USRE49601E1 - Cloud system data management method and apparatus - Google Patents

Cloud system data management method and apparatus Download PDF

Info

Publication number
USRE49601E1
USRE49601E1 US17/206,072 US202117206072A USRE49601E US RE49601 E1 USRE49601 E1 US RE49601E1 US 202117206072 A US202117206072 A US 202117206072A US RE49601 E USRE49601 E US RE49601E
Authority
US
United States
Prior art keywords
virtual
identifier
virtual machine
data volume
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US17/206,072
Inventor
Sihai YE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Cloud Computing Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Cloud Computing Technologies Co Ltd filed Critical Huawei Cloud Computing Technologies Co Ltd
Priority to US17/206,072 priority Critical patent/USRE49601E1/en
Assigned to Huawei Cloud Computing Technologies Co., Ltd. reassignment Huawei Cloud Computing Technologies Co., Ltd. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HUAWEI TECHNOLOGIES CO., LTD.
Application granted granted Critical
Publication of USRE49601E1 publication Critical patent/USRE49601E1/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage

Definitions

  • the present disclosure relates to the computer field, and in particular, to a cloud system data management method and apparatus.
  • An existing basic architecture of cloud computing includes a virtual machine and a virtual data volume, where the virtual machine controls the virtual data volume.
  • the virtual data volume also referred to as a logical unit or a logical volume, is a data volume obtained by logically partitioning storage space that belongs to a same user and that is in hardware storage space.
  • An administrator may establish a correspondence between the virtual machine and the virtual data volume using a cloud operating system (Cloud OS), and each virtual machine corresponds to one user.
  • Cloud OS cloud operating system
  • the administrator has operation and maintenance rights, and may mount a virtual data volume to another virtual machine using the cloud operating system.
  • a logical unit number (LUN) is used as an example of the virtual data volume.
  • An LUN 1 originally belongs to a virtual machine VM 1
  • a virtual data volume LUN 2 originally belongs to a virtual machine VM 2 .
  • the administrator can mount the virtual data volume LUN 1 to the virtual machine VM 2 using the cloud operating system.
  • a user of the virtual machine VM 2 can view data of the virtual data volume LUN 1 .
  • There is a data leakage risk when the virtual machine VM 1 and the virtual machine VM 2 belong to different users.
  • Embodiments of the present disclosure provide a cloud system data management method and apparatus in order to reduce a data leakage risk that is incurred when a virtual data volume is mounted to another virtual machine.
  • an embodiment of the present disclosure provides a cloud system data management method, where the method includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, setting an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, determining whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and allowing the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, forbidding the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume.
  • determining whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume further includes determining whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
  • the method further includes setting an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine, and when the dynamic data needs to be transferred to the second virtual machine, determining whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, and allowing the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbidding the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
  • dynamic data is data in memory of a virtual machine.
  • the method further includes setting the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
  • an embodiment of the present disclosure provides a cloud system data management apparatus, where the apparatus includes a creating unit configured to create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, a setting unit configured to set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, a determining unit configured to determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and a processing unit configured to allow the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, or forbid the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier
  • the determining unit is further configured to determine whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
  • the setting unit is further configured to set an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine.
  • the determining unit is further configured to determine whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data when the dynamic data needs to be transferred to the second virtual machine, and the processing unit is further configured to allow the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbid the dynamic data to be transferred to the second virtual when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
  • the dynamic data is data in memory of the first virtual machine.
  • the setting unit is further configured to set the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
  • the apparatus further includes an acquiring unit configured to acquire a correspondence between the second virtual machine and the user and send the correspondence to the determining unit.
  • an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user.
  • This can alleviate a data leakage problem that arises in the following case.
  • An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
  • FIG. 1 is an architecture diagram of a cloud operating system in an embodiment of the present disclosure
  • FIG. 2 is a flowchart of a cloud system data management method according to an embodiment of the present disclosure.
  • FIG. 3 is a structural diagram of a cloud system data management apparatus according to an embodiment of the present disclosure.
  • FIG. 1 is an architecture diagram of an application system of a cloud system data management method according to an embodiment of the present disclosure.
  • a correspondence needs to be established between a virtual data volume and a virtual machine, such as a correspondence established between a virtual data volume LUN 1 and a virtual machine VM 1 when the LUN 1 is allocated to the virtual machine VM 1 , or a correspondence established between an LUN 2 and a virtual machine VM 2 when the virtual data volume LUN 2 is allocated to the virtual machine VM 2 .
  • a setting unit sets an identifier for the virtual data volume to identify a user to which the virtual data volume belongs.
  • a determining unit determines, according to an identifier of the current virtual data volume, whether the virtual data volume and the target virtual machine belong to a same user. If the virtual data volume and the target virtual machine belong to the same user, the mounting is allowed. Otherwise, the mounting is forbidden. In this way, it is implemented that a virtual data volume of a virtual machine of a user can be mounted only to another virtual machine of the same user by the administrator, and is forbidden to be mounted to a virtual machine of another user. This can reduce a data leakage risk incurred by mounting the virtual data volume to the other virtual machine.
  • the setting unit and the determining unit may be two newly-added modules of the Cloud OS.
  • an embodiment of the present disclosure provides a cloud system data management method, where the method includes the following steps.
  • Step 201 Create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine that is created, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs.
  • the home identifier of the first virtual machine may be further an identifier, such as a user name or a user identifier (ID), of the user to which the first virtual machine belongs.
  • ID user identifier
  • the method for the administrator to create a virtual machine and a virtual data volume on a cloud server using the cloud operating system is a general technology, and therefore, details are not described herein.
  • the administrator may allocate the virtual machine and the virtual data volume to a specific user. It may be that only one virtual machine and one virtual data volume are allocated to a user, or multiple virtual machines and multiple virtual data volumes are allocated to a user. In other words, a user may have at least one virtual machine and at least one virtual data volume. Virtual machines allocated to a user have identical or corresponding virtual machine home identifiers.
  • Step 202 Set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine.
  • an operating user may create a virtual data volume for the virtual machine using the Cloud OS. If the virtual machine has not been allocated to a specific user then, the system sets a public identifier, such as public (public is merely an example and may be another identifier), for the virtual data volume using the setting unit in order to indicate that the virtual data volume can be mounted to any virtual machine.
  • a public identifier such as public (public is merely an example and may be another identifier)
  • the setting unit changes the public identifier of the virtual data volume to an identifier corresponding to the home identifier of the first virtual machine.
  • the identifier of the virtual data volume and the home identifier of the first virtual machine may be identical or may be partially identical, or a corresponding mapping relationship may be set up between the identifier of the virtual data volume and the home identifier of the first virtual machine.
  • the identifier of the virtual data volume is generally set to be identical to the home identifier of the virtual machine, for example, as shown in Table 1.
  • the setting unit needs to set a corresponding identifier for each virtual data volume.
  • Step 203 Determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine.
  • the determining unit of the cloud operating system determines, according to an identifier of the virtual data volume and the home identifier of the second virtual machine, whether the current virtual data volume and the second virtual machine belong to a same user, where the determining unit may acquire, via an acquiring unit, a belonging relationship between the user and the virtual machine using an interface.
  • whether virtual machine home identifiers of the two virtual machines correspond to each other may be determined by comparing the home identifiers of the two virtual machines.
  • Step 204 If the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, allow the virtual data volume to be mounted to the second virtual machine.
  • Step 205 If the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume, forbid the virtual data volume to be mounted to the second virtual machine.
  • an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user.
  • the identifier of the virtual data volume is used to identify a user to which the virtual data volume belongs, and a home identifier of a virtual machine and an identifier of a virtual data volume that belongs to a same user as the virtual machine are identical.
  • the determining unit determines whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
  • the virtual data volume is allowed to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
  • the virtual data volume is forbidden to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are not identical.
  • the setting unit when the administrator allocates a virtual data volume LUN 1 to a virtual machine VM 1 , the setting unit changes an identifier of the LUN 1 to a home identifier User ID 1 of the virtual machine VM 1 .
  • the determining unit checks whether the identifier User ID 1 of the virtual data volume LUN 1 and a home identifier User ID 2 of the virtual machine VM 2 are identical.
  • the operation of mounting is allowed, when the identifier User ID 1 of the virtual data volume LUN 1 and a home identifier User ID 2 of the virtual machine VM 2 are identical. Otherwise, the LUN 1 is forbidden to be mounted to the VM 2 , and execution of the administrator fails.
  • the determining unit does not check a user identifier of the target virtual machine VM 2 to which the virtual data volume is to be mounted, but directly allows the virtual data volume to be mounted to the second virtual machine VM 2 . If the identifier of the virtual data volume is not a public identifier, the determining unit needs to compare the identifier of the virtual data volume with the home identifier of the second virtual machine that acts as the target virtual machine, to make a determination.
  • the cloud operating system queries a user identifier of a virtual machine to which the virtual data volume LUN 1 originally belongs and a user identifier of the target virtual machine VM 2 . If the two user identifiers are consistent, the volume mounting succeeds. Otherwise, the volume mounting fails.
  • the first virtual machine is allocated to a determined user, an identifier of dynamic data of the first virtual machine is set as an identifier corresponding to the home identifier of the first virtual machine, and when the dynamic data needs to be transferred to the second virtual machine, it is determined whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, and the dynamic data is allowed to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or the dynamic data is forbidden to be transferred to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
  • the dynamic data may be data in memory of the virtual machine.
  • an identifier of dynamic data is set as an identifier corresponding to a home identifier of a first virtual machine, and when the dynamic data needs to be transferred to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the dynamic data such that dynamic data of a user is only allowed to be transferred to a virtual machine that belongs to the same user.
  • This can alleviate a data leakage problem that arises in the following case.
  • An administrator mounts dynamic data of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
  • the apparatus includes a creating unit 301 configured to create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, a setting unit 302 configured to set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, a determining unit 303 configured to determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and a processing unit 304 configured to allow the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, or forbid the virtual data volume
  • the identifier of the virtual data volume is used to identify a user to which the virtual data volume belongs, and a home identifier of a virtual machine and an identifier of a virtual data volume that belongs to a same user as the virtual machine are identical.
  • the determining unit 303 is further configured to determine whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical, and the processing unit 304 allows the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are identical, or the processing unit 304 forbids the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are not identical.
  • the setting unit 302 is further configured to set an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine.
  • the determining unit 303 is further configured to determine whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data when the dynamic data needs to be transferred to the second virtual machine.
  • the processing unit 304 is further configured to allow the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbid the dynamic data to be transferred to the second virtual when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
  • the dynamic data is data in memory of the first virtual machine.
  • the setting unit 302 is further configured to set the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
  • the determining unit 303 is further configured to determine whether the identifier of the virtual data volume is the public identifier when the virtual data volume needs to be mounted to the second virtual machine, and the processing unit 304 allows the virtual data volume to be mounted to the second virtual machine when the identifier of the virtual data volume is the public identifier, or the determining unit 303 determines whether the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the identifier of the virtual data volume is not the public identifier.
  • an acquiring unit may further be disposed in the apparatus to acquire a correspondence between the second virtual machine and the user and send the correspondence to the determining unit 303 .
  • an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine when a virtual data volume is allocated to a first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user.
  • This can alleviate a data leakage problem that arises in the following case.
  • An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
  • Steps of methods or algorithms described in the embodiments disclosed in this specification may be implemented by hardware, a software module executed by a processor, or a combination thereof.
  • the software module may be disposed in a random access memory (RAM), a memory, a read-only memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a removable disk, a compact-disc read-only memory (CD-ROM), or a storage medium in any other forms well-known in the art.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A cloud system data management method for alleviate a data leakage problem occurring when a user accessed by another user when a virtual data volume of the user is mounted to a virtual machine of another user includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, setting an identifier of the virtual data volume as an identifier corresponding to a home identifier of the first virtual machine, determining, according to the identifier of the virtual data volume and a home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to a same user when the virtual data volume needs to be mounted to the second virtual machine, forbidding the virtual data volume to be mounted to the second virtual machine when they do not belong to the same user.

Description

CROSS-REFERENCE TO RELATED APPLICATION
This application is a Reissue Application of U.S. patent application Ser. No. 15/131,758 filed on Apr. 18, 2016, issued as U.S. Pat. No. 10,235,197 B2 on Mar. 19, 2019, which is a continuation of International Application No. PCT/CN2014/089516, filed on Oct. 25, 2014, which. The international application claims priority to Chinese Patent Application No. 201310511740.7, filed on Oct. 25, 2013, both of which are hereby incorporated by reference in their entireties.
TECHNICAL FIELD
The present disclosure relates to the computer field, and in particular, to a cloud system data management method and apparatus.
BACKGROUND
In a cloud data storage environment, for a user, ownership of and control rights for storage data are separated. An existing basic architecture of cloud computing includes a virtual machine and a virtual data volume, where the virtual machine controls the virtual data volume. The virtual data volume, also referred to as a logical unit or a logical volume, is a data volume obtained by logically partitioning storage space that belongs to a same user and that is in hardware storage space. An administrator may establish a correspondence between the virtual machine and the virtual data volume using a cloud operating system (Cloud OS), and each virtual machine corresponds to one user.
The administrator has operation and maintenance rights, and may mount a virtual data volume to another virtual machine using the cloud operating system. A logical unit number (LUN) is used as an example of the virtual data volume. An LUN1 originally belongs to a virtual machine VM1, and a virtual data volume LUN2 originally belongs to a virtual machine VM2. The administrator can mount the virtual data volume LUN1 to the virtual machine VM2 using the cloud operating system. As a result, a user of the virtual machine VM2 can view data of the virtual data volume LUN1. There is a data leakage risk, when the virtual machine VM1 and the virtual machine VM2 belong to different users.
SUMMARY
Embodiments of the present disclosure provide a cloud system data management method and apparatus in order to reduce a data leakage risk that is incurred when a virtual data volume is mounted to another virtual machine.
According to a first aspect, an embodiment of the present disclosure provides a cloud system data management method, where the method includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, setting an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, determining whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and allowing the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, forbidding the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume.
Based on the first aspect, in a first possible implementation manner, determining whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume further includes determining whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
Based on the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner, the method further includes setting an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine, and when the dynamic data needs to be transferred to the second virtual machine, determining whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, and allowing the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbidding the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
Based on the second possible implementation manner of the first aspect, in a third possible implementation manner, dynamic data is data in memory of a virtual machine.
Based on the first aspect, in a fourth possible implementation manner, the method further includes setting the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
According to a second aspect, an embodiment of the present disclosure provides a cloud system data management apparatus, where the apparatus includes a creating unit configured to create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, a setting unit configured to set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, a determining unit configured to determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and a processing unit configured to allow the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, or forbid the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume.
Based on the second aspect, in a first possible implementation manner, the determining unit is further configured to determine whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical.
Based on the second aspect or the first possible implementation manner of the second aspect, in a second possible implementation manner, the setting unit is further configured to set an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine. The determining unit is further configured to determine whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data when the dynamic data needs to be transferred to the second virtual machine, and the processing unit is further configured to allow the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbid the dynamic data to be transferred to the second virtual when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
Based on the second possible implementation manner of the second aspect, in a third possible implementation manner, the dynamic data is data in memory of the first virtual machine.
Based on the second aspect, in a fourth possible implementation manner, the setting unit is further configured to set the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
Based on the second aspect, in a fifth possible implementation manner, the apparatus further includes an acquiring unit configured to acquire a correspondence between the second virtual machine and the user and send the correspondence to the determining unit.
According to the cloud system data management method and apparatus provided in the embodiments of the present disclosure, when a virtual data volume is allocated to a first virtual machine, an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user. This can alleviate a data leakage problem that arises in the following case. An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
BRIEF DESCRIPTION OF DRAWINGS
To describe the technical solutions in the embodiments of the present disclosure more clearly, the following briefly introduces the accompanying drawings required for describing the embodiments. The accompanying drawings in the following description show merely some embodiments of the present disclosure, and a person of ordinary skill in the art may still derive other drawings from these accompanying drawings without creative efforts.
FIG. 1 is an architecture diagram of a cloud operating system in an embodiment of the present disclosure;
FIG. 2 is a flowchart of a cloud system data management method according to an embodiment of the present disclosure; and
FIG. 3 is a structural diagram of a cloud system data management apparatus according to an embodiment of the present disclosure.
DESCRIPTION OF EMBODIMENTS
The following further describes the technical solutions of the present disclosure in detail with reference to the accompanying drawings and the embodiments.
As shown in FIG. 1 , FIG. 1 is an architecture diagram of an application system of a cloud system data management method according to an embodiment of the present disclosure. In a Cloud OS, a correspondence needs to be established between a virtual data volume and a virtual machine, such as a correspondence established between a virtual data volume LUN1 and a virtual machine VM1 when the LUN1 is allocated to the virtual machine VM1, or a correspondence established between an LUN2 and a virtual machine VM2 when the virtual data volume LUN2 is allocated to the virtual machine VM2. After a virtual machine is created for a user using the Cloud OS and a virtual data volume is allocated to the user, a setting unit sets an identifier for the virtual data volume to identify a user to which the virtual data volume belongs. When an administrator wants to unmount the virtual data volume and mount the virtual data volume to a target virtual machine, a determining unit determines, according to an identifier of the current virtual data volume, whether the virtual data volume and the target virtual machine belong to a same user. If the virtual data volume and the target virtual machine belong to the same user, the mounting is allowed. Otherwise, the mounting is forbidden. In this way, it is implemented that a virtual data volume of a virtual machine of a user can be mounted only to another virtual machine of the same user by the administrator, and is forbidden to be mounted to a virtual machine of another user. This can reduce a data leakage risk incurred by mounting the virtual data volume to the other virtual machine.
In a more specific example, the setting unit and the determining unit may be two newly-added modules of the Cloud OS.
As shown in FIG. 2 , based on the foregoing architecture, an embodiment of the present disclosure provides a cloud system data management method, where the method includes the following steps.
Step 201: Create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine that is created, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs.
The home identifier of the first virtual machine may be further an identifier, such as a user name or a user identifier (ID), of the user to which the first virtual machine belongs.
The method for the administrator to create a virtual machine and a virtual data volume on a cloud server using the cloud operating system is a general technology, and therefore, details are not described herein.
After creating the virtual machine and the virtual data volume, the administrator may allocate the virtual machine and the virtual data volume to a specific user. It may be that only one virtual machine and one virtual data volume are allocated to a user, or multiple virtual machines and multiple virtual data volumes are allocated to a user. In other words, a user may have at least one virtual machine and at least one virtual data volume. Virtual machines allocated to a user have identical or corresponding virtual machine home identifiers.
Step 202: Set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine.
Furthermore, after a virtual machine is created, an operating user may create a virtual data volume for the virtual machine using the Cloud OS. If the virtual machine has not been allocated to a specific user then, the system sets a public identifier, such as public (public is merely an example and may be another identifier), for the virtual data volume using the setting unit in order to indicate that the virtual data volume can be mounted to any virtual machine.
After the first virtual machine is allocated to a determined user, the setting unit changes the public identifier of the virtual data volume to an identifier corresponding to the home identifier of the first virtual machine. The identifier of the virtual data volume and the home identifier of the first virtual machine may be identical or may be partially identical, or a corresponding mapping relationship may be set up between the identifier of the virtual data volume and the home identifier of the first virtual machine. For ease of operation, the identifier of the virtual data volume is generally set to be identical to the home identifier of the virtual machine, for example, as shown in Table 1.
TABLE 1
Figure USRE049601-20230808-C00001
Similarly, if one virtual machine has multiple virtual data volumes, the setting unit needs to set a corresponding identifier for each virtual data volume.
Step 203: Determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine.
When the operating user attempts to mount a current virtual data volume to the second virtual machine, the determining unit of the cloud operating system determines, according to an identifier of the virtual data volume and the home identifier of the second virtual machine, whether the current virtual data volume and the second virtual machine belong to a same user, where the determining unit may acquire, via an acquiring unit, a belonging relationship between the user and the virtual machine using an interface.
For example, whether virtual machine home identifiers of the two virtual machines correspond to each other may be determined by comparing the home identifiers of the two virtual machines.
Step 204: If the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, allow the virtual data volume to be mounted to the second virtual machine.
Step 205: If the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume, forbid the virtual data volume to be mounted to the second virtual machine.
According to the foregoing embodiment, when a virtual data volume is allocated to a first virtual machine, an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user. This can alleviate a data leakage problem that arises in the following case. An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
In an embodiment, the identifier of the virtual data volume is used to identify a user to which the virtual data volume belongs, and a home identifier of a virtual machine and an identifier of a virtual data volume that belongs to a same user as the virtual machine are identical.
The determining unit determines whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical. The virtual data volume is allowed to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are identical. The virtual data volume is forbidden to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are not identical.
In a more specific embodiment, when the administrator allocates a virtual data volume LUN1 to a virtual machine VM1, the setting unit changes an identifier of the LUN1 to a home identifier User ID1 of the virtual machine VM1. When the administrator unmounts the virtual data volume LUN1 from the virtual machine VM1, the LUN1 no longer belongs to the virtual machine VM1, and the administrator mounts the virtual data volume LUN1 to a virtual machine VM2, the determining unit checks whether the identifier User ID1 of the virtual data volume LUN1 and a home identifier User ID2 of the virtual machine VM2 are identical. The operation of mounting is allowed, when the identifier User ID1 of the virtual data volume LUN1 and a home identifier User ID2 of the virtual machine VM2 are identical. Otherwise, the LUN1 is forbidden to be mounted to the VM2, and execution of the administrator fails.
If the identifier of the virtual data volume is public, which indicates that the virtual data volume has not been allocated to any specific user, the determining unit does not check a user identifier of the target virtual machine VM2 to which the virtual data volume is to be mounted, but directly allows the virtual data volume to be mounted to the second virtual machine VM2. If the identifier of the virtual data volume is not a public identifier, the determining unit needs to compare the identifier of the virtual data volume with the home identifier of the second virtual machine that acts as the target virtual machine, to make a determination.
In another implementation embodiment, it may be that no identifier is added to the virtual data volume. When the administrator needs to perform a volume mounting operation, the cloud operating system queries a user identifier of a virtual machine to which the virtual data volume LUN1 originally belongs and a user identifier of the target virtual machine VM2. If the two user identifiers are consistent, the volume mounting succeeds. Otherwise, the volume mounting fails.
There are other risks in the cloud operating system. For example, data of a virtual machine needs to be backed up to another virtual machine during virtual machine backup. If the two virtual machines belong to different users, it may also incur data leakage. Alternatively, if a virtual machine needs to be migrated from a physical server to a virtual machine on another physical server, static data in the virtual machine and dynamic data in memory need to be copied to the to-be-migrated virtual machine, and if the two virtual machines belong to different users, it may also incur a data leakage risk. Related preventive measures need to be taken for all data that may be transferred between two virtual machines in order to avoid data leakage due to a misoperation.
Therefore, in another possible implementation embodiment, after the first virtual machine is created, the first virtual machine is allocated to a determined user, an identifier of dynamic data of the first virtual machine is set as an identifier corresponding to the home identifier of the first virtual machine, and when the dynamic data needs to be transferred to the second virtual machine, it is determined whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, and the dynamic data is allowed to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or the dynamic data is forbidden to be transferred to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
The dynamic data may be data in memory of the virtual machine.
For a specific method, reference may be made to the description of the embodiment in FIG. 2 .
According to the cloud system data management method provided in this embodiment of the present disclosure, an identifier of dynamic data is set as an identifier corresponding to a home identifier of a first virtual machine, and when the dynamic data needs to be transferred to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the dynamic data such that dynamic data of a user is only allowed to be transferred to a virtual machine that belongs to the same user. This can alleviate a data leakage problem that arises in the following case. An administrator mounts dynamic data of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
Correspondingly, an embodiment of the present disclosure provides a cloud system data management apparatus that is used to implement the method in the foregoing embodiments. As shown in FIG. 3 , the apparatus includes a creating unit 301 configured to create a first virtual machine for a user and allocate a virtual data volume to the first virtual machine, where the first virtual machine has a home identifier, and the home identifier of the first virtual machine is used to identify a user to which the first virtual machine belongs, a setting unit 302 configured to set an identifier of the virtual data volume as an identifier corresponding to the home identifier of the first virtual machine, a determining unit 303 configured to determine whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the virtual data volume needs to be mounted to a second virtual machine, and a processing unit 304 configured to allow the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume, or forbid the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine does not correspond to the identifier of the virtual data volume.
In a first possible implementation manner, the identifier of the virtual data volume is used to identify a user to which the virtual data volume belongs, and a home identifier of a virtual machine and an identifier of a virtual data volume that belongs to a same user as the virtual machine are identical.
The determining unit 303 is further configured to determine whether the home identifier of the second virtual machine and the identifier of the virtual data volume are identical, and the processing unit 304 allows the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are identical, or the processing unit 304 forbids the virtual data volume to be mounted to the second virtual machine when the home identifier of the second virtual machine and the identifier of the virtual data volume are not identical.
In another implementation manner, the setting unit 302 is further configured to set an identifier of dynamic data of the first virtual machine as an identifier corresponding to the home identifier of the first virtual machine.
The determining unit 303 is further configured to determine whether the home identifier of the second virtual machine corresponds to the identifier of the dynamic data when the dynamic data needs to be transferred to the second virtual machine.
The processing unit 304 is further configured to allow the dynamic data to be transferred to the second virtual machine when the home identifier of the second virtual machine corresponds to the identifier of the dynamic data, or forbid the dynamic data to be transferred to the second virtual when the home identifier of the second virtual machine does not correspond to the identifier of the dynamic data.
In this implementation manner, the dynamic data is data in memory of the first virtual machine.
In another implementation manner, the setting unit 302 is further configured to set the identifier of the virtual data volume as a public identifier to indicate that the virtual data volume may be mounted to any virtual machine before the virtual data volume is allocated to any virtual machine.
The determining unit 303 is further configured to determine whether the identifier of the virtual data volume is the public identifier when the virtual data volume needs to be mounted to the second virtual machine, and the processing unit 304 allows the virtual data volume to be mounted to the second virtual machine when the identifier of the virtual data volume is the public identifier, or the determining unit 303 determines whether the home identifier of the second virtual machine corresponds to the identifier of the virtual data volume when the identifier of the virtual data volume is not the public identifier.
In the foregoing implementation manners, an acquiring unit may further be disposed in the apparatus to acquire a correspondence between the second virtual machine and the user and send the correspondence to the determining unit 303.
According to the cloud system data management apparatus provided in this embodiment of the present disclosure an identifier of the virtual data volume is set as an identifier corresponding to a home identifier of the first virtual machine when a virtual data volume is allocated to a first virtual machine, and when the virtual data volume needs to be mounted to a second virtual machine, it is determined whether a home identifier of the second virtual machine corresponds to the identifier of the virtual data volume such that a virtual data volume of a user is only allowed to be mounted to a virtual machine that belongs to the same user. This can alleviate a data leakage problem that arises in the following case. An administrator mounts a virtual data volume of a user to a virtual machine of another user, and consequently data of the user can be accessed by the other user.
A person skilled in the art may be further aware that, in combination with the examples described in the embodiments disclosed in this specification, units and algorithm steps may be implemented by electronic hardware, computer software, or a combination thereof. To clearly describe the interchangeability between the hardware and the software, the foregoing has generally described compositions and steps of each example according to functions. Whether the functions are performed by hardware or software depends on particular applications and design constraint conditions of the technical solutions. A person skilled in the art may use different methods to implement the described functions for each particular application, but it should not be considered that the implementation goes beyond the scope of the present disclosure.
Steps of methods or algorithms described in the embodiments disclosed in this specification may be implemented by hardware, a software module executed by a processor, or a combination thereof. The software module may be disposed in a random access memory (RAM), a memory, a read-only memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a removable disk, a compact-disc read-only memory (CD-ROM), or a storage medium in any other forms well-known in the art.
In the foregoing specific implementation manners, the objective, technical solutions, and benefits of the present disclosure are further described in detail. It should be understood that the foregoing descriptions are merely specific implementation manners of the present disclosure, but are not intended to limit the protection scope of the present disclosure. Any modification, equivalent replacement, or improvement made without departing from the spirit and principle of the present disclosure should fall within the protection scope of the present disclosure.

Claims (16)

What is claimed is:
1. A cloud system data management method, comprising:
creating a first virtual machine for a user, the first virtual machine having a first home identifier that identifies the user, and the first virtual machine comprising dynamic data having a dynamic data identifier that corresponds to the first home identifier,
allocating a virtual data volume to the first virtual machine, the virtual data volume having a virtual data volume identifier corresponding to the first home identifier;
determining, according to the virtual data volume identifier and a second home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to the user when the virtual data volume needs to be moved to the second virtual machine;
forbidding the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine do not belong to the user;
determining whether the second home identifier corresponds to the dynamic data identifier when the dynamic data needs to be transferred to the second virtual machine;
allowing the dynamic data to be transferred to the second virtual machine when the second home identifier corresponds to the dynamic data identifier; and
forbidding the dynamic data to be transferred to the second virtual machine when the second home identifier does not correspond to the dynamic data identifier.
2. The method of claim 1, further comprising allowing the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine belong to the user.
3. The method of claim 2, wherein determining, according to the virtual data volume identifier and the second home identifier, whether the virtual data volume and the second virtual machine belong to the user comprises determining whether the second home identifier and the virtual data volume identifier are identical, the virtual data volume and the second virtual machine belong to the user when the second home identifier and the virtual data volume identifier are identical, and the virtual data volume and the second virtual machine do not belong to the user when the second home identifier and the virtual data volume identifier are not identical.
4. The method of claim 1, wherein the dynamic data is data in a memory of the first virtual machine.
5. The method of claim 1, further comprising setting the virtual data volume identifier as a public identifier to indicate that the virtual data volume may be moved to any virtual machine before the virtual data volume is allocated to the first virtual machine.
6. An apparatus, comprising:
a processor; and
a memory coupled to the processor, the memory having a plurality of instructions stored thereon that, when executed by the processor, cause the processor to:
create a first virtual machine for a user, the first virtual machine having a first home identifier that identifies the user;
allocate a virtual data volume to the first virtual machine, the virtual data volume having a virtual data volume identifier corresponding to the first home identifier;
determine whether the virtual data volume identifier and a second home identifier of a second virtual machine are identical corresponding when the virtual data volume needs to be moved to the second virtual machine, the virtual data volume and the second virtual machine belonging to the user when the second home identifier and the virtual data volume identifier are identical corresponding, and the virtual data volume and the second virtual machine not belonging to the user when the second home identifier and the virtual data volume identifier are not identical corresponding;
forbid the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine are not identical corresponding; and
allow the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine are identical corresponding.
7. The apparatus of claim 6, wherein the instructions further cause the processor to:
set a dynamic data identifier of dynamic data in the first virtual machine as corresponding to the first home identifier;
determine whether the second home identifier corresponds to the dynamic data identifier when the dynamic data needs to be transferred to the second virtual machine;
allow the dynamic data to be transferred to the second virtual machine when the second home identifier corresponds to the dynamic data identifier; and
forbid the dynamic data to be transferred to the second virtual machine when the second home identifier does not correspond to the dynamic data identifier.
8. The apparatus of claim 7, wherein the dynamic data is data in a memory of the first virtual machine.
9. The apparatus of claim 6, wherein the instructions further cause the processor to set the virtual data volume identifier as a public identifier to indicate that the virtual data volume may be moved to any virtual machine before the virtual data volume is allocated to the first virtual machine.
10. The apparatus of claim 6, wherein the instructions further cause the processor to acquire a correspondence between the second virtual machine and the user.
11. A computer program product, comprising:
a non-transitory computer-readable medium configured to store computer executable instructions that, when executed by a processor, instruct the processor to:
create a first virtual machine for a user, the first virtual machine having a first home identifier that identifies the user;
set a virtual data volume identifier of a virtual data volume as a public identifier to indicate that the virtual data volume may be moved to any virtual machine, the virtual data volume identifier corresponding to the first home identifier;
allocate the virtual data volume to the first virtual machine;
determine, according to the virtual data volume identifier and a second home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to the user when the virtual data volume needs to be moved to the second virtual machine; and
forbid the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine do not belong to the user.
12. The computer program product of claim 11, wherein the computer executable instructions further cause the processor to allow the virtual data volume to be moved to the second virtual machine when the virtual data volume and the second virtual machine belong to the user.
13. The computer program product of claim 12, wherein the computer executable instructions further cause the processor to determine whether the second home identifier and the virtual data volume identifier are identical, the virtual data volume and the second virtual machine belong to the user when the second home identifier and the virtual data volume identifier are identical, and the virtual data volume and the second virtual machine do not belong to the user when the second home identifier and the virtual data volume identifier are not identical.
14. The computer program product of claim 11, wherein the computer executable instructions further cause the processor to:
set a dynamic data identifier of dynamic data in the first virtual machine as an identifier corresponding to the first home identifier;
determine whether the second home identifier corresponds to the dynamic data identifier when the dynamic data needs to be transferred to the second virtual machine;
allow the dynamic data to be transferred to the second virtual machine when the second home identifier corresponds to the dynamic data identifier; and
forbid the dynamic data to be transferred to the second virtual machine when the second home identifier does not correspond to the dynamic data identifier.
15. The computer program product of claim 14, wherein the dynamic data is data in a memory of the first virtual machine.
16. The computer program product of claim 11, wherein the computer executable instructions further cause the processor to acquire a correspondence between the second virtual machine and the user.
US17/206,072 2013-10-25 2021-03-18 Cloud system data management method and apparatus Active 2035-12-31 USRE49601E1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/206,072 USRE49601E1 (en) 2013-10-25 2021-03-18 Cloud system data management method and apparatus

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
CN201310511740.7A CN103544047B (en) 2013-10-25 2013-10-25 cloud system data management method
CN201310511740.7 2013-10-25
PCT/CN2014/089516 WO2015058724A1 (en) 2013-10-25 2014-10-25 Cloud system data management method
US15/131,758 US10235197B2 (en) 2013-10-25 2016-04-18 Cloud system data management method and apparatus
US17/206,072 USRE49601E1 (en) 2013-10-25 2021-03-18 Cloud system data management method and apparatus

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US15/131,758 Reissue US10235197B2 (en) 2013-10-25 2016-04-18 Cloud system data management method and apparatus

Publications (1)

Publication Number Publication Date
USRE49601E1 true USRE49601E1 (en) 2023-08-08

Family

ID=49967525

Family Applications (2)

Application Number Title Priority Date Filing Date
US15/131,758 Ceased US10235197B2 (en) 2013-10-25 2016-04-18 Cloud system data management method and apparatus
US17/206,072 Active 2035-12-31 USRE49601E1 (en) 2013-10-25 2021-03-18 Cloud system data management method and apparatus

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US15/131,758 Ceased US10235197B2 (en) 2013-10-25 2016-04-18 Cloud system data management method and apparatus

Country Status (4)

Country Link
US (2) US10235197B2 (en)
EP (2) EP3048529B1 (en)
CN (1) CN103544047B (en)
WO (1) WO2015058724A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103544047B (en) 2013-10-25 2017-01-04 华为技术有限公司 cloud system data management method
CN106549986A (en) * 2015-09-17 2017-03-29 南京中兴新软件有限责任公司 A kind of block storage method and device
CN106933646B (en) * 2015-12-29 2020-04-14 杭州华为数字技术有限公司 Method and device for creating virtual machine
CN108399101B (en) * 2017-02-06 2021-03-16 腾讯科技(深圳)有限公司 Method, device and system for scheduling resources
CN107391224A (en) * 2017-06-09 2017-11-24 华为技术有限公司 A kind of creation method of virtual volume, hanging method and device
CN109871252B (en) * 2019-01-28 2022-04-01 国云科技股份有限公司 Cloud classroom universal disk implementation method
CN111159703B (en) * 2019-12-31 2022-12-06 奇安信科技集团股份有限公司 Virtual machine data leakage detection method and device
CN111865916B (en) * 2020-06-15 2022-09-06 北京金山云网络技术有限公司 Resource management method and device and electronic equipment

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101056175A (en) 2007-04-26 2007-10-17 华为技术有限公司 Disk array and its access right control method and device, server and server system
US20080046610A1 (en) 2006-07-20 2008-02-21 Sun Microsystems, Inc. Priority and bandwidth specification at mount time of NAS device volume
CN101448023A (en) 2008-09-09 2009-06-03 创新科存储技术(深圳)有限公司 Method for accessing logic unit in storage device and device
US20120151177A1 (en) 2010-12-14 2012-06-14 Microsoft Corporation Data Deduplication in a Virtualization Environment
US20120158786A1 (en) 2010-04-29 2012-06-21 International Business Machines Corporation Performing authorization control in a cloud storage system
CN102567667A (en) 2011-12-13 2012-07-11 中标软件有限公司 Intelligent information equipment and operation system thereof
US8307177B2 (en) * 2008-09-05 2012-11-06 Commvault Systems, Inc. Systems and methods for management of virtualization data
US20120311566A1 (en) * 2011-05-31 2012-12-06 Hitachi, Ltd. Computer system and its event notification method
US8341625B2 (en) 2008-05-29 2012-12-25 Red Hat, Inc. Systems and methods for identification and management of cloud-based virtual machines
US8347288B1 (en) * 2009-12-28 2013-01-01 Amazon Technologies, Inc. System and method for verification of repeatable virtualized computing
US20130091183A1 (en) * 2010-06-15 2013-04-11 Nigel Edwards Volume Management
CN103064927A (en) 2012-12-21 2013-04-24 曙光信息产业(北京)有限公司 Data access method and device of distributed file system
US8443077B1 (en) * 2010-05-20 2013-05-14 Gogrid, LLC System and method for managing disk volumes in a hosting system
US20130198738A1 (en) * 2012-01-30 2013-08-01 Timothy Reddin Input/output operations at a virtual block device of a storage server
US8572613B1 (en) * 2009-12-28 2013-10-29 Amazon Technologies, Inc. Comparison of virtual computing states by performing identified repeatable computations in a changing virtual computing environment
CN103544047A (en) 2013-10-25 2014-01-29 华为技术有限公司 Cloud system data management method

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080046610A1 (en) 2006-07-20 2008-02-21 Sun Microsystems, Inc. Priority and bandwidth specification at mount time of NAS device volume
CN101056175A (en) 2007-04-26 2007-10-17 华为技术有限公司 Disk array and its access right control method and device, server and server system
US8341625B2 (en) 2008-05-29 2012-12-25 Red Hat, Inc. Systems and methods for identification and management of cloud-based virtual machines
US8307177B2 (en) * 2008-09-05 2012-11-06 Commvault Systems, Inc. Systems and methods for management of virtualization data
US20100064112A1 (en) 2008-09-09 2010-03-11 Yongguang Ji Method and system for providing data accessibility and interlinks between a user and a storage device
CN101448023A (en) 2008-09-09 2009-06-03 创新科存储技术(深圳)有限公司 Method for accessing logic unit in storage device and device
US8572613B1 (en) * 2009-12-28 2013-10-29 Amazon Technologies, Inc. Comparison of virtual computing states by performing identified repeatable computations in a changing virtual computing environment
US8347288B1 (en) * 2009-12-28 2013-01-01 Amazon Technologies, Inc. System and method for verification of repeatable virtualized computing
US20120158786A1 (en) 2010-04-29 2012-06-21 International Business Machines Corporation Performing authorization control in a cloud storage system
US8443077B1 (en) * 2010-05-20 2013-05-14 Gogrid, LLC System and method for managing disk volumes in a hosting system
US8495512B1 (en) 2010-05-20 2013-07-23 Gogrid, LLC System and method for storing a configuration of virtual servers in a hosting system
US20130091183A1 (en) * 2010-06-15 2013-04-11 Nigel Edwards Volume Management
US20120151177A1 (en) 2010-12-14 2012-06-14 Microsoft Corporation Data Deduplication in a Virtualization Environment
US20120311566A1 (en) * 2011-05-31 2012-12-06 Hitachi, Ltd. Computer system and its event notification method
CN102567667A (en) 2011-12-13 2012-07-11 中标软件有限公司 Intelligent information equipment and operation system thereof
US20130198738A1 (en) * 2012-01-30 2013-08-01 Timothy Reddin Input/output operations at a virtual block device of a storage server
CN103064927A (en) 2012-12-21 2013-04-24 曙光信息产业(北京)有限公司 Data access method and device of distributed file system
CN103544047A (en) 2013-10-25 2014-01-29 华为技术有限公司 Cloud system data management method

Non-Patent Citations (8)

* Cited by examiner, † Cited by third party
Title
Foreign Communication From a Counterpart Application, Chinese Application No. 201310511740.7, Chinese Office Action dated Jan. 26, 2016, 5 pages.
Foreign Communication From a Counterpart Application, European Application No. 14855743.2, Extended European Search Report dated Aug. 4, 2016, 7 pages.
Foreign Communication From a Counterpart Application, PCT Application No. PCT/CN2014/089516, English Translation of International Search Report dated Jan. 28, 2015, 2 pages.
Foreign Communication From a Counterpart Application, PCT Application No. PCT/CN2014/089516, English Translation of Written Opinion dated Jan. 28, 2015, 7 pages.
Konstantinou, A., et al., "An Architecture for Virtual Solution Composition and Deployment in Infrastructure Clouds," XP002610018, VTDC, Internet Citation, Retrieved from the Internet: URL: http://delivery.acm.org/10.1145/1560000/1555339/p9-konstantinou.pdf?key1=1555339&key2=0580489821&coll=DL&d1=ACM&CFID=111005859&CFTOKEN=66777387 [retrieved on Nov. 15, 2010], Jun. 15, 2009, 9 pages.
Konstantinou, A., et al., "An Architecture for Virtual Solution Composition and Deployment in Infrastructure Clouds," XP2610018A, Jun. 15, 2009, 9 pages.
Partial English Translation and Abstract of Chinese Patent Application No. CN103544047, Part 1, Apr. 15, 2016, 6 pages.
Partial English Translation and Abstract of Chinese Patent Application No. CN103544047, Part 2, Apr. 15, 2016, 3 pages.

Also Published As

Publication number Publication date
WO2015058724A1 (en) 2015-04-30
EP3048529A1 (en) 2016-07-27
EP3048529A4 (en) 2016-09-07
EP3048529B1 (en) 2019-01-30
EP3543850B1 (en) 2022-02-23
EP3543850A1 (en) 2019-09-25
US10235197B2 (en) 2019-03-19
US20160232027A1 (en) 2016-08-11
EP3543850B8 (en) 2022-03-30
CN103544047B (en) 2017-01-04
CN103544047A (en) 2014-01-29

Similar Documents

Publication Publication Date Title
USRE49601E1 (en) Cloud system data management method and apparatus
US11321452B2 (en) Execution environment virtualization method and apparatus and virtual execution environment access method and apparatus
CN103399778B (en) A kind of virtual machine online bulk migration method and apparatus
US9971623B2 (en) Isolation method for management virtual machine and apparatus
US9733958B2 (en) Mechanism for performing rolling updates with data unavailability check in a networked virtualization environment for storage management
US9665378B2 (en) Intelligent boot device selection and recovery
US9104545B2 (en) Thick and thin data volume management
EP3502877B1 (en) Data loading method and apparatus for virtual machines
US10180915B2 (en) Method and apparatus for accessing physical resources
CN107209683B (en) Backup image restore
US20100153947A1 (en) Information system, method of controlling information, and control apparatus
US20210200638A1 (en) Storage system spanning multiple failure domains
US7769919B2 (en) Protecting computer memory from simultaneous direct memory access operations using active and inactive translation tables
CN104516769A (en) Verification of dynamic logical partitioning
US20160357647A1 (en) Computer, hypervisor, and method for allocating physical cores
US11579926B2 (en) Processing rest API requests based on resource usage satisfying predetermined limits
US10360187B1 (en) Hybrid storage for virtual machines and containers
US20200192712A1 (en) Region to host affinity for block allocation in clustered file system volume
US12093285B2 (en) Techniques for live repartitioning of cross-service database shards
US10509662B1 (en) Virtual devices in a reliable distributed computing system
US11704426B1 (en) Information processing system and information processing method
US20210109773A1 (en) Techniques for Implementing Virtual Machine (VM) Compute to Storage Object Proximity
JP2024085152A (en) Storage system, data transfer control method, and data transfer control program

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: HUAWEI CLOUD COMPUTING TECHNOLOGIES CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HUAWEI TECHNOLOGIES CO., LTD.;REEL/FRAME:059267/0088

Effective date: 20220224