USRE49601E1 - Cloud system data management method and apparatus - Google Patents
Cloud system data management method and apparatus Download PDFInfo
- Publication number
- USRE49601E1 USRE49601E1 US17/206,072 US202117206072A USRE49601E US RE49601 E1 USRE49601 E1 US RE49601E1 US 202117206072 A US202117206072 A US 202117206072A US RE49601 E USRE49601 E US RE49601E
- Authority
- US
- United States
- Prior art keywords
- virtual
- identifier
- virtual machine
- data volume
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45579—I/O management, e.g. providing access to device drivers or storage
Definitions
- the present disclosure relates to the computer field, and in particular, to a cloud system data management method and apparatus.
- An existing basic architecture of cloud computing includes a virtual machine and a virtual data volume, where the virtual machine controls the virtual data volume.
- the virtual data volume also referred to as a logical unit or a logical volume, is a data volume obtained by logically partitioning storage space that belongs to a same user and that is in hardware storage space.
- An administrator may establish a correspondence between the virtual machine and the virtual data volume using a cloud operating system (Cloud OS), and each virtual machine corresponds to one user.
- Cloud OS cloud operating system
- the administrator has operation and maintenance rights, and may mount a virtual data volume to another virtual machine using the cloud operating system.
- a logical unit number (LUN) is used as an example of the virtual data volume.
- An LUN 1 originally belongs to a virtual machine VM 1
- a virtual data volume LUN 2 originally belongs to a virtual machine VM 2 .
- the administrator can mount the virtual data volume LUN 1 to the virtual machine VM 2 using the cloud operating system.
- a user of the virtual machine VM 2 can view data of the virtual data volume LUN 1 .
- There is a data leakage risk when the virtual machine VM 1 and the virtual machine VM 2 belong to different users.
- Embodiments of the present disclosure provide a cloud system data management method and apparatus in order to reduce a data leakage risk that is incurred when a virtual data volume is mounted to another virtual machine.
- an embodiment of the present disclosure provides a cloud system data management method, where the method includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, setting an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, determining whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and allowing the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, forbidding the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume.
- determining whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume further includes determining whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
- the method further includes setting an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine, and when the dynamic data needs to be transferred to the second virtual machine, determining whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, and allowing the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbidding the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
- dynamic data is data in memory of a virtual machine.
- the method further includes setting the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
- an embodiment of the present disclosure provides a cloud system data management apparatus, where the apparatus includes a creating unit configured to create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, a setting unit configured to set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, a determining unit configured to determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and a processing unit configured to allow the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, or forbid the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier
- the determining unit is further configured to determine whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
- the setting unit is further configured to set an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine.
- the determining unit is further configured to determine whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data when the dynamic data needs to be transferred to the second virtual machine, and the processing unit is further configured to allow the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbid the dynamic data to be transferred to the second virtual when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
- the dynamic data is data in memory of the first virtual machine.
- the setting unit is further configured to set the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
- the apparatus further includes an acquiring unit configured to acquire a correspondence between the second virtual machine and the user and send the correspondence to the determining unit.
- an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user.
- This can alleviate a data leakage problem that arises in the following case.
- An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
- FIG. 1 is an architecture diagram of a cloud operating system in an embodiment of the present disclosure
- FIG. 2 is a flowchart of a cloud system data management method according to an embodiment of the present disclosure.
- FIG. 3 is a structural diagram of a cloud system data management apparatus according to an embodiment of the present disclosure.
- FIG. 1 is an architecture diagram of an application system of a cloud system data management method according to an embodiment of the present disclosure.
- a correspondence needs to be established between a virtual data volume and a virtual machine, such as a correspondence established between a virtual data volume LUN 1 and a virtual machine VM 1 when the LUN 1 is allocated to the virtual machine VM 1 , or a correspondence established between an LUN 2 and a virtual machine VM 2 when the virtual data volume LUN 2 is allocated to the virtual machine VM 2 .
- a setting unit sets an identifier for the virtual data volume to identify a user to which the virtual data volume belongs.
- a determining unit determines, according to an identifier of the current virtual data volume, whether the virtual data volume and the target virtual machine belong to a same user. If the virtual data volume and the target virtual machine belong to the same user, the mounting is allowed. Otherwise, the mounting is forbidden. In this way, it is implemented that a virtual data volume of a virtual machine of a user can be mounted only to another virtual machine of the same user by the administrator, and is forbidden to be mounted to a virtual machine of another user. This can reduce a data leakage risk incurred by mounting the virtual data volume to the other virtual machine.
- the setting unit and the determining unit may be two newly-added modules of the Cloud OS.
- an embodiment of the present disclosure provides a cloud system data management method, where the method includes the following steps.
- Step 201 Create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine that is created, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs.
- the home identifier of the first virtual machine may be further an identifier, such as a user name or a user identifier (ID), of the user to which the first virtual machine belongs.
- ID user identifier
- the method for the administrator to create a virtual machine and a virtual data volume on a cloud server using the cloud operating system is a general technology, and therefore, details are not described herein.
- the administrator may allocate the virtual machine and the virtual data volume to a specific user. It may be that only one virtual machine and one virtual data volume are allocated to a user, or multiple virtual machines and multiple virtual data volumes are allocated to a user. In other words, a user may have at least one virtual machine and at least one virtual data volume. Virtual machines allocated to a user have identical or corresponding virtual machine home identifiers.
- Step 202 Set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine.
- an operating user may create a virtual data volume for the virtual machine using the Cloud OS. If the virtual machine has not been allocated to a specific user then, the system sets a public identifier, such as public (public is merely an example and may be another identifier), for the virtual data volume using the setting unit in order to indicate that the virtual data volume can be mounted to any virtual machine.
- a public identifier such as public (public is merely an example and may be another identifier)
- the setting unit changes the public identifier of the virtual data volume to an identifier corresponding to the home identifier of the first virtual machine.
- the identifier of the virtual data volume and the home identifier of the first virtual machine may be identical or may be partially identical, or a corresponding mapping relationship may be set up between the identifier of the virtual data volume and the home identifier of the first virtual machine.
- the identifier of the virtual data volume is generally set to be identical to the home identifier of the virtual machine, for example, as shown in Table 1.
- the setting unit needs to set a corresponding identifier for each virtual data volume.
- Step 203 Determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine.
- the determining unit of the cloud operating system determines, according to an identifier of the virtual data volume and the home identifier of the second virtual machine, whether the current virtual data volume and the second virtual machine belong to a same user, where the determining unit may acquire, via an acquiring unit, a belonging relationship between the user and the virtual machine using an interface.
- whether virtual machine home identifiers of the two virtual machines correspond to each other may be determined by comparing the home identifiers of the two virtual machines.
- Step 204 If the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, allow the virtual data volume to be mounted to the second virtual machine.
- Step 205 If the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume, forbid the virtual data volume to be mounted to the second virtual machine.
- an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user.
- the identifier of the virtual data volume is used to identify a user to which the virtual data volume belongs, and a home identifier of a virtual machine and an identifier of a virtual data volume that belongs to a same user as the virtual machine are identical.
- the determining unit determines whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
- the virtual data volume is allowed to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
- the virtual data volume is forbidden to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are not identical.
- the setting unit when the administrator allocates a virtual data volume LUN 1 to a virtual machine VM 1 , the setting unit changes an identifier of the LUN 1 to a home identifier User ID 1 of the virtual machine VM 1 .
- the determining unit checks whether the identifier User ID 1 of the virtual data volume LUN 1 and a home identifier User ID 2 of the virtual machine VM 2 are identical.
- the operation of mounting is allowed, when the identifier User ID 1 of the virtual data volume LUN 1 and a home identifier User ID 2 of the virtual machine VM 2 are identical. Otherwise, the LUN 1 is forbidden to be mounted to the VM 2 , and execution of the administrator fails.
- the determining unit does not check a user identifier of the target virtual machine VM 2 to which the virtual data volume is to be mounted, but directly allows the virtual data volume to be mounted to the second virtual machine VM 2 . If the identifier of the virtual data volume is not a public identifier, the determining unit needs to compare the identifier of the virtual data volume with the home identifier of the second virtual machine that acts as the target virtual machine, to make a determination.
- the cloud operating system queries a user identifier of a virtual machine to which the virtual data volume LUN 1 originally belongs and a user identifier of the target virtual machine VM 2 . If the two user identifiers are consistent, the volume mounting succeeds. Otherwise, the volume mounting fails.
- the first virtual machine is allocated to a determined user, an identifier of dynamic data of the first virtual machine is set as an identifier corresponding to the home identifier of the first virtual machine, and when the dynamic data needs to be transferred to the second virtual machine, it is determined whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, and the dynamic data is allowed to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or the dynamic data is forbidden to be transferred to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
- the dynamic data may be data in memory of the virtual machine.
- an identifier of dynamic data is set as an identifier corresponding to a home identifier of a first virtual machine, and when the dynamic data needs to be transferred to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the dynamic data such that dynamic data of a user is only allowed to be transferred to a virtual machine that belongs to the same user.
- This can alleviate a data leakage problem that arises in the following case.
- An administrator mounts dynamic data of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
- the apparatus includes a creating unit 301 configured to create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, a setting unit 302 configured to set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, a determining unit 303 configured to determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and a processing unit 304 configured to allow the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, or forbid the virtual data volume
- the identifier of the virtual data volume is used to identify a user to which the virtual data volume belongs, and a home identifier of a virtual machine and an identifier of a virtual data volume that belongs to a same user as the virtual machine are identical.
- the determining unit 303 is further configured to determine whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical, and the processing unit 304 allows the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are identical, or the processing unit 304 forbids the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are not identical.
- the setting unit 302 is further configured to set an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine.
- the determining unit 303 is further configured to determine whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data when the dynamic data needs to be transferred to the second virtual machine.
- the processing unit 304 is further configured to allow the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbid the dynamic data to be transferred to the second virtual when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
- the dynamic data is data in memory of the first virtual machine.
- the setting unit 302 is further configured to set the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
- the determining unit 303 is further configured to determine whether the identifier of the virtual data volume is the public identifier when the virtual data volume needs to be mounted to the second virtual machine, and the processing unit 304 allows the virtual data volume to be mounted to the second virtual machine when the identifier of the virtual data volume is the public identifier, or the determining unit 303 determines whether the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the identifier of the virtual data volume is not the public identifier.
- an acquiring unit may further be disposed in the apparatus to acquire a correspondence between the second virtual machine and the user and send the correspondence to the determining unit 303 .
- an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine when a virtual data volume is allocated to a first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user.
- This can alleviate a data leakage problem that arises in the following case.
- An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
- Steps of methods or algorithms described in the embodiments disclosed in this specification may be implemented by hardware, a software module executed by a processor, or a combination thereof.
- the software module may be disposed in a random access memory (RAM), a memory, a read-only memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a removable disk, a compact-disc read-only memory (CD-ROM), or a storage medium in any other forms well-known in the art.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Debugging And Monitoring (AREA)
Abstract
A cloud system data management method for alleviate a data leakage problem occurring when a user accessed by another user when a virtual data volume of the user is mounted to a virtual machine of another user includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, setting an identifier of the virtual data volume as an identifier corresponding to a home identifier of the first virtual machine, determining, according to the identifier of the virtual data volume and a home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to a same user when the virtual data volume needs to be mounted to the second virtual machine, forbidding the virtual data volume to be mounted to the second virtual machine when they do not belong to the same user.
Description
This application is a Reissue Application of U.S. patent application Ser. No. 15/131,758 filed on Apr. 18, 2016, issued as U.S. Pat. No. 10,235,197 B2 on Mar. 19, 2019, which is a continuation of International Application No. PCT/CN2014/089516, filed on Oct. 25, 2014, which. The international application claims priority to Chinese Patent Application No. 201310511740.7, filed on Oct. 25, 2013, both of which are hereby incorporated by reference in their entireties.
The present disclosure relates to the computer field, and in particular, to a cloud system data management method and apparatus.
In a cloud data storage environment, for a user, ownership of and control rights for storage data are separated. An existing basic architecture of cloud computing includes a virtual machine and a virtual data volume, where the virtual machine controls the virtual data volume. The virtual data volume, also referred to as a logical unit or a logical volume, is a data volume obtained by logically partitioning storage space that belongs to a same user and that is in hardware storage space. An administrator may establish a correspondence between the virtual machine and the virtual data volume using a cloud operating system (Cloud OS), and each virtual machine corresponds to one user.
The administrator has operation and maintenance rights, and may mount a virtual data volume to another virtual machine using the cloud operating system. A logical unit number (LUN) is used as an example of the virtual data volume. An LUN1 originally belongs to a virtual machine VM1, and a virtual data volume LUN2 originally belongs to a virtual machine VM2. The administrator can mount the virtual data volume LUN1 to the virtual machine VM2 using the cloud operating system. As a result, a user of the virtual machine VM2 can view data of the virtual data volume LUN1. There is a data leakage risk, when the virtual machine VM1 and the virtual machine VM2 belong to different users.
Embodiments of the present disclosure provide a cloud system data management method and apparatus in order to reduce a data leakage risk that is incurred when a virtual data volume is mounted to another virtual machine.
According to a first aspect, an embodiment of the present disclosure provides a cloud system data management method, where the method includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, setting an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, determining whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and allowing the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, forbidding the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume.
Based on the first aspect, in a first possible implementation manner, determining whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume further includes determining whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
Based on the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner, the method further includes setting an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine, and when the dynamic data needs to be transferred to the second virtual machine, determining whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, and allowing the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbidding the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
Based on the second possible implementation manner of the first aspect, in a third possible implementation manner, dynamic data is data in memory of a virtual machine.
Based on the first aspect, in a fourth possible implementation manner, the method further includes setting the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
According to a second aspect, an embodiment of the present disclosure provides a cloud system data management apparatus, where the apparatus includes a creating unit configured to create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, a setting unit configured to set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, a determining unit configured to determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and a processing unit configured to allow the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, or forbid the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume.
Based on the second aspect, in a first possible implementation manner, the determining unit is further configured to determine whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
Based on the second aspect or the first possible implementation manner of the second aspect, in a second possible implementation manner, the setting unit is further configured to set an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine. The determining unit is further configured to determine whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data when the dynamic data needs to be transferred to the second virtual machine, and the processing unit is further configured to allow the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbid the dynamic data to be transferred to the second virtual when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
Based on the second possible implementation manner of the second aspect, in a third possible implementation manner, the dynamic data is data in memory of the first virtual machine.
Based on the second aspect, in a fourth possible implementation manner, the setting unit is further configured to set the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
Based on the second aspect, in a fifth possible implementation manner, the apparatus further includes an acquiring unit configured to acquire a correspondence between the second virtual machine and the user and send the correspondence to the determining unit.
According to the cloud system data management method and apparatus provided in the embodiments of the present disclosure, when a virtual data volume is allocated to a first virtual machine, an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user. This can alleviate a data leakage problem that arises in the following case. An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
To describe the technical solutions in the embodiments of the present disclosure more clearly, the following briefly introduces the accompanying drawings required for describing the embodiments. The accompanying drawings in the following description show merely some embodiments of the present disclosure, and a person of ordinary skill in the art may still derive other drawings from these accompanying drawings without creative efforts.
The following further describes the technical solutions of the present disclosure in detail with reference to the accompanying drawings and the embodiments.
As shown in FIG. 1 , FIG. 1 is an architecture diagram of an application system of a cloud system data management method according to an embodiment of the present disclosure. In a Cloud OS, a correspondence needs to be established between a virtual data volume and a virtual machine, such as a correspondence established between a virtual data volume LUN1 and a virtual machine VM1 when the LUN1 is allocated to the virtual machine VM1, or a correspondence established between an LUN2 and a virtual machine VM2 when the virtual data volume LUN2 is allocated to the virtual machine VM2. After a virtual machine is created for a user using the Cloud OS and a virtual data volume is allocated to the user, a setting unit sets an identifier for the virtual data volume to identify a user to which the virtual data volume belongs. When an administrator wants to unmount the virtual data volume and mount the virtual data volume to a target virtual machine, a determining unit determines, according to an identifier of the current virtual data volume, whether the virtual data volume and the target virtual machine belong to a same user. If the virtual data volume and the target virtual machine belong to the same user, the mounting is allowed. Otherwise, the mounting is forbidden. In this way, it is implemented that a virtual data volume of a virtual machine of a user can be mounted only to another virtual machine of the same user by the administrator, and is forbidden to be mounted to a virtual machine of another user. This can reduce a data leakage risk incurred by mounting the virtual data volume to the other virtual machine.
In a more specific example, the setting unit and the determining unit may be two newly-added modules of the Cloud OS.
As shown in FIG. 2 , based on the foregoing architecture, an embodiment of the present disclosure provides a cloud system data management method, where the method includes the following steps.
Step 201: Create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine that is created, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs.
The home identifier of the first virtual machine may be further an identifier, such as a user name or a user identifier (ID), of the user to which the first virtual machine belongs.
The method for the administrator to create a virtual machine and a virtual data volume on a cloud server using the cloud operating system is a general technology, and therefore, details are not described herein.
After creating the virtual machine and the virtual data volume, the administrator may allocate the virtual machine and the virtual data volume to a specific user. It may be that only one virtual machine and one virtual data volume are allocated to a user, or multiple virtual machines and multiple virtual data volumes are allocated to a user. In other words, a user may have at least one virtual machine and at least one virtual data volume. Virtual machines allocated to a user have identical or corresponding virtual machine home identifiers.
Step 202: Set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine.
Furthermore, after a virtual machine is created, an operating user may create a virtual data volume for the virtual machine using the Cloud OS. If the virtual machine has not been allocated to a specific user then, the system sets a public identifier, such as public (public is merely an example and may be another identifier), for the virtual data volume using the setting unit in order to indicate that the virtual data volume can be mounted to any virtual machine.
After the first virtual machine is allocated to a determined user, the setting unit changes the public identifier of the virtual data volume to an identifier corresponding to the home identifier of the first virtual machine. The identifier of the virtual data volume and the home identifier of the first virtual machine may be identical or may be partially identical, or a corresponding mapping relationship may be set up between the identifier of the virtual data volume and the home identifier of the first virtual machine. For ease of operation, the identifier of the virtual data volume is generally set to be identical to the home identifier of the virtual machine, for example, as shown in Table 1.
Similarly, if one virtual machine has multiple virtual data volumes, the setting unit needs to set a corresponding identifier for each virtual data volume.
Step 203: Determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine.
When the operating user attempts to mount a current virtual data volume to the second virtual machine, the determining unit of the cloud operating system determines, according to an identifier of the virtual data volume and the home identifier of the second virtual machine, whether the current virtual data volume and the second virtual machine belong to a same user, where the determining unit may acquire, via an acquiring unit, a belonging relationship between the user and the virtual machine using an interface.
For example, whether virtual machine home identifiers of the two virtual machines correspond to each other may be determined by comparing the home identifiers of the two virtual machines.
Step 204: If the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, allow the virtual data volume to be mounted to the second virtual machine.
Step 205: If the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume, forbid the virtual data volume to be mounted to the second virtual machine.
According to the foregoing embodiment, when a virtual data volume is allocated to a first virtual machine, an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user. This can alleviate a data leakage problem that arises in the following case. An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
In an embodiment, the identifier of the virtual data volume is used to identify a user to which the virtual data volume belongs, and a home identifier of a virtual machine and an identifier of a virtual data volume that belongs to a same user as the virtual machine are identical.
The determining unit determines whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical. The virtual data volume is allowed to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are identical. The virtual data volume is forbidden to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are not identical.
In a more specific embodiment, when the administrator allocates a virtual data volume LUN1 to a virtual machine VM1, the setting unit changes an identifier of the LUN1 to a home identifier User ID1 of the virtual machine VM1. When the administrator unmounts the virtual data volume LUN1 from the virtual machine VM1, the LUN1 no longer belongs to the virtual machine VM1, and the administrator mounts the virtual data volume LUN1 to a virtual machine VM2, the determining unit checks whether the identifier User ID1 of the virtual data volume LUN1 and a home identifier User ID2 of the virtual machine VM2 are identical. The operation of mounting is allowed, when the identifier User ID1 of the virtual data volume LUN1 and a home identifier User ID2 of the virtual machine VM2 are identical. Otherwise, the LUN1 is forbidden to be mounted to the VM2, and execution of the administrator fails.
If the identifier of the virtual data volume is public, which indicates that the virtual data volume has not been allocated to any specific user, the determining unit does not check a user identifier of the target virtual machine VM2 to which the virtual data volume is to be mounted, but directly allows the virtual data volume to be mounted to the second virtual machine VM2. If the identifier of the virtual data volume is not a public identifier, the determining unit needs to compare the identifier of the virtual data volume with the home identifier of the second virtual machine that acts as the target virtual machine, to make a determination.
In another implementation embodiment, it may be that no identifier is added to the virtual data volume. When the administrator needs to perform a volume mounting operation, the cloud operating system queries a user identifier of a virtual machine to which the virtual data volume LUN1 originally belongs and a user identifier of the target virtual machine VM2. If the two user identifiers are consistent, the volume mounting succeeds. Otherwise, the volume mounting fails.
There are other risks in the cloud operating system. For example, data of a virtual machine needs to be backed up to another virtual machine during virtual machine backup. If the two virtual machines belong to different users, it may also incur data leakage. Alternatively, if a virtual machine needs to be migrated from a physical server to a virtual machine on another physical server, static data in the virtual machine and dynamic data in memory need to be copied to the to-be-migrated virtual machine, and if the two virtual machines belong to different users, it may also incur a data leakage risk. Related preventive measures need to be taken for all data that may be transferred between two virtual machines in order to avoid data leakage due to a misoperation.
Therefore, in another possible implementation embodiment, after the first virtual machine is created, the first virtual machine is allocated to a determined user, an identifier of dynamic data of the first virtual machine is set as an identifier corresponding to the home identifier of the first virtual machine, and when the dynamic data needs to be transferred to the second virtual machine, it is determined whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, and the dynamic data is allowed to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or the dynamic data is forbidden to be transferred to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
The dynamic data may be data in memory of the virtual machine.
For a specific method, reference may be made to the description of the embodiment in FIG. 2 .
According to the cloud system data management method provided in this embodiment of the present disclosure, an identifier of dynamic data is set as an identifier corresponding to a home identifier of a first virtual machine, and when the dynamic data needs to be transferred to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the dynamic data such that dynamic data of a user is only allowed to be transferred to a virtual machine that belongs to the same user. This can alleviate a data leakage problem that arises in the following case. An administrator mounts dynamic data of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
Correspondingly, an embodiment of the present disclosure provides a cloud system data management apparatus that is used to implement the method in the foregoing embodiments. As shown in FIG. 3 , the apparatus includes a creating unit 301 configured to create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, a setting unit 302 configured to set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, a determining unit 303 configured to determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and a processing unit 304 configured to allow the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, or forbid the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume.
In a first possible implementation manner, the identifier of the virtual data volume is used to identify a user to which the virtual data volume belongs, and a home identifier of a virtual machine and an identifier of a virtual data volume that belongs to a same user as the virtual machine are identical.
The determining unit 303 is further configured to determine whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical, and the processing unit 304 allows the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are identical, or the processing unit 304 forbids the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are not identical.
In another implementation manner, the setting unit 302 is further configured to set an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine.
The determining unit 303 is further configured to determine whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data when the dynamic data needs to be transferred to the second virtual machine.
The processing unit 304 is further configured to allow the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbid the dynamic data to be transferred to the second virtual when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
In this implementation manner, the dynamic data is data in memory of the first virtual machine.
In another implementation manner, the setting unit 302 is further configured to set the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
The determining unit 303 is further configured to determine whether the identifier of the virtual data volume is the public identifier when the virtual data volume needs to be mounted to the second virtual machine, and the processing unit 304 allows the virtual data volume to be mounted to the second virtual machine when the identifier of the virtual data volume is the public identifier, or the determining unit 303 determines whether the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the identifier of the virtual data volume is not the public identifier.
In the foregoing implementation manners, an acquiring unit may further be disposed in the apparatus to acquire a correspondence between the second virtual machine and the user and send the correspondence to the determining unit 303.
According to the cloud system data management apparatus provided in this embodiment of the present disclosure an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine when a virtual data volume is allocated to a first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user. This can alleviate a data leakage problem that arises in the following case. An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
A person skilled in the art may be further aware that, in combination with the examples described in the embodiments disclosed in this specification, units and algorithm steps may be implemented by electronic hardware, computer software, or a combination thereof. To clearly describe the interchangeability between the hardware and the software, the foregoing has generally described compositions and steps of each example according to functions. Whether the functions are performed by hardware or software depends on particular applications and design constraint conditions of the technical solutions. A person skilled in the art may use different methods to implement the described functions for each particular application, but it should not be considered that the implementation goes beyond the scope of the present disclosure.
Steps of methods or algorithms described in the embodiments disclosed in this specification may be implemented by hardware, a software module executed by a processor, or a combination thereof. The software module may be disposed in a random access memory (RAM), a memory, a read-only memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a removable disk, a compact-disc read-only memory (CD-ROM), or a storage medium in any other forms well-known in the art.
In the foregoing specific implementation manners, the objective, technical solutions, and benefits of the present disclosure are further described in detail. It should be understood that the foregoing descriptions are merely specific implementation manners of the present disclosure, but are not intended to limit the protection scope of the present disclosure. Any modification, equivalent replacement, or improvement made without departing from the spirit and principle of the present disclosure should fall within the protection scope of the present disclosure.
Claims (16)
1. A cloud system data management method, comprising:
creating a first virtual machine for a user, the first virtual machine having a first home identifier that identifies the user, and the first virtual machine comprising dynamic data having a dynamic data identifier that corresponds to the first home identifier,
allocating a virtual data volume to the first virtual machine, the virtual data volume having a virtual data volume identifier corresponding to the first home identifier;
determining, according to the virtual data volume identifier and a second home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to the user when the virtual data volume needs to be moved to the second virtual machine;
forbidding the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine do not belong to the user;
determining whether the second home identifier corresponds to the dynamic data identifier when the dynamic data needs to be transferred to the second virtual machine;
allowing the dynamic data to be transferred to the second virtual machine when the second home identifier corresponds to the dynamic data identifier; and
forbidding the dynamic data to be transferred to the second virtual machine when the second home identifier does not correspond to the dynamic data identifier.
2. The method of claim 1 , further comprising allowing the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine belong to the user.
3. The method of claim 2 , wherein determining, according to the virtual data volume identifier and the second home identifier, whether the virtual data volume and the second virtual machine belong to the user comprises determining whether the second home identifier and the virtual data volume identifier are identical, the virtual data volume and the second virtual machine belong to the user when the second home identifier and the virtual data volume identifier are identical, and the virtual data volume and the second virtual machine do not belong to the user when the second home identifier and the virtual data volume identifier are not identical.
4. The method of claim 1 , wherein the dynamic data is data in a memory of the first virtual machine.
5. The method of claim 1 , further comprising setting the virtual data volume identifier as a public identifier to indicate that the virtual data volume may be moved to any virtual machine before the virtual data volume is allocated to the first virtual machine.
6. An apparatus, comprising:
a processor; and
a memory coupled to the processor, the memory having a plurality of instructions stored thereon that, when executed by the processor, cause the processor to:
create a first virtual machine for a user, the first virtual machine having a first home identifier that identifies the user;
allocate a virtual data volume to the first virtual machine, the virtual data volume having a virtual data volume identifier corresponding to the first home identifier;
determine whether the virtual data volume identifier and a second home identifier of a second virtual machine are identical corresponding when the virtual data volume needs to be moved to the second virtual machine, the virtual data volume and the second virtual machine belonging to the user when the second home identifier and the virtual data volume identifier are identical corresponding, and the virtual data volume and the second virtual machine not belonging to the user when the second home identifier and the virtual data volume identifier are not identical corresponding;
forbid the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine are not identical corresponding; and
allow the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine are identical corresponding.
7. The apparatus of claim 6 , wherein the instructions further cause the processor to:
set a dynamic data identifier of dynamic data in the first virtual machine as corresponding to the first home identifier;
determine whether the second home identifier corresponds to the dynamic data identifier when the dynamic data needs to be transferred to the second virtual machine;
allow the dynamic data to be transferred to the second virtual machine when the second home identifier corresponds to the dynamic data identifier; and
forbid the dynamic data to be transferred to the second virtual machine when the second home identifier does not correspond to the dynamic data identifier.
8. The apparatus of claim 7 , wherein the dynamic data is data in a memory of the first virtual machine.
9. The apparatus of claim 6 , wherein the instructions further cause the processor to set the virtual data volume identifier as a public identifier to indicate that the virtual data volume may be moved to any virtual machine before the virtual data volume is allocated to the first virtual machine.
10. The apparatus of claim 6 , wherein the instructions further cause the processor to acquire a correspondence between the second virtual machine and the user.
11. A computer program product, comprising:
a non-transitory computer-readable medium configured to store computer executable instructions that, when executed by a processor, instruct the processor to:
create a first virtual machine for a user, the first virtual machine having a first home identifier that identifies the user;
set a virtual data volume identifier of a virtual data volume as a public identifier to indicate that the virtual data volume may be moved to any virtual machine, the virtual data volume identifier corresponding to the first home identifier;
allocate the virtual data volume to the first virtual machine;
determine, according to the virtual data volume identifier and a second home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to the user when the virtual data volume needs to be moved to the second virtual machine; and
forbid the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine do not belong to the user.
12. The computer program product of claim 11 , wherein the computer executable instructions further cause the processor to allow the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine belong to the user.
13. The computer program product of claim 12 , wherein the computer executable instructions further cause the processor to determine whether the second home identifier and the virtual data volume identifier are identical, the virtual data volume and the second virtual machine belong to the user when the second home identifier and the virtual data volume identifier are identical, and the virtual data volume and the second virtual machine do not belong to the user when the second home identifier and the virtual data volume identifier are not identical.
14. The computer program product of claim 11 , wherein the computer executable instructions further cause the processor to:
set a dynamic data identifier of dynamic data in the first virtual machine as an identifier corresponding to the first home identifier;
determine whether the second home identifier corresponds to the dynamic data identifier when the dynamic data needs to be transferred to the second virtual machine;
allow the dynamic data to be transferred to the second virtual machine when the second home identifier corresponds to the dynamic data identifier; and
forbid the dynamic data to be transferred to the second virtual machine when the second home identifier does not correspond to the dynamic data identifier.
15. The computer program product of claim 14 , wherein the dynamic data is data in a memory of the first virtual machine.
16. The computer program product of claim 11 , wherein the computer executable instructions further cause the processor to acquire a correspondence between the second virtual machine and the user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/206,072 USRE49601E1 (en) | 2013-10-25 | 2021-03-18 | Cloud system data management method and apparatus |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310511740.7A CN103544047B (en) | 2013-10-25 | 2013-10-25 | cloud system data management method |
CN201310511740.7 | 2013-10-25 | ||
PCT/CN2014/089516 WO2015058724A1 (en) | 2013-10-25 | 2014-10-25 | Cloud system data management method |
US15/131,758 US10235197B2 (en) | 2013-10-25 | 2016-04-18 | Cloud system data management method and apparatus |
US17/206,072 USRE49601E1 (en) | 2013-10-25 | 2021-03-18 | Cloud system data management method and apparatus |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/131,758 Reissue US10235197B2 (en) | 2013-10-25 | 2016-04-18 | Cloud system data management method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
USRE49601E1 true USRE49601E1 (en) | 2023-08-08 |
Family
ID=49967525
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/131,758 Ceased US10235197B2 (en) | 2013-10-25 | 2016-04-18 | Cloud system data management method and apparatus |
US17/206,072 Active 2035-12-31 USRE49601E1 (en) | 2013-10-25 | 2021-03-18 | Cloud system data management method and apparatus |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/131,758 Ceased US10235197B2 (en) | 2013-10-25 | 2016-04-18 | Cloud system data management method and apparatus |
Country Status (4)
Country | Link |
---|---|
US (2) | US10235197B2 (en) |
EP (2) | EP3048529B1 (en) |
CN (1) | CN103544047B (en) |
WO (1) | WO2015058724A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103544047B (en) | 2013-10-25 | 2017-01-04 | 华为技术有限公司 | cloud system data management method |
CN106549986A (en) * | 2015-09-17 | 2017-03-29 | 南京中兴新软件有限责任公司 | A kind of block storage method and device |
CN106933646B (en) * | 2015-12-29 | 2020-04-14 | 杭州华为数字技术有限公司 | Method and device for creating virtual machine |
CN108399101B (en) * | 2017-02-06 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Method, device and system for scheduling resources |
CN107391224A (en) * | 2017-06-09 | 2017-11-24 | 华为技术有限公司 | A kind of creation method of virtual volume, hanging method and device |
CN109871252B (en) * | 2019-01-28 | 2022-04-01 | 国云科技股份有限公司 | Cloud classroom universal disk implementation method |
CN111159703B (en) * | 2019-12-31 | 2022-12-06 | 奇安信科技集团股份有限公司 | Virtual machine data leakage detection method and device |
CN111865916B (en) * | 2020-06-15 | 2022-09-06 | 北京金山云网络技术有限公司 | Resource management method and device and electronic equipment |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101056175A (en) | 2007-04-26 | 2007-10-17 | 华为技术有限公司 | Disk array and its access right control method and device, server and server system |
US20080046610A1 (en) | 2006-07-20 | 2008-02-21 | Sun Microsystems, Inc. | Priority and bandwidth specification at mount time of NAS device volume |
CN101448023A (en) | 2008-09-09 | 2009-06-03 | 创新科存储技术(深圳)有限公司 | Method for accessing logic unit in storage device and device |
US20120151177A1 (en) | 2010-12-14 | 2012-06-14 | Microsoft Corporation | Data Deduplication in a Virtualization Environment |
US20120158786A1 (en) | 2010-04-29 | 2012-06-21 | International Business Machines Corporation | Performing authorization control in a cloud storage system |
CN102567667A (en) | 2011-12-13 | 2012-07-11 | 中标软件有限公司 | Intelligent information equipment and operation system thereof |
US8307177B2 (en) * | 2008-09-05 | 2012-11-06 | Commvault Systems, Inc. | Systems and methods for management of virtualization data |
US20120311566A1 (en) * | 2011-05-31 | 2012-12-06 | Hitachi, Ltd. | Computer system and its event notification method |
US8341625B2 (en) | 2008-05-29 | 2012-12-25 | Red Hat, Inc. | Systems and methods for identification and management of cloud-based virtual machines |
US8347288B1 (en) * | 2009-12-28 | 2013-01-01 | Amazon Technologies, Inc. | System and method for verification of repeatable virtualized computing |
US20130091183A1 (en) * | 2010-06-15 | 2013-04-11 | Nigel Edwards | Volume Management |
CN103064927A (en) | 2012-12-21 | 2013-04-24 | 曙光信息产业(北京)有限公司 | Data access method and device of distributed file system |
US8443077B1 (en) * | 2010-05-20 | 2013-05-14 | Gogrid, LLC | System and method for managing disk volumes in a hosting system |
US20130198738A1 (en) * | 2012-01-30 | 2013-08-01 | Timothy Reddin | Input/output operations at a virtual block device of a storage server |
US8572613B1 (en) * | 2009-12-28 | 2013-10-29 | Amazon Technologies, Inc. | Comparison of virtual computing states by performing identified repeatable computations in a changing virtual computing environment |
CN103544047A (en) | 2013-10-25 | 2014-01-29 | 华为技术有限公司 | Cloud system data management method |
-
2013
- 2013-10-25 CN CN201310511740.7A patent/CN103544047B/en active Active
-
2014
- 2014-10-25 WO PCT/CN2014/089516 patent/WO2015058724A1/en active Application Filing
- 2014-10-25 EP EP14855743.2A patent/EP3048529B1/en active Active
- 2014-10-25 EP EP18211347.2A patent/EP3543850B8/en active Active
-
2016
- 2016-04-18 US US15/131,758 patent/US10235197B2/en not_active Ceased
-
2021
- 2021-03-18 US US17/206,072 patent/USRE49601E1/en active Active
Patent Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080046610A1 (en) | 2006-07-20 | 2008-02-21 | Sun Microsystems, Inc. | Priority and bandwidth specification at mount time of NAS device volume |
CN101056175A (en) | 2007-04-26 | 2007-10-17 | 华为技术有限公司 | Disk array and its access right control method and device, server and server system |
US8341625B2 (en) | 2008-05-29 | 2012-12-25 | Red Hat, Inc. | Systems and methods for identification and management of cloud-based virtual machines |
US8307177B2 (en) * | 2008-09-05 | 2012-11-06 | Commvault Systems, Inc. | Systems and methods for management of virtualization data |
US20100064112A1 (en) | 2008-09-09 | 2010-03-11 | Yongguang Ji | Method and system for providing data accessibility and interlinks between a user and a storage device |
CN101448023A (en) | 2008-09-09 | 2009-06-03 | 创新科存储技术(深圳)有限公司 | Method for accessing logic unit in storage device and device |
US8572613B1 (en) * | 2009-12-28 | 2013-10-29 | Amazon Technologies, Inc. | Comparison of virtual computing states by performing identified repeatable computations in a changing virtual computing environment |
US8347288B1 (en) * | 2009-12-28 | 2013-01-01 | Amazon Technologies, Inc. | System and method for verification of repeatable virtualized computing |
US20120158786A1 (en) | 2010-04-29 | 2012-06-21 | International Business Machines Corporation | Performing authorization control in a cloud storage system |
US8443077B1 (en) * | 2010-05-20 | 2013-05-14 | Gogrid, LLC | System and method for managing disk volumes in a hosting system |
US8495512B1 (en) | 2010-05-20 | 2013-07-23 | Gogrid, LLC | System and method for storing a configuration of virtual servers in a hosting system |
US20130091183A1 (en) * | 2010-06-15 | 2013-04-11 | Nigel Edwards | Volume Management |
US20120151177A1 (en) | 2010-12-14 | 2012-06-14 | Microsoft Corporation | Data Deduplication in a Virtualization Environment |
US20120311566A1 (en) * | 2011-05-31 | 2012-12-06 | Hitachi, Ltd. | Computer system and its event notification method |
CN102567667A (en) | 2011-12-13 | 2012-07-11 | 中标软件有限公司 | Intelligent information equipment and operation system thereof |
US20130198738A1 (en) * | 2012-01-30 | 2013-08-01 | Timothy Reddin | Input/output operations at a virtual block device of a storage server |
CN103064927A (en) | 2012-12-21 | 2013-04-24 | 曙光信息产业(北京)有限公司 | Data access method and device of distributed file system |
CN103544047A (en) | 2013-10-25 | 2014-01-29 | 华为技术有限公司 | Cloud system data management method |
Non-Patent Citations (8)
Title |
---|
Foreign Communication From a Counterpart Application, Chinese Application No. 201310511740.7, Chinese Office Action dated Jan. 26, 2016, 5 pages. |
Foreign Communication From a Counterpart Application, European Application No. 14855743.2, Extended European Search Report dated Aug. 4, 2016, 7 pages. |
Foreign Communication From a Counterpart Application, PCT Application No. PCT/CN2014/089516, English Translation of International Search Report dated Jan. 28, 2015, 2 pages. |
Foreign Communication From a Counterpart Application, PCT Application No. PCT/CN2014/089516, English Translation of Written Opinion dated Jan. 28, 2015, 7 pages. |
Konstantinou, A., et al., "An Architecture for Virtual Solution Composition and Deployment in Infrastructure Clouds," XP002610018, VTDC, Internet Citation, Retrieved from the Internet: URL: http://delivery.acm.org/10.1145/1560000/1555339/p9-konstantinou.pdf?key1=1555339&key2=0580489821&coll=DL&d1=ACM&CFID=111005859&CFTOKEN=66777387 [retrieved on Nov. 15, 2010], Jun. 15, 2009, 9 pages. |
Konstantinou, A., et al., "An Architecture for Virtual Solution Composition and Deployment in Infrastructure Clouds," XP2610018A, Jun. 15, 2009, 9 pages. |
Partial English Translation and Abstract of Chinese Patent Application No. CN103544047, Part 1, Apr. 15, 2016, 6 pages. |
Partial English Translation and Abstract of Chinese Patent Application No. CN103544047, Part 2, Apr. 15, 2016, 3 pages. |
Also Published As
Publication number | Publication date |
---|---|
WO2015058724A1 (en) | 2015-04-30 |
EP3048529A1 (en) | 2016-07-27 |
EP3048529A4 (en) | 2016-09-07 |
EP3048529B1 (en) | 2019-01-30 |
EP3543850B1 (en) | 2022-02-23 |
EP3543850A1 (en) | 2019-09-25 |
US10235197B2 (en) | 2019-03-19 |
US20160232027A1 (en) | 2016-08-11 |
EP3543850B8 (en) | 2022-03-30 |
CN103544047B (en) | 2017-01-04 |
CN103544047A (en) | 2014-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
USRE49601E1 (en) | Cloud system data management method and apparatus | |
US11321452B2 (en) | Execution environment virtualization method and apparatus and virtual execution environment access method and apparatus | |
CN103399778B (en) | A kind of virtual machine online bulk migration method and apparatus | |
US9971623B2 (en) | Isolation method for management virtual machine and apparatus | |
US9733958B2 (en) | Mechanism for performing rolling updates with data unavailability check in a networked virtualization environment for storage management | |
US9665378B2 (en) | Intelligent boot device selection and recovery | |
US9104545B2 (en) | Thick and thin data volume management | |
EP3502877B1 (en) | Data loading method and apparatus for virtual machines | |
US10180915B2 (en) | Method and apparatus for accessing physical resources | |
CN107209683B (en) | Backup image restore | |
US20100153947A1 (en) | Information system, method of controlling information, and control apparatus | |
US20210200638A1 (en) | Storage system spanning multiple failure domains | |
US7769919B2 (en) | Protecting computer memory from simultaneous direct memory access operations using active and inactive translation tables | |
CN104516769A (en) | Verification of dynamic logical partitioning | |
US20160357647A1 (en) | Computer, hypervisor, and method for allocating physical cores | |
US11579926B2 (en) | Processing rest API requests based on resource usage satisfying predetermined limits | |
US10360187B1 (en) | Hybrid storage for virtual machines and containers | |
US20200192712A1 (en) | Region to host affinity for block allocation in clustered file system volume | |
US12093285B2 (en) | Techniques for live repartitioning of cross-service database shards | |
US10509662B1 (en) | Virtual devices in a reliable distributed computing system | |
US11704426B1 (en) | Information processing system and information processing method | |
US20210109773A1 (en) | Techniques for Implementing Virtual Machine (VM) Compute to Storage Object Proximity | |
JP2024085152A (en) | Storage system, data transfer control method, and data transfer control program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: HUAWEI CLOUD COMPUTING TECHNOLOGIES CO., LTD., CHINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HUAWEI TECHNOLOGIES CO., LTD.;REEL/FRAME:059267/0088 Effective date: 20220224 |