CN116033010A - Remote access method, device, electronic equipment and storage medium - Google Patents
Remote access method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116033010A CN116033010A CN202310163724.7A CN202310163724A CN116033010A CN 116033010 A CN116033010 A CN 116033010A CN 202310163724 A CN202310163724 A CN 202310163724A CN 116033010 A CN116033010 A CN 116033010A
- Authority
- CN
- China
- Prior art keywords
- target
- resource
- target resource
- access request
- accessed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000008569 process Effects 0.000 claims description 20
- 238000012544 monitoring process Methods 0.000 claims description 7
- 239000003795 chemical substances by application Substances 0.000 description 14
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 11
- 238000004590 computer program Methods 0.000 description 10
- 238000012545 processing Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 3
- 230000002085 persistent effect Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000010267 cellular communication Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 235000013599 spices Nutrition 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Storage Device Security (AREA)
Abstract
The present disclosure relates to a remote access method, apparatus, electronic device, and storage medium, the method including: the method comprises the steps that a receiving terminal sends a first access request, wherein the first access request carries resource information of a resource to be accessed; generating a target resource object, wherein the target resource object comprises a target resource identifier for identifying the target resource object and the resource information; storing the target resource object in a target storage, and transmitting the target resource identifier to the terminal; and forwarding the second access request to the resource to be accessed based on the target resource identifier when receiving the second access request which is sent by the terminal and contains the target resource identifier. By realizing remote access of the resource to be accessed, the requirement of the actual service of the user can be met, and the efficiency of remote access can be improved to a great extent.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a remote access method, apparatus, electronic device, and storage medium.
Background
With the deep development of network technology, there is a growing need for remote access devices in application scenarios. However, when remote access is performed to a remote device, the access security policy is often limited, and many times, a user cannot directly access the corresponding device remotely, or the user is allowed to access the device to a limited extent, so that many times, the actual service requirement of the user cannot be met, and the efficiency of remote access is further reduced to a great extent.
Disclosure of Invention
The disclosure provides a remote access method, a remote access device, electronic equipment and a storage medium.
According to an aspect of the present disclosure, there is provided a remote access method, the method including:
the method comprises the steps that a receiving terminal sends a first access request, wherein the first access request carries resource information of a resource to be accessed;
generating a target resource object, the target resource object comprising a target resource identifier identifying the target resource object and the resource information;
storing the target resource object into a target storage, and sending the target resource identifier to the terminal;
and forwarding the second access request to the resource to be accessed based on the target resource identifier under the condition that the second access request which is sent by the terminal and contains the target resource identifier is received.
Optionally, the method further comprises:
monitoring a resource object stored in the target storage;
under the condition that the target resource object is monitored to be stored in the target storage, determining the resource to be accessed according to the resource information in the target resource object;
and writing the address information of the resource to be accessed into the target resource object.
Optionally, the forwarding the second access request to the resource to be accessed based on the target resource identifier includes:
forwarding the second access request to a proxy process of any one node;
the proxy process determines a corresponding target node based on the target resource identifier, and forwards the second access request to the resource to be accessed of the target node.
Optionally, the method further comprises:
the target node performs user authentication on the second access request;
judging whether a target resource identifier contained in the second access request is matched with information contained in a target resource object stored in the target storage under the condition that user authentication is passed;
and executing the step of forwarding the second access request to the target virtual machine of the target node if the second access request matches information contained in a target resource object stored in the target storage.
Optionally, the method further comprises:
judging whether the target account has the access right of the resource to be accessed or not under the condition that the target account corresponding to the terminal is in a login state;
and executing the step of generating the target resource object under the condition that the account has the access right of the resource to be accessed.
Optionally, the method further comprises:
setting a state of the target resource object to a waiting state in a case where the target resource object is stored to a target storage;
and under the condition that the address information of the resource to be accessed is written into the target resource object, the state of the target resource object is adjusted to be a ready state.
Optionally, the resource to be accessed includes a virtual machine, a container or a preset service on the node.
According to another aspect of the present disclosure, there is provided a remote access device, characterized in that the device comprises:
the access request receiving module is used for receiving a first access request sent by the terminal, wherein the first access request carries resource information of a resource to be accessed;
an object generation module for generating a target resource object, the target resource object comprising a target resource identifier identifying the target resource object and the resource information;
the storage module is used for storing the target resource object into a target storage and sending the target resource identifier to the terminal;
and the request forwarding module is used for forwarding the second access request to the resource to be accessed based on the target resource identifier under the condition that the second access request which is sent by the terminal and contains the target resource identifier is received.
Optionally, the apparatus further comprises:
the monitoring module is used for monitoring the resource objects stored in the target storage;
the resource determining module is used for determining the resource to be accessed according to the resource information in the target resource object under the condition that the target resource object is monitored to be stored in the target storage;
and the information writing module is used for writing the address information of the resource to be accessed into the target resource object.
Optionally, the request forwarding module is specifically configured to:
forwarding the second access request to a proxy process of any one node;
the proxy process determines a corresponding target node based on the target resource identifier, and forwards the second access request to the resource to be accessed of the target node.
Optionally, the apparatus further comprises:
the authentication module is used for authenticating the user of the second access request by the target node;
and the matching module is used for judging whether the target resource identifier contained in the second access request is matched with the information contained in the target resource object stored in the target storage under the condition that the user authentication is passed.
Optionally, the apparatus further comprises:
and the permission judging module is used for judging whether the target account has the access permission of the resource to be accessed or not under the condition that the target account corresponding to the terminal is in a login state.
Optionally, the apparatus further comprises:
a first state setting module, configured to set a state of the target resource object to a waiting state in a case where the target resource object is stored in a target storage;
and the second state setting module is used for adjusting the state of the target resource object to be a ready state under the condition that the address information of the resource to be accessed is written into the target resource object.
Optionally, the resource to be accessed includes a virtual machine, a container or a preset service on the node.
According to a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the above-described method of the present disclosure.
The remote access method, the remote access device, the electronic equipment and the storage medium provided by the embodiment of the disclosure generate a target resource object when receiving a first access request sent by a terminal, store the target resource object in a target storage, and send the target resource identifier to the terminal. In this way, when the second access request including the target resource identifier sent by the terminal is received, the second access request can be forwarded to the resource to be accessed based on the target resource identifier, so as to realize remote access to the resource to be accessed, thereby meeting the requirement of the actual service of the user and improving the efficiency of remote access to a great extent.
Drawings
Further details, features and advantages of the present disclosure are disclosed in the following description of exemplary embodiments, with reference to the following drawings, wherein:
FIG. 1 is a schematic illustration of a scenario provided by an exemplary embodiment of the present disclosure;
FIG. 2 is a schematic diagram of another scenario provided by an exemplary embodiment of the present disclosure;
FIG. 3 is a schematic illustration of yet another scenario provided by an exemplary embodiment of the present disclosure;
FIG. 4 is a flow chart of a remote access method provided by an exemplary embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a remote access device provided in an exemplary embodiment of the present disclosure;
FIG. 6 is a block diagram of an electronic device provided in an exemplary embodiment of the present disclosure;
fig. 7 is a block diagram of a computer system according to an exemplary embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure have been shown in the accompanying drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but are provided to provide a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below. It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.
There are more sophisticated remote access schemes, such as SSH, for the linux server operating system. SSH is a relatively common role for a telnet system, and users typically utilize SSH to transmit command line interfaces and remote execution. But often is limited by security policies inside the enterprise, many intranets cannot access SSH ports of IDC (Internet Data Center, internet internal bus) internal machines. For other systems, such as linux desktop systems, windows, and macOS, providing only command line access has not been able to meet business requirements. The communities have technical schemes such as VNC (Virtual Network Console ) and RDP (remote desktop protocol), which are implemented based on tcp protocol and are limited by network security policies of the company. Meanwhile, the remote access technologies also depend on authentication schemes inside the system, and the authentication schemes inside different systems are integrated with the authentication system of the company to be complex.
Therefore, in order to solve different remote access technologies, traffic access is complex under different operating system scenes, and solve the security problem of remote access, the embodiment of the disclosure converts a layer 4 protocol into a layer 7 protocol by introducing a remote access controller, and simultaneously, realizes secure and controllable remote access to an authentication system inside a docking company. Through the unified flow access scheme, the security is high, and fine-grained authority access control can be achieved.
As shown in fig. 1, fig. 1 is a schematic view of a scenario of remote access of a terminal according to an embodiment of the present disclosure. In an embodiment, each node is provided with a proxy, which provides proxy services. As illustrated by one example of three nodes in fig. 1, namely node 1, node 2 and node 3, respectively, the node 1 is provided with proxy and SSH services; the node 2 is provided with a proxy, a virtual machine 1 and a virtual machine 2, and other virtual machines can be provided; the node 3 is provided with agents, containers 1 and 2, although other containers are possible. The services provided by the node 1, the node 2 and the node 3 respectively in the embodiments may be other, and only exemplary description is given here.
In an embodiment, when a user needs to access the relevant resources on a node remotely, for example, the shell of the virtual machine 2 on the node 2 needs to be accessed. Then, the user may initiate a request to the controller 12 through the terminal 11, applying for accessing the shell of the virtual machine 2 on the node 2. The controller 12 will authenticate the request and first determine if the user is a logged on user, and if not, the authentication fails and the user is denied access. Second, the controller 12 authenticates the request to ensure that the user has access to the corresponding resource, i.e. to ensure that the user has access to the shell of the virtual machine 2 in the node 2 with the rights. If the authority is not available, a result of authentication failure is generated, and the user is refused to access.
After authentication and authentication pass in the manner described above, an Endpoint object is generated. Wherein the Endpoint object contains a unique resource identifier, which may be represented by edp-1, which is used to identify the Endpoint object. Meanwhile, the Endpoint object also records the resources and user information that need to be accessed. The accessed resource is a shell of the virtual machine 2 on the node 2. Exemplary: uid= edp-1, res=shell of virtual machine 2 on node 2, use=user 1. And further write information containing the uid, res, and use to the Endpoint object.
FIG. 2 is a schematic illustration of a scenario in which an agent provided in the present disclosure listens to an Endpoint object in storage, as shown in FIG. 2. In FIG. 2, after the proxy service on the node is started, service object information on the host, such as SSH, virtual machine, container, etc., is collected. In addition, after the proxy service is started, the proxy in each node monitors whether the resources contained in the Endpoint object stored in the storage are the resources on the own node or not, if a certain proxy finds that the resources contained in the Endpoint object are the resources managed by the proxy, the proxy updates the state information of the Endpoint object, writes the service address of the proxy into the Endpoint object, and updates the Endpoint object state to Ready. In the embodiment, since the Endpoint object includes the resource on the node 2, the proxy object in the "node 2" finds that the resource in the Endpoint object is the resource managed by itself, the proxy updates the status information of the Endpoint, writes the service address of itself into the Endpoint object, and updates the Endpoint object status to the Ready status.
In the embodiment, the proxy, and controller service 12 are provided on the node, and both components are accessed through a 7-layer flow access service. The agent is deployed on each node, and the controller 13 is deployed in a centralized deployment manner. The controller 12 and the storage 13 may be disposed on different servers, or may be disposed on the same server, and the node 1, the node 2, and the node 3 may be different servers, respectively.
Fig. 3 is a schematic view of a scenario provided in an embodiment of the present disclosure, where, as shown in fig. 3, the terminal 11 sends an access request including the resource identifier edp-1, and the access request is forwarded to a process of an agent on any node, such as a proxy process forwarded to an agent in the node 3, through a 7-layer flow access service. The proxy process on node 3 looks up the information of the resource identifier edp-1 in the request and discovers that traffic should be forwarded to the proxy service of node 2. The proxy process in node 3 forwards the traffic, i.e. the access request, to the proxy of node 2. The agent in node 2 obtains edp-1 in the access request and discovers that the service that the access request needs to access is in the node 2, at which point the agent of node 2 will invoke an authentication service to authenticate the current user. And judging whether the current user is the same as the user information recorded in the Endpoint object, and refusing to provide service for the current user when the current user is different from the user information recorded in the Endpoint object. After authentication is completed, the proxy in node 2 forwards the access request to the virtual machine 2 of node 2.
The embodiment of the disclosure performs flow control through a 7-layer flow access service, and through accessing an enterprise company internal authentication service, the internal authentication of a host machine/virtual machine can be independent. The proxies of the nodes support high availability and support access to host, virtual machine ssh, vnc, rdp, and spice services, as well as shell and log services that access containers.
Based on the above embodiments, the embodiments of the present disclosure further provide a remote access method, as shown in fig. 4, which may include the following steps:
in step S410, the receiving terminal sends a first access request.
The first access request carries resource information of the resource to be accessed.
The embodiments of fig. 1 and fig. 1 may be referred to, where the resource information may be a shell of the virtual machine 2 on the node 2, and of course, may be other, which is not limited herein.
In step S420, a target resource object is generated.
Wherein the target resource object includes a target resource identifier identifying the target resource object and resource information.
In an embodiment, the target resource object may be the Endpoint object described above, and the target resource identifier may be represented by edp-1.
In step S430, the target resource object is stored in the target storage, and the target resource identifier is transmitted to the terminal.
In step S440, in case a second access request comprising a target resource identifier sent by the terminal is received, the second access request is forwarded to the resource to be accessed based on the target resource identifier.
In an embodiment, the second access request may be forwarded to a proxy process of any node, where the proxy process determines a corresponding target node based on the target resource identifier, and forwards the second access request to a resource to be accessed of the target node. In connection with fig. 3 and the corresponding embodiments, the terminal 11 sends an access request containing the resource identifier edp-1, which is forwarded by a 7-layer flow access service to a proxy process on any one node, e.g. to a proxy process in the node 3. The proxy process on node 3 looks up the information of the resource identifier edp-1 in the request and discovers that traffic should be forwarded to the proxy service of node 2. The proxy process in node 3 forwards the traffic, i.e. the access request, to the proxy of node 2.
In an embodiment, the target node may further perform user authentication on the second access request; judging whether a target resource identifier contained in the second access request is matched with information contained in a target resource object stored in a target storage under the condition that user authentication is passed; and forwarding the second access request to the target virtual machine of the target node if the second access request matches information contained in the target resource object stored in the target storage.
In an embodiment, the agent in node 2 obtains edp-1 in the access request, discovers that the service to be accessed by the access request is in the node 2, and the agent in node 2 invokes an authentication service to authenticate the current user. After authentication is completed, the proxy in node 2 forwards the access request to the virtual machine 2 of node 2. In the embodiment, whether the current user is the same as the user information recorded in the Endpoint object or not is judged, and service is refused to be provided for the current user when the current user is different from the user information recorded in the Endpoint object.
In the embodiment provided by the disclosure, authentication can be performed on the user, firstly, the target account is ensured to be in a login state, otherwise, access is refused. Judging whether the target account has access rights of the resource to be accessed or not under the condition that the target account corresponding to the terminal is in a login state; in the event that the account has access to the resource to be accessed, service continues to be provided for it.
In an embodiment, the target resource identifier is sent to the terminal, so that the terminal sends the second access request containing the target resource identifier, and in the case that the second access request containing the target resource identifier sent by the terminal is received, the second access request is forwarded to the resource to be accessed based on the target resource identifier.
According to the remote access method provided by the embodiment of the disclosure, when a first access request sent by the terminal is received, a target resource object is generated, and the target resource object is stored in a target storage and the target resource identifier is sent to the terminal. In this way, when the second access request including the target resource identifier sent by the terminal is received, the second access request can be forwarded to the resource to be accessed based on the target resource identifier, so as to realize remote access to the resource to be accessed, thereby meeting the requirement of the actual service of the user and improving the efficiency of remote access to a great extent.
Based on the above embodiment, in yet another embodiment provided by the present disclosure, the method may further include the steps of:
s450, monitoring the resource object stored in the target storage.
S460, under the condition that the target resource object is monitored to be stored in the target storage, determining the resource to be accessed according to the resource information in the target resource object.
S470, address information of the resource to be accessed is written into the target resource object.
Reference may be made to fig. 2 above and to the corresponding embodiment, in which the target storage may be storage 13 in fig. 2 above. In an embodiment, an agent on each node listens to a resource object stored in the storage 13, if a new resource object is found to be stored in the storage 13, for example, if a target resource object is found to be stored in the storage 13, then the agent on each node determines that the resource information included in the target resource object is a resource managed by itself, if an agent on a certain node finds that the resource included in the Endpoint object is a resource managed by itself, the agent updates the state information of the Endpoint object, and writes the service address of the agent into the Endpoint object.
In an embodiment provided by the present disclosure, in a case where a target resource object is stored to a target storage, a state of the target resource object is set to a waiting state. In the case of writing address information of a resource to be accessed into a target resource object, the state of the target resource object is adjusted to a ready state. In an embodiment, controller 12 writes the generated Endpoint object into persistent storage 13 when the Endpoint object is in a Pending state, i.e., a wait state. When the proxy writes its own service address to the Endpoint object, the Endpoint object state is updated to Ready, i.e., ready state. The resources to be accessed in the embodiment comprise virtual machines, containers or preset services on the nodes, etc.
In the case of dividing each functional module by corresponding each function, the embodiments of the present disclosure provide a remote access device, which may be a server or a chip applied to the server. Fig. 5 is a schematic block diagram of functional modules of a remote access device according to an exemplary embodiment of the present disclosure. As shown in fig. 5, the remote access apparatus includes:
an access request receiving module 10, configured to receive a first access request sent by a terminal, where the first access request carries resource information of a resource to be accessed;
an object generation module 20 for generating a target resource object comprising a target resource identifier identifying the target resource object and the resource information;
a storage module 30, configured to store the target resource object in a target storage, and send the target resource identifier to the terminal;
and the request forwarding module 40 is configured to forward, when receiving a second access request including the target resource identifier sent by the terminal, the second access request to the resource to be accessed based on the target resource identifier.
In yet another embodiment provided by the present disclosure, the apparatus further comprises:
the monitoring module is used for monitoring the resource objects stored in the target storage;
the resource determining module is used for determining the resource to be accessed according to the resource information in the target resource object under the condition that the target resource object is monitored to be stored in the target storage;
and the information writing module is used for writing the address information of the resource to be accessed into the target resource object.
In yet another embodiment provided by the present disclosure, the request forwarding module is specifically configured to:
forwarding the second access request to a proxy process of any one node;
the proxy process determines a corresponding target node based on the target resource identifier, and forwards the second access request to the resource to be accessed of the target node.
In yet another embodiment provided by the present disclosure, the apparatus further comprises:
the authentication module is used for authenticating the user of the second access request by the target node;
and the matching module is used for judging whether the target resource identifier contained in the second access request is matched with the information contained in the target resource object stored in the target storage under the condition that the user authentication is passed.
In yet another embodiment provided by the present disclosure, the apparatus further comprises:
and the permission judging module is used for judging whether the target account has the access permission of the resource to be accessed or not under the condition that the target account corresponding to the terminal is in a login state.
In yet another embodiment provided by the present disclosure, the apparatus further comprises:
a first state setting module, configured to set a state of the target resource object to a waiting state in a case where the target resource object is stored in a target storage;
and the second state setting module is used for adjusting the state of the target resource object to be a ready state under the condition that the address information of the resource to be accessed is written into the target resource object.
In yet another embodiment provided by the present disclosure, the resource to be accessed includes a virtual machine, a container, or a preset service on the node.
For a description of the apparatus, reference may be made specifically to the above method embodiments, and details are not repeated here.
The remote access device provided by the embodiment of the disclosure generates a target resource object when receiving a first access request sent by a terminal, stores the target resource object in a target storage, and sends the target resource identifier to the terminal. In this way, when the second access request including the target resource identifier sent by the terminal is received, the second access request can be forwarded to the resource to be accessed based on the target resource identifier, so as to realize remote access to the resource to be accessed, thereby meeting the requirement of the actual service of the user and improving the efficiency of remote access to a great extent.
The embodiment of the disclosure also provides an electronic device, including: at least one processor; a memory for storing the at least one processor-executable instruction; wherein the at least one processor is configured to execute the instructions to implement the above-described methods disclosed by embodiments of the present disclosure.
Fig. 6 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present disclosure. As shown in fig. 6, the electronic device 1800 includes at least one processor 1801 and a memory 1802 coupled to the processor 1801, the processor 1801 may perform corresponding steps in the above-described methods disclosed by embodiments of the present disclosure.
The processor 1801 may also be referred to as a central processing unit (central processing unit, CPU), which may be an integrated circuit chip with signal processing capabilities. The steps of the above-described methods disclosed in the embodiments of the present disclosure may be accomplished by instructions in the form of integrated logic circuits or software in hardware in the processor 1801. The processor 1801 may be a general purpose processor, a digital signal processor (digital signal processing, DSP), an ASIC, an off-the-shelf programmable gate array (field-programmable gate array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present disclosure may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may reside in a memory 1802 such as random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as is well known in the art. The processor 1801 reads the information in the memory 1802 and, in combination with its hardware, performs the steps of the method described above.
In addition, various operations/processes according to the present disclosure, in the case of being implemented by software and/or firmware, may be installed from a storage medium or network to a computer system having a dedicated hardware structure, such as the computer system 1900 shown in fig. 7, which is capable of performing various functions including functions such as those described above, and the like, when various programs are installed. Fig. 7 is a block diagram of a computer system according to an exemplary embodiment of the present disclosure.
As shown in fig. 7, the computer system 1900 includes a computing unit 1901, and the computing unit 1901 can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 1902 or a computer program loaded from a storage unit 1908 into a Random Access Memory (RAM) 1903. In the RAM 1903, various programs and data required for the operation of the computer system 1900 may also be stored. The computing unit 1901, ROM 1902, and RAM 1903 are connected to each other via a bus 1904. An input/output (I/O) interface 1905 is also connected to bus 1904.
Various components in computer system 1900 are connected to I/O interface 1905, including: an input unit 1906, an output unit 1907, a storage unit 1908, and a communication unit 1909. The input unit 1906 may be any type of device capable of inputting information to the computer system 1900, and the input unit 1906 may receive input numeric or character information and generate key signal inputs related to user settings and/or function controls of the electronic device. The output unit 1907 may be any type of device capable of presenting information and may include, but is not limited to, a display, speakers, video/audio output terminals, vibrators, and/or printers. Storage unit 1908 may include, but is not limited to, magnetic disks, optical disks. The communication unit 1909 allows the computer system 1900 to exchange information/data with other devices over a network, such as the internet, and may include, but is not limited to, modems, network cards, infrared communication devices, wireless communication transceivers and/or chipsets, such as bluetooth (TM) devices, wiFi devices, wiMax devices, cellular communication devices, and/or the like.
The computing unit 1901 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 1901 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 1901 performs the various methods and processes described above. For example, in some embodiments, the above-described methods disclosed by embodiments of the present disclosure may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 1908. In some embodiments, some or all of the computer programs may be loaded and/or installed onto electronic device 1900 via ROM 1902 and/or communication unit 1909. In some embodiments, the computing unit 1901 may be configured to perform the above-described methods of the disclosed embodiments by any other suitable means (e.g., by means of firmware).
The disclosed embodiments also provide a computer-readable storage medium, wherein instructions in the computer-readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the above-described method disclosed by the disclosed embodiments.
A computer readable storage medium in embodiments of the present disclosure may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium described above can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specifically, the computer-readable storage medium described above may include one or more wire-based electrical connections, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
The disclosed embodiments also provide a computer program product comprising a computer program, wherein the computer program, when executed by a processor, implements the above-described methods of the disclosed embodiments.
In an embodiment of the present disclosure, computer program code for performing the operations of the present disclosure may be written in one or more programming languages, including but not limited to an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of remote computers, the remote computers may be connected to the user computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computers.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules, components or units referred to in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a module, component or unit does not in some cases constitute a limitation of the module, component or unit itself.
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.
The above description is merely illustrative of some embodiments of the present disclosure and of the principles of the technology applied. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in this disclosure is not limited to the specific combinations of features described above, but also covers other embodiments which may be formed by any combination of features described above or equivalents thereof without departing from the spirit of the disclosure. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the above examples are for illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (10)
1. A method of remote access, the method comprising:
the method comprises the steps that a receiving terminal sends a first access request, wherein the first access request carries resource information of a resource to be accessed;
generating a target resource object, the target resource object comprising a target resource identifier identifying the target resource object and the resource information;
storing the target resource object into a target storage, and sending the target resource identifier to the terminal;
and forwarding the second access request to the resource to be accessed based on the target resource identifier under the condition that the second access request which is sent by the terminal and contains the target resource identifier is received.
2. The method according to claim 1, wherein the method further comprises:
monitoring a resource object stored in the target storage;
under the condition that the target resource object is monitored to be stored in the target storage, determining the resource to be accessed according to the resource information in the target resource object;
and writing the address information of the resource to be accessed into the target resource object.
3. The method of claim 1, wherein the forwarding the second access request to the resource to be accessed based on the target resource identifier comprises:
forwarding the second access request to a proxy process of any one node;
the proxy process determines a corresponding target node based on the target resource identifier, and forwards the second access request to the resource to be accessed of the target node.
4. A method according to claim 3, characterized in that the method further comprises:
the target node performs user authentication on the second access request;
judging whether a target resource identifier contained in the second access request is matched with information contained in a target resource object stored in the target storage under the condition that user authentication is passed;
and executing the step of forwarding the second access request to the target virtual machine of the target node if the second access request matches information contained in a target resource object stored in the target storage.
5. A method according to claim 3, characterized in that the method further comprises:
judging whether the target account has the access right of the resource to be accessed or not under the condition that the target account corresponding to the terminal is in a login state;
and executing the step of generating the target resource object under the condition that the account has the access right of the resource to be accessed.
6. The method according to claim 2, wherein the method further comprises:
setting a state of the target resource object to a waiting state in a case where the target resource object is stored to a target storage;
and under the condition that the address information of the resource to be accessed is written into the target resource object, the state of the target resource object is adjusted to be a ready state.
7. The method according to any of claims 1-6, wherein the resource to be accessed comprises a virtual machine, a container, or a preset service on a node.
8. A remote access device, the device comprising:
the access request receiving module is used for receiving a first access request sent by the terminal, wherein the first access request carries resource information of a resource to be accessed;
an object generation module for generating a target resource object, the target resource object comprising a target resource identifier identifying the target resource object and the resource information;
the storage module is used for storing the target resource object into a target storage and sending the target resource identifier to the terminal;
and the request forwarding module is used for forwarding the second access request to the resource to be accessed based on the target resource identifier under the condition that the second access request which is sent by the terminal and contains the target resource identifier is received.
9. An electronic device, comprising:
at least one processor;
a memory for storing the at least one processor-executable instruction;
wherein the at least one processor is configured to execute the instructions to implement the method of any of claims 1-7.
10. A computer readable storage medium, characterized in that instructions in the computer readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310163724.7A CN116033010A (en) | 2023-02-16 | 2023-02-16 | Remote access method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310163724.7A CN116033010A (en) | 2023-02-16 | 2023-02-16 | Remote access method, device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116033010A true CN116033010A (en) | 2023-04-28 |
Family
ID=86081274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310163724.7A Pending CN116033010A (en) | 2023-02-16 | 2023-02-16 | Remote access method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116033010A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112153143A (en) * | 2020-09-24 | 2020-12-29 | 新浪网技术(中国)有限公司 | Kubernetes cluster flow scheduling method and device and electronic equipment |
| CN114296881A (en) * | 2021-12-30 | 2022-04-08 | 天翼物联科技有限公司 | Container protection connection method, device, equipment and medium based on middleware deployment |
| CN114448895A (en) * | 2022-04-11 | 2022-05-06 | 苏州浪潮智能科技有限公司 | Application access method, device, equipment and medium |
| CN114499935A (en) * | 2021-12-17 | 2022-05-13 | 阿里巴巴(中国)有限公司 | Cloud platform access method, device, equipment and storage medium |
| CN115150410A (en) * | 2022-07-19 | 2022-10-04 | 京东科技信息技术有限公司 | Multi-cluster access method and system |
| CN115208590A (en) * | 2021-03-24 | 2022-10-18 | 华为云计算技术有限公司 | Cross-domain communication system, method and storage medium |
-
2023
- 2023-02-16 CN CN202310163724.7A patent/CN116033010A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112153143A (en) * | 2020-09-24 | 2020-12-29 | 新浪网技术(中国)有限公司 | Kubernetes cluster flow scheduling method and device and electronic equipment |
| CN115208590A (en) * | 2021-03-24 | 2022-10-18 | 华为云计算技术有限公司 | Cross-domain communication system, method and storage medium |
| CN114499935A (en) * | 2021-12-17 | 2022-05-13 | 阿里巴巴(中国)有限公司 | Cloud platform access method, device, equipment and storage medium |
| CN114296881A (en) * | 2021-12-30 | 2022-04-08 | 天翼物联科技有限公司 | Container protection connection method, device, equipment and medium based on middleware deployment |
| CN114448895A (en) * | 2022-04-11 | 2022-05-06 | 苏州浪潮智能科技有限公司 | Application access method, device, equipment and medium |
| CN115150410A (en) * | 2022-07-19 | 2022-10-04 | 京东科技信息技术有限公司 | Multi-cluster access method and system |
Non-Patent Citations (1)
| Title |
|---|
| 马荣庭;刘飞;邓辉;王锋;季凯帆;: "CSRH-Ⅰ观测数据接收子系统的设计与实现", 天文研究与技术, no. 01, 15 January 2015 (2015-01-15) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20160359853A1 (en) | Providing devices as a service | |
| JP6582554B2 (en) | Thin client system, server device, policy management device, control method, and control program | |
| US11777865B2 (en) | Discovery and adjustment of path maximum transmission unit | |
| US9753786B2 (en) | Client server communication system | |
| US11470120B2 (en) | Providing different levels of resource access to a computing device that is connected to a dock | |
| US20130111542A1 (en) | Security policy tokenization | |
| JP6018316B2 (en) | Terminal authentication registration system, terminal authentication registration method and program | |
| US10255092B2 (en) | Managed virtual machine deployment | |
| US20220398116A1 (en) | Application Virtualization System | |
| US9760412B2 (en) | Client server communication system | |
| CN113032805A (en) | Data access method and device, electronic equipment and storage medium | |
| CN111726328B (en) | Method, system and related device for remotely accessing a first device | |
| CN116018580B (en) | Techniques for instance persistence data across cloud shells | |
| CN116033010A (en) | Remote access method, device, electronic equipment and storage medium | |
| CN113826075A (en) | Desktop virtualization with dedicated cellular network connection for client devices | |
| Hari et al. | The swiss army smartphone: Cloud-based delivery of usb services | |
| US11824917B2 (en) | Computing system with data transfer based upon device data flow characteristics and related methods | |
| CN117499318B (en) | Cloud computing virtual network system, and use method, device, equipment and medium thereof | |
| US20220086151A1 (en) | Peer reviewed access to computing system | |
| CN117596285A (en) | Cloud service connection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |