TWI506470B - The IP Routing Level Control System and Its Method on Multi - virtual Desktop Service - Google Patents

The IP Routing Level Control System and Its Method on Multi - virtual Desktop Service Download PDF

Info

Publication number
TWI506470B
TWI506470B TW102139007A TW102139007A TWI506470B TW I506470 B TWI506470 B TW I506470B TW 102139007 A TW102139007 A TW 102139007A TW 102139007 A TW102139007 A TW 102139007A TW I506470 B TWI506470 B TW I506470B
Authority
TW
Taiwan
Prior art keywords
service
desktop
user
management
client system
Prior art date
Application number
TW102139007A
Other languages
Chinese (zh)
Other versions
TW201516735A (en
Original Assignee
Chunghwa Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Telecom Co Ltd filed Critical Chunghwa Telecom Co Ltd
Priority to TW102139007A priority Critical patent/TWI506470B/en
Publication of TW201516735A publication Critical patent/TW201516735A/en
Application granted granted Critical
Publication of TWI506470B publication Critical patent/TWI506470B/en

Links

Description

跨多虛擬桌面服務上的IP路由層級管控系統及其方法IP routing hierarchical management system and method thereof across multiple virtual desktop services

本發明提供一種應用於跨虛擬桌面環境之集中式網路服務管控機制。管理者可以依照區域建立多個虛擬桌面環境,提供使用者因不同地域上的不同而登入不同桌面環境;本發明可以依照其登入資訊,來提供層級式的網路服務存取權限管理功能。The present invention provides a centralized network service management mechanism applied to a virtual desktop environment. The administrator can establish multiple virtual desktop environments according to the region, and provide users with different localities to log in to different desktop environments. The present invention can provide hierarchical network service access rights management functions according to the login information.

近幾年企業開始整合雲端服務來提供集中式的資訊系統與資料庫工作環境;且為了符合資訊安全和遠距辦公等目的,企業員工開始透過虛擬桌面連線方式,來介接企業中央伺服器系統的資訊系統,進行個人工作。在現有架構下,遠端虛擬桌面技術主要是提供靜態的路由管控方式,且無法依照使用者身分來達成分級管控。中華民國專利申請案號第101116795號”雲端虛擬桌面應用之網路服務等級與功能的管控方法”提出一服務接取器機制,可依照使用者登入時之身分,來管控使用者的網路存取服務。但此方式只受限於單一虛擬桌面之環境下,當使用者在跨桌面雲之環境下,會造成雲端虛擬桌面需要各別獨立管控,無法共用集中管控使用者網路環境,無法彈性擴充桌面雲服務。再者,當使用者移動至不同的辦公室工作時,桌面環境的服務機房也可能會有所改變;在此情境下,如果直接在各個機房設定 靜態管控或以上述專利方法實施的話,容易造成整個網路管控效能不彰,此方式也易造成網管人員的負擔與整體機房的建置成本增加。In recent years, enterprises have begun to integrate cloud services to provide a centralized information system and database working environment; and in order to meet the purposes of information security and remote office, employees have begun to interface with the enterprise central server through virtual desktop connection. The system's information system for personal work. In the existing architecture, the remote virtual desktop technology mainly provides a static routing control method, and cannot achieve hierarchical management and control according to the user identity. The Republic of China Patent Application No. 101116795 "Management Method for Network Service Level and Function of Cloud Virtual Desktop Application" proposes a service access mechanism to control the user's network storage according to the identity of the user when logging in. Take the service. However, this method is only limited to the environment of a single virtual desktop. When the user is in a cross-desktop cloud environment, the virtual desktop of the cloud needs to be independently controlled, and the network environment of the user can not be shared and controlled. cloud service. Furthermore, when the user moves to work in a different office, the service room of the desktop environment may also change; in this case, if it is set directly in each computer room Static control or implementation by the above patented method is likely to cause the overall network management and control performance to be ineffective. This method is also likely to cause the burden on the network management personnel and the construction cost of the overall equipment room.

由此可見,上述習用方式仍有諸多缺失,實非一良善之設計,而亟待加以改良。It can be seen that there are still many shortcomings in the above-mentioned methods of use, which is not a good design, but needs to be improved.

為解決上述議題,本發明可以達到依不同使用者在跨虛擬桌面伺服器系統時,中控平台會自動地依照使用者桌面環境配發情形,來產生使用者的網路管控規則;並將此網路管控規則導至使用者桌面環境機房之網路管控設備,以達成自動化管理之功能。本發明之管理系統並可自動針對每一個使用者所取得的桌面環境,來產生對應的網路服務管控功能,限制該每一個使用者隸屬於一個特定的服務群組,並且針對該服務群組設定可存取之網路服務,提供企業一套簡易管理、有效率、可擴充且具網路安全性管理之桌面服務方法。In order to solve the above problems, the present invention can realize that according to different users, when the virtual desktop server system is used, the central control platform automatically generates the user's network management rules according to the user desktop environment allocation situation; The network management rules lead to the network management equipment of the user's desktop environment computer room to achieve the function of automatic management. The management system of the present invention can automatically generate a corresponding network service management function for each desktop environment obtained by each user, restricting each user to belong to a specific service group, and targeting the service group Set up accessible network services to provide a simple, managed, efficient, scalable, and secure network management approach to desktop services.

為達成上述發明跨多虛擬桌面工作服務環境功能,可分為四部份:服務接取器、桌面服務配置代理人、中央服務管理伺服器與網路服務管控裝置。In order to achieve the above-mentioned invention, the function of the multi-virtual desktop work service environment can be divided into four parts: a service access device, a desktop service configuration agent, a central service management server, and a network service control device.

服務接取器會預先安裝在各個虛擬桌面環境之下,並且提供下列功能:The service picker is pre-installed under each virtual desktop environment and provides the following features:

1. 當使用者在登入桌面工作階段伺服器時,協助代理向DHCP伺服器取得使用者虛擬桌面服務IP位址配置。1. When the user logs in to the desktop session server, the agent assists the agent to obtain the user virtual desktop service IP address configuration from the DHCP server.

2. 桌面工作階段伺服器能夠與桌面服務配置代理人溝通,當使用者完成 登入與取得IP配發後,可將其IP配發資訊提供桌面服務配置代理人,以便完成後端網路管控功能。2. The desktop session server can communicate with the desktop service configuration agent when the user completes After logging in and obtaining IP distribution, the IP distribution information can be provided to the desktop service configuration agent to complete the back-end network management function.

桌面服務配置代理人的提供下列功能:The Desktop Services Configuration Agent provides the following features:

1. 當使用者客戶端向桌面服務配置代理人請求連線登入時,桌面服務配置代理人會協助使用者依照其使用者客戶端IP位址,來決定後端連線桌面環境的配置資訊。1. When the user client requests a connection login from the desktop service configuration agent, the desktop service configuration agent will assist the user to determine the configuration information of the back-end connection desktop environment according to the user client IP address.

2. 使用者完成桌面登入請求後,桌面服務配置代理人會透過和服務接取器溝通之方法,取得使用者IP位址配發資訊,並且加入使用者身分、客戶端連線作業系統、遠端桌面系統配置資訊。此時,使用者必需透過此桌面服務配置代理人向網路服務管控裝置請求使用者之服務授權,方可提供使用者桌面之外部網路存取功能。2. After the user completes the desktop login request, the desktop service configuration agent will obtain the user IP address allocation information through the method of communication with the service access device, and join the user identity, the client connection operation system, and the far Desktop desktop system configuration information. At this time, the user must use the desktop service configuration agent to request the user's service authorization from the network service control device to provide the external network access function of the user desktop.

中央服務管理伺服器提供管理者設定使用者存取服務之介面功能。管理者可以依照客戶端連線資訊,分別設定使用者不同層級的桌面網路服務功能。桌面服務配置代理人在使用者登入桌面環境後,代理使用者主動向中央服務管理伺服器註冊登入資訊,中央服務管理伺服器會依據其註冊資訊,計算其最適合的網路管控服務列表,並且主動將其服務列表資訊派送至使用者登入桌面之網路服務管控裝置設置。網路服務管控裝置在接收後端服務管理伺服器使用者服務列表資訊後,會針對其資訊來設置其使用者網路連線服務,以達成使用者桌面網路存取管控服務。The central service management server provides the interface function for the administrator to set the user access service. The administrator can set the desktop network service functions of different levels of the user according to the connection information of the client. After the user logs into the desktop environment, the proxy service agent actively registers the login information with the central service management server, and the central service management server calculates the most suitable network management service list according to the registration information, and Actively send its service list information to the network service management device settings that the user logs into the desktop. After receiving the backend service management server user service list information, the network service control device sets its user network connection service for its information to achieve the user desktop network access control service.

根據本發明依實施例,結合虛擬桌面網路服務環境功能包含以下步驟:According to an embodiment of the invention, the combination of the virtual desktop network service environment function comprises the following steps:

1. 客戶端設備利用桌面服務配置代理人取得桌面工作階段伺服器連線位 址,並開始向桌面工作階段伺服器請求提供登入工作環境,並且進行身分認證。1. The client device uses the desktop service configuration agent to obtain the desktop working session server connection bit. Address, and began to provide a login working environment to the desktop workflow server request, and identity authentication.

2. 桌面工作階段伺服器將使用者認證資訊送交給認證伺服器認證其認證資訊是否正確。2. The desktop session server sends the user authentication information to the authentication server to verify that the authentication information is correct.

3. 認證伺服器確認使用者認證資訊過後,認證伺服器認證回傳通過認證之訊息給允許登入桌面工作階段伺服器。3. After the authentication server confirms the user authentication information, the authentication server authentication returns the authentication message to the desktop workflow server.

4. 桌面工作階段伺服器透過服務接取器向DHCP伺服器提出虛擬桌面服務IP位址配發申請動作,將配發動態IP位址訊息回傳給予服務接取器。4. The desktop working stage server submits a virtual desktop service IP address allocation application action to the DHCP server through the service access device, and sends the distributed dynamic IP address information back to the service access device.

5. 服務接取器在取得使用者桌面IP配發後,將其資訊回傳給桌面服務配置代理人。桌面服務配置代理人將接收至的IP資訊與使用者桌面環境配置資訊,整理成一定之溝通格式後,送出管控請求給中央服務管理伺服器查詢其使用者之分群服務列表。5. After the service picker obtains the user's desktop IP distribution, it relays its information back to the desktop service configuration agent. After the desktop service configuration agent organizes the received IP information and the user desktop environment configuration information into a certain communication format, the management service request is sent to the central service management server to query the user's group service list.

6. 中央服務管理伺服器在接受到桌面服務配置代理人管控請求與相關使用者登入資訊後,先計算最適當的網路服務存取列表,並且記錄在資料庫系統中,再將其管控資訊傳送至使用者桌面對應之網路服務管控裝置。6. After receiving the desktop service configuration proxy control request and related user login information, the central service management server first calculates the most appropriate network service access list, and records it in the database system, and then controls the information. Transfer to the network service control device corresponding to the user's desktop.

7. 當網路服務管控裝置接收到中央服務管理伺服器送出之管控資訊後,會依序設置其使用者網路連線,完成使用者桌面登入之網路服務管控。7. When the network service control device receives the control information sent by the central service management server, it will set its user network connection in sequence to complete the network service management and control of the user desktop login.

8. 當使用者提出結束工作環境連線後,服務接取器將結束訊息發送給桌面服務配置代理人;桌面服務配置代理人再傳送使用者連線資訊給中央服務管理伺服器後,中央服務管理伺服器會從資料庫移除目前使用 者登入資訊,並向使用者對應之網路服務管控裝置提出取消桌面服務IP位址相關系統管控功能。最後,服務接取器向DHCP伺服器提出回收虛擬桌面服務IP位址配發工作。8. After the user proposes to end the working environment connection, the service picker will send the end message to the desktop service configuration agent; after the desktop service configuration agent transmits the user connection information to the central service management server, the central service The management server will remove the current use from the database. Log in to the information and propose to the user's corresponding network service control device to cancel the system management and control functions related to the desktop service IP address. Finally, the service picker proposes to the DHCP server to reclaim the virtual desktop service IP address allocation work.

本發明提供一種跨多虛擬桌面服務上的IP路由層級管控系統,包括:一桌面服務配置代理人,係為一中介裝置,提供與客戶端系統和後端服務系統之溝通協定,協助客戶端系統登入後服務開通,該桌面服務配置代理人,係辨別客戶端系統之來源IP位址,提供客戶端系統的使用者桌面請求之服務轉導功能、收集使用者登入桌面相關連線資訊、向網路服務管控裝置提出服務管控;一服務接取器,設於一桌面工作階段伺服器上,係進行客戶端系統的使用者登入資訊的訊息傳遞,該服務接取器,係協助客戶端系統的使用者桌面配發資訊傳遞給該桌面服務配置代理人以及協助客戶端系統的使用者請求工作環境之虛擬桌面服務IP位址配發;一中央服務管理伺服器,係提供企業管理者設定相關客戶端系統的使用者服務資訊設定,其中該中央服務管理伺服器只接受該桌面服務配置代理人之服務溝通需求;以及一網路服務管控裝置,係提供客戶端系統的使用者桌面後之網路服務管控,其中該網路服務管控裝置只接受該中央服務管理伺服器針對客戶端系統的使用者網路服務設定之功能。The invention provides an IP routing hierarchical management system across multiple virtual desktop services, comprising: a desktop service configuration agent, which is an intermediary device, provides a communication agreement with the client system and the backend service system, and assists the client system. After the login, the service is opened. The desktop service configuration agent identifies the source IP address of the client system, provides the service transduction function of the user desktop request of the client system, collects the relevant connection information of the user login desktop, and the network. The service control device provides service control; a service access device is provided on a desktop work server to transmit information of the user login information of the client system, and the service access device assists the client system. The user desktop distribution information is transmitted to the desktop service configuration agent and the user of the client system requests the virtual desktop service IP address allocation of the working environment; a central service management server provides the enterprise manager to set related customers. User service information setting of the end system, wherein the central service management server only accepts the The service provisioning service of the agent service agent; and a network service management device, which provides network service management and control of the user's desktop of the client system, wherein the network service control device only accepts the central service management server for The function of the user network service setting of the client system.

其中該服務接取器,係安裝至包括遠端桌面、虛擬桌面以及任一具備連網工作階段伺服器。其中該服務接取器,係提供標準DHCP配發協定來協助客戶端系統的使用者請求虛擬桌面服務IP位址配發功能。其中該桌面服務配置代理人,係接受客戶端系統的使用者桌面服務請求,並且提供自動使用者桌面轉導功能。其中該桌面服務配置代理人,係透過網路通 訊協定向該網路服務管控裝置請求與解除服務管控,在請求服務管控時,會提供該網路服務管控裝置管控客戶端系統的使用者存取之虛擬桌面服務IP位址與其服務列表,在解除管控時,會提供該網路服務管控裝置其解除管控客戶端系統的使用者之虛擬桌面服務IP。其中該網路服務管控裝置更包含一網路服務管控模組,係接受該網路服務管控裝置之服務管控請求。其中該中央服務管理伺服器更包含一管理介面,係提供企業管理者於該此管理介面下,設定客戶端系統的使用者服務管控列表。The service picker is installed to include a remote desktop, a virtual desktop, and any networked session server. The service access device provides a standard DHCP distribution protocol to assist the user of the client system to request the virtual desktop service IP address allocation function. The desktop service configuration agent accepts the user desktop service request of the client system and provides automatic user desktop forwarding. The desktop service configuration agent is through the network. The protocol requests and deactivates the service control from the network service control device. When requesting service management, the network service control device controls the virtual desktop service IP address and its service list accessed by the user of the client system. When the management is released, the network service management device provides the virtual desktop service IP of the user who manages the client system. The network service management device further includes a network service management module, which accepts the service control request of the network service control device. The central service management server further includes a management interface, which is provided by the enterprise administrator to set a user service control list of the client system under the management interface.

本發明提供一種跨多虛擬桌面服務上的IP路由層級管控方法,步驟如下:A. 客戶端系統利用一桌面服務配置代理人取得桌面工作階段伺服器連線位址,並開始向桌面工作階段伺服器請求提供登入工作環境,並且進行身分認證;B. 該桌面工作階段伺服器將客戶端系統的使用者認證資訊送交給認證伺服器認證其認證資訊是否正確;C. 認證伺服器確認客戶端系統的使用者認證資訊過後,認證伺服器認證回傳通過認證之訊息給允許登入桌面工作階段伺服器;D. 桌面工作階段伺服器透過一服務接取器向DHCP伺服器提出虛擬桌面服務IP位址配發申請動作,將配發動態IP位址訊息回傳給予該服務接取器;E. 該服務接取器在取得客戶端系統的使用者桌面IP配發後,將其資訊回傳給該桌面服務配置代理人,該桌面服務配置代理人將接收至的IP資訊與客戶端系統的使用者桌面環境配置資訊,整理成一定之溝通格式後, 送出管控請求給一中央服務管理伺服器並查詢客戶端系統的使用者之分群服務列表;F. 該中央服務管理伺服器在接受到該桌面服務配置代理人管控請求與客戶端系統的使用者登入資訊後,先計算最適當的網路服務存取列表,並且記錄在資料庫系統中,再將其管控資訊傳送至客戶端系統的使用者桌面對應之一網路服務管控裝置;G. 當該網路服務管控裝置接收到該中央服務管理伺服器送出之管控資訊後,會依序設置其客戶端系統的使用者網路連線,完成客戶端系統的使用者桌面登入之網路服務管控;H. 當客戶端系統的使用者提出結束工作環境連線後,該服務接取器將結束訊息發送給該桌面服務配置代理人,該桌面服務配置代理人再傳送客戶端系統的使用者連線資訊給該中央服務管理伺服器後,該中央服務管理伺服器會從資料庫移除目前客戶端系統的使用者登入資訊,並向客戶端系統的使用者對應之該網路服務管控裝置提出取消桌面服務IP位址相關系統管控;以及I. 服務接取器向DHCP伺服器提出回收虛擬桌面服務IP位址配發工作。The invention provides an IP routing hierarchical management and control method across multiple virtual desktop services, and the steps are as follows: A. The client system uses a desktop service configuration agent to obtain a desktop working session server connection address, and starts to serve to the desktop working stage. Request to provide a login working environment and perform identity authentication; B. The desktop workflow server sends the user authentication information of the client system to the authentication server to verify whether the authentication information is correct; C. The authentication server confirms the client After the user authentication information of the system is passed, the authentication server authenticates the message passing the authentication to allow the login to the desktop workflow server; D. The desktop workflow server submits the virtual desktop service IP address to the DHCP server through a service access device. Address allocating the application, and transmitting the dynamic IP address message back to the service picker; E. The service picker returns the information to the user desktop IP address of the client system The desktop service configuration agent, the desktop service configuration agent will receive the IP information and the client system of the client system After you configure the IT environment, organized into some form of communication, Sending a control request to a central service management server and querying a list of users of the client system; F. the central service management server accepts the desktop service configuration agent control request and user login of the client system After the information, first calculate the most appropriate network service access list, and record it in the database system, and then transfer its management information to one of the user service desktops of the client system; G. After receiving the control information sent by the central service management server, the network service control device sequentially sets the user network connection of the client system to complete the network service management and control of the user desktop login of the client system; H. After the user of the client system proposes to end the working environment connection, the service picker sends an end message to the desktop service configuration agent, and the desktop service configuration agent transmits the user connection of the client system. After the information is sent to the central service management server, the central service management server will remove the current client system from the database. Log in to the information and propose to the network service control device corresponding to the user of the client system to cancel the system management of the desktop service IP address; and I. the service picker proposes to recycle the virtual desktop service IP address to the DHCP server. Distribute work.

其中該服務接取器,係安裝至包括遠端桌面、虛擬桌面以及任一具備連網工作階段伺服器。其中該服務接取器,係提供標準DHCP配發協定來協助客戶端系統的使用者請求虛擬桌面服務IP位址配發功能。其中該桌面服務配置代理人,係接受客戶端系統的使用者桌面服務請求,並且提供自動使用者桌面轉導功能。其中該桌面服務配置代理人,係透過網路通訊協定向該網路服務管控裝置請求與解除服務管控,在請求服務管控時,會 提供該網路服務管控裝置管控客戶端系統的使用者存取之虛擬桌面服務IP位址與其服務列表,在解除管控時,會提供該網路服務管控裝置其解除管控客戶端系統的使用者之虛擬桌面服務IP。其中該網路服務管控裝置更包含一網路服務管控模組,係接受該網路服務管控裝置之服務管控請求。其中該中央服務管理伺服器更包含一管理介面,係提供企業管理者於該此管理介面下,設定客戶端系統的使用者服務管控列表。The service picker is installed to include a remote desktop, a virtual desktop, and any networked session server. The service access device provides a standard DHCP distribution protocol to assist the user of the client system to request the virtual desktop service IP address allocation function. The desktop service configuration agent accepts the user desktop service request of the client system and provides automatic user desktop forwarding. The desktop service configuration agent requests and deactivates the service control device from the network service control device through a network communication protocol, and when requesting service management and control, Providing the network service management device to control the virtual desktop service IP address and the service list accessed by the user of the client system, and when the management is released, the network service control device is provided to release the user of the control client system Virtual desktop service IP. The network service management device further includes a network service management module, which accepts the service control request of the network service control device. The central service management server further includes a management interface, which is provided by the enterprise administrator to set a user service control list of the client system under the management interface.

本發明提供的跨多虛擬桌面服務上的IP路由層級管控系統及其方法,係可跨多虛擬桌面工作環境之網路服務管理平台,與其他習用技術相互比較時,更具備下列優點:The IP routing hierarchical management system and method thereof across multiple virtual desktop services provided by the present invention are network service management platforms that can span multiple virtual desktop working environments, and have the following advantages when compared with other conventional technologies:

1. 本發明可提依照使用者登入環境,自動化且動態地提供服務管控功能,可達到跨機房的資源共享、降低設備成本與改善管理和使用的困難度。1. The present invention can provide service management and control functions automatically and dynamically according to the user login environment, which can achieve resource sharing across the equipment room, reduce equipment costs, and improve management and use difficulties.

2. 本發明可提供快速及簡單的管理部署服務方式。管理者只需在服務管理平台設定相關使用者服務,即可達到使用者服務之管控功能。2. The present invention provides a quick and easy way to manage deployment services. The administrator only needs to set relevant user services on the service management platform to achieve the control function of the user service.

上列詳細說明係針對本發明之一可行實施例之具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the preferred embodiments of the present invention is intended to be limited to the scope of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.

綜上所述,本案不但在空間型態上確屬創新,並能較習用物品增進上述多項功效,應已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。In summary, this case is not only innovative in terms of space type, but also can enhance the above-mentioned multiple functions compared with the customary items. It should fully meet the statutory invention patent requirements of novelty and progressiveness, and apply for it according to law. This invention patent application, in order to invent invention, to the sense of virtue.

101‧‧‧桌面工作階段伺服器101‧‧‧Desktop Work Server

102‧‧‧服務接取器102‧‧‧Service picker

103‧‧‧網路服務管控裝置103‧‧‧Network service control device

104‧‧‧DHCP伺服器104‧‧‧DHCP server

105‧‧‧有線網路105‧‧‧Wired network

201‧‧‧客戶端設備201‧‧‧Client equipment

202‧‧‧企業內部網路/外部網際網路202‧‧‧Intranet/External Internet

203‧‧‧有線網路/無線網路203‧‧‧Wired network/wireless network

204‧‧‧認證伺服器204‧‧‧Authentication server

205‧‧‧虛擬桌面網路服務管控模組205‧‧‧Virtual Desktop Network Service Management Module

206‧‧‧有線網路206‧‧‧Wired network

207‧‧‧中央服務管理伺服器207‧‧‧Central Service Management Server

208‧‧‧桌面服務配置代理人208‧‧‧Desktop Service Configuration Agent

301~310‧‧‧步驟流程301~310‧‧‧Step process

401~406‧‧‧步驟流程401~406‧‧‧Step process

第1圖為虛擬桌面網路服務管控模組架構示意圖。The first picture shows the architecture of the virtual desktop network service management module.

第2圖為本發明之跨多虛擬桌面網路服務管控裝置示意圖。FIG. 2 is a schematic diagram of a multi-virtual desktop network service management and control device according to the present invention.

第3圖為本發明之使用者登入桌面環境並結合本發明虛擬桌面網路服務方法流程圖。FIG. 3 is a flow chart of a method for a user of the present invention to log in to a desktop environment in combination with the virtual desktop network service method of the present invention.

第4圖為本發明之使用者結束工作連線結合本發明虛擬桌面網路服務方法流程圖。Figure 4 is a flow chart of the method for ending the working connection of the user of the present invention in combination with the virtual desktop network service method of the present invention.

為利 貴審查委員了解本發明之技術特徵、內容與優點及其所能達到之功效,茲將本發明配合附圖,並以實施例之表達形式詳細說明如下,而其中所使用之圖式,其主旨僅為示意及輔助說明書之用,未必為本發明實施後之真實比例與精準配置,故不應就所附之圖式的比例與配置關係解讀、侷限本發明於實際實施上的權利範圍,合先敘明。The technical features, contents, and advantages of the present invention, as well as the advantages thereof, can be understood by the reviewing committee, and the present invention will be described in detail with reference to the accompanying drawings. The subject matter is only for the purpose of illustration and description. It is not intended to be a true proportion and precise configuration after the implementation of the present invention. Therefore, the scope and configuration relationship of the attached drawings should not be interpreted or limited. First described.

請參閱第1圖,如圖所示,為虛擬桌面網路服務管控模組架構示意圖。其中在一虛擬桌面網路服務管控模組205架構中,桌面工作階段伺服器101、服務接取器102、網路服務管控裝置103、DHCP伺服器104與有線網路105被建構成一獨立桌面登入環境模組,以提供前端客戶的個人桌面連線服務。桌面工作階段伺服器101透過有線網路105與網路服務管控裝置103連接,並且設定網路服務管控裝置103之提供路由服務之路由器IP位址為預設網路閘道。網路服務管控裝置103利用有線網路105和服務接取器102溝通。服務接取器102透過有線網路105,來協助客戶端設 備201之桌面環境連線從DHCP伺服器104取得虛擬桌面服務IP位址配發資訊,並將其虛擬桌面服務IP位址配發資訊給予桌面工作階段伺服器101,以提供使用者連線桌面環境之網路服務。Please refer to Figure 1 for the schematic diagram of the virtual desktop network service management module architecture. In a virtual desktop network service management module 205 architecture, the desktop workflow server 101, the service accessor 102, the network service management device 103, the DHCP server 104, and the wired network 105 are constructed as a separate desktop. Log in to the environment module to provide front-end customers' personal desktop connection services. The desktop session server 101 is connected to the network service control device 103 via the wired network 105, and the router IP address of the network service management device 103 providing the routing service is set as a preset network gateway. The network service management device 103 communicates with the service accessor 102 using the wired network 105. The service picker 102 assists the client through the wired network 105. The desktop environment connection of the standby 201 obtains the virtual desktop service IP address allocation information from the DHCP server 104, and gives the virtual desktop service IP address allocation information to the desktop workflow server 101 to provide the user to connect the desktop. Environmental network services.

請參閱第2圖,如圖所示,為本發明之跨多虛擬桌面網路服務管控裝置示意圖,此系統可以安裝多個虛擬桌面網路服務管控模組205,以提供使用者桌面服務。使用者客戶端設備201透過有線網路/無線網路203跟桌面服務配置代理人208請求桌面服務,桌面服務配置代理人208會依其使用者客戶端設備201來源IP位址與設備資訊,決定使用者客戶端設備201該連線至那一虛擬桌面網路服務管控模組205,並將相關資訊回傳給使用者客戶端設備201,以完成桌面請求。使用者客戶端設備201再依桌面服務配置代理人208提供的虛擬桌面網路服務管控模組205資訊,開始透過有線網路/無線網路203來跟虛擬桌面網路服務管控模組205的桌面工作階段伺服器101請求桌面登入;此虛擬桌面網路服務管控模組205的服務接取器102可以透過虛擬桌面網路服務管控模組205的有線網路105連接有線網路206將使用者登入資訊提供給桌面服務配置代理人208;桌面服務配置代理人208在接受到使用者登入資訊後,可以將其資訊整理並以特定安全加密格式,透過有線網路206傳送給中央服務管理伺服器207。中央服務管理伺服器207在接收其登入資訊後,計算出最適之使用者存取權限與產生相關網路路由列表,透過有線網路206,以安全加密之格式,與使用者請求連線的虛擬桌面網路服務管控模組205之網路服務管控裝置103溝通,完成使用者存取企業內部網路/外部網際網路202之網路路由管控。Please refer to FIG. 2 , which is a schematic diagram of a multi-virtual desktop network service management device according to the present invention. The system can install a plurality of virtual desktop network service management modules 205 to provide user desktop services. The user client device 201 requests the desktop service through the wired network/wireless network 203 and the desktop service configuration agent 208. The desktop service configuration agent 208 determines the source IP address and device information of the user client device 201. The user client device 201 connects to the virtual desktop network service management module 205 and transmits relevant information back to the user client device 201 to complete the desktop request. The user client device 201 starts to use the virtual desktop network service management module 205 information provided by the desktop service configuration agent 208 to start the desktop of the virtual desktop network service management module 205 through the wired network/wireless network 203. The session server 101 requests desktop login; the service adapter 102 of the virtual desktop network service management module 205 can connect to the wired network 206 through the wired network 105 of the virtual desktop network service management module 205 to log in the user. The information is provided to the desktop service configuration agent 208; after receiving the user login information, the desktop service configuration agent 208 can organize the information and transmit it to the central service management server 207 via the wired network 206 in a specific secure encryption format. . After receiving the login information, the central service management server 207 calculates an optimal user access right and generates a related network routing list, and communicates with the user in a secure encrypted format through the wired network 206. The network service management device 103 of the desktop network service management module 205 communicates to complete the network access management and control of the user's internal network/external Internet 202.

本發明之客戶端設備201可以包括:桌上型電腦、筆記型電 腦、PDA、智慧型手機、精簡型終端(Thin Client)等具備IP位址連網功能的設備。有線網路206的環境可以是網際網路或是企業內部的私有網路。桌面工作階段伺服器101提供的工作環境服務可包含遠端桌面服務、虛擬桌面服務等使用者常用工作環境。認證伺服器204認證方法可為LDAP/LDAPs伺服器,或是一台RADIUS伺服器,虛擬桌面網路服務管控模組205之桌面工作階段伺服器101再透過適當的通訊協定與認證伺服器204完成認證工作。The client device 201 of the present invention may include: a desktop computer and a notebook type A device with an IP address networking function such as a brain, a PDA, a smart phone, or a thin client. The environment of the wired network 206 can be either the Internet or a private network within the enterprise. The working environment service provided by the desktop workflow server 101 may include a common working environment of a user such as a remote desktop service or a virtual desktop service. The authentication server 204 authentication method may be an LDAP/LDAPs server or a RADIUS server, and the desktop workflow server 101 of the virtual desktop network service management module 205 is completed by an appropriate communication protocol and authentication server 204. Certification work.

本發明虛擬桌面工作服務環境運作流程,請參閱第2圖與第3圖所示,其客戶端設備201請求連線其運作方法包含以下步驟,為客戶端設備201請求連線,其中如第3圖,為本發明之使用者登入桌面環境並結合本發明虛擬桌面網路服務方法流程圖,其運作方法包含以下步驟:The operating process of the virtual desktop work service environment of the present invention, as shown in FIG. 2 and FIG. 3, the method for the client device 201 to request the connection to operate includes the following steps, requesting connection for the client device 201, such as the third The figure shows a flow chart of a method for logging in to a desktop environment and combining the virtual desktop network service method of the present invention, and the method includes the following steps:

步驟301:客戶端設備201因不同辦公位置,向桌面服務配置代理人208請求桌面連線服務,桌面服務配置代理人208會因客戶端設備201辦公位置IP取得資訊,轉導連線至某一特定虛擬桌面網路服務管控模組205之桌面工作階段伺服器101提出桌面登入服務申請。Step 301: The client device 201 requests the desktop service configuration agent 208 to request the desktop connection service according to different office locations. The desktop service configuration agent 208 obtains information according to the IP address of the client device 201, and the connection is connected to a certain The desktop session server 101 of the particular virtual desktop network service management module 205 issues a desktop login service request.

步驟302:虛擬桌面網路服務管控模組205之桌面工作階段伺服器101要求客戶端設備201進行使用者之身分認證步驟。Step 302: The desktop session server 101 of the virtual desktop network service management module 205 requests the client device 201 to perform the user identity authentication step.

步驟303:客戶端設備201依照其系統認證方式,送交使用認證資料。Step 303: The client device 201 sends the use authentication data according to the system authentication mode.

步驟304:虛擬桌面網路服務管控模組205之桌面工作階段伺服器101在收到客戶端設備201送交之使用者認證資料後,會將資料轉送給認證伺服器204執行認證工作。Step 304: After receiving the user authentication data sent by the client device 201, the desktop workflow server 101 of the virtual desktop network service management module 205 forwards the data to the authentication server 204 for performing the authentication work.

步驟305:在認證伺服器204確認接收到使用者的認證資料。如果認證結果正確會繼續步驟306之工作;如果認證錯誤情況下,會要求虛擬桌面網路服務管控模組205之桌面工作階段伺服器101提示客戶端設備201回到步驟302,重新提出認證資訊。Step 305: The authentication server 204 confirms receipt of the user's authentication data. If the authentication result is correct, the work of step 306 is continued; if the authentication is incorrect, the desktop workflow server 101 of the virtual desktop network service management module 205 is prompted to prompt the client device 201 to return to step 302 to re-propose the authentication information.

步驟306:虛擬桌面網路服務管控模組205之桌面工作階段伺服器101在接受認證伺服器204認證確認過後,其桌面工作階段伺服器101會將透過同一虛擬桌面網路服務管控模組205之服務接取器102,向對應的DHCP伺服器104請求IP位址配發工作,並且取得配發虛擬桌面服務IP位址資訊。Step 306: After the desktop session server 101 of the virtual desktop network service management module 205 is authenticated and confirmed by the authentication server 204, the desktop session server 101 will pass through the same virtual desktop network service management module 205. The service picker 102 requests the corresponding DHCP server 104 for IP address allocation work, and obtains the virtual desktop service IP address information.

步驟307:虛擬桌面網路服務管控模組205之桌面工作階段伺服器101會將透過同一虛擬桌面網路服務管控模組205之服務接取器102將其使用者登入桌面與其IP配發資訊,送交給桌面服務配置代理人208,以便後續網路路由之管控工作。Step 307: The desktop session server 101 of the virtual desktop network service management module 205 will send the user to the desktop and its IP distribution information through the service accessor 102 of the same virtual desktop network service management module 205. It is sent to the desktop service configuration agent 208 for subsequent control of network routing.

步驟308:桌面服務配置代理人208接收到使用者登入資料後,將其使用者桌面登入資訊傳送至中央服務管理伺服器207。Step 308: After receiving the user login data, the desktop service configuration agent 208 transmits the user desktop login information to the central service management server 207.

步驟309:中央服務管理伺服器207取得使用者桌面登入資訊,依其資訊計算其最適當之網路路由之管控服務,並將其服務列表轉換成可被虛擬桌面網路服務管控模組205之網路服務管控裝置103所接受的管控資訊格式後,傳送給使用者登入的虛擬桌面網路服務管控模組205之桌面工作階段伺服器101的同一系統模組網路服務管控裝置103,以提出理此使用者相關網路服務管控功能。Step 309: The central service management server 207 obtains the user desktop login information, calculates the most appropriate network routing management service according to the information, and converts the service list into the virtual desktop network service management module 205. The management information format accepted by the network service management device 103 is transmitted to the same system module network service control device 103 of the desktop workflow server 101 of the virtual desktop network service management module 205 that the user logs in to propose Manage user-related network service management functions.

步驟310:虛擬桌面網路服務管控模組205之網路服務管控裝置103收到中 央服務管理伺服器207請求管控服務時,將原本預設拒絕使用者登入桌面之所有網路存取,設定接收到的服務列表成允許之網路服務。Step 310: The network service management device 103 of the virtual desktop network service management module 205 receives the medium When the central service management server 207 requests the management service, it will default to reject all network accesses of the user to the desktop, and set the received service list to the allowed network service.

本發明客戶端設備201結束連線虛擬桌面工作服務環境運作流程,請參閱第2圖以及第4圖,本發明之使用者結束工作連線結合本發明虛擬桌面網路服務方法流程圖所示,其運作方法包含以下步驟:The client device 201 of the present invention ends the operation process of the connected virtual desktop work service environment. Referring to FIG. 2 and FIG. 4, the user end of the work connection of the present invention is combined with the flow chart of the virtual desktop network service method of the present invention. The method of operation consists of the following steps:

步驟401:客戶端設備201之使用者完成其桌面工作需求後,提出離線申請。Step 401: After the user of the client device 201 completes the desktop work requirement, the offline application is filed.

步驟402:使用者登入桌面工作階段伺服器101透過同一虛擬桌面網路服務管控模組205之服務接取器102,提供使用者登入資料給桌面服務配置代理人208,並請求停止網路服務管控工作。Step 402: The user logs in to the desktop session server 101 to provide the user login information to the desktop service configuration agent 208 through the service accessor 102 of the same virtual desktop network service management module 205, and requests to stop the network service control. jobs.

步驟403:桌面服務配置代理人208在接收到網路停止請求後,將其資訊送至中央服務管理伺服器207,並提出結束桌面連線管控。Step 403: After receiving the network stop request, the desktop service configuration agent 208 sends its information to the central service management server 207, and proposes to end the desktop connection management.

步驟404:中央服務管理伺服器207在接收到桌面服務配置代理人208使用者連線資訊後,針對使用者登入虛擬桌面網路服務管控模組205之桌面工作階段伺服器101上同一網路服務管控裝置103,提出中斷客戶端設備201之桌面網路管控請求。Step 404: After receiving the connection information of the desktop service configuration agent 208, the central service management server 207 logs in to the same network service on the desktop workflow server 101 of the virtual desktop network service management module 205. The control device 103 proposes to interrupt the desktop network management request of the client device 201.

步驟405:使用者登入的虛擬桌面網路服務管控模組205之桌面工作階段伺服器101,向同一系統模組之網路服務管控裝置103接收到中斷請求後,中止使用者桌面連線之對應網路服務開通與管控動作,回復到使用者桌面網路存取全部禁止之初始狀態。Step 405: The desktop workflow server 101 of the virtual desktop network service management module 205 that the user logs in receives the interrupt request from the network service management device 103 of the same system module, and suspends the correspondence of the user desktop connection. The network service is opened and controlled, and the initial state of the user's desktop network access is prohibited.

步驟406:完成使用者登出桌面動作,使用者登入虛擬桌面網路服務管控模 組205之桌面工作階段伺服器101,透過同一系統模組之服務接取器102向DHCP伺服器104請求IP回收工作。Step 406: Complete the user's logout action, and the user logs in to the virtual desktop network service management mode. The desktop workflow server 101 of the group 205 requests the DHCP server 104 for IP recovery through the service accessor 102 of the same system module.

本發明提供的跨多虛擬桌面服務上的IP路由層級管控系統及其方法,係可跨多虛擬桌面工作環境之網路服務管理平台,與其他習用技術相互比較時,更具備下列優點:The IP routing hierarchical management system and method thereof across multiple virtual desktop services provided by the present invention are network service management platforms that can span multiple virtual desktop working environments, and have the following advantages when compared with other conventional technologies:

2. 本發明可提依照使用者登入環境,自動化且動態地提供服務管控功能,可達到跨機房的資源共享、降低設備成本與改善管理和使用的困難度。2. The present invention can provide service management and control functions automatically and dynamically according to the user login environment, which can achieve resource sharing across the equipment room, reduce equipment costs, and improve management and use difficulties.

3. 本發明可提供快速及簡單的管理部署服務方式。管理者只需在服務管理平台設定相關使用者服務,即可達到使用者服務之管控功能。3. The present invention provides a quick and easy way to manage deployment services. The administrator only needs to set relevant user services on the service management platform to achieve the control function of the user service.

上列詳細說明乃針對本發明之一可行實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the present invention is intended to be illustrative of a preferred embodiment of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.

綜上所述,本案不僅於技術思想上確屬創新,並具備習用之傳統方法所不及之上述多項功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。To sum up, this case is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. Approved this invention patent application, in order to invent invention, to the sense of virtue.

201‧‧‧客戶端設備201‧‧‧Client equipment

202‧‧‧企業內部網路/外部網際網路202‧‧‧Intranet/External Internet

203‧‧‧有線網路/無線網路203‧‧‧Wired network/wireless network

204‧‧‧認證伺服器204‧‧‧Authentication server

205‧‧‧虛擬桌面網路服務管控模組205‧‧‧Virtual Desktop Network Service Management Module

206‧‧‧有線網路206‧‧‧Wired network

207‧‧‧中央服務管理伺服器207‧‧‧Central Service Management Server

208‧‧‧桌面服務配置代理人208‧‧‧Desktop Service Configuration Agent

Claims (14)

一種跨多虛擬桌面服務上的IP路由層級管控系統,包括:一桌面服務配置代理人,係為一中介裝置,提供與客戶端系統和後端服務系統之溝通協定,協助客戶端系統登入後服務開通,該桌面服務配置代理人,係辨別客戶端系統之來源IP位址,提供客戶端系統的使用者桌面請求之服務轉導功能、收集使用者登入桌面相關連線資訊提出服務管控;一服務接取器,設於一桌面工作階段伺服器上,係進行客戶端系統的使用者登入資訊的訊息傳遞,該服務接取器,係協助客戶端系統的使用者桌面配發資訊傳遞給該桌面服務配置代理人以及協助客戶端系統的使用者請求工作環境之虛擬桌面服務IP位址配發;一中央服務管理伺服器,係提供企業管理者設定相關客戶端系統的使用者服務資訊設定,其中該中央服務管理伺服器只接受該桌面服務配置代理人之服務溝通需求;以及一網路服務管控裝置,係提供客戶端系統的使用者桌面後之網路服務管控,其中該網路服務管控裝置只接受該中央服務管理伺服器針對客戶端系統的使用者網路服務設定之功能。An IP routing hierarchical management system across multiple virtual desktop services, comprising: a desktop service configuration agent, which is an intermediary device, provides a communication agreement with the client system and the backend service system, and assists the client system to log in after the service. Opened, the desktop service configuration agent identifies the source IP address of the client system, provides the service transduction function of the user desktop request of the client system, collects the user connection information related to the desktop login, and provides service control; The pick-up device is disposed on a desktop working stage server, and performs message transmission of the user login information of the client system, and the service pick-up device assists the user of the client system to distribute information to the desktop. The service configuration agent and the user assisting the client system request the virtual desktop service IP address allocation of the working environment; a central service management server provides the enterprise manager to set the user service information setting of the relevant client system, wherein The central service management server only accepts the service communication needs of the desktop service configuration agent. And a network service control device, which provides network service control after the user's desktop of the client system, wherein the network service control device only accepts the user service network of the central service management server for the client system; Set the function. 如申請專利範圍第1項所述之跨多虛擬桌面服務上的IP路由層級管控系統,其中該服務接取器,係安裝至包括遠端桌面、虛擬桌面以及任一具備連網工作階段伺服器。The IP routing hierarchical management system on the multi-virtual desktop service as described in claim 1, wherein the service accessor is installed to include a remote desktop, a virtual desktop, and any networked workstation server. . 如申請專利範圍第1項所述之跨多虛擬桌面服務上的IP路由層級管控系統,其中該服務接取器,係提供標準DHCP配發協定來協助客戶端系 統的使用者請求虛擬桌面服務IP位址配發功能。The IP routing hierarchical management system on the multi-virtual desktop service as described in claim 1, wherein the service access provider provides a standard DHCP distribution agreement to assist the client system. The system user requests the virtual desktop service IP address allocation function. 如申請專利範圍第1項所述之跨多虛擬桌面服務上的IP路由層級管控系統,其中該桌面服務配置代理人,係接受客戶端系統的使用者桌面服務請求,並且提供自動使用者桌面轉導功能。The IP routing hierarchical management system on the multi-virtual desktop service as described in claim 1, wherein the desktop service configuration agent accepts a user desktop service request of the client system and provides an automatic user desktop transfer. Guide function. 如申請專利範圍第1項所述之跨多虛擬桌面服務上的IP路由層級管控系統,其中該桌面服務配置代理人,係透過網路通訊協定向該網路服務管控裝置請求與解除服務管控,在請求服務管控時,會提供該網路服務管控裝置管控客戶端系統的使用者存取之虛擬桌面服務IP位址與其服務列表,在解除管控時,會提供該網路服務管控裝置其解除管控客戶端系統的使用者之虛擬桌面服務IP。The IP routing hierarchical management system on the multi-virtual desktop service as described in claim 1, wherein the desktop service configuration agent requests and deactivates the service control device from the network service control device through a network communication protocol. When requesting service management, the network service management device controls the virtual desktop service IP address and its service list accessed by the user of the client system, and when the management is released, the network service control device is released and controlled. The virtual desktop service IP of the user of the client system. 如申請專利範圍第1項所述之跨多虛擬桌面服務上的IP路由層級管控系統,其中該網路服務管控裝置更包含一網路服務管控模組,係接受該網路服務管控裝置之服務管控請求。The IP routing management system on the multi-virtual desktop service as described in claim 1, wherein the network service control device further comprises a network service management module, which is to receive the service of the network service control device. Control requests. 如申請專利範圍第1項所述之跨多虛擬桌面服務上的IP路由層級管控系統,其中該中央服務管理伺服器更包含一管理介面,係提供企業管理者於該此管理介面下,設定客戶端系統的使用者服務管控列表。The IP routing hierarchical management system on the multi-virtual desktop service as described in claim 1, wherein the central service management server further includes a management interface, and the enterprise administrator provides the management interface to set the client. User service control list for the end system. 一種跨多虛擬桌面服務上的IP路由層級管控方法,步驟如下:A. 客戶端系統利用一桌面服務配置代理人取得桌面工作階段伺服器連線位址,並開始向桌面工作階段伺服器請求提供登入工作環境,並且進行身分認證;B. 該桌面工作階段伺服器將客戶端系統的使用者認證資訊送交給認證伺服器認證其認證資訊是否正確; C.認證伺服器確認客戶端系統的使用者認證資訊過後,認證伺服器認證回傳通過認證之訊息給允許登入桌面工作階段伺服器;D.桌面工作階段伺服器透過一服務接取器向DHCP伺服器提出虛擬桌面服務IP位址配發申請動作,將配發動態IP位址訊息回傳給予該服務接取器;E.該服務接取器在取得客戶端系統的使用者桌面IP配發後,將其資訊回傳給該桌面服務配置代理人,該桌面服務配置代理人將接收至的IP資訊與客戶端系統的使用者桌面環境配置資訊,整理成一定之溝通格式後,送出管控請求給一中央服務管理伺服器並查詢客戶端系統的使用者之分群服務列表;F.該中央服務管理伺服器在接受到該桌面服務配置代理人管控請求與客戶端系統的使用者登入資訊後,先計算最適當的網路服務存取列表,並且記錄在資料庫系統中,再將其管控資訊傳送至客戶端系統的使用者桌面對應之一網路服務管控裝置;G.當該網路服務管控裝置接收到該中央服務管理伺服器送出之管控資訊後,會依序設置其客戶端系統的使用者網路連線,完成客戶端系統的使用者桌面登入之網路服務管控;H.當客戶端系統的使用者提出結束工作環境連線後,該服務接取器將結束訊息發送給該桌面服務配置代理人,該桌面服務配置代理人再傳送客戶端系統的使用者連線資訊給該中央服務管理伺服器後,該中央服務管理伺服器會從資料庫移除目前客戶端系統的使用者登入資訊,並向客戶端系統的使用者對應之該網路服務管控裝置提出取消桌面服 務IP位址相關系統管控;以及I.服務接取器向DHCP伺服器提出回收虛擬桌面服務IP位址配發工作。 An IP routing hierarchy management method across multiple virtual desktop services, the steps are as follows: A. The client system uses a desktop service configuration agent to obtain a desktop workflow server connection address, and begins to request the desktop workflow server. Log in to the work environment and perform identity authentication; B. The desktop session server sends the user authentication information of the client system to the authentication server to verify whether the authentication information is correct; C. After the authentication server confirms the user authentication information of the client system, the authentication server authenticates the message passing the authentication to the desktop server, and the D. desktop server sends the message to the DHCP server through a service access device. The server proposes a virtual desktop service IP address allocation application action, and sends a dynamic IP address message back to the service access device; E. the service adapter obtains the user desktop IP address of the client system. After that, the information is sent back to the desktop service configuration agent, and the desktop service configuration agent sends the IP information received and the user desktop environment configuration information of the client system into a certain communication format, and then sends a control request. Giving a central service management server and querying the list of services of the users of the client system; F. after receiving the desktop service configuration agent control request and the user login information of the client system, the central service management server First calculate the most appropriate network service access list, and record it in the database system, and then transfer its management information to the client system. The user desktop corresponds to one of the network service management devices; G. when the network service control device receives the management information sent by the central service management server, the user network connection of the client system is sequentially set. The network service management of the user desktop login of the client system is completed; H. When the user of the client system proposes to end the working environment connection, the service picker sends an end message to the desktop service configuration agent. After the desktop service configuration agent transmits the user connection information of the client system to the central service management server, the central service management server removes the user login information of the current client system from the database, and The user of the client system corresponding to the network service control device proposes to cancel the desktop service IP address related system management and control; and I. Service picker to the DHCP server to reclaim the virtual desktop service IP address allocation work. 如申請專利範圍第8項所述之跨多虛擬桌面服務上的IP路由層級管控方法,其中該服務接取器,係安裝至包括遠端桌面、虛擬桌面以及任一具備連網工作階段伺服器。 The IP routing hierarchical management method on the multi-virtual desktop service as described in claim 8, wherein the service accessor is installed to include a remote desktop, a virtual desktop, and any networked workstation server. . 如申請專利範圍第8項所述之跨多虛擬桌面服務上的IP路由層級管控方法,其中該服務接取器,係提供標準DHCP配發協定來協助客戶端系統的使用者請求虛擬桌面服務IP位址配發功能。 For example, the IP routing layer management method on the multiple virtual desktop service described in claim 8 is provided, wherein the service access provider provides a standard DHCP distribution protocol to assist the user of the client system to request the virtual desktop service IP. Address allocation function. 如申請專利範圍第8項所述之跨多虛擬桌面服務上的IP路由層級管控方法,其中該桌面服務配置代理人,係接受客戶端系統的使用者桌面服務請求,並且提供自動使用者桌面轉導功能。 The IP routing hierarchical management method on the multi-virtual desktop service as described in claim 8, wherein the desktop service configuration agent accepts a user desktop service request of the client system and provides an automatic user desktop transfer. Guide function. 如申請專利範圍第8項所述之跨多虛擬桌面服務上的IP路由層級管控方法,其中該桌面服務配置代理人,係透過網路通訊協定向該網路服務管控裝置請求與解除服務管控,在請求服務管控時,會提供該網路服務管控裝置管控客戶端系統的使用者存取之虛擬桌面服務IP位址與其服務列表,在解除管控時,會提供該網路服務管控裝置其解除管控客戶端系統的使用者之虛擬桌面服務IP。 The IP routing hierarchical management method on the multi-virtual desktop service as described in claim 8, wherein the desktop service configuration agent requests and deactivates the service control device from the network service control device through a network communication protocol, When requesting service management, the network service management device controls the virtual desktop service IP address and its service list accessed by the user of the client system, and when the management is released, the network service control device is released and controlled. The virtual desktop service IP of the user of the client system. 如申請專利範圍第8項所述之跨多虛擬桌面服務上的IP路由層級管控方法,其中該網路服務管控裝置更包含一網路服務管控模組,係接受該網路服務管控裝置之服務管控請求。 The IP routing management and control method on the multi-virtual desktop service as described in claim 8, wherein the network service control device further comprises a network service management module, which is to receive the service of the network service control device. Control requests. 如申請專利範圍第8項所述之跨多虛擬桌面服務上的IP路由層級管控方 法,其中該中央服務管理伺服器更包含一管理介面,係提供企業管理者於該此管理介面下,設定客戶端系統的使用者服務管控列表。IP routing level management party on multiple virtual desktop services as described in claim 8 The method, wherein the central service management server further comprises a management interface, wherein the enterprise administrator provides a user service management list of the client system under the management interface.
TW102139007A 2013-10-29 2013-10-29 The IP Routing Level Control System and Its Method on Multi - virtual Desktop Service TWI506470B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW102139007A TWI506470B (en) 2013-10-29 2013-10-29 The IP Routing Level Control System and Its Method on Multi - virtual Desktop Service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW102139007A TWI506470B (en) 2013-10-29 2013-10-29 The IP Routing Level Control System and Its Method on Multi - virtual Desktop Service

Publications (2)

Publication Number Publication Date
TW201516735A TW201516735A (en) 2015-05-01
TWI506470B true TWI506470B (en) 2015-11-01

Family

ID=53720356

Family Applications (1)

Application Number Title Priority Date Filing Date
TW102139007A TWI506470B (en) 2013-10-29 2013-10-29 The IP Routing Level Control System and Its Method on Multi - virtual Desktop Service

Country Status (1)

Country Link
TW (1) TWI506470B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040083295A1 (en) * 2002-10-24 2004-04-29 3Com Corporation System and method for using virtual local area network tags with a virtual private network
TW201120751A (en) * 2009-12-03 2011-06-16 Chunghwa Telecom Co Ltd Virtualized heterogeneous data import and management system.
TW201220196A (en) * 2010-11-02 2012-05-16 Inst Information Industry Resource sharing system and method for operating the same
TW201328274A (en) * 2011-12-28 2013-07-01 Tatung Co Method for managing internet protocol addresses in network
TW201339850A (en) * 2012-03-22 2013-10-01 Hon Hai Prec Ind Co Ltd Remote desktop management system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040083295A1 (en) * 2002-10-24 2004-04-29 3Com Corporation System and method for using virtual local area network tags with a virtual private network
TW201120751A (en) * 2009-12-03 2011-06-16 Chunghwa Telecom Co Ltd Virtualized heterogeneous data import and management system.
TW201220196A (en) * 2010-11-02 2012-05-16 Inst Information Industry Resource sharing system and method for operating the same
TW201328274A (en) * 2011-12-28 2013-07-01 Tatung Co Method for managing internet protocol addresses in network
TW201339850A (en) * 2012-03-22 2013-10-01 Hon Hai Prec Ind Co Ltd Remote desktop management system and method

Also Published As

Publication number Publication date
TW201516735A (en) 2015-05-01

Similar Documents

Publication Publication Date Title
JP6754809B2 (en) Use credentials stored in different directories to access a common endpoint
US10135827B2 (en) Secure access to remote resources over a network
CN106411857B (en) A kind of private clound GIS service access control method based on virtual isolation mech isolation test
US8578465B2 (en) Token-based control of permitted sub-sessions for online collaborative computing sessions
WO2018095416A1 (en) Information processing method, device and system
US8978122B1 (en) Secure cross-tenancy federation in software-as-a-service system
US9699135B2 (en) Private tunnel network
WO2021115449A1 (en) Cross-domain access system, method and device, storage medium, and electronic device
JP6355656B2 (en) Support method and system of multi-tenant function for corporate social business computing.
CN102271132B (en) Control method and system for network access authority and client
JP5342020B2 (en) Group definition management system
US9467333B2 (en) Control system and method for network service and function of virtual desktop application in cloud
US8862753B2 (en) Distributing overlay network ingress information
EP2702744B1 (en) Method for securely creating a new user identity within an existing cloud account in a cloud system
TW201317910A (en) Social device resource management
CN101166173A (en) A single-node login system, device and method
CN105516171B (en) Portal keep-alive system and method, Verification System and method based on authentication service cluster
US10476886B2 (en) Just-in-time access based on geolocation to maintain control of restricted data in cloud computing environments
US10484430B2 (en) Just-in-time access based on screening criteria to maintain control of restricted data in cloud computing environments
US20140137205A1 (en) System and Method for Automatic Provisioning of Managed Devices
CN106685785B (en) Intranet access system based on IPsec VPN proxy
RU2415466C1 (en) Method of controlling identification of users of information resources of heterogeneous computer network
US9232078B1 (en) Method and system for data usage accounting across multiple communication networks
CN103841221B (en) Policy execution method, system, strategy execution equipment and control device
TWI506470B (en) The IP Routing Level Control System and Its Method on Multi - virtual Desktop Service

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees