-c252bb4c5018,sess i on I d:1691023927};
the control node finds out a corresponding intranet Agent according to the UU ID and sends an MQ message notification;
MQ message format:
{vncPort:5900,sess i on I d:1691023927,sess i on I dHashCode:-1636587926};
the intranet Agent establishes connection (connection one) with the control center based on the encryption private protocol according to the received MQ message, and sends a heartbeat packet, when the connection one is established successfully, the intranet Agent establishes a connection (connection two) with the intranet host, writes the data read by the connection one into the connection two, writes the data read by the connection two into the connection one, completes the establishment of the connection two, and completes the connection establishment of the MQ with the control center in response to success;
after the establishment is completed, when the control center receives the heartbeat packet, the association relation between the connection one and the session I d is stored in the Server;
the browser sends the user's instruction to the control center through the WebSocket, the control center encapsulates the data into an encrypted private protocol data packet according to the session I d, and sends the encrypted private protocol data packet through the Server, and the Server sends the data to the intranet Agent through the connection according to the corresponding relation between the session I d and the connection one;
the intranet Agent receives the data packet and writes the data into the connection two, the returned data in the connection two is written into the connection one, the connection one encapsulates the data into an encrypted private protocol data packet, the encrypted private protocol data packet is sent to the control center, and after the control center receives the data packet, the control center sends the data to a browser of a client according to a WebSocket unique identifier (session I d) in the data packet.
As shown in fig. 6, this embodiment discloses that the method further includes heartbeat detection:
the browser sends heartbeat data to the control center every 5 seconds, and the control center updates the activity time of the connection;
the intranet Agent and the control center (connected one) are provided with a reading idle period of 9 seconds and a writing idle period of 3 seconds, and when the writing idle period exceeds 3 seconds, a heartbeat packet is sent to the control center;
the intranet Agent and the target service (connection two) are set to be free for 9 seconds in reading and free for 3 seconds in writing, and when the writing is free for more than 3 seconds, a heartbeat packet is sent to the intranet Agent.
As shown in fig. 4 and 6, this embodiment discloses that, finally, a disconnection mechanism is included:
when a user leaves a browser page, the browser closes the WebSocket connection, triggers a WebSocket disconnection event, closes the WebSocket connection, closes the connection one, and simultaneously closes the connection two established with the target server in the intranet Agent when the intranet Agent detects that the connection one is closed, wherein all the connections are closed at the moment;
the control center is disconnected from the intranet Agent, namely, the heartbeat (3) can not be detected, the connection I is actively closed, the relation between the connection I and the WebSocket is cleared, at the moment, the processing of a heartbeat packet of the browser and the control center is stopped, the connection of the WebSocket is closed by the browser, the connection II established between the intranet Agent and the target server is closed at the moment;
when the intranet Agent is disconnected with the target host VNC, the first connection is actively closed, the second connection is closed, and the control center closes all connections according to a disconnection mechanism.
The invention relates to a method for accessing an intranet remote desktop based on a private encryption protocol flow agent, which comprises the following steps:
when a plurality of users access different intranet cloud hosts, the control center creatively associates WebSocket of the different users with corresponding intranet Agent communication connection, so that the mutual conversion and connection correspondence of the private encryption protocol and the WebSocket on communication are realized, and remote desktop flow public network proxy and encapsulation and decapsulation are completed;
when a plurality of users access different cloud hosts in the same intranet, the intranet agents creatively associate the VNC connections of the different hosts with the corresponding communication connections of the control center, so that the private encryption protocol on the communication and the VNC connections are mutually converted and connected correspondingly, and the remote desktop flow intranet Agent, encapsulation and decapsulation are completed;
the remote desktop control of the remote intranet host computer through Web is realized through remote desktop protocol encapsulation and flow Agent of two sections of the control center and intranet Agent.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. An intranet remote desktop access method based on a private encryption protocol flow agent is characterized by comprising the following steps:
and the control center: a customer-oriented self-service system; the connection and corresponding relation between the management browser WebSocket and the intranet Agent are hubs for data bidirectional communication;
and (3) a control node: the system is a transversely-extensible intranet Agent communication system and bears a bridge for communication between the control center and intranet agents;
message queues: the method is used for transmitting information between the intranet Agent and the control node;
intranet Agent: the network is deployed in an intranet and is used for processing a control instruction carrier and is also used as a data transmission hub of a target service and a control center.
2. The intranet remote desktop access method based on the private encryption protocol flow agent according to claim 1, wherein the browser initiates an access request through WebSocket, and transmits a unique identifier corresponding to an intranet host to be accessed;
the control center analyzes the input parameters and requests corresponding control nodes through an HTTP interface;
after receiving the request, the control node sends an MQ message to the corresponding intranet Agent;
after receiving the MQ message, the intranet Agent establishes an encrypted private protocol connection with the control center and establishes a connection for accessing the target server;
and (5) completing the establishment of the connection.
3. The intranet remote desktop access method based on the private encryption protocol flow agent according to claim 2, wherein when the connection is established, the method comprises the steps of detecting whether the network connection is normal or not and distinguishing protocol types (1 Byte) of different types of protocols, distinguishing WebSocket unique identifiers (4 Byte) of different client browsers, and reading data lengths (4 Byte) and data contents of transmission data contents by a program.
4. The intranet remote desktop access method based on the private encryption protocol flow Agent of claim 1, wherein intranet agents are respectively connected with a control center and an intranet host;
and (3) connecting: the intranet Agent is connected with the control center;
and (2) connection II: and the intranet Agent is connected with the intranet host.
5. The intranet remote desktop access method based on the private encryption protocol flow agent of claim 4, wherein the specific connection process is as follows:
the browser initiates an access request through a WebSocket, a control center generates a unique identifier according to the connection of the WebSocket, stores the corresponding relation between a session Id and the WebSocket, finds an intranet Agent corresponding to the UUID according to the imported UUID, and sends an HTTP request to a control node;
the control node finds out a corresponding intranet Agent according to the UUID and sends an MQ message notification;
the intranet Agent establishes connection with the control center based on an encryption private protocol according to the received MQ message, and sends a heartbeat packet, when the connection is established successfully, the intranet Agent establishes a connection with the intranet host again, writes the read data of the connection I into the connection II, writes the read data of the connection II into the connection I, completes the establishment of the connection II, and completes the connection establishment of the MQ response successfully with the control center;
after the establishment is completed, when the control center receives the heartbeat packet, the association relation between the connection one and the session Id is stored in the Server;
the browser sends the user instruction to a control center through a WebSocket, the control center encapsulates the data into an encrypted private protocol data packet according to the session Id, the encrypted private protocol data packet is sent through a Server, and the Server sends the data to an intranet Agent through connection according to the corresponding relation between the session Id and the connection one;
the intranet Agent receives the data packet and writes the data into the connection II, the returned data in the connection II is written into the connection I, the connection I encapsulates the data into an encrypted private protocol data packet, the encrypted private protocol data packet is sent to the control center, and after the control center receives the data packet, the control center sends the data to a browser of a client according to a WebSocket unique identifier in the data packet.
6. The intranet remote desktop access method based on the private encryption protocol flow agent of claim 5, further comprising heartbeat detection:
the browser sends heartbeat data to the control center every 5 seconds, and the control center updates the activity time of the connection;
the intranet Agent and the control center set a reading idle time of 9 seconds and a writing idle time of 3 seconds, and when the writing idle time exceeds 3 seconds, a heartbeat packet is sent to the control center;
the intranet Agent and the target service are set to be free for 9 seconds in reading and free for 3 seconds in writing, and when the writing is free for more than 3 seconds, a heartbeat packet is sent to the intranet Agent.
7. The intranet remote desktop access method based on the private encryption protocol flow agent of claim 6, wherein finally, the method comprises a disconnection mechanism:
when a user leaves a browser page, the browser closes the WebSocket connection, triggers a WebSocket disconnection event, closes the WebSocket connection, closes the connection one, and simultaneously closes the connection two established with the target server in the intranet Agent when the intranet Agent detects that the connection one is closed, wherein all the connections are closed at the moment;
the control center is disconnected with the intranet Agent, the connection one is actively closed, the relation between the connection one and the WebSocket is cleared, at the moment, the processing of the heartbeat packet between the browser and the control center is stopped, the browser closes the connection of the WebSocket, the connection two between the intranet Agent and the target server is established, and at the moment, all the connections are closed;
when the intranet Agent is disconnected with the target host VNC, the first connection is actively closed, the second connection is closed, and the control center closes all connections according to a disconnection mechanism.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211691896.3A CN116015892A (en) | 2022-12-27 | 2022-12-27 | Intranet remote desktop access method based on private encryption protocol flow agent |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211691896.3A CN116015892A (en) | 2022-12-27 | 2022-12-27 | Intranet remote desktop access method based on private encryption protocol flow agent |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116015892A true CN116015892A (en) | 2023-04-25 |
Family
ID=86024255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211691896.3A Pending CN116015892A (en) | 2022-12-27 | 2022-12-27 | Intranet remote desktop access method based on private encryption protocol flow agent |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015892A (en) |
-
2022
- 2022-12-27 CN CN202211691896.3A patent/CN116015892A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6490617B1 (en) | Active self discovery of devices that participate in a network | |
| US8037191B2 (en) | Low-level remote sharing of local devices in a remote access session across a computer network | |
| US6115744A (en) | Client object API and gateway to enable OLTP via the internet | |
| EP2262185B1 (en) | Method and system for forwarding data among private networks | |
| US10110538B2 (en) | Method and apparatus for message transmission | |
| US7024497B1 (en) | Methods for accessing remotely located devices | |
| TW201240413A (en) | Lightweight input/output protocol | |
| CN112769837B (en) | Communication transmission method, device, equipment, system and storage medium based on WebSocket | |
| US7089311B2 (en) | Methods, systems and computer program products for resuming SNA application-client communications after loss of an IP network connection | |
| TW200404430A (en) | ISCSI driver to adapter interface protocol | |
| US20200412708A1 (en) | Link protocol agents for inter-application communications | |
| US8195806B2 (en) | Managing remote host visibility in a proxy server environment | |
| US8424024B2 (en) | Application-specific serial port redirector | |
| CN111405018B (en) | File transmission method and device, electronic equipment and storage medium | |
| CN110661673B (en) | Heartbeat detection method and device | |
| CN111459632A (en) | Serial port agent for calling terminal application program and implementation method | |
| WO2016119623A1 (en) | Method and device for realizing network sharing | |
| US6567853B2 (en) | Scalable I/O system for the efficient transfer of storage device data by a non-server reconnection | |
| CN111726328B (en) | Method, system and related device for remotely accessing a first device | |
| CN117336346A (en) | IPPBX and PMS docking state conversion method, terminal equipment and medium | |
| CN116015892A (en) | Intranet remote desktop access method based on private encryption protocol flow agent | |
| KR100383490B1 (en) | System and method for high availabilty network | |
| CN114363427A (en) | Method for acquiring information of host equipment in real time based on browser | |
| JP2003330886A (en) | Network processing device | |
| US20060029036A1 (en) | Method and apparatus for remote management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |