CN116521314A

CN116521314A - Virtual machine data management method, device, equipment and storage medium

Info

Publication number: CN116521314A
Application number: CN202310439721.1A
Authority: CN
Inventors: 王洋龙; 刘德; 张永强
Original assignee: Sangfor Technologies Co Ltd
Current assignee: Sangfor Technologies Co Ltd
Priority date: 2023-04-12
Filing date: 2023-04-12
Publication date: 2023-08-01

Abstract

The application discloses a virtual machine data management method, device, equipment and storage medium. The method comprises the following steps: acquiring a data access request of a management terminal to a target virtual machine, wherein the management terminal is a terminal which establishes communication connection with a cloud platform based on the access authority of a super user, and the data access request comprises a network address of the management terminal, an account name of the target virtual machine, an account password of the target virtual machine and identification information of the target virtual machine; verifying the network address of the management terminal, the account name of the target virtual machine and the account password of the target virtual machine; and if the verification is successful, after the identification information of the single virtual serial port and the target virtual machine is communicated with the target virtual machine, performing data access on the target virtual machine, wherein the target virtual machine comprises at least one virtual machine. Therefore, the user authority checksum is enhanced, the multiplexing of a single virtual serial port of the cloud platform is realized, and the security of privacy protection of the virtual machine is improved.

Description

Virtual machine data management method, device, equipment and storage medium

Technical Field

The present disclosure relates to the field of cloud computing technologies, and in particular, to a method, an apparatus, a device, and a storage medium for managing virtual machine data.

Background

The HCI (Hyper Converged Infrastructure, super-converged infrastructure) platform is an integrated platform that virtualizes computing, storage, and network resources and combines them with a software-defined management system to provide advanced features such as managed virtualization workload, operation and maintenance management, and intelligent monitoring. Currently, on the HCI platform, before a user needs to access data of a virtual machine through the HCI platform, the HCI platform only verifies an HCI administrator password or virtual machine user rights, but the HCI platform administrator snoops private data of the virtual machine by using the method. Meanwhile, when the HCI platform is in communication with the virtual machine, the HCI platform needs to start a plurality of virtual serial ports to communicate with different virtual machine serial ports, so that the cloud platform and the virtual machine can only be connected singly, and when the cloud platform manages at least one virtual machine, the operation is complex, no data verification exists in a serial port channel, and the risk of data leakage of the virtual machine is further increased.

Disclosure of Invention

In view of this, embodiments of the present application provide a method, an apparatus, a device, and a storage medium for managing virtual machine data, which can improve privacy protection security of a virtual machine.

The technical scheme of the embodiment of the application is realized as follows:

in a first aspect, an embodiment of the present application provides a method for managing virtual machine data, which is applied to a cloud platform, where the method includes:

acquiring a data access request of a management terminal to a target virtual machine, wherein the management terminal is a terminal which establishes communication connection with the cloud platform based on the access authority of a super user, and the data access request comprises a network address of the management terminal, an account name of the target virtual machine, an account password of the target virtual machine and identification information of the target virtual machine;

verifying the network address of the management terminal, the account name of the target virtual machine and the account password of the target virtual machine; and if the verification is successful, after the single virtual serial port and the identification information of the target virtual machine are communicated with the target virtual machine, performing data access on the target virtual machine, wherein the target virtual machine comprises at least one virtual machine.

In the above scheme, before the data access request of the management terminal to the target virtual machine is obtained, the method further includes:

obtaining a login request of a super user from a management terminal, wherein the login request of the super user from the management terminal comprises a network address of the management terminal, an account name of the super user of a cloud platform and an account password of the super user of the cloud platform;

Verifying the network address of the management terminal, the account name of the super user of the cloud platform and the account password of the super user; and if the verification is successful, sending token information to the management terminal, and establishing communication connection between the management terminal and the cloud platform.

In the above solution, the verifying the network address of the management terminal, the account name of the target virtual machine, and the account password of the target virtual machine includes:

determining a locking key of a target virtual machine account based on the network address of the management terminal and the account name of the target virtual machine;

acquiring a locking record of the target virtual machine account based on the locking key of the target virtual machine account, wherein the locking record of the target virtual machine is used for indicating whether a data access request of the management terminal to the target virtual machine is locked or not, and the locking record of the target virtual machine account comprises a locking state identifier of the target virtual machine account and a locking moment of the target virtual machine account;

determining whether the target virtual machine account is locked or not based on the locking state identification and the locking time length of the target virtual machine account; the locking time of the target virtual machine account is generated based on the current access request time of the target virtual machine and the locking time of the target virtual machine account;

If the target virtual machine account is locked, returning first information indicating that the login of the access request fails to the management terminal;

if the target virtual machine account is not locked, checking whether the account password of the target virtual machine is correct, if yes, returning second information indicating that the data access request is successful to the management terminal, and if not, returning third information indicating that the data access request is failed to the management terminal and updating the locking record of the target virtual machine account.

In the above solution, the determining whether the target virtual machine account is locked based on the locking state identifier and the locking duration of the target virtual machine account includes:

acquiring the locking limit time of the target virtual machine;

if the locking state is marked as locked and the locking duration of the target virtual machine account is smaller than the locking limit duration of the target virtual machine, the target virtual machine account is locked;

if the locking mark is locked and the locking time length of the target virtual machine account is longer than or equal to the limiting locking time length of the target virtual machine, resetting a locking record of the virtual machine account and determining that the target virtual machine account is not locked;

And if the locking mark is unlocked, determining that the target virtual machine account is not locked.

In the above solution, the locking record further includes a verification failure number of the target virtual machine account password, and the updating the locking record of the target virtual machine account includes:

obtaining verification failure limit times of the account passwords of the target virtual machine;

if the verification failure times of the target virtual machine account passwords are equal to the verification failure limit times, updating the locking state identification into locking and obtaining the locking time of the target virtual machine account;

if the verification failure times of the target virtual machine account passwords are smaller than the verification failure limit times, updating the verification failure times of the target virtual machine account.

In the above scheme, the method further comprises:

acquiring a maintenance request command of the management terminal to the target virtual machine, wherein the maintenance request command comprises a packaged maintenance instruction and identification information of the target virtual machine to be maintained;

analyzing the maintenance instruction and the identification information of the target virtual machine to be maintained to generate an analysis result in a uniform format;

and after the single virtual serial port and the analysis result in the unified format are communicated with the target virtual machine, maintaining the target virtual machine.

In the above solution, the maintenance instruction includes a query instruction for the target virtual machine, and the method includes:

analyzing the query instruction of the target virtual machine and the identification information of the target virtual machine to be queried to generate an analysis result in a uniform format;

after communicating with a target virtual machine based on the single virtual serial port and the analysis result in the unified format, inquiring the target virtual machine and generating an inquiry result;

and sending the query result to a management terminal.

In the above scheme, the verifying the network address of the management terminal, the account name of the super user of the cloud platform, and the account password of the super user includes:

determining a locking key of a super user of the cloud platform based on the network address of the management terminal and the account name of the super user of the cloud platform;

acquiring a locking record of a super user of the cloud platform based on a locking key of the super user of the cloud platform, wherein the locking record of the super user of the cloud platform comprises a locking state identifier of the super user of the cloud platform and a locking moment of the super user of the cloud platform;

determining whether the super user of the cloud platform is locked or not based on the locking state identifier and the locking duration of the super user of the cloud platform, wherein the locking record of the super user of the cloud platform is used for indicating whether the login request of the management terminal to the super user of the cloud platform is locked or not, and the locking duration of the super user of the cloud platform is generated based on the current login request time of the super user of the cloud platform and the locking time of the super user of the cloud platform;

If the super user of the cloud platform is locked, returning fourth information indicating that the login request of the super user fails to the management terminal;

if the super user of the cloud platform is not locked, checking whether the account password of the super user is correct, if yes, returning fifth information indicating successful login to the management terminal, and if not, returning sixth information indicating failed login to the management terminal and updating the locking record of the super user of the cloud platform.

In the above solution, the determining whether the super user of the cloud platform is locked based on the locking state identifier and the locking duration of the super user of the cloud platform includes:

acquiring the locking limit time of the super user;

if the locking state identification is locked and the locking duration of the super user of the cloud platform is smaller than the locking limit duration of the super user of the cloud platform, the super user of the cloud platform is locked;

if the locking mark is locked and the locking time length of the super user of the cloud platform is longer than or equal to the limited locking time length of the super user of the cloud platform, resetting the locking record of the super user of the cloud platform and determining that the super user of the cloud platform is not locked;

And if the locking mark is unlocked, determining that the super user of the cloud platform is not locked.

In the above solution, the locking record further includes a verification failure number of the account password of the super user, and the updating the locking record of the super user of the cloud platform includes:

obtaining verification failure limit times of account passwords of the super user;

if the verification failure times of the account passwords of the super users are equal to the verification failure limit times, updating the locking state identification into locking and acquiring the locking time of the super users of the cloud platform;

if the check failure times of the account passwords of the super user are smaller than the check failure limit times, updating the check failure times of the account passwords of the super user.

In a second aspect, an embodiment of the present application provides a device for managing virtual machine data, where the device includes:

the system comprises an acquisition module, a management terminal and a cloud platform, wherein the acquisition module is used for acquiring a data access request of the management terminal to a target virtual machine, the management terminal is a terminal which establishes communication connection with the cloud platform based on the access authority of a super user, and the data access request comprises a network address of the management terminal, an account name of the target virtual machine, an account password of the target virtual machine and identification information of the target virtual machine;

The verification module is used for verifying the network address of the management terminal, the account name of the target virtual machine and the account password of the target virtual machine; and if the verification is successful, after communication is performed based on the identification information of the single virtual serial port and the target virtual machine, performing data access on the target virtual machine, wherein the target virtual machine comprises at least one virtual machine.

In a third aspect, an embodiment of the present application provides a management apparatus for virtual machine data, including: a processor and a memory for storing a computer program capable of running on the processor, wherein,

the processor is configured to execute the steps of the method according to the first aspect when the computer program is run.

In a fourth aspect, embodiments of the present application provide a computer storage medium having a computer program stored thereon, the computer program implementing the steps of the method of the first aspect when executed by a processor.

According to the technical scheme provided by the embodiment of the application, a data access request of a management terminal to a target virtual machine is obtained, wherein the management terminal is a terminal which establishes communication connection with a cloud platform based on access rights of super users, and the data access request comprises a network address of the management terminal, an account name of the target virtual machine, an account password of the target virtual machine and identification information of the target virtual machine; verifying the network address of the management terminal, the account name of the target virtual machine and the account password of the target virtual machine; and if the verification is successful, after the identification information of the single virtual serial port and the target virtual machine is communicated with the target virtual machine, performing data access on the target virtual machine, wherein the target virtual machine comprises at least one virtual machine. Therefore, when the user is an HCI platform super user and the user name and password of the virtual machine are correctly input, the data of the virtual machine can be accessed, user authority verification is enhanced, virtual privacy protection safety is improved, meanwhile, the cloud platform communicates with the target virtual machine based on identification information of a single virtual serial port and the target virtual machine, the aim of multiplexing the single virtual serial port of the cloud platform is fulfilled, and data reliability is further guaranteed.

Drawings

Fig. 1 is a flow chart of a method for managing virtual machine data according to an embodiment of the present application;

fig. 2 is a schematic view of a privacy protection management framework of a virtual machine in the present application example;

fig. 3 is a schematic diagram of a verification flow of the HCI to the super user rights in the present application example;

fig. 4 is an operation schematic diagram of a cloud platform acquiring virtual machine data in the present application example;

fig. 5 is an operation schematic diagram of a cloud platform executing batch startup and shutdown on a virtual machine in the present application example;

fig. 6 is a schematic structural diagram of a virtual machine data management device according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a virtual machine data management device according to an embodiment of the present application.

Detailed Description

The present application is described in further detail below with reference to the accompanying drawings and examples.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.

The embodiment of the application provides a virtual machine data management method, which can be applied to virtual machine data management equipment of a cloud platform, as shown in fig. 1, and comprises the following steps:

Step 110: the method comprises the steps of obtaining a data access request of a management terminal to a target virtual machine, wherein the management terminal is a terminal which establishes communication connection with a cloud platform based on access rights of super users, and the data access request comprises a network address of the management terminal, an account name of the target virtual machine, an account password of the target virtual machine and identification information of the target virtual machine.

Here, the management terminal may be a user terminal, which may be a personal computer connected to an IP network. The user terminal is connected with the cloud platform through an IP network, and then is connected with a virtual machine of the cloud platform. A virtual machine herein refers to a complete computer system running in a completely isolated environment that implements complete hardware system functionality by means of software emulation. By virtual machine software, one or more virtual computers can be emulated on a physical computer, which functions exactly like a real computer, for example, an operating system can be installed, applications can be installed, network resources can be accessed, etc. The management terminal can send a data access request to the cloud platform through a command line interface (Command Line Interface, CLI). The command line interface (Command Line Interface) is the most widely used user interface before the graphical user interface is popularized, and is usually not used for supporting a mouse, a user inputs an instruction through a keyboard, and the computer receives the instruction and executes the instruction.

Here, the super user refers to a special user for system management. Compared with the common users, the super users have the highest authority, can perform configuration, maintenance and other works of the whole system, and do business beyond the authority of the common users, wherein the authority of the common users is generally a subset of the super users and only has partial authority.

Here, both the general user and the super user can establish connection with the cloud platform, and after the connection is established, the cloud platform obtains a data access request of the management terminal to the target virtual machine. In the embodiment of the application, the management terminal is a terminal for establishing communication connection with the cloud platform based on the access authority of the super user. Here, the cloud platform obtains an access request of the management terminal with the access authority of the super user to the target virtual machine.

Here, the data access request includes a network address of the management terminal, an account name of the target virtual machine, an account password of the target virtual machine, and identification information of the target virtual machine. The network address of the management terminal may be an IP address of the user terminal, and each virtual machine has its corresponding account name for logging into the virtual machine. The target virtual machine also includes an account password for the target virtual machine and identification information for the target virtual machine. Here, the identification information of the target virtual machine is used to find the target virtual machine.

Step 120: verifying the network address of the management terminal, the account name of the target virtual machine and the account password of the target virtual machine; and if the verification is successful, after the identification information of the single virtual serial port and the target virtual machine is communicated with the target virtual machine, performing data access on the target virtual machine, wherein the target virtual machine comprises at least one virtual machine.

After the data access request of the management terminal is acquired, the cloud platform performs verification based on the network address of the management terminal, the account name of the target virtual machine and the account password of the target virtual machine, and if the account name and the account password of the virtual machine are correct, the verification is successful, and the cloud platform performs data access on the target virtual machine.

The cloud platform performs data access to the target virtual machine after communicating with the target virtual machine based on the identification information of the single virtual serial port and the target virtual machine, wherein the target virtual machine comprises at least one virtual machine. The virtual serial port is a channel for simulating serial port equipment and exchanging data by the virtualization layer software, the serial port equipment is displayed in the virtual machine, and the virtual serial port equipment is displayed as a virtual socket file on the cloud platform. And the cloud platform is connected with serial equipment of the virtual machine through the socket file to access data. The serial port is referred to as a serial communication interface, and is an expansion interface adopting a serial communication mode, such as a common COM (Component Object Mode, component object model) interface; the serial port can be applied to interconnection and data transmission between two communication devices or two computers, and can also realize double-computer interconnection in a direct cable connection mode. The cloud platform accesses at least one target virtual machine based on a single virtual serial port, so that the aim of multiplexing the single virtual serial port is fulfilled, and the reliability of data is guaranteed.

In this way, a data access request of the management terminal to the target virtual machine is obtained, wherein the management terminal is a terminal which establishes communication connection with the cloud platform based on the access authority of the super user, and the data access request comprises the network address of the management terminal, the account name of the target virtual machine, the account password of the target virtual machine and the identification information of the target virtual machine; verifying the network address of the management terminal, the account name of the target virtual machine and the account password of the target virtual machine; and if the verification is successful, after the identification information of the single virtual serial port and the target virtual machine is communicated with the target virtual machine, performing data access on the target virtual machine, wherein the target virtual machine comprises at least one virtual machine. Therefore, when the user is the HCI platform super user and the account name and the account password of the virtual machine are correctly input, the data of the virtual machine can be accessed, the user authority verification is enhanced, the safety of virtual privacy protection is improved, meanwhile, the cloud platform communicates with the target virtual machine based on the identification information of the single virtual serial port and the target virtual machine, the aim of multiplexing the single virtual serial port of the cloud platform is fulfilled, and the data reliability is further ensured.

In some embodiments, before obtaining the data access request of the management terminal to the target virtual machine, the method further includes:

Here, before the data access request of the management terminal to the target virtual machine is obtained, the user authority of the management terminal needs to be checked, and only the management terminal with super user authority can access the target virtual machine through the cloud platform.

Here, after the verification is successful, the token information is transmitted to the management terminal. The token information is a token of the access request of the management terminal, after the login is successful, the token information is generated, the token information is returned to the management terminal, and the management terminal only needs to carry the token to request. The token information here may be a generated string of characters.

In some embodiments, the verifying the network address of the management terminal, the account name of the target virtual machine, and the account password of the target virtual machine includes:

Here, the lock key of the target virtual machine account is generated based on the network address of the management terminal and the account name of the target virtual machine. For example, the locking key of the target virtual machine account may be represented by a locking key, and after the locking key is generated, a locking record of the target virtual machine account may be found based on the locking key, where the locking record represents whether a data access request of the management terminal to the target virtual machine is locked, and the locking record of the target virtual machine account includes a locking state identifier of the target virtual machine account and a locking time of the target virtual machine account. Illustratively, the locking state of the target virtual machine account is identified as true, and represents that the locking state of the target virtual machine account is locked, and the locking record of the target virtual machine account further includes the locking time of the target virtual machine account.

Here, based on the locking state identifier and the locking time length of the target virtual machine account, determining whether the target virtual machine account is locked, and if the target virtual machine account is locked, that is, if the account verification of the target virtual machine fails, returning first information indicating that the login of the access request fails to the management terminal; if the target virtual machine account is not locked, and the state of the target virtual machine account is normal, checking whether the account password of the target virtual machine is correct, if so, returning second information indicating that the data access request is successful to the management terminal, and if not, returning third information indicating that the data access request is failed to the management terminal and updating the locking record of the target virtual machine account. Here, the locking time of the target virtual machine account is generated based on the access request time of the current target virtual machine and the locking time of the target virtual machine account. Illustratively, if the access request time of the current target virtual machine is 14:06, the locking time of the target virtual machine account is 14:00, the locking duration of the target virtual machine account is 6 minutes.

In some embodiments, the determining whether the target virtual machine account is locked based on the lock status identification and a lock duration of the target virtual machine account includes:

Acquiring the locking limit time of the target virtual machine account;

Here, the locking limit time of the target virtual machine account refers to a preset locking limit time of the target virtual machine after the target virtual machine account is locked, in which the user cannot use the locked account of the target virtual machine, and if the locking limit time is exceeded, the target virtual machine account is reset, and at this time, the user can use the locked account of the target virtual machine.

Here, when the locking state is identified as locked and the locking duration of the target virtual machine is less than the locking limit duration of the account of the target virtual machine, it is determined that the account of the target virtual machine is locked, and at this time, the management terminal cannot use the account of the locked target virtual machine. When the locking state is marked as locked and the locking time length of the target virtual machine account is greater than or equal to the limiting locking time length of the target virtual machine, the target virtual machine account is in the locking state at the moment, but the locking time length of the target virtual machine account exceeds the locking time length of the target virtual machine account, at the moment, the locking record of the target virtual machine account is reset, namely the locking mark of the target virtual machine is reset to be unlocked, the locking time length is also reset to be 0, and the management terminal can normally use the account of the target virtual machine. For example, if the lock limit duration of the target virtual machine account is 5 minutes, the lock duration of the target virtual machine account is 6 minutes. The locking duration of the target virtual machine account is 6 minutes and is 5 minutes longer than the locking limit duration of the target virtual machine account, the locking flag of the target virtual machine is reset to be unlocked, and the locking duration is also reset to be 0. If the lock flag is unlocked, determining that the target virtual machine account is not locked.

In some embodiments, the locking record further includes a number of verification failures of the target virtual machine account password, and the updating the locking record of the target virtual machine account includes:

After the verification of the account password of the target virtual machine fails, the cloud platform updates the locking record of the target virtual machine, the locking record of the target virtual machine further comprises verification failure times of the account password of the target virtual machine, if the verification failure times of the target virtual machine are equal to the verification failure limit times of the target virtual machine, the verification failure limit times of the target virtual machine are thresholds of the verification failure times of the target virtual machine, if the verification failure times of the target virtual machine exceed the thresholds, the account of the target virtual machine needs to be locked, if the verification failure times of the target virtual machine are smaller than the thresholds, the account security of the target virtual machine is still within the normal range, normal access operation can be performed, and at the moment, only the verification failure times of the account of the target virtual machine need to be updated.

In some embodiments, the method further comprises:

Here, the management terminal may also maintain the target virtual machine based on a single virtual serial port, where maintenance refers to performing unified management operations on the target virtual machine, including but not limited to, querying the target virtual machine, automatic capacity reduction and expansion of the target virtual machine, and batch startup and shutdown of the target virtual machine.

Before sending a maintenance request command of the target virtual machine, the management terminal encapsulates the maintenance command. After encapsulation, the encapsulated maintenance instruction and the identification information of the target virtual machine to be maintained are sent to the cloud platform. After the cloud platform receives the maintenance request command, analyzing the maintenance command and the identification information of the target virtual machine to be maintained to generate an analysis result in a unified format, and maintaining the target virtual machine by the analysis result in the unified format and the single virtual serial port. When the target virtual machine is maintained, the cloud platform analyzes the maintenance request command, and executes corresponding operation on the target virtual machine based on the analysis result, so that the maintenance efficiency of the target virtual machine is improved.

In some embodiments, the maintenance instructions include query instructions for the target virtual machine, the method comprising:

and sending the query result to the management terminal.

In some embodiments, the verifying the network address of the management terminal, the account name of the superuser of the cloud platform, and the account password of the superuser includes:

Here, the verification of whether the management terminal is the management terminal having the super user authority includes verification of the management terminal, the super user account, and the super user account password. The account verification for the management terminal and the super user comprises the following steps: and determining a locking key of the super user of the cloud platform based on the network address of the management terminal and the account name of the super user of the cloud platform. Determining whether the super user of the cloud platform is locked or not based on a locking record of the super user corresponding to the locking key of the super user of the cloud platform, wherein the locking record of the super user is used for indicating whether a login request of a management terminal to the super user of the cloud platform is locked or not, and the locking duration of the super user of the cloud platform is generated based on the login request moment of the super user of the current cloud platform and the locking moment of the super user of the cloud platform; if the super user of the cloud platform is locked, returning fourth information indicating that the login request of the super user fails to the management terminal; if the super user of the cloud platform is not locked, checking whether the account password of the super user is correct, if yes, returning fifth information indicating successful login to the management terminal, and if not, returning sixth information indicating failed login to the management terminal and updating the locking record of the super user of the cloud platform.

In some embodiments, the determining whether the superuser of the cloud platform is locked based on the lock status identification and the lock duration of the superuser of the cloud platform includes:

acquiring the locking limit time of the super user;

In some embodiments, the locking record further includes a number of failures in verification of the account password of the super user, and the updating the locking record of the super user of the cloud platform includes:

The present application is described in further detail below in connection with application examples. In the application example of the application, the cloud platform is an HCI platform, and the super fusion infrastructure (Hyper Converged Infrastructure, HCI) is a unified system defined by software, and has all elements of a traditional data center: storage, computing, network connection, and management. The cloud platform performs resource management and data services through application programming interfaces (APIs, application Programming Interface). The service of the website is packaged into a series of easily-identified data interfaces of the computer to be opened for a third party developer, and the action is called as an API of the opened website, and the opened API is called as an open API. The Open API service is an Open interface service of the cloud platform.

The management terminal is a user terminal, the user terminal can send a data access request to the HCI cloud platform based on a command line interface (Command Line Interface, CLI), the command line interface (Command Line Interface) is the user interface which is most widely used before the graphical user interface is popularized, a user does not usually support a mouse, a user inputs an instruction through a keyboard, and the computer executes the instruction after receiving the instruction. Also known as a Character User Interface (CUI).

The cloud platform manages Virtual Machines (VM) through VM Tools, which are Tools for sharing folders between a Virtual system and a host system, and VM Tools services, which are proxy layer services for communication between the cloud platform and the Virtual machines.

In the application example, performing batch management on the virtual machines on the cloud platform comprises privacy protection management on the virtual machines and operation and maintenance management on the virtual machines. The privacy protection management framework for the virtual machine is shown in fig. 2, and when a command is executed, the user needs to be checked to be the super user of the HCI platform, and the user name and the password of the virtual machine are correctly input, so that the privacy protection of the virtual machine is realized, and the user authority check is enhanced. The method comprises the following specific steps:

before the HCI cloud platform obtains a data access request of a user terminal to a target virtual machine, the cloud platform needs to verify the authority of a super user, and the specific implementation scheme includes:

1. the HCI obtains a login request from a super user of the user terminal.

The HCI cloud platform acquires a login request sent by the user terminal through the Openapi. The user terminal inputs a login request by running the CLI program, wherein the login request comprises an IP address of the user terminal, namely a network address, an HCI super user name, namely an account name of a super user of the cloud platform, and a password of the HCI super user name, namely an account password of the super user of the cloud platform. The CLI sends a login request to an Openapi service of the cloud platform through an https protocol, and the cloud platform acquires the login request. The HCI cloud platform and the user terminal encrypt the transport protocol through ssl (Secure Socket Layer ) with https with security, which is an http (Hyper Text Transfer Protocol, hypertext transport protocol) protocol channel with security as a target. The http-based communication method ensures the security of the transmission process through transmission encryption and identity authentication, and performs communication by specifying what message a client possibly sends to a server and what response is obtained. The main purpose of https development is to provide identity authentication for a website server and protect the privacy and integrity of exchanged data.

2. The HCI checks the network address of the user terminal, the account name of the super user of the HCI and the account password of the super user.

After the HCI receives the login request, the open api service triggers the HCI login anti-explosion process, namely the verification process of the HCI on the super user permission, as shown in fig. 3, wherein the verification process is divided into a login locking verification process and a login verification process. The login locking verification process and the login verification process are respectively carried out by a login locking verification module and a login verification process module.

And the login locking verification module analyzes the super user names of the network addresses IP and HCI of the user terminal of the login request to form a locking key, and acquires a corresponding locking record (created if the locking record does not exist) according to the locking key, wherein the locking record comprises a locking mark, namely the locking state mark and the locking moment. The lock flag includes true or false, true indicating lock, false indicating no lock. Judging whether a locking mark in the locking record, namely a locking state mark, is true, and if true, and the user name locking duration of the super user is smaller than the locking limit duration of the user name of the super user, returning fourth information, namely login failure error reporting information and locking residual time; if true and the user name locking duration of the super user is longer than the locking limit duration of the user name of the super user, resetting the locking record of the super user and determining that the user name of the super user is not locked; if the lock flag is false, the user name of the super user is determined to be unlocked.

The login verification module is used for verifying whether the account password of the super user is correct or not, returning login success information and clearing the locking record if the account password of the super user is correct; and if the verification fails, returning sixth information indicating login failure to the management terminal and updating the locking record of the super user of the HCI. Updating the lock record of the superuser of the HCI includes:

3. obtaining verification failure limit times (default 5 times) of account passwords of the super user;

if the verification failure times are equal to the maximum try times, namely the verification failure limit times, setting a locking mark as true, resetting the locking moment as the current moment, and returning login failure information and locking residual time. If the check failure times of the account passwords of the super user are smaller than the maximum try times, namely the check failure limit times, the failure times in the locking record are increased by one.

And if the verification is successful, sending token information to the user terminal, and establishing communication connection between the management terminal and the cloud platform. And checking the success of CLI login and returning token information, and caching the token information by the CLI.

4. And acquiring a data access request of the management terminal to the target virtual machine.

The data access request comprises a network address of the management terminal, an account name of the target virtual machine, an account password of the target virtual machine, and identification information of the target virtual machine, namely a virtual machine id.

At the CLI end, a user inputs a user name gust name and a password gust password of the target virtual machine. After the CLI program verifies that the user input is correct, it sends a request to the open api service via https. The VM Tools service parses the request data to obtain a virtual machine id, a virtual machine user name gust name and a password gust password.

5. And verifying the network address of the management terminal, the account name of the target virtual machine and the account password of the target virtual machine.

The HCI triggers the virtual machine login explosion-proof flow, and after the management terminal acquires the authority, the virtual machine login explosion-proof flow is the same as the HCI login explosion-proof flow, namely the flow in fig. 3, except that in the virtual machine login explosion-proof, the IP of the user terminal and the virtual machine login user name are used as locking keys.

As shown in fig. 3, the verification process is divided into a login lock verification process and a login verification process. The login locking verification process and the login verification process are respectively carried out by a login locking verification module and a login verification process module.

And logging in a locking verification module, analyzing a user name gust name and a password gust password of the virtual machine to form a locking key, and acquiring a corresponding locking record (created when the locking record does not exist) according to the locking key, wherein the locking record comprises a locking mark, namely the locking state mark and the locking moment. The lock flag includes true or false, true indicating lock, false indicating no lock. Judging whether a locking mark in the locking record, namely a locking state mark, is true, and if true, and the locking duration of the user name of the virtual machine is smaller than the locking limit duration of the user name of the virtual machine, returning first information, namely login failure error reporting information and locking residual time; if true and the locking time length of the virtual machine user name is longer than the locking limit time length of the virtual machine user name, resetting the locking record of the virtual machine user name and determining that the virtual machine user name is not locked; if the lock flag is false, it is determined that the virtual machine user name is not locked.

The login checking module is used for checking whether the user name password of the virtual machine is correct or not, and returning second information, namely login success information, if so, clearing the locking record; and if the verification fails, returning third information indicating login failure to the management terminal and updating the locking record of the user name of the virtual machine. Updating the lock record for the virtual machine username includes:

6. obtaining verification failure limit times (default 5 times) of the user name and password of the virtual machine;

if the verification failure times are equal to the maximum try times, namely the verification failure limit times, setting a locking mark as true, resetting the locking moment as the current moment, and returning login failure information and locking residual time. If the verification failure times of the user name password of the virtual machine are smaller than the maximum try times, namely the verification failure limit times, the failure times in the locking record are increased by one.

And if the verification is successful, after the virtual machine is verified to pass the login, forwarding the request data to a serial port corresponding to the virtual machine according to the virtual machine id. And after the identification information id of the single virtual serial port and the target virtual machine are communicated with the target virtual machine, performing data access on the target virtual machine, wherein the target virtual machine comprises at least one virtual machine.

In the related art, a cloud platform correspondingly manages a plurality of virtual machines, and a plurality of virtual serial port socket files exist on the cloud platform and are connected with serial port equipment on the virtual machines. The cloud platform needs to open a plurality of applications to configure different virtual serial port socket files so as to achieve the purpose of communication with virtual serial ports of different virtual machines. In the application example of the application, the communication with the target virtual machine can be performed based on the identification information of the single virtual serial port and the target virtual machine. The specific implementation mode is as follows:

the HCI super fusion platform comprises a virtual serial port interaction system, the name of the virtual serial port interaction system is G2HProxy, a user terminal can be connected with a virtual machine end application port of the G2HProxy through a TCP protocol, after the G2HProxy receives a link of the user terminal, a KCP session can be built in the G2HProxy, KCP is a UDP-based network transmission protocol (A Fast and Reliable ARQ Protocol), and a serial port application port is registered. After receiving the data of the user terminal, the serial port transmits a protocol packet to the G2HProxy in the serial port according to the KCP session, the virtual machine address (virtual machine ID) and the serial port.

The G2HProxy single virtual machine has only one virtual serial port, the serial port is not controlled by concurrency, and when the serial port and the virtual machine perform data interaction, if concurrency control is not added, the received data are disordered, so that the G2HProxy agent needs to adopt a multiplexing IO multiplexing model. Each virtual machine in the G2HProxy is provided with a pairing annular buffer zone corresponding to the virtual serial port, and the buffer zone is responsible for reading and writing data to the virtual serial port.

The data are differentiated into data sources through the protocol packets, a plurality of groups of data transmitted in a coordinated way through a plurality of outbound assemblies are received through the annular buffer, and the annular buffer data transmit the buffer data into the virtual serial port in sequence. The ring buffer area is blocked when being fully written, the data is released to the space after waiting to be output to the serial port to receive new data, and the multi-line Cheng An full read-write is internally supported.

The embodiment of the application also provides a part for realizing automatic operation and maintenance management, which specifically comprises the following steps:

and maintaining the target virtual machine based on the formatted analysis result.

In this application embodiment, the automated operation and maintenance of the virtual machine includes: the method comprises the steps of inquiring a target virtual machine, realizing automatic capacity reduction and expansion of the virtual machine and executing batch startup and shutdown of the virtual machine.

As shown in fig. 4, the query instruction for the target virtual machine includes obtaining data of the virtual machine to obtain a virtual machine data GET-VM command, which illustrates how to implement an automated operation and maintenance of the virtual machine through CLI, including: before the user terminal sends a maintenance instruction to the HCI, the cloud platform exposes an acquisition virtual machine list API (GET/HCI/vt/API/v 1/vms) through the Openapi, and the user terminal executes the following operations through the CLI:

(1) The CLI is in butt joint to acquire the virtual machine list API and package the virtual machine list API into a GET-VM command; after a command for acquiring virtual machine data is packaged, a user writes a PowerShell operation and maintenance script, calls a GET-VM command, and transmits a query parameter, namely identification information Name 'test' of a target virtual machine; the CLI analyzes the GET-VM command and the query parameter Name, and calls the cloud platform Openapi interface, wherein the GET/hci/vt/api/v1/VMs is transmitted into the query parameter name=test.

(2) And the user terminal sends a request for acquiring the virtual machine data to the HCI platform through the CLI.

(3) Analyzing the query instruction of the target virtual machine and the identification information of the target virtual machine to be queried to generate an analysis result in a uniform format; after the cloud platform receives the query request of the/hci/vt/api/v 1/vms interface, the query request is parsed to a query parameter name=test, and the query parameter is spliced into a parsing result in a unified format, namely a database SQL query statement select from VM where name like "% test".

(4) And after the cloud platform communicates with the target virtual machine based on the analysis result of the single virtual serial port and the unified format, inquiring the target virtual machine and generating an inquiry result.

And the cloud platform queries the execution database, queries the data of the virtual machine based on the instruction and the single serial port, and returns a query result to the CLI.

(5) And the cloud platform sends the query result to the user terminal.

After the user terminal receives the query result, the CLI displays the query result of the GET-VM command.

The automatic operation and maintenance further comprises the steps of realizing automatic capacity reduction and expansion based on the current virtual machine load state, and explaining how to realize the automatic capacity reduction and expansion of the virtual machine through the CLI, and specifically comprises the following steps:

(1) And writing an operation and maintenance script by a user, and calling a CLI command GET-VM at regular time to acquire the current system load information of the virtual machine.

(2) The operation and maintenance script detects that the load (CPU, memory and storage) of the virtual machine is lower than or exceeds a reasonable preset interval.

(3) The operation and maintenance script calls the CLI command Update-VM to reduce (increase) the relevant attribute configuration (CPU, memory and storage) of the virtual machine.

(4) And the operation and maintenance script immediately or at a specific time invokes the CLI command Restart-VM according to a preset strategy, and restarts the virtual machine to complete the configuration validation.

As shown in fig. 5, the automated operation and maintenance of the virtual machine further includes a batch on-off operation command for implementing the virtual machine based on the Select syntax format, specifically including:

the cloud platform exposes the GET virtual machine list API (GET/hci/vt/API/v 1/vms) through the Openapi.

And the user inputs a Get-VM-Type VM-Name 'test' start VM command, namely a maintenance command for realizing batch switching operation on and off of the virtual machine.

After the CLI check command and the parameters are correct, a request is sent to the cloud platform, the cloud platform analyzes the request parameters to obtain a complete command, namely, a virtual machine with a query Type of VM and a Name prefix of test is queried, and the starting commands are executed on the virtual machines in batches. The query operation can directly convert the attribute parameters into corresponding SQL query statements within the cloud platform.

The method for realizing batch startup and shutdown of the virtual machines in the traditional scheme comprises the following steps of: firstly, inquiring all virtual machine lists through the CLI, and additionally encoding and filtering virtual machines with the Type as VM and the Name prefix as test in the CLI; and secondly, taking the filtered virtual machine as a reference of a Start-VM command. Compared with the traditional scheme, the scheme is simple to implement and high in query efficiency (query parameters are directly mapped into index fields in a database table, query results are directly filtered by SQL query), and the method is high in expandability (pipeline operation can take the result of the last command as the input parameter of the next command).

In the embodiment of the application, the user is connected to the HCI cloud platform through the CLI, the user authority verification is enhanced, when the command is executed, the user needs to be verified to be the super user of the HCI cloud platform, and the user name and the password of the virtual machine are correctly input, so that the user can be prevented from being cracked by violence. And meanwhile, when the remote maintenance is executed, the cloud platform outputs an operation and maintenance execution result after executing. The user can combine the CLI command with advanced scripts such as PowerShell and the like to realize complex operation and maintenance management. Therefore, operation experience of the cloud platform virtual machine with more boundaries can be realized, the proxy end and the control end in the virtual machine are communicated through the serial port, network connection is not required to be established at the two ends, and configuration operation is simplified.

In order to implement the method of the embodiment of the present application, the embodiment of the present application further provides a device for managing virtual machine data, where the device for managing virtual machine data corresponds to the method for managing virtual machine data, and each step in the embodiment of the method for managing virtual machine data is also completely applicable to the embodiment of the device for managing virtual machine data. As shown in fig. 6, the virtual machine data management apparatus includes: an acquisition module 610 and a verification module 620. The acquiring module 610 is configured to acquire a data access request of a management terminal to a target virtual machine, where the management terminal is a terminal that establishes communication connection with the cloud platform based on access rights of a super user, and the data access request includes a network address of the management terminal, an account name of the target virtual machine, an account password of the target virtual machine, and identification information of the target virtual machine; the verification module 620 is configured to verify a network address of the management terminal, an account name of the target virtual machine, and an account password of the target virtual machine; and if the verification is successful, after the communication is carried out based on the identification information of the single virtual serial port and the target virtual machine, carrying out data access on the target virtual machine, wherein the target virtual machine comprises at least one virtual machine.

In some embodiments, before acquiring the data access request of the management terminal to the target virtual machine, the acquiring module 610 is further configured to acquire a login request of the super user from the management terminal, where the login request of the super user from the management terminal includes a network address of the management terminal, an account name of the cloud platform super user, and an account password of the cloud platform super user; the verification module 620 is further configured to verify a network address of the management terminal, an account name of a super user of the cloud platform, and an account password of the super user; and if the verification is successful, sending the token information to the management terminal, and establishing communication connection between the management terminal and the cloud platform.

In some embodiments, the management device of virtual machine data further includes a determining module 630, where the determining module 630 is configured to determine a locking key of the account of the target virtual machine based on the network address of the management terminal and the account name of the target virtual machine; the obtaining module 610 is further configured to obtain a locking record of the target virtual machine account based on the locking key of the target virtual machine account, where the locking record of the target virtual machine is used to indicate whether the data access request of the management terminal to the target virtual machine is locked, and the locking record of the target virtual machine account includes a locking state identifier of the target virtual machine account and a locking time of the target virtual machine account; the determining module 630 is further configured to determine whether the target virtual machine account is locked based on the locking status identifier and the locking duration of the target virtual machine account; the locking time of the target virtual machine account is generated based on the access request time of the current target virtual machine and the locking time of the target virtual machine account; the virtual machine data management device further includes a judging module 640, where the judging module 640 is configured to return first information indicating that the access request fails to login to the management terminal if the target virtual machine account is locked;

In some embodiments, the obtaining module 610 is further configured to obtain a lock limit duration of the target virtual machine; the judging module 640 is further configured to, if the locking status is identified as locked and the locking duration of the target virtual machine account is less than the locking limit duration of the target virtual machine, lock the target virtual machine account;

if the locking mark is locked and the locking time length of the target virtual machine account is greater than or equal to the limiting locking time length of the target virtual machine, resetting the locking record of the virtual machine account and determining that the target virtual machine account is not locked; if the lock flag is unlocked, determining that the target virtual machine account is not locked.

In some embodiments, the locking record further includes a verification failure number of the target virtual machine account password, the locking record of the target virtual machine account is updated, and the obtaining module 610 is configured to obtain a verification failure limit number of the target virtual machine account password; the virtual machine data management device further comprises an updating module 650, wherein the updating module 650 is further configured to update the locking state identifier to lock and obtain a locking time of the target virtual machine account if the verification failure number of the target virtual machine account password is equal to the verification failure limit number; if the verification failure times of the target virtual machine account passwords are smaller than the verification failure limit times, updating the verification failure times of the target virtual machine account.

In some embodiments, the obtaining module 610 is further configured to obtain a maintenance request command of the management terminal to the target virtual machine, where the maintenance request command includes the encapsulated maintenance instruction and identification information of the target virtual machine to be maintained; the management device of the virtual machine data further comprises an analysis module 660, wherein the analysis module 660 is used for analyzing the maintenance instruction and the identification information of the target virtual machine to be maintained to generate an analysis result in a uniform format; the virtual machine data management device further comprises a maintenance module 670, and the maintenance module 670 is further configured to maintain the target virtual machine after communicating with the target virtual machine based on the single virtual serial port and the analysis result in the unified format.

In some embodiments, the maintenance instruction includes a query instruction for the target virtual machine, and the parsing module 660 is further configured to parse the query instruction for the target virtual machine and the identification information of the target virtual machine to be queried, to generate a parsing result in a unified format; the maintenance module 670 is further configured to query the target virtual machine and generate a query result after communicating with the target virtual machine based on the single virtual serial port and the analysis result in the unified format; and sending the query result to the management terminal.

In some embodiments, the determining module 630 is further configured to determine a locking key of the superuser of the cloud platform based on the network address of the management terminal and the account name of the superuser of the cloud platform; the obtaining module 610 is further configured to obtain a locking record of the super user of the cloud platform based on the locking key of the super user of the cloud platform, where the locking record of the super user of the cloud platform includes a locking state identifier of the super user of the cloud platform and a locking time of the super user of the cloud platform; the determining module 630 is further configured to determine, based on the lock status identifier and a lock duration of the superuser of the cloud platform, whether the superuser of the cloud platform is locked, where the lock record of the superuser of the cloud platform is used to indicate whether a login request of the management terminal to the superuser of the cloud platform is locked, and the lock duration of the superuser of the cloud platform is generated based on a current login request time of the superuser of the cloud platform and a lock time of the superuser of the cloud platform; the judging module 640 is further configured to return fourth information indicating that the login request of the super user fails to the management terminal if the super user of the cloud platform is locked; if the super user of the cloud platform is not locked, checking whether the account password of the super user is correct, if yes, returning fifth information indicating successful login to the management terminal, and if not, returning sixth information indicating failed login to the management terminal and updating the locking record of the super user of the cloud platform.

In some embodiments, the obtaining module 610 is further configured to obtain a lock limit duration of the super-user; the judging module 640 is further configured to, if the locking status is identified as locked and the locking duration of the super user of the cloud platform is less than the locking limit duration of the super user of the cloud platform, lock the super user of the cloud platform; if the locking mark is locked and the locking time length of the super user of the cloud platform is greater than or equal to the limited locking time length of the super user of the cloud platform, resetting the locking record of the super user of the cloud platform and determining that the super user of the cloud platform is not locked; and if the locking mark is unlocked, determining that the super user of the cloud platform is not locked.

In some embodiments, the obtaining module 610 is further configured to obtain a verification failure limit number of account passwords of the super user; the updating module 650 is further configured to update the locking state identifier to lock and obtain a locking time of the super user of the cloud platform if the number of verification failures of the account password of the super user is equal to the number of verification failure limits; if the check failure times of the account passwords of the super user are smaller than the check failure limit times, updating the check failure times of the account passwords of the super user.

In practical application, the acquiring module 610, the checking module 620, the determining module 630, the judging module 640, the updating module 650, the analyzing module 660 and the maintaining module 670 may be implemented by a processor in the virtual machine data management device. Of course, the processor needs to run a computer program in memory to implement its functions.

It should be noted that: in the virtual machine data management apparatus provided in the above embodiment, only the division of each program module is used for illustration when virtual machine data management is performed, and in practical application, the processing allocation may be performed by different program modules according to needs, that is, the internal structure of the apparatus is divided into different program modules, so as to complete all or part of the processing described above. In addition, the management device for virtual machine data provided in the above embodiment and the method embodiment for managing virtual machine data belong to the same concept, and detailed implementation processes of the device and the method embodiment are detailed and are not repeated herein.

Based on the hardware implementation of the program modules, and in order to implement the method of the embodiment of the application, the embodiment of the application also provides a management device for virtual machine data. Fig. 7 shows only an exemplary structure of the management apparatus of virtual machine data, not all of which, part or all of the structure shown in fig. 7 may be implemented as needed.

As shown in fig. 7, a management apparatus 700 for virtual machine data provided in an embodiment of the present application includes: at least one processor 701, memory 702, a user interface 703, and at least one network interface 704. The various components in the management apparatus 700 of virtual machine data are coupled together by a bus system 705. It is to be appreciated that the bus system 705 is employed to facilitate connection communications between these components. The bus system 705 includes a power bus, a control bus, and a status signal bus in addition to the data bus. But for clarity of illustration, the various buses are labeled as bus system 705 in fig. 7.

The user interface 703 may include, among other things, a display, keyboard, mouse, trackball, click wheel, keys, buttons, touch pad, or touch screen, etc.

The memory 702 in the embodiments of the present application is used to store various types of data to support the operation of the management device for virtual machine data. Examples of such data include: any computer program for operating on a management device for virtual machine data.

The virtual machine data management method disclosed in the embodiments of the present application may be applied to the processor 701 or implemented by the processor 701. The processor 701 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the virtual machine data management method may be performed by integrated logic circuits of hardware in the processor 701 or instructions in the form of software. The processor 701 may be a general purpose processor, a digital signal processor (DSP, digital Signal Processor), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 701 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly embodied in a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, where the storage medium is located in a memory 702, and the processor 701 reads information in the memory 702, and in combination with hardware, performs the steps of the method for managing virtual machine data provided in the embodiments of the present application.

In an exemplary embodiment, the management device of virtual machine data may be implemented by one or more application specific integrated circuits (ASIC, application Specific Integrated Circuit), DSPs, programmable logic devices (PLD, programmable Logic Device), complex programmable logic devices (CPLD, complex Programmable Logic Device), field programmable gate arrays (FPGA, field Programmable Gate Array), general purpose processors, controllers, microcontrollers (MCU, micro Controller Unit), microprocessors (Microprocessor), or other electronic elements for performing the aforementioned methods.

It is to be appreciated that the memory 702 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Wherein the nonvolatile Memory may be Read Only Memory (ROM), programmable Read Only Memory (PROM, programmable Read-Only Memory), erasable programmable Read Only Memory (EPROM, erasable Programmable Read-Only Memory), electrically erasable programmable Read Only Memory (EEPROM, electrically Erasable Programmable Read-Only Memory), magnetic random access Memory (FRAM, ferromagnetic random access Memory), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk Read Only Memory (CD-ROM, compact Disc Read-Only Memory); the magnetic surface memory may be a disk memory or a tape memory. The volatile memory may be random access memory (RAM, random Access Memory), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (SRAM, static Random Access Memory), synchronous static random access memory (SSRAM, synchronous Static Random Access Memory), dynamic random access memory (DRAM, dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (ddr SDRAM, double Data Rate Synchronous Dynamic Random Access Memory), enhanced synchronous dynamic random access memory (ESDRAM, enhanced Synchronous Dynamic Random Access Memory), synchronous link dynamic random access memory (SLDRAM, syncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, direct Rambus Random Access Memory). The memory described in the embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.

In an exemplary embodiment, the present application further provides a storage medium, i.e. a computer storage medium, which may be specifically a computer readable storage medium, for example, including a memory 702 storing a computer program, where the computer program may be executed by the processor 701 of the virtual machine data management device to complete the steps described in the method of the embodiment of the present application. The computer readable storage medium may be ROM, PROM, EPROM, EEPROM, flash Memory, magnetic surface Memory, optical disk, or CD-ROM.

It should be noted that: "first," "second," etc. are used to distinguish similar objects and not necessarily to describe a particular order or sequence.

In addition, the embodiments described in the present application may be arbitrarily combined without any collision.

The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for managing virtual machine data, applied to a cloud platform, the method comprising:

2. The method of claim 1, wherein prior to obtaining the data access request from the management terminal to the target virtual machine, the method further comprises:

3. The method of claim 1, wherein verifying the network address of the management terminal, the account name of the target virtual machine, and the account password of the target virtual machine comprises:

4. The method of claim 3, wherein the determining whether the target virtual machine account is locked based on the lock status identification and a lock duration of the target virtual machine account comprises:

acquiring the locking limit time of the target virtual machine;

5. The method of claim 3, wherein the lock record further comprises a number of verification failures of the target virtual machine account password, the updating the lock record of the target virtual machine account comprising:

6. The method according to claim 1, wherein the method further comprises:

7. The method of claim 6, wherein the maintenance instruction comprises a query instruction to the target virtual machine, the method comprising:

and sending the query result to a management terminal.

8. The method according to claim 2, wherein verifying the network address of the management terminal, the account name of the superuser of the cloud platform, and the account password of the superuser comprises:

9. The method of claim 8, wherein the determining whether the superuser of the cloud platform is locked based on the lock status identification and a lock duration of the superuser of the cloud platform comprises:

Acquiring the locking limit time of the super user;

10. The method of claim 8, wherein the lock record further comprises a number of failures to verify the account password of the superuser, and wherein updating the lock record of the superuser of the cloud platform comprises:

11. A virtual machine data management apparatus, the apparatus comprising:

12. A virtual machine data management apparatus, comprising: a processor and a memory for storing a computer program capable of running on the processor, wherein,

The processor being adapted to perform the steps of the method of any of claims 1 to 10 when the computer program is run.

13. A computer storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the method of any of claims 1 to 10.