WO2013163944A1 - Iaas service cloud account sharing method, sharing platform and network device - Google Patents

Iaas service cloud account sharing method, sharing platform and network device Download PDF

Info

Publication number
WO2013163944A1
WO2013163944A1 PCT/CN2013/074847 CN2013074847W WO2013163944A1 WO 2013163944 A1 WO2013163944 A1 WO 2013163944A1 CN 2013074847 W CN2013074847 W CN 2013074847W WO 2013163944 A1 WO2013163944 A1 WO 2013163944A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
account
cloud
operation request
iaas
Prior art date
Application number
PCT/CN2013/074847
Other languages
French (fr)
Chinese (zh)
Inventor
柴晓前
李彦
朱文杰
邹现军
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2013163944A1 publication Critical patent/WO2013163944A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/508Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
    • H04L41/5096Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to distributed or central networked applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1453Methods or systems for payment or settlement of the charges for data transmission involving significant interaction with the data transmission network
    • H04L12/1457Methods or systems for payment or settlement of the charges for data transmission involving significant interaction with the data transmission network using an account

Definitions

  • the invention relates to a method for sharing an IaaS service cloud account, and a sharing platform and a network device.
  • the application requires that the application number submitted on May 4, 2012 is 201210137495.3, and the invention name is "a method for sharing an IaaS service cloud account, and a sharing platform.
  • the priority of the Chinese Patent Application the entire disclosure of which is incorporated herein by reference.
  • the embodiments of the present invention relate to the field of communications technologies, and in particular, to a method for sharing an IaaS service cloud account, a sharing platform, and a network device. Background technique
  • Cloud computing allocates resources according to user needs. According to user charges, users do not need to purchase hardware and software. All software and hardware resource requirements can be met by remote access using the software provider's hardware and software. Through the shared use of resources, resource utilization can be improved, and the cost of use and maintenance costs can be reduced.
  • IAAS Infrastructure as a Service
  • VM Virtual Machines
  • Storage capacity is another common form of resource representation.
  • Embodiments of the present invention provide a method for sharing an IaaS service cloud account, a sharing platform, and a network device, so as to share a cloud account between multiple users.
  • An embodiment of the present invention provides a method for sharing an infrastructure as a service cloud account for an IaaS service, including:
  • At least one cloud account for accessing an infrastructure cloud providing the IaaS service, where the cloud account is a cloud account of the first user;
  • At least one cloud account of the first user to the second user as the second user accessing the infrastructure cloud providing the IaaS service according to the association relationship between the first user and the second user Entering an account, so that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • An embodiment of the present invention provides a shared platform, which is a shared platform for serving an IaaS service cloud account, and includes:
  • the first storage unit 52 is configured to save at least one cloud account for accessing the infrastructure cloud that provides the IaaS service, as the cloud account of the first user, and also used to save the second user identifier and the access account. Correspondence relationship;
  • the first processing unit 51 is configured to create an account for the second user to access the shared platform, and the account of the access sharing platform includes the identifier of the second user; according to the association between the first user and the second user a relationship, the at least one cloud account of the first user is designated as the access account of the second user accessing the infrastructure cloud of the IaaS service, so that the client of the second user is configured according to The account of the access sharing platform and the access account access the infrastructure cloud that provides the IaaS service corresponding to the access account.
  • the cloud account registered by the first user may be designated as the first according to the association relationship between the first user and the second user.
  • the second user accesses the access account of the infrastructure cloud that provides the IaaS service, thereby using the second
  • the user can use the cloud account registered for the first user to realize the sharing of the cloud account between the users.
  • 1 is a flow chart of a method for sharing an infrastructure as a method for serving an IaaS service cloud account
  • FIG. 2 is a flowchart of an embodiment of a method for creating a virtual machine according to an embodiment of the present invention
  • FIG. 3 is a flowchart of an embodiment of implementing a cloud storage method according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a system for sharing an infrastructure as a service cloud account for an IaaS service according to the present invention
  • FIG. 5 is a schematic structural diagram of a shared infrastructure as a shared platform for serving IaaS service cloud accounts according to the present invention. detailed description
  • FIG. 1 is a flowchart of a method for sharing an infrastructure as a method for serving an IaaS service cloud account. As shown in FIG. 1, the method may include:
  • the cloud account described in the embodiment of the present invention is an account that is applied to the IaaS service provider to access and use the IaaS service, and may include a username, a password, and/or a related access authentication key (such as an Access Key, Secret Access Key) and so on.
  • At least one cloud account here includes the following meanings: One or more cloud accounts that are saved are used to access an infrastructure cloud that provides IaaS services, including user names and authentication information, that is, cloud accounts and IaaS services.
  • the relationship of infrastructure clouds is a many-to-one relationship.
  • the cloud account that is used to access the infrastructure cloud of the IaaS service may be included in the following two implementation manners:
  • the sharing platform receives the cloud account creation request sent by the first user client, and applies, according to the cloud account creation request, the first user to the infrastructure cloud that provides the IaaS service to apply for at least one infrastructure cloud for accessing the IaaS service.
  • Cloud account and save the cloud account;
  • the sharing platform receives and saves at least one cloud account registered by the first user, and the cloud account is obtained by the first user from the infrastructure cloud that provides the IaaS service.
  • the registration here means that the first user provides the cloud account information owned by the first user to the sharing platform according to the format of the shared platform.
  • the cloud account of the at least one first user for the second user as the infrastructure cloud of the second user accessing the IaaS service. Entering an account, so that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • the association relationship between the first user and the second user in the embodiment of the present invention may be any relationship that the first user agrees to authorize the second user to use the cloud account, where the first user may be the operator or manager of the shared platform. , or a third-party company, or an individual, the second user can be an individual.
  • the association relationship embodies an association between the first user and the second user, which may be a correspondence relationship table, that is, an association relationship table.
  • the association table may be stored in a shared platform, or may be stored on a separate storage device. For example, after the second user logs in to the shared platform, the IaaS service object operation request is sent, or the shared platform creates an access for the second user. After sharing the account of the platform, by sharing The platform queries the association relationship table to specify the access account for the second user.
  • association relationship can be saved on the shared platform, and can be queried when needed.
  • association relationship can also be saved on the client of the first user, and the shared platform goes to the client of the first user when needed. Get it, etc.
  • At least one of the cloud accounts registered for the first user as the access account of the second user to access the infrastructure cloud providing the IaaS service may include the following situations:
  • the client receiving the second user specifies an access account for the second user that sends the operation request of the IaaS service object after the operation request of the IaaS service object sent after the account is logged in according to the account of the access sharing platform. .
  • At least one of the registered cloud accounts is designated as the second user for the second user according to the association relationship.
  • At least one cloud account of the first user is specified as the second user accessing the second user.
  • the access account of the infrastructure cloud of the IaaS service is provided.
  • the corresponding relationship between the second user identifier and the access account may be saved for subsequent use.
  • the sharing platform After the access account is specified for the second user, the sharing platform encapsulates the IaaS service object operation according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account. And requesting, by the infrastructure cloud that provides the laaS service corresponding to the access account, the encapsulated LAAS service object operation request; the infrastructure cloud that provides the laaS service corresponding to the access account is configured according to the encapsulated laaS service The object operation request returns a response message to the shared platform; the sharing platform receives the response message sent by the infrastructure cloud that provides the laaS service corresponding to the access account, and encapsulates the response message, and sends the response message to the client of the second user. Encapsulated response message.
  • the response message includes a laaS service object returned by the infrastructure cloud providing the laaS service
  • the laaS service object is a target object provided by the infrastructure cloud of the laaS service for the user to perform the operation remotely.
  • the laaS business object includes, but is not limited to, one or more of a virtual machine, a security group, a key pair, a storage object, and the like.
  • This embodiment is a scheme written from the shared platform side.
  • the cloud account registered by the first user may be designated as the first according to the association relationship between the first user and the second user.
  • the second user accesses the access account of the infrastructure cloud that provides the laaS service, so that the second user can use the cloud account registered for the first user to realize the sharing of the cloud account between the users.
  • the method may further include setting an operation authority for the second user, that is, setting an operation authority for the second user corresponding to the identifier of the second user, and further saving the operation authority set for the user in the bdfgh.
  • the method further includes: after receiving an operation request of the laaS service object sent by the client of the second user after the account is logged in based on the account of the access sharing platform, according to the operation set by the user corresponding to the second user identifier Determining, by the authority, whether the user corresponding to the second user identifier has the right to perform the operation request on the laaS service object, and determining that the user corresponding to the second user identifier has the authority corresponding to executing the operation request Performing a subsequent operation, the subsequent operation, for example, may encapsulate the LAAS service object operation request according to the message format of the infrastructure cloud providing the laaS service corresponding to the specified access account, and corresponding to the access account
  • the infrastructure cloud providing the laaS service sends the encapsulated
  • the client that receives the second user sends After the operation request of the IaaS service object is sent, the user corresponding to the operation request of the IaaS service object may not be determined, and the client receiving the second user is based on the access sharing platform. After the operation request of the IaaS business object sent after the account is logged in, the subsequent operation is directly performed.
  • the method further includes receiving an infrastructure cloud providing the IaaS service corresponding to the access account.
  • the encapsulated IaaS service object operates to send a response message to the request; and further encapsulates the response message, and sends the encapsulated response message to the second user's client.
  • the method After receiving the response message sent by the infrastructure cloud providing the IaaS service corresponding to the access account according to the encapsulated IaaS service object operation request, the method further parses the response message to obtain a success or failure.
  • the operation result information is saved, and the operation result information is saved in the sharing platform, so as to provide a reference for the second user to determine the infrastructure cloud that provides the IaaS service corresponding to the access account.
  • the foregoing method is mainly for the case that one or more cloud accounts saved on the shared platform correspond to an infrastructure cloud that provides an IaaS service, and if the shared platform simultaneously registers a plurality of cloud accounts of the infrastructure cloud providing the IaaS service, the receiving After the operation request of the IaaS service object sent by the second user's client after the account is logged in, the method may further include: first determining, according to the operation request of the IaaS service object, the infrastructure cloud that provides the IaaS service. And then, the account corresponding to the determined infrastructure cloud is used as the designated access account of the operation request of the IaaS service object.
  • the operation request of the IaaS service object includes an identifier of an infrastructure cloud that is to be accessed by the second user client to provide an IaaS service, and the infrastructure cloud corresponding to the identifier of the infrastructure cloud is determined to be an infrastructure cloud that provides IaaS services; Or, according to the previously stored correspondence between the second user identifier and the access account, finding that the corresponding relationship has obtained multiple access corresponding to the second user identifier The account, and then the infrastructure cloud that provides the IaaS service is found according to the access account; or the operation request of the IaaS service object does not include the identifier of the infrastructure cloud to be accessed by the second user client, and the second user is pre-
  • the selection rules for the provided infrastructure cloud determine the infrastructure cloud that provides IaaS services.
  • the selection rule may be: the second user pre-provides its acceptable service quality of service (QoS), such as request delay duration, request failure rate, IaaS service object abnormal ratio, etc., and these parameters are Specifying the weight, filtering all the infrastructure clouds that can provide the IaaS service according to the QoS and its weight, and determining the infrastructure cloud for providing the IaaS service to the second user from the filtered infrastructure cloud that can provide the IaaS service, determining The method may be: sorting according to the quality of the QoS, and selecting the infrastructure cloud with the highest QoS quality to provide the IaaS service.
  • QoS quality of service
  • the IaaS service object in the response message received by the shared platform includes the IaaS service object identifier, and the shared platform may also establish the second user identifier after receiving the IaaS service object identifier for the first time. Corresponding relationship with the identifier of the IaaS service object, for the subsequent shared platform to verify whether the user has the right to initiate an operation for the IaaS service object, or to perform statistics, charging, and the like according to the user.
  • the shared platform may receive the IaaS service object identifier for the first time from the following two ways:
  • the second user passes the IaaS service object identifier provided by the IaaS service object operation request, or the infrastructure cloud that provides the IaaS service processes the IaaS service submitted by the second user.
  • the IaaS service object identifier is allocated to the generated IaaS service object, and the IaaS service object identifier is returned to the sharing platform by the response message of the IaaS service object operation request.
  • the sharing platform allocates a unique prefix or suffix to the second user identifier, and saves the correspondence between the second user identifier and the prefix or suffix, and the message between the client and the shared platform of the second user Use the IaaS business object identifier without adding a prefix or suffix, and the identifier of the IaaS business object with the prefix or suffix added between the shared platform and the infrastructure cloud providing the IaaS service to prevent object conflicts between different users, then encapsulation The IaaS business object operation request, or When the response message is encapsulated, the prefix or suffix corresponding to the second user identifier is obtained according to the correspondence between the second user identifier and the prefix or suffix, and the laaS included in the operation request of the laaS service object is obtained. The service object identifier is added with a prefix or suffix, or the prefix or suffix of the laaS service object identifier included in the response message is used as the identifier of the encapsulated
  • the sharing platform assigns an alias to the laaS service object, and the alias may be uniquely associated with the laaS service object, and save the correspondence between the laaS service object of the second user identifier and the specified alias,
  • the message between the user client and the shared platform uses the laaS service object identifier provided by the user, and the alias of the laaS service object is used between the shared platform and the infrastructure cloud providing the laaS service to prevent object conflicts between different users.
  • the alias is replaced with the corresponding laaS service object identifier as the identifier of the encapsulated laaS service object.
  • the specified access account may be used to create a virtual machine or implement cloud storage.
  • the following sections describe two specific application examples of the present invention: virtual machine creation and cloud storage implementation.
  • the laaS service is a virtual machine service of the infrastructure cloud
  • the foregoing laaS service object may be one or more of a key pair, a virtual machine, a security group, and the like.
  • the response message returned by the infrastructure cloud providing the laaS service includes providing a laaS service.
  • the result of the infrastructure cloud processing the laaS service object operation request including a key pair name, a private key in the generated key pair, wherein the key pair name is one of identifiers of the laaS service object.
  • the method further includes: sending a private key of the generated key pair to a client of the second user, where the sharing platform does not save the private key.
  • the key pair is used as the IaaS service object
  • the IaaS service object is a key pair
  • the IaaS service object operation request sent by the second user is an operation request for creating a key pair.
  • the response message includes a result of the infrastructure cloud processing the IaaS service object operation request, and also includes a private key in the generated key pair.
  • the method further includes: the sharing platform saving the private key of the key pair and the correspondence between the key pair and the infrastructure cloud.
  • the second user client When the second user client creates a virtual machine, that is, the sent IaaS service object operation request is an operation request for creating a virtual machine, the second user client carries the key pair name in the IaaS service object operation request, after the virtual machine is created,
  • the access virtual machine SSH (Secure Shell) client can access the virtual machine through the sharing platform.
  • the shared platform uses the key of the virtual machine saved by the shared platform to perform virtual machine login authentication. After the authentication is passed, the user interface is provided to the second user client, and the virtual machine login authentication is transparent to the second user, that is, the specific process of the virtual machine login authentication is invisible to the user.
  • the sharing platform determines the access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier, and the specific determining method may be as follows: Step 103;
  • the second user identifier, the specification of the virtual machine to be created, and the key pair name are encapsulated in the operation request of the IaaS service object, and the encapsulated IaaS service is sent to the infrastructure cloud that provides the IaaS service corresponding to the access account.
  • the operation request returned by the infrastructure cloud that provides the IaaS service includes an identifier of the IaaS service object generated according to the IaaS service object operation request, and the IaaS service object is the created virtual machine.
  • the IaaS service object operation request is an operation request for creating a virtual machine
  • the virtual machine is generated by using a username and a password
  • the user name and password are login user names and passwords of the virtual machine created by logging in, where the virtual machine is created.
  • the operation request includes the second user identifier and a specification of the virtual machine to be created, optionally including a login user name or password provided by the second user;
  • the sharing platform determines the access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier. For details, refer to step 103.
  • the operation request for creating the virtual machine is carried.
  • the information is encapsulated in an operation request of the IaaS service object, and sends an operation request of the encapsulated IaaS service object to the infrastructure cloud that provides the IaaS service corresponding to the access account; and the response returned by the infrastructure cloud that provides the IaaS service
  • the message includes an identifier of the IaaS service object generated according to the IaaS service object operation request, and the IaaS service object is the created virtual machine.
  • the method includes: for an created virtual machine, the IaaS business object operation request is a virtual machine stop operation request, a virtual machine change operation request, a virtual machine Restart operation request or virtual machine delete operation request, the IaaS business object operation request includes the second user identifier, the identifier of the virtual machine that needs to be stopped, changed, restarted or deleted; according to the saved second user Corresponding relationship between the identifier and the access account determines an access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier; and the second user identifier, the virtual machine that needs to be stopped, changed, restarted, or deleted
  • the identifier is encapsulated in an operation request of the IaaS service object, and sends an operation request of the encapsulated IaaS service object to the infrastructure cloud that provides
  • the foregoing IaaS service object may be a storage object or a storage block bucket.
  • the operation request for creating the storage block includes a name or storage of the storage block.
  • the identifier of the object after receiving the IaaS service object operation request, the sharing platform determines, according to the correspondence between the second user identifier and the access account that is saved by the shared platform, the infrastructure cloud that provides the IaaS service corresponding to the second user identifier.
  • the operation request for creating a storage block or the operation request for saving a storage object or the other operation request of the storage object is encapsulated in an operation request of an IaaS service object, and provides a basis for providing an IaaS service corresponding to the access account.
  • the facility cloud sends an operation request of the encapsulated IaaS service object; the infrastructure cloud response message providing the IaaS service includes a processing result of processing the IaaS service object operation request.
  • the method may further include: determining, by the IaaS service object operation request, whether the target user that changes the access right of the storage object that is included in the IaaS service object operation request is the second user of the shared platform, and if yes, the sharing platform saves the object The new access right does not send an access permission operation request to change the storage object to the infrastructure cloud providing the storage service, otherwise, send the re-encapsulated change access permission operation of the storage object to the infrastructure cloud providing the storage service request.
  • FIG. 2 is a flowchart of an embodiment of a method for creating a virtual machine (VM). As shown in FIG. 2, the method may include:
  • Step 201 Register at least one cloud account for accessing the infrastructure cloud providing the IaaS service on the shared platform, as the cloud account of the client of the first user; the specific registration process may refer to the related description of the foregoing embodiment of the present invention.
  • the sharing platform can simultaneously register multiple cloud accounts of the infrastructure cloud that provides IaaS services. For each infrastructure cloud that provides IaaS services, one or more of the infrastructure cloud's Yunma can be registered with the shared platform.
  • Step 202 The second user client of the shared platform accessing the shared platform creates an account of the second user client to access the shared platform.
  • the sharing platform generates an account for accessing the shared platform for each second user that uses the cloud service through the shared platform, where the account of the access sharing platform includes at least a user identifier of the second user, and optionally has an access sharing.
  • Certification information for the platform such as passwords, certificates, etc.
  • Second user client The account of the access sharing platform is used to access the sharing platform, and the cloud service provided by the infrastructure cloud is used through the sharing platform.
  • the authentication information corresponding to the account of the access sharing platform is provided, such as providing a password or a certificate, and the sharing platform uses the authentication information to authenticate the identity of the second user, and after the authentication is passed, Open cloud business access capabilities for users.
  • Step 203 The sharing platform, according to the association relationship between the first user and the second user, specifies, for the second user, at least one cloud account of the first user as the second user access
  • the access account of the infrastructure cloud of the IaaS service so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • Facility cloud The access account of the infrastructure cloud of the IaaS service, so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • the sharing platform specifies an access account for the second user in step 202.
  • a second user can be assigned to an access account of the infrastructure cloud, one of the foundations.
  • the access account of the facility cloud can be assigned to multiple second users.
  • the process of associating the first user with the second user and the process of assigning an access account to the second user may refer to related descriptions of other embodiments of the present invention.
  • the sharing platform specifies, as the second user, the cloud account registered by the first user as the second user to access the access account of the infrastructure cloud of the IaaS according to the association relationship between the first user and the second user.
  • the preferred implementation of the foregoing sharing platform for the cloud account registered by the first user as the first user according to the association relationship between the first user and the second user as the second user accessing the infrastructure cloud providing the IaaS is:
  • the shared platform is uniformly allocated according to the load condition of each access account of the infrastructure cloud, so that each access account of the infrastructure cloud is made.
  • the number of associated users is basically equal, where the load refers to the number of second users associated with it, regardless of whether the second user is currently used or not; or, the sharing platform groups the users according to the different rights granted to the user, and Assign to an IaaS access account based on the packet.
  • the manner in which the sharing platform specifies the access account for the second user may be fixed or dynamically specified.
  • the shared platform specifies the access account for the second user in a fixed manner, that is, a user is fixedly bound to an access account corresponding to an infrastructure cloud, and the user identifier and the infrastructure cloud are saved on the shared platform.
  • Such a user can view and manage the status information of cloud instances stored in the infrastructure cloud providing IaaS services at any time.
  • a cloud instance refers to an IaaS service object created by the infrastructure cloud according to the request of the second user.
  • the created virtual machine is a cloud instance, and one storage space allocated for the user, that is, the stored block is a cloud instance.
  • the sharing platform When the sharing platform specifies the access account for the second user in a dynamic manner, that is, when a user is using the cloud service (such as an operation request for sending an IaaS service), the sharing platform temporarily specifies the IaaS for the user.
  • the cloud account of the infrastructure cloud of the service is used as an access account, and the cloud account is released after the user requests the processing, that is, the cloud account is no longer bound.
  • the sharing platform can dynamically assign an access account of the infrastructure cloud to the user according to the load of the infrastructure cloud that provides the IaaS service corresponding to each access account, such as assigning a lower current load to the user.
  • the access account of the facility cloud processes the operational request of the user's IaaS service, where the load refers to the number of second users associated with which the infrastructure cloud is currently being used.
  • the sharing platform may assign operation rights to the user according to the identity of the second user, for example, the ordinary user can only use the VM, but cannot create the intermediate user, and the intermediate user can only create a maximum of 5 VMs.
  • the advanced user can apply for the specification comparison. High VM and so on, and save the user rights.
  • Step 204 The sharing platform sends an operation request for creating a key pair of the second user, and receives a key pair returned by the corresponding infrastructure cloud that provides the IaaS service.
  • the key pair keypa ir is a key-value pair, including a public key and a private key, for the second user client to access the virtual machine VM.
  • the key pair application request may be that after the sharing platform receives the operation request of the IaaS service object sent by the second user after logging in based on the account of the access sharing platform, the sharing platform sends the information to the corresponding infrastructure cloud.
  • the sharing platform After receiving the operation request of the IaaS service object, the sharing platform determines an access account for the operation request, and applies and receives the key to the infrastructure cloud that provides the Ia.S service corresponding to the access account. Correct. For a specific process of determining an access account for the operation request in this embodiment, refer to related descriptions of other embodiments of the present invention, and details are not described herein again.
  • the sharing platform Determining, by the sharing platform, that the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object according to the operation authority set by the user corresponding to the second user identifier, and determining the location
  • the operation request of the IaaS service object is encapsulated according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the access account, and The infrastructure cloud that provides the IaaS service corresponding to the access account sends the encapsulated IaaS service object operation request.
  • the sharing platform applies at least one key pair keypa ir (including the public key and the private key) in the infrastructure cloud providing the IaaS service corresponding to the specified access account according to the operation request of the business object, and the specific keypa ir is generated by the The infrastructure cloud that provides the IaaS service is completed.
  • the infrastructure that provides the IaaS service generates the key pair and then stores the public key.
  • the private key corresponding to the keypa ir is sent to the shared platform through the response message.
  • the shared platform After the shared platform receives the private key sent by the infrastructure cloud, there are two cases: The shared platform saves the private key and the shared platform does not save the private key.
  • the second user can access the virtual machine by using the username and password, and the step 204 of creating the key pair may be omitted.
  • the shared platform saves the private key
  • the shared platform does not save the private key
  • the infrastructure cloud creates the virtual machine without using the key pair, and uses the username and password
  • the following embodiments are introduced in three cases. If the private key of the key pair is not saved on the shared platform, see Step 2051-2071. For the process of saving the private key of the key pair on the shared platform, see Step 2052-2072.
  • the infrastructure cloud creates a VM
  • the infrastructure cloud For the process of creating a virtual machine using a key pair and using a username and password, see Step 2053 2063. In these three cases, one of them can be selected according to the user's preference and the capabilities of the infrastructure cloud.
  • Step 2051 Send the private key of the assigned key pair to the client of the second user.
  • the sharing platform provides the key of the infrastructure cloud assigned by the IaaS service to the final second user, and the second user saves the private key to facilitate its use of other ssh (Secure Shell, Secure Shell Protocol) tools. Access to the cloud.
  • the sharing platform saves the correspondence between the user identifier and the key pair of the second user. If the sharing platform registers a plurality of infrastructure clouds, the correspondence between the key pair and the infrastructure cloud that generates the key pair needs to be saved.
  • the sharing platform may assign an alias to each key pair keypair, save the corresponding relationship between the alias and the key pair name, and provide the alias to the second user. As shown in Table 1:
  • mykeypair is used in messages between user2 and the shared platform; alias keypair—for—user 1 is used in messages between the shared platform and the cloud.
  • the sharing platform saves the correspondence between the key pair alias and the key pair name.
  • the sharing platform may assign a prefix or suffix to each second user, and each second user has a different prefix or suffix, and the sharing platform communicates with the infrastructure cloud that generates the key pair, in the key Add a prefix or suffix to the name.
  • Step 2011 The sharing platform applies, according to an operation request for creating a virtual machine sent by the second user, to the corresponding infrastructure cloud to create a virtual machine, and receives the created virtual machine returned by the infrastructure cloud.
  • the second user initiates an operation request for creating a virtual machine to the shared platform for creating a virtual machine.
  • the operation request for creating a virtual machine includes the second user identifier, a specification of a virtual machine to be created, and a key pair identifier.
  • the specifications of the virtual machine VM to be created are as follows: The image image used to create the VM, the size of the VM, etc., after verifying that the second user authority passes, the shared platform queries the keypair alias table mentioned in Table 1 of step 2051.
  • the infrastructure cloud submits an operation request to create a virtual machine. If the creation is successful, the infrastructure cloud returns a response message to the shared platform, where the response message carries the identifier of the virtual machine that has been created, otherwise an error is returned. After the creation is successful, the mapping between the virtual machine identifier and the second user may be saved on the shared platform, and other information of the virtual machine, such as an IP address, a specification, and the like, may also be saved.
  • the sharing platform provides the virtual machine to the second user.
  • the sharing platform may Install an agent for the created vm, the agent can monitor the running status of the vm, and automatically report to the shared platform periodically, and the shared platform analyzes the received information to obtain the status of the VM.
  • the sharing platform can record the point in time when the VM is created, and according to the charging rules of the infrastructure cloud (such as the deduction time interval), determine and configure a time interval for acquiring the VM state, and pass the infrastructure cloud at each time interval.
  • the provided interface obtains the status of the VM. For example, the hourly charge, that is, the charge per hour, the VM state is acquired once the VM starts 59 minutes.
  • Step 2071 The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
  • the second user initiates an operation request for the IaaS service of the specific cloud instance to the shared platform to manage the virtual machine that has been created, such as stopping, changing, restarting, viewing, or deleting the virtual machine.
  • the operation request of the IaaS service specifies the identifier of the virtual machine, and the sharing platform determines whether the virtual machine corresponds to the second user identifier according to the correspondence between the saved virtual machine identifier and the second user identifier, so as to verify whether the user is The virtual machine can be managed, and if the corresponding relationship is verified, the access account bound by the second user identifier is used to initiate an operation for the virtual machine to the corresponding infrastructure cloud.
  • the infrastructure cloud corresponding to the access account performs a corresponding operation on the operation request of the IaaS service object, and returns a response message to the shared platform, where the response message includes the result of the corresponding operation, and is shared by the sharing
  • the station returns the result to the second user client.
  • Step 2052 Save the private key of the created one or more key pairs on the shared platform.
  • the shared platform saves the private key of the key pair and also stores the correspondence between the key pair and the infrastructure cloud that created the key pair.
  • Step 2062 The sharing platform applies for creating a virtual machine to the corresponding infrastructure cloud according to the operation request for creating a virtual machine sent by the second user, where the virtual machine creation request includes the second user identifier and the virtual machine to be created.
  • the specification optionally including a key pair identifier, and receiving the identifier of the created virtual machine and the address information of the virtual machine (such as IP, Internet Protocol) returned by the infrastructure cloud. If the key pair identifier is not included in the operation request, the sharing platform selects a keypair from the keypair corresponding to the cloud account specified by the operation request as a keypair for creating the virtual machine, which may be randomly selected or selected according to the security group.
  • step 2061 For the VM creation and monitoring description of this step, refer to the related description of step 2061, which will not be described here.
  • Step 2072 The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
  • step 2071 For a description of this step, refer to the related description of step 2071, and details are not described herein again.
  • Step 2053 The sharing platform applies for creating a virtual machine to the corresponding infrastructure cloud according to the operation request for creating a virtual machine sent by the second user, where the virtual machine creation request includes the second user identifier, and the virtual machine to be created. Specifications, optional: root password, or username and password other than root. If the operation request does not include any username and password, the infrastructure cloud can generate a password for the root user and request it through the operation. The response message returns the generated password to the second user.
  • the sharing platform receives the identifier of the created virtual machine and the address information of the virtual machine (such as IP, Internet Protocol) returned by the infrastructure cloud, and optionally, the password of the root user generated by the infrastructure cloud.
  • the address information of the virtual machine such as IP, Internet Protocol
  • step 2061 For other virtual machine creation and monitoring descriptions of this step, refer to the related description of step 2061. I won't go into details here.
  • Step 2063 The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
  • step 2071 For a description of this step, refer to the related description of step 2071, and details are not described herein again.
  • FIG. 3 is a flowchart of an embodiment of implementing a cloud storage method according to an embodiment of the present invention. As shown in FIG. 3, the method may include:
  • Step 301 Register at least one cloud account for accessing the infrastructure cloud providing the IaaS service on the shared platform, as the cloud account of the client of the first user; the specific registration process may refer to the related description of the foregoing embodiment of the present invention.
  • Step 302 The sharing platform creates an account for the second user to access the shared platform for the second user to access the shared platform.
  • Step 303 The sharing platform, according to the association relationship between the first user and the second user, specifies, for the second user, at least one cloud account of the first user as the second user access
  • the access account of the infrastructure cloud of the IaaS service so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • Facility cloud The access account of the infrastructure cloud of the IaaS service, so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • Step 304 Send an operation request of the second user to create a storage block, and receive an identifier of the created block returned by the corresponding infrastructure cloud.
  • the creating action of the directory or the block is that the sharing platform automatically initiates a creation command to the cloud when the second user connects the second user to the specified access account, or receives the second user after the login based on the account of the access sharing platform.
  • the sharing platform initiates creation to the corresponding infrastructure cloud.
  • the sharing platform sends an IaaS that creates at least one root directory or block bucket to the specified access account.
  • the service corresponding to the operation request, and receiving a response message returned by the corresponding infrastructure cloud, where the response message includes an identifier of a block or a directory created for implementing the cloud storage, and the sharing platform assigns the second user to the block or directory, and The corresponding relationship between the second user identifier and the block or directory identifier is saved on the shared platform.
  • the sharing platform may allocate a unique storage object prefix or suffix to the second user identifier, and after the second user client sends the IaaS service object operation request, add the identifier and the location of the block to the storage object identifier.
  • the storage object prefix or suffix is described, and the identifier of the added block and the storage object identifier or the storage object identifier after the suffix are encapsulated in the encapsulated IaaS service object operation request sent to the infrastructure cloud.
  • the prefix may use a unique identifier corresponding to the user name or username of the user.
  • the sharing platform saves the correspondence between the identifier of the block and the storage object identifier or the suffix after the storage object identifier and the real identifier of the storage object, after the second user client sends the IaaS service object operation request,
  • the method further includes: determining, according to the added identifier of the block, the correspondence between the storage object identifier or the storage object identifier after the storage object prefix or the suffix, and the storage object identifier, the storage object identifier in the IaaS service object operation request message. Replacing the original storage object identifier with the real identifier of the storage object; and encapsulating the real identifier of the storage object in the encapsulated IaaS business object operation request sent to the infrastructure cloud.
  • Step 305 The second user manages the storage object by using the shared platform.
  • the sharing platform After receiving the storage object management operation initiated by the second user, the sharing platform determines, according to the saved right information, whether the user has the right to perform the operation corresponding to the operation request. If the second user has permission to perform the operation, further operations are performed.
  • the rights here may include: a permission limit of a user saved by the sharing platform, such as a maximum storage space limit, or/and an access control information of the operated object saved by the sharing platform.
  • a permission limit of a user saved by the sharing platform such as a maximum storage space limit
  • an access control information of the operated object saved by the sharing platform is shared platform management.
  • the access control of the infrastructure cloud is not the same.
  • the method may further The method includes: determining, by the IaaS service object operation request, a target user that changes an access right of a storage object that is included in the IaaS service object operation request, whether the second user of the shared platform is saved, and if yes, saving the new access right of the object, and does not provide the
  • the infrastructure cloud of the storage service sends an access permission operation request to change the storage object, otherwise, a re-encapsulated access permission operation request to change the storage object is sent to the infrastructure cloud providing the storage service.
  • FIG. 4 is a shared infrastructure of the present invention as a system for serving an IaaS service cloud account.
  • a schematic diagram of the structure includes a sharing platform 41 and an infrastructure cloud providing device 42 that provides IaaS services, and the infrastructure cloud may have multiple.
  • the system of the present invention may further include a first user client 43 and a second user client 44.
  • the sharing platform 41 is configured to save at least one cloud account for accessing the infrastructure cloud that provides the IaaS service, as the cloud account of the first user, and create an account for the second user to access the shared platform for the second user. And assigning, by the second user, at least one cloud account of the first user as the second user accessing an infrastructure cloud providing IaaS service according to an association relationship between the first user and the second user; An account, such that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account;
  • the infrastructure cloud providing device 42 is configured to register a cloud account for the first user by using the sharing platform, and access the infrastructure cloud by using the specified access account by the second user. After the device, the second user is provided with an IaaS service.
  • the sharing platform 41 is further configured to save a correspondence between the second user identifier and an access account.
  • the sharing platform saves at least one cloud account for accessing an infrastructure cloud of the IaaS service,
  • the cloud account is the cloud account of the first user, and the sharing platform 41 receives the cloud account creation request sent by the first user client 43 according to the cloud account creation request to the infrastructure cloud that provides the laaS service.
  • the providing device 42 applies for at least one cloud account as the cloud account of the first user, and saves the cloud account; or the sharing platform 41 receives and saves at least one cloud account registered by the first user,
  • the at least one cloud account registered by the first user is requested by the first user to the providing device 42 of the infrastructure cloud providing the laaS service.
  • the receiving, by the second user, the at least one cloud account of the first user as the second user accessing the access account of the infrastructure cloud that provides the laaS service includes: the sharing platform 41 receiving the second user
  • the client 44 specifies, according to the association relationship, at least one cloud account of the first user as the second user according to the association relationship when the operation request of the laaS service object is sent after the account is accessed by the account of the access sharing platform.
  • the second user accesses the access account of the infrastructure cloud that provides the laaS service; or the sharing platform 41 creates the account of the second user client accessing the shared platform for the second user accessing the sharing platform 41, Assigning, according to the association relationship, at least one cloud account of the first user to the second user as an access account of an infrastructure cloud that provides a laaS service for the second user; or, in the second After the user's client 44 subscribes the laaS service to the sharing platform 41, the sharing platform 41 specifies the second user according to the association relationship.
  • Providing means cloud infrastructure least one of said first user account as cloud users access the second business providing access account laaS 42.
  • the sharing platform 41 specifies, after the second user specifies the access account of the infrastructure cloud that provides the laaS service for the second user, the sharing platform 41 provides the laaS service according to the specified access account.
  • the message format of the infrastructure cloud encapsulates the laaS service object operation request, and sends the encapsulated laaS service object operation request to an infrastructure cloud that provides a laaS service corresponding to the access account;
  • the sharing platform 41 receives the a response message sent by the providing device 42 of the infrastructure cloud providing the laaS service corresponding to the specified access account according to the encapsulated laaS service object operation request;
  • the sharing platform 41 encapsulating the response message, and reporting to the The client 44 of the second user sends the encapsulated response message.
  • the second user specifies that the second user specifies that the sharing platform 41 can also set the operation authority for the second user corresponding to the second user identifier and save; and then receive the second user.
  • the client 44 determines, after the operation request of the IaaS service object that is sent after the login of the account of the access sharing platform, the sharing platform 41 determines the operation authority according to the operation authority set by the user corresponding to the second user identifier.
  • the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account encapsulates the IaaS service object operation request, and sends the encapsulated to the infrastructure cloud providing device 44 that provides the IaaS service corresponding to the access account.
  • IaaS business object operation request if the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object, and when determining that the user corresponding to the second user identifier has the authority corresponding to executing the operation request, according to the The message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account encapsulates the IaaS service object operation request, and sends the encapsulated to the infrastructure cloud providing device 44 that provides the IaaS service corresponding to the access account. IaaS business object operation request.
  • the sharing platform 41 is further configured to receive a response message that is sent by the infrastructure cloud that provides the IaaS service corresponding to the access account according to the encapsulated IaaS service object operation request, encapsulate the response message, and send the response message to the second
  • the client's client sends 44 the encapsulated response message.
  • the sharing platform 41 After the sharing platform 41 receives the operation request of the IaaS service object sent by the client 44 of the second user after logging in based on the account of the access sharing platform, the sharing platform 41 requests the operation according to the IaaS service object. Determining an infrastructure cloud that provides an IaaS service, and using the account corresponding to the determined infrastructure cloud as the designated access account of the operation request of the IaaS service object.
  • the sharing platform 41 determines, according to the operation request of the IaaS service object, the infrastructure cloud that provides the IaaS service, specifically: the operation request of the IaaS service object includes an identifier of an infrastructure cloud to be accessed by the second user, The shared platform determines that the infrastructure cloud corresponding to the identifier of the infrastructure cloud is an infrastructure cloud that provides an IaaS service; or the operation request of the IaaS service object does not include an identifier of an infrastructure cloud to be accessed by the second user, The sharing platform determines an infrastructure cloud providing IaaS services according to a selection rule of an infrastructure cloud provided by a second user in advance.
  • FIG. 5 is a schematic structural diagram of a shared infrastructure as a shared platform for serving an IaaS service cloud account according to the present invention.
  • the shared platform includes a first processing unit 51, a first storage unit 52, and a first Transmitting unit 54.
  • the first memory 52 is configured to save at least one cloud account for accessing the infrastructure cloud providing the laaS service as the cloud account of the first user; and the first processing unit 51 is configured to create a second user client for the second user.
  • Accessing the account of the shared platform, the account of the access sharing platform includes the identifier of the second user; and assigning at least one of the first users to the second user according to the association relationship between the first user and the second user
  • the user's cloud account is used as the second user to access the access account of the infrastructure cloud that provides the laaS service, so that the client of the second user is connected according to the account of the access sharing platform and the access account.
  • the first sending unit 54 sends the specified access account to the client of the second user.
  • the first storage unit 52 is further configured to save a correspondence between the second user identifier and the access account.
  • the sharing platform further includes a first receiver 53, and the first receiving unit 53 is configured to receive a cloud account creation request sent by the first user client, and send the request to the first processing unit 51, where The first processing unit 51 applies, according to the cloud account creation request, the at least one cloud account to the infrastructure cloud that provides the laaS service as the cloud account of the first user; or the first receiving unit 53 receives the first At least one cloud account registered by the user, and the at least one cloud account registered by the first user is saved by the first storage unit 52, wherein at least one cloud account registered by the first user is used by the first user
  • the infrastructure cloud application that provides the laaS service is available.
  • the first processing unit 51 for the second user, to specify at least one cloud account of the first user as the second user accessing an access account of the infrastructure cloud that provides the laaS service, includes: the first receiving The unit 53 receives an operation request of the laaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, and sends an operation request of the laaS service object to the first processing unit 51,
  • the first processing unit 51 specifies, according to the association relationship, the at least one cloud account of the first user as the second user to access the access account of the infrastructure cloud that provides the laaS service; or
  • the first processing unit 51 when creating a second user client accessing the account of the sharing platform for the second user accessing the sharing platform, according to the
  • the first processing unit 51 specifies, for the second user, at least one cloud account of the first user as an access account of the second user to access an infrastructure cloud that provides IaaS services; or After the second user sends the subscription to the IaaS service to the first receiving unit
  • the first processing unit 51 assigns at least one cloud account of the first user to the second user as the access account of the infrastructure cloud that provides the IaaS service to the second user
  • the first The processing unit 51 encapsulates the IaaS service object operation request according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account, and the first sending unit 54 provides the corresponding corresponding to the access account.
  • the infrastructure cloud providing device of the IaaS service sends the encapsulated IaaS service object operation request; the first receiving unit 53 receives the infrastructure cloud that provides the IaaS service corresponding to the specified access account, according to the encapsulated IaaS
  • the response message sent by the service object operation request is encapsulated, and the response message is encapsulated, and the encapsulated response message is sent by the first sending unit 54 to the client of the second user.
  • the second user specifying that the second user specifies that the first processing unit 51 sets an operation authority for the second user corresponding to the second user identifier and saves the first
  • the first processing unit 51 Determining, according to the operation authority set by the user corresponding to the second user identifier, whether the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object, and determining the second user
  • the first processing unit 51 encapsulates the IaaS service object operation according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account.
  • the first processing unit 51 parses the response message, and obtains operation result information indicating success or failure, and is used by the first storage unit. 52 saves the operation result information.
  • the first processing unit 51 After the first receiving unit 53 receives an operation request of the laaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, the first processing unit 51 is configured according to the laaS service object.
  • the operation request determines an infrastructure cloud that provides a laaS service, and uses the account corresponding to the determined infrastructure cloud as the designated access account of the operation request of the laaS service object.
  • the first processing unit 51 determines that the infrastructure cloud corresponding to the identifier of the infrastructure cloud is an infrastructure cloud that provides a laaS service; or the operation request of the laaS service object does not include an infrastructure that the second user needs to access
  • the identifier of the cloud the first processing unit 51 determines an infrastructure cloud providing the laaS service according to the selection rule of the infrastructure cloud provided by the second user in advance.
  • the first processing unit 51 may further allocate a unique prefix or suffix to the second user identifier, and save, by the first storage unit 52, a correspondence between the second user identifier and the prefix or suffix; If the sharing platform encapsulates the laaS service object operation request, or encapsulates the response message, the method may include: acquiring, according to the correspondence between the second user identifier and the prefix or suffix, the second user identifier a prefix or a suffix; when the laaS service object operation request includes a service object identifier, adding a prefix or a suffix to the laaS service object identifier included in the laaS service object operation request, or when the response message includes a service object identifier, And reducing a prefix or a suffix for the laaS service object identifier included in the response message, as an identifier of the encapsulated laaS service object.
  • the first processing unit 51 may further allocate an alias for the laaS service object, and save, by the first storage unit 52, a correspondence between the laaS service object and the alias.
  • the encapsulating the IaaS service object operation request, or encapsulating the response message specifically includes: when the IaaS service object operation request includes a service object identifier, the IaaS service included in the IaaS service object operation request The object identifier is replaced with the corresponding alias, or when the response message includes the service object identifier, the IaaS service object identifier alias included in the response message is replaced with the corresponding IaaS service object identifier, as the encapsulated IaaS service.
  • the identity of the object specifically includes: when the IaaS service object operation request includes a service object identifier, the IaaS service included in the IaaS service object operation request The object identifier is replaced with the corresponding alias, or when the response message includes the service object
  • the sharing platform in the embodiment of the present invention may include a storage unit, and each unit included in the sharing platform may be located in the storage unit.
  • each unit included in the sharing platform may be located in the storage unit.
  • modules in the apparatus in the embodiments may be distributed in the apparatus of the embodiment according to the description of the embodiments, or may be correspondingly changed in one or more apparatuses different from the embodiment.
  • the modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.

Abstract

Provided is an IaaS (Infrastructure as a Service) service cloud account sharing method, comprising: saving at least one cloud account used to access an infrastructure cloud providing the IaaS service, the cloud account being the cloud account of a first user; creating for a second user an account for a second user client terminal to access a sharing platform; according to the associative relationship between the first user and the second user, specifying for the second user at least one first user cloud account as an access account for the second user to access the infrastructure cloud providing the IaaS service, such that the second user client terminal, according to the account accessing the sharing platform and the access account, accesses the infrastructure cloud providing the IaaS service and corresponding to the access account. Therefore, the second user can use the cloud account registered for the first user, thus achieving cloud account sharing between users.

Description

说 明 书 一种共享 IaaS业务云账号的方法、 及共享平台和网络装置 本申请要求 2012年 05月 04日递交的申请号为 201210137495.3、发明名 称为 "一种共享 IaaS业务云账号的方法、 及共享平台和网络装置" 的中国专 利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域  The invention relates to a method for sharing an IaaS service cloud account, and a sharing platform and a network device. The application requires that the application number submitted on May 4, 2012 is 201210137495.3, and the invention name is "a method for sharing an IaaS service cloud account, and a sharing platform. The priority of the Chinese Patent Application, the entire disclosure of which is incorporated herein by reference. Technical field
本发明实施例涉及通信技术领域, 尤其涉及一种共享 IaaS业务云账号的 方法、 及共享平台和网络装置。 背景技术  The embodiments of the present invention relate to the field of communications technologies, and in particular, to a method for sharing an IaaS service cloud account, a sharing platform, and a network device. Background technique
云计算即根据用户需求进行资源按需分配, 按使用收费, 用户无需购买 硬件、 软件, 所有的软硬件资源需求可通过远程接入使用资源提供者的软硬 件满足。 通过资源的共享使用, 可以提高资源的利用率, 降低使用成本和维 护成本。  Cloud computing allocates resources according to user needs. According to user charges, users do not need to purchase hardware and software. All software and hardware resource requirements can be met by remote access using the software provider's hardware and software. Through the shared use of resources, resource utilization can be improved, and the cost of use and maintenance costs can be reduced.
基础设施作为服务(Infrastructure as a Service, IaaS )是云计算的一种典 型应用模式, 该应用模式下, 最典型的资源表现形式为虚拟机 ( Virtual Machines, VM ) , 其通过将硬件资源虚拟化, 按用户需求提供所需能力的虚 拟机, 使得一个硬件可以为多个用户提供服务, 提高了硬件资源的利用率。 存储能力是另外一种常见的资源表现形式。  Infrastructure as a Service (IAAS) is a typical application mode of cloud computing. In this application mode, the most typical resource representation is Virtual Machines (VM), which virtualizes hardware resources. A virtual machine that provides the required capabilities according to user requirements, so that one hardware can provide services for multiple users, improving the utilization of hardware resources. Storage capacity is another common form of resource representation.
在实现本发明的过程中, 发明人发现现有技术存在如下缺陷: 在实际使 用过程中, 每个用户申请云账号是个很繁瑣的过程, 用户体验不好。 其次, 对于企业等群组用户来说, 若多人共享使用账号, 很难进行权限管控, 若企 业中每个人申请账号时, 则收费和 VM管控均较为困难。 发明内容 In the process of implementing the present invention, the inventors found that the prior art has the following drawbacks: In actual use, each user applying for a cloud account is a very cumbersome process, and the user experience is not good. Secondly, for group users such as enterprises, if multiple people share account usage, it is difficult to control the rights. If each person in the enterprise applies for an account, charging and VM control are more difficult. Summary of the invention
本发明实施例提供一种共享 IaaS业务云账号的方法、 及共享平台和网络 装置, 以实现在多个用户之间共享云账号。 本发明实施例提供一种共享基础设施作为服务 IaaS业务云账号的方法, 包括:  Embodiments of the present invention provide a method for sharing an IaaS service cloud account, a sharing platform, and a network device, so as to share a cloud account between multiple users. An embodiment of the present invention provides a method for sharing an infrastructure as a service cloud account for an IaaS service, including:
保存至少一个用于接入提供 IaaS业务的基础设施云的云账号, 所述云账 号为第一用户的云账号;  And storing at least one cloud account for accessing an infrastructure cloud providing the IaaS service, where the cloud account is a cloud account of the first user;
为第二用户创建第二用户客户端接入共享平台的账号;  Creating a second user client accessing the account of the sharing platform for the second user;
根据第一用户与第二用户之间的关联关系, 为所述第二用户指定至少一 个所述第一用户的云账号作为所述第二用户接入所述提供 IaaS业务的基础设 施云的接入账号, 以使得所述第二用户的客户端根据所述接入共享平台的账 号和所述接入账号接入所述接入账号对应的提供 IaaS业务的基础设施云。  Assigning at least one cloud account of the first user to the second user as the second user accessing the infrastructure cloud providing the IaaS service according to the association relationship between the first user and the second user Entering an account, so that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
本发明实施例提供一种共享基础设施作为服务 IaaS业务云账号的共享平 台, 其特征在于, 包括:  An embodiment of the present invention provides a shared platform, which is a shared platform for serving an IaaS service cloud account, and includes:
第一存储单元 52,用于保存至少一个用于接入提供 IaaS业务的基础设施 云的云账号, 作为第一用户的云账号, 还用于保存所述第二用户标识与所述 接入账号的对应关系;  The first storage unit 52 is configured to save at least one cloud account for accessing the infrastructure cloud that provides the IaaS service, as the cloud account of the first user, and also used to save the second user identifier and the access account. Correspondence relationship;
第一处理单元 51 ,为第二用户创建第二用户客户端接入共享平台的账号, 所述接入共享平台的账号包括第二用户的标识; 根据第一用户与第二用户之 间的关联关系, 为所述第二用户指定至少一个所述第一用户的云账号作为所 述第二用户接入提供 IaaS业务的基础设施云的接入账号, 以使得所述第二用 户的客户端根据所述接入共享平台的账号和所述接入账号接入所述接入账号 对应的提供 IaaS业务的基础设施云。  The first processing unit 51 is configured to create an account for the second user to access the shared platform, and the account of the access sharing platform includes the identifier of the second user; according to the association between the first user and the second user a relationship, the at least one cloud account of the first user is designated as the access account of the second user accessing the infrastructure cloud of the IaaS service, so that the client of the second user is configured according to The account of the access sharing platform and the access account access the infrastructure cloud that provides the IaaS service corresponding to the access account.
通过本发明实施例所揭示的技术方案,在为第一用户注册了云账号之后, 可以根据第一用户和第二用户之间的关联关系, 将所述第一用户注册的云账 号指定为第二用户接入提供 IaaS业务的基础设施云的接入账号, 由此第二用 户可以使用为第一用户所注册的云账号, 实现了用户之间的云账号的共享。 附图说明 According to the technical solution disclosed in the embodiment of the present invention, after the cloud account is registered for the first user, the cloud account registered by the first user may be designated as the first according to the association relationship between the first user and the second user. The second user accesses the access account of the infrastructure cloud that provides the IaaS service, thereby using the second The user can use the cloud account registered for the first user to realize the sharing of the cloud account between the users. DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作一简单地介绍, 显而易见地, 下 面描述中的附图是本发明的一些实施例, 对于本领域普通技术人员来讲, 在 不付出创造性劳动的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图 1本发明一种共享基础设施作为服务 IaaS业务云账号的方法实施例的 流程图;  1 is a flow chart of a method for sharing an infrastructure as a method for serving an IaaS service cloud account;
图 2为本发明实施例创建一种虚拟机方法实施例的流程图;  2 is a flowchart of an embodiment of a method for creating a virtual machine according to an embodiment of the present invention;
图 3为本发明实施例实现云存储方法实施例的流程图;  3 is a flowchart of an embodiment of implementing a cloud storage method according to an embodiment of the present invention;
图 4为本发明一种共享基础设施作为服务 IaaS业务云账号的系统的结构 示意图;  4 is a schematic structural diagram of a system for sharing an infrastructure as a service cloud account for an IaaS service according to the present invention;
图 5为本发明一种共享基础设施作为服务 IaaS业务云账号的共享平台的 结构示意图。 具体实施方式  FIG. 5 is a schematic structural diagram of a shared infrastructure as a shared platform for serving IaaS service cloud accounts according to the present invention. detailed description
为使本发明实施例的目的、 技术方案和优点更加清楚, 下面将结合本发 明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是全部的实施例。 基于 本发明中的实施例, 本领域普通技术人员在没有做出创造性劳动的前提下所 获得的所有其他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
图 1为本发明一种共享基础设施作为服务 IaaS业务云账号的方法实施例 的流程图, 如图 1所示, 该方法可以包括:  FIG. 1 is a flowchart of a method for sharing an infrastructure as a method for serving an IaaS service cloud account. As shown in FIG. 1, the method may include:
101、 保存至少一个用于接入提供 IaaS 业务的基础设施云的云账号, 该 云账号为第一用户的云账号; 本发明实施例所述的云账号是指向 IaaS业务提供者申请的, 用以接入和 使用 IaaS 业务的账号, 可以包括用户名、 密码和 /或相关接入认证密钥 Key (如 Access Key、 Secret Access Key )等。 101. Save at least one cloud account for accessing an infrastructure cloud that provides an IaaS service, where the cloud account is a cloud account of the first user; The cloud account described in the embodiment of the present invention is an account that is applied to the IaaS service provider to access and use the IaaS service, and may include a username, a password, and/or a related access authentication key (such as an Access Key, Secret Access Key) and so on.
这里的至少一个云账号包括如下含义: 保存的一个或多个云账号用于接 入提供 IaaS业务的某一基础设施云, 包括用户名及认证信息, 也就是说, 云 账号和提供 IaaS业务的基础设施云的关系是多对一的关系。  At least one cloud account here includes the following meanings: One or more cloud accounts that are saved are used to access an infrastructure cloud that provides IaaS services, including user names and authentication information, that is, cloud accounts and IaaS services. The relationship of infrastructure clouds is a many-to-one relationship.
其中, 该保存至少一个用于接入 IaaS业务的基础设施云的云账号, 作为 第一用户的云账号可以包括如下两种实现方式:  The cloud account that is used to access the infrastructure cloud of the IaaS service may be included in the following two implementation manners:
1. 共享平台接收该第一用户客户端发送的云账号创建请求, 根据该云账 号创建请求为第一用户向提供 IaaS业务的基础设施云申请至少一个用于接入 IaaS业务的基础设施云的云账号, 并保存该云账号;  1. The sharing platform receives the cloud account creation request sent by the first user client, and applies, according to the cloud account creation request, the first user to the infrastructure cloud that provides the IaaS service to apply for at least one infrastructure cloud for accessing the IaaS service. Cloud account, and save the cloud account;
2. 共享平台接收并保存该第一用户注册的至少一个云账号, 该云账号由 该第一用户向该提供 IaaS业务的基础设施云申请得到。 这里的注册指第一用 户将其拥有的云账号信息按照共享平台的格式提供给共享平台。  2. The sharing platform receives and saves at least one cloud account registered by the first user, and the cloud account is obtained by the first user from the infrastructure cloud that provides the IaaS service. The registration here means that the first user provides the cloud account information owned by the first user to the sharing platform according to the format of the shared platform.
102、 为第二用户创建第二用户客户端接入共享平台的账号;  102. Create, for the second user, an account of the second user client accessing the sharing platform;
103、根据第一用户与第二用户之间的关联关系, 为所述第二用户指定至 少一个所述第一用户的云账号作为所述第二用户接入提供 IaaS业务的基础设 施云的接入账号, 以使得所述第二用户的客户端根据所述接入共享平台的账 号和所述接入账号接入所述接入账号对应的提供 IaaS业务的基础设施云。  103. Specify, according to the association relationship between the first user and the second user, the cloud account of the at least one first user for the second user as the infrastructure cloud of the second user accessing the IaaS service. Entering an account, so that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
本发明实施例所述的第一用户和第二用户的关联关系可以是第一用户同 意授权第二用户使用其云账号的任何关系, 这里的第一用户可以是共享平台 的运营者或管理者, 或者第三方企业, 或者个人, 第二用户可以是个人。 所 述关联关系体现了第一用户与第二用户之间的关联, 其可以是一种对应关系 表, 即关联关系表。 该关联关系表可以存储在共享平台, 也可以存储在单独 的存储设备上, 在需要时, 例如第二用户登录共享平台后发送 IaaS业务对象 操作请求后或者在共享平台为第二用户创建接入共享平台的账号后, 由共享 平台查询该关联关系表来为第二用户指定所述接入账号。 The association relationship between the first user and the second user in the embodiment of the present invention may be any relationship that the first user agrees to authorize the second user to use the cloud account, where the first user may be the operator or manager of the shared platform. , or a third-party company, or an individual, the second user can be an individual. The association relationship embodies an association between the first user and the second user, which may be a correspondence relationship table, that is, an association relationship table. The association table may be stored in a shared platform, or may be stored on a separate storage device. For example, after the second user logs in to the shared platform, the IaaS service object operation request is sent, or the shared platform creates an access for the second user. After sharing the account of the platform, by sharing The platform queries the association relationship table to specify the access account for the second user.
当然前述的关联关系是可以保存在共享平台上的, 需要的时候可以查询 获得, 当然该关联关系也可以保存在第一用户的客户端上, 由共享平台在需 要的时候去第一用户的客户端获取等。  Of course, the foregoing association relationship can be saved on the shared platform, and can be queried when needed. Of course, the association relationship can also be saved on the client of the first user, and the shared platform goes to the client of the first user when needed. Get it, etc.
为所述第二用户指定至少一个所述为第一用户注册的云账号作为第二用 户接入提供 IaaS业务的基础设施云的接入账号可以包括如下几种情况:  Assigning, by the second user, at least one of the cloud accounts registered for the first user as the access account of the second user to access the infrastructure cloud providing the IaaS service may include the following situations:
1. 接收第二用户的客户端在基于所述接入共享平台的账号登录后发送 的 IaaS业务对象的操作请求时, 根据所述关联关系, 为所述第二用户指定至 少一个所述注册的云账号作为第二用户接入提供 IaaS业务的基础设施云的接 入账号。  1. Receiving, by the client of the second user, an operation request of the IaaS service object sent after the account is logged in based on the account of the access sharing platform, according to the association relationship, specifying at least one of the registrations for the second user. The cloud account serves as the second user accessing the access account of the infrastructure cloud that provides the IaaS service.
具体的, 接收第二用户的客户端在基于所述接入共享平台的账号登录后 发送的 IaaS业务对象的操作请求,为发送所述 IaaS业务对象的操作请求的第 二用户指定一个接入账号。  Specifically, the client receiving the second user specifies an access account for the second user that sends the operation request of the IaaS service object after the operation request of the IaaS service object sent after the account is logged in according to the account of the access sharing platform. .
或者,  Or,
2. 在为所述第二用户创建第二用户的客户端接入共享平台的账号时, 根 据所述关联关系, 为所述第二用户指定至少一个所述注册的云账号作为第二 用户接入提供 IaaS业务的基础设施云的接入账号;  2. When the client of the second user is created to access the account of the shared platform for the second user, at least one of the registered cloud accounts is designated as the second user for the second user according to the association relationship. Enter the access account of the infrastructure cloud that provides IaaS services;
或者,  Or,
3. 在所述第二用户向共享平台订购所述 IaaS业务后, 根据该关联关系, 为该第二用户指定至少一个该第一用户的云账号作为该第二用户接入提供 After the second user subscribes to the IaaS service to the sharing platform, according to the association relationship, at least one cloud account of the first user is specified as the second user accessing the second user.
IaaS业务的基础设施云的接入账号。 The access account of the infrastructure cloud of the IaaS service.
在为所述第二用户指定接入提供 IaaS 业务的基础设施云的接入账号之 后, 还可以保存所述第二用户标识与所述接入账号的对应关系, 便于后续使 用。  After the access account of the infrastructure cloud that provides the IaaS service is specified, the corresponding relationship between the second user identifier and the access account may be saved for subsequent use.
在为所述第二用户指定接入账号之后, 共享平台根据所述指定的接入账 号对应的提供 IaaS业务的基础设施云的消息格式封装所述 IaaS业务对象操作 请求, 并向所述接入账号对应的提供 laaS业务的基础设施云发送所述封装的 laaS业务对象操作请求; 所述接入账号对应的提供 laaS业务的基础设施云根 据所述封装的 laaS业务对象操作请求向共享平台返回响应消息; 共享平台接 收所述接入账号对应的提供 laaS业务的基础设施云发送的响应消息并封装所 述响应消息, 向所述第二用户的客户端发送所述封装的响应消息。 After the access account is specified for the second user, the sharing platform encapsulates the IaaS service object operation according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account. And requesting, by the infrastructure cloud that provides the laaS service corresponding to the access account, the encapsulated LAAS service object operation request; the infrastructure cloud that provides the laaS service corresponding to the access account is configured according to the encapsulated laaS service The object operation request returns a response message to the shared platform; the sharing platform receives the response message sent by the infrastructure cloud that provides the laaS service corresponding to the access account, and encapsulates the response message, and sends the response message to the client of the second user. Encapsulated response message.
在本发明中, 所述响应消息中包括提供 laaS业务的基础设施云所返回的 laaS业务对象,该 laaS业务对象为 laaS业务的基础设施云提供的可供用户远 程执行操作的目标对象。 该 laaS业务对象包括但不限于虚拟机、 安全组、 密 钥对、 存储对象等中的一个或多个。  In the present invention, the response message includes a laaS service object returned by the infrastructure cloud providing the laaS service, and the laaS service object is a target object provided by the infrastructure cloud of the laaS service for the user to perform the operation remotely. The laaS business object includes, but is not limited to, one or more of a virtual machine, a security group, a key pair, a storage object, and the like.
本实施例是从共享平台侧来撰写的方案。 通过本发明实施例所揭示的技 术方案, 在为第一用户注册了云账号之后, 可以根据第一用户和第二用户之 间的关联关系, 将所述第一用户注册的云账号指定为第二用户接入提供 laaS 业务的基础设施云的接入账号, 由此第二用户可以使用为第一用户所注册的 云账号, 实现了用户之间的云账号的共享。  This embodiment is a scheme written from the shared platform side. According to the technical solution disclosed by the embodiment of the present invention, after the cloud account is registered for the first user, the cloud account registered by the first user may be designated as the first according to the association relationship between the first user and the second user. The second user accesses the access account of the infrastructure cloud that provides the laaS service, so that the second user can use the cloud account registered for the first user to realize the sharing of the cloud account between the users.
所述方法还可以包括为所述第二用户设定操作权限, 即为所述第二用户 的标识对应的第二用户设定操作权限, 并进一步将为所述用户设定的操作权 限保存在共享平台。 该方法还包括, 在接收第二用户的客户端在基于所述接 入共享平台的账号登录后发送的 laaS业务对象的操作请求之后, 根据所述为 第二用户标识对应的用户设定的操作权限判断所述第二用户标识对应的用户 是否拥有对所述 laaS业务对象执行所述操作请求的权限, 并在确定所述第二 用户标识对应的用户拥有执行所述操作请求所对应的权限时, 才执行后续操 作, 该后续的操作例如可以使根据所述指定的接入账号对应的提供 laaS业务 的基础设施云的消息格式封装所述 laaS业务对象操作请求, 并向所述接入账 号对应的提供 laaS业务的基础设施云发送所述封装的 laaS业务对象操作请 求。  The method may further include setting an operation authority for the second user, that is, setting an operation authority for the second user corresponding to the identifier of the second user, and further saving the operation authority set for the user in the bdfgh. The method further includes: after receiving an operation request of the laaS service object sent by the client of the second user after the account is logged in based on the account of the access sharing platform, according to the operation set by the user corresponding to the second user identifier Determining, by the authority, whether the user corresponding to the second user identifier has the right to perform the operation request on the laaS service object, and determining that the user corresponding to the second user identifier has the authority corresponding to executing the operation request Performing a subsequent operation, the subsequent operation, for example, may encapsulate the LAAS service object operation request according to the message format of the infrastructure cloud providing the laaS service corresponding to the specified access account, and corresponding to the access account The infrastructure cloud providing the laaS service sends the encapsulated laaS business object operation request.
当没有为所述第二用户设定操作权限时, 在接收到第二用户的客户端发 送的 IaaS业务对象的操作请求之后, 可以不用进行判断所述第二用户是否具 有所述 IaaS业务对象的操作请求所对应的权限, 在接收第二用户的客户端在 基于所述接入共享平台的账号登录后发送的 IaaS业务对象的操作请求之后, 直接执行后续操作。 When the operation authority is not set for the second user, the client that receives the second user sends After the operation request of the IaaS service object is sent, the user corresponding to the operation request of the IaaS service object may not be determined, and the client receiving the second user is based on the access sharing platform. After the operation request of the IaaS business object sent after the account is logged in, the subsequent operation is directly performed.
当向所述接入账号对应的提供 IaaS 业务的基础设施云发送所述封装的 IaaS业务对象操作请求之后, 所述方法还包括接收所述接入账号对应的提供 IaaS业务的基础设施云根据所述封装的 IaaS业务对象操作请求发送的响应消 息; 并进一步封装所述响应消息, 并向所述第二用户的客户端发送所述封装 的响应消息。 在接收所述接入账号对应的提供 IaaS业务的基础设施云根据所 述封装的 IaaS业务对象操作请求发送的响应消息之后, 所述方法会进一步解 析所述响应消息, 获取指代成功或失败的操作结果信息, 并将所述操作结果 信息保存在共享平台, 以便于后续为所述第二用户确定接入账号所对应的提 供 IaaS业务的基础设施云提供参考。  After transmitting the encapsulated IaaS service object operation request to the infrastructure cloud that provides the IaaS service corresponding to the access account, the method further includes receiving an infrastructure cloud providing the IaaS service corresponding to the access account. The encapsulated IaaS service object operates to send a response message to the request; and further encapsulates the response message, and sends the encapsulated response message to the second user's client. After receiving the response message sent by the infrastructure cloud providing the IaaS service corresponding to the access account according to the encapsulated IaaS service object operation request, the method further parses the response message to obtain a success or failure. The operation result information is saved, and the operation result information is saved in the sharing platform, so as to provide a reference for the second user to determine the infrastructure cloud that provides the IaaS service corresponding to the access account.
前述方法主要是共享平台上保存的一个或多个云账号对应一个提供 IaaS 业务的基础设施云的情况, 若共享平台同时注册了多个提供 IaaS业务的基础 设施云的云账号, 则在接收第二用户的客户端在基于所述接入共享平台的账 号登录后发送的 IaaS业务对象的操作请求之后, 还可以包括步骤: 首先根据 所述 IaaS业务对象的操作请求确定提供 IaaS业务的基础设施云,然后将所述 确定的基础设施云对应的账号作为所述 IaaS业务对象的操作请求的指定的接 入账号。  The foregoing method is mainly for the case that one or more cloud accounts saved on the shared platform correspond to an infrastructure cloud that provides an IaaS service, and if the shared platform simultaneously registers a plurality of cloud accounts of the infrastructure cloud providing the IaaS service, the receiving After the operation request of the IaaS service object sent by the second user's client after the account is logged in, the method may further include: first determining, according to the operation request of the IaaS service object, the infrastructure cloud that provides the IaaS service. And then, the account corresponding to the determined infrastructure cloud is used as the designated access account of the operation request of the IaaS service object.
具体的,根据所述 IaaS业务对象的操作请求确定提供 IaaS业务的基础设 施云可以分为以下两种情况:  Specifically, determining, according to the operation request of the IaaS service object, that the infrastructure cloud providing the IaaS service can be classified into the following two cases:
所述 IaaS业务对象的操作请求包括第二用户客户端所要接入的提供 IaaS 业务的基础设施云的标识 , 确定所述基础设施云的标识对应的基础设施云为 提供 IaaS业务的基础设施云; 或者, 根据之前保存的所述第二用户标识与接 入账号的对应关系, 查找该对应关系已得到与该第二用户标识多对应的接入 账号,进而根据该接入账号找到提供 IaaS业务的基础设施云;或者,所述 IaaS 业务对象的操作请求不包括第二用户客户端所要接入的基础设施云的标识, 则根据第二用户预先提供的基础设施云的选择规则确定提供 IaaS业务的基础 设施云。 优选的, 该选择规则可以是: 第二用户预先提供其可以接受的业务 服务质量参数(Quality of Service, QoS ) , 如请求延迟时长、 请求失败比率、 IaaS业务对象异常比率等, 并为这些参数指定权重, 把所有可以提供该 IaaS 业务的基础设施云按照该 QoS及其权重过滤,从过滤后的可以提供该 IaaS业 务的基础设施云中确定为第二用户提供 IaaS业务的基础设施云, 确定方法可 以是: 按照 QoS的质量高低进行排序, 选择 QoS质量最高的确定为提供 IaaS 业务的基础设施云。 The operation request of the IaaS service object includes an identifier of an infrastructure cloud that is to be accessed by the second user client to provide an IaaS service, and the infrastructure cloud corresponding to the identifier of the infrastructure cloud is determined to be an infrastructure cloud that provides IaaS services; Or, according to the previously stored correspondence between the second user identifier and the access account, finding that the corresponding relationship has obtained multiple access corresponding to the second user identifier The account, and then the infrastructure cloud that provides the IaaS service is found according to the access account; or the operation request of the IaaS service object does not include the identifier of the infrastructure cloud to be accessed by the second user client, and the second user is pre- The selection rules for the provided infrastructure cloud determine the infrastructure cloud that provides IaaS services. Preferably, the selection rule may be: the second user pre-provides its acceptable service quality of service (QoS), such as request delay duration, request failure rate, IaaS service object abnormal ratio, etc., and these parameters are Specifying the weight, filtering all the infrastructure clouds that can provide the IaaS service according to the QoS and its weight, and determining the infrastructure cloud for providing the IaaS service to the second user from the filtered infrastructure cloud that can provide the IaaS service, determining The method may be: sorting according to the quality of the QoS, and selecting the infrastructure cloud with the highest QoS quality to provide the IaaS service.
圖|圖圖圖圍|||共享平台所接收的响应消息中的 IaaS业务对象包括 IaaS业 务对象标识, 共享平台在首次接收到某一 IaaS业务对象标识后, 还可以建立 所述第二用户标识和所述 IaaS业务对象标识的对应关系, 以用于后续共享平 台验证用户是否有权限发起针对 IaaS业务对象的操作, 或者用以按用户进行 统计、 计费等。 共享平台从如下两种方式中都可能首次接收 IaaS业务对象标 识: 第二用户通过 IaaS业务对象操作请求提供的 IaaS业务对象标识, 或者提 供 IaaS业务的基础设施云在处理第二用户提交的 IaaS业务操作请求时,为所 生成的 IaaS业务对象分配的 IaaS业务对象标识, 该 IaaS业务对象标识通过 所述 IaaS业务对象操作请求的响应消息返回给共享平台。  The IaaS service object in the response message received by the shared platform includes the IaaS service object identifier, and the shared platform may also establish the second user identifier after receiving the IaaS service object identifier for the first time. Corresponding relationship with the identifier of the IaaS service object, for the subsequent shared platform to verify whether the user has the right to initiate an operation for the IaaS service object, or to perform statistics, charging, and the like according to the user. The shared platform may receive the IaaS service object identifier for the first time from the following two ways: The second user passes the IaaS service object identifier provided by the IaaS service object operation request, or the infrastructure cloud that provides the IaaS service processes the IaaS service submitted by the second user. When the request is operated, the IaaS service object identifier is allocated to the generated IaaS service object, and the IaaS service object identifier is returned to the sharing platform by the response message of the IaaS service object operation request.
前述方法中, 为了防止共享使用同一云账号的多个用户的 IaaS业务对象 标识冲突(如重名等) , 可以有如下两种处理方法:  In the foregoing method, in order to prevent conflicts (such as duplicate names) of IaaS service object identifiers of multiple users sharing the same cloud account, there are two processing methods:
1. 共享平台为所述第二用户标识分配一个唯一的前缀或后缀, 并保存所 述第二用户标识和所述前缀或后缀的对应关系, 则第二用户的客户端与共享 平台间的消息使用不添加前缀或后缀的 IaaS业务对象标识, 而共享平台与提 供 IaaS业务的基础设施云之间使用的是增加前缀或后缀的 IaaS业务对象的标 识, 以防止不同用户间的对象冲突, 则封装所述 IaaS业务对象操作请求, 或 者封装所述响应消息时, 根据所述第二用户标识和所述前缀或后缀的对应关 系, 获取所述第二用户标识对应的前缀或后缀, 并为所述 laaS业务对象操作 请求包含的 laaS业务对象标识增加前缀或后缀, 或者为所述响应消息包含的 laaS业务对象标识减少前缀或后缀,作为所述封装后的 laaS业务对象的标识。 1. The sharing platform allocates a unique prefix or suffix to the second user identifier, and saves the correspondence between the second user identifier and the prefix or suffix, and the message between the client and the shared platform of the second user Use the IaaS business object identifier without adding a prefix or suffix, and the identifier of the IaaS business object with the prefix or suffix added between the shared platform and the infrastructure cloud providing the IaaS service to prevent object conflicts between different users, then encapsulation The IaaS business object operation request, or When the response message is encapsulated, the prefix or suffix corresponding to the second user identifier is obtained according to the correspondence between the second user identifier and the prefix or suffix, and the laaS included in the operation request of the laaS service object is obtained. The service object identifier is added with a prefix or suffix, or the prefix or suffix of the laaS service object identifier included in the response message is used as the identifier of the encapsulated laaS service object.
2. 共享平台为所述 laaS业务对象分配一个别名,该别名可以唯一的关联 到该 laaS业务对象,并保存所述第二用户标识的所述 laaS业务对象和所指定 别名的对应关系, 则第二用户客户端与共享平台间的消息使用用户提供的 laaS业务对象标识, 而共享平台与提供 laaS业务的基础设施云之间使用的是 laaS业务对象的别名, 以防止不同用户间的对象冲突, 则封装所述 laaS业务 对象操作请求, 或者封装所述响应消息时, 将所述 laaS业务对象操作请求包 含的 laaS业务对象标识替换为对应的别名, 或者将所述响应消息包含的 laaS 业务对象标识别名替换为对应的 laaS业务对象标识, 作为所述封装后的 laaS 业务对象的标识。  2. The sharing platform assigns an alias to the laaS service object, and the alias may be uniquely associated with the laaS service object, and save the correspondence between the laaS service object of the second user identifier and the specified alias, The message between the user client and the shared platform uses the laaS service object identifier provided by the user, and the alias of the laaS service object is used between the shared platform and the infrastructure cloud providing the laaS service to prevent object conflicts between different users. Encapsulating the laaS service object operation request, or encapsulating the response message, replacing the laaS service object identifier included in the laaS service object operation request with a corresponding alias, or the laaS service object identifier included in the response message The alias is replaced with the corresponding laaS service object identifier as the identifier of the encapsulated laaS service object.
在为第二用户指定接入账号之后, 可以使用该指定的接入账号进行虚拟 机的创建或实现云存储。 下面的部分介绍本发明的两个具体应用实例: 虚拟 机的创建和云存储的实现。  After the access account is specified for the second user, the specified access account may be used to create a virtual machine or implement cloud storage. The following sections describe two specific application examples of the present invention: virtual machine creation and cloud storage implementation.
若 laaS业务为基础设施云的虚拟机业务,则前述 laaS业务对象可以是密 钥对、 虚拟机、 安全组等中的一个或多个。  If the laaS service is a virtual machine service of the infrastructure cloud, the foregoing laaS service object may be one or more of a key pair, a virtual machine, a security group, and the like.
当 laaS业务对象为密钥对,所述第二用户发送的 laaS业务对象的操作请 求为创建密钥对的操作请求时, 所述提供 laaS业务的基础设施云返回的响应 消息包括提供 laaS业务的基础设施云处理该 laaS业务对象操作请求的结果, 包括密钥对名称、 所生成的密钥对中的私钥, 其中, 所述密钥对名称是 laaS 业务对象的标识中的一种。 在接收所述响应消息之后, 所述方法还包括: 将 所述生成的密钥对的私钥发送给所述第二用户的客户端, 共享平台不保存该 私钥。 第二用户在后续请求创建虚拟机时, 在 laaS业务对象操作请求中携带 该密钥对名称, 并在虚拟机创建完成后, 接入虚拟机时, 使用该密钥对对应 的私钥进行虚拟机登陆认证。 When the laaS service object is a key pair, and the operation request of the laaS service object sent by the second user is an operation request for creating a key pair, the response message returned by the infrastructure cloud providing the laaS service includes providing a laaS service. The result of the infrastructure cloud processing the laaS service object operation request, including a key pair name, a private key in the generated key pair, wherein the key pair name is one of identifiers of the laaS service object. After receiving the response message, the method further includes: sending a private key of the generated key pair to a client of the second user, where the sharing platform does not save the private key. When the second user creates a virtual machine, the second user carries the key pair name in the laaS service object operation request, and after the virtual machine is created, when the virtual machine is accessed, the key pair is used. The private key is used for virtual machine login authentication.
当然, 密钥对作为 IaaS 业务对象时, 还有另外一种实现: 当所述 IaaS 业务对象为密钥对, 第二用户发送的所述 IaaS业务对象操作请求为创建密钥 对的操作请求时, 所述响应消息包括基础设施云处理该 IaaS业务对象操作请 求的结果, 同时还包括所生成的密钥对中的私钥。 在接收响应消息之后, 所 述方法还包括: 共享平台保存所述密钥对的私钥、 以及所述密钥对与该基础 设施云的对应关系。 第二用户客户端在后续请求创建虚拟机即所发送的 IaaS 业务对象操作请求为创建虚拟机的操作请求时, 在 IaaS业务对象操作请求中 携带该密钥对名称, 在虚拟机创建完成后, 可通过共享平台提供的接入虚拟 机 SSH ( Secure Shell, 安全外壳协议)客户端接入虚拟机, 共享平台使用其 所保存的该虚拟机的密钥对对应的私钥先进行虚拟机登陆认证, 认证通过后 向第二用户客户端提供使用界面, 虚拟机登陆认证对第二用户透明, 即虚拟 机登陆认证的具体过程用户不可见。  Of course, when the key pair is used as the IaaS service object, there is another implementation: when the IaaS service object is a key pair, and the IaaS service object operation request sent by the second user is an operation request for creating a key pair. The response message includes a result of the infrastructure cloud processing the IaaS service object operation request, and also includes a private key in the generated key pair. After receiving the response message, the method further includes: the sharing platform saving the private key of the key pair and the correspondence between the key pair and the infrastructure cloud. When the second user client creates a virtual machine, that is, the sent IaaS service object operation request is an operation request for creating a virtual machine, the second user client carries the key pair name in the IaaS service object operation request, after the virtual machine is created, The access virtual machine SSH (Secure Shell) client can access the virtual machine through the sharing platform. The shared platform uses the key of the virtual machine saved by the shared platform to perform virtual machine login authentication. After the authentication is passed, the user interface is provided to the second user client, and the virtual machine login authentication is transparent to the second user, that is, the specific process of the virtual machine login authentication is invisible to the user.
当所述 IaaS业务对象操作请求为虚拟机创建请求, 且使用密钥对生成虚 拟机, 其中所述虚拟机创建请求包括所述第二用户标识、 所需创建的虚拟机 的规格和密钥对名称; 则接收到该虚拟机创建请求后, 共享平台确定所述第 二用户标识对应的提供 IaaS业务的基础设施云的接入账号, 当然具体的确定 方法可以参见步骤 103; 并将所述第二用户标识、 所需创建的虚拟机的规格 和密钥对名称等封装在 IaaS业务对象的操作请求中, 并向所述接入账号对应 的提供 IaaS业务的基础设施云发送封装后的 IaaS业务对象的操作请求;所述 提供 IaaS业务的基础设施云返回的响应消息包括根据所述 IaaS业务对象操作 请求生成的 IaaS业务对象的标识, 所述 IaaS业务对象为创建的虚拟机。  When the IaaS service object operation request creates a request for a virtual machine, and generates a virtual machine using a key pair, where the virtual machine creation request includes the second user identifier, a specification and a key pair of a virtual machine to be created After receiving the virtual machine creation request, the sharing platform determines the access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier, and the specific determining method may be as follows: Step 103; The second user identifier, the specification of the virtual machine to be created, and the key pair name are encapsulated in the operation request of the IaaS service object, and the encapsulated IaaS service is sent to the infrastructure cloud that provides the IaaS service corresponding to the access account. The operation request returned by the infrastructure cloud that provides the IaaS service includes an identifier of the IaaS service object generated according to the IaaS service object operation request, and the IaaS service object is the created virtual machine.
当所述 IaaS业务对象操作请求为创建虚拟机的操作请求, 且使用用户名 和密码生成虚拟机, 该用户名和密码为登陆所创建的虚拟机的登陆用户名及 密码, 其中所述创建虚拟机的操作请求包括所述第二用户标识和所需创建的 虚拟机的规格, 可选的包括第二用户提供的登陆用户名或密码; 则接收到该 虚拟机创建请求后, 共享平台确定所述第二用户标识对应的提供 IaaS业务的 基础设施云的接入账号, 当然具体的确定方法可以参见步骤 103 ; 将所述创 建虚拟机的操作请求携带的信息封装在 IaaS业务对象的操作请求中, 并向所 述接入账号对应的提供 IaaS业务的基础设施云发送封装后的 IaaS业务对象的 操作请求; 所述提供 IaaS 业务的基础设施云返回的响应消息包括根据所述 IaaS业务对象操作请求生成的 IaaS业务对象的标识,所述 IaaS业务对象为创 建的虚拟机。 When the IaaS service object operation request is an operation request for creating a virtual machine, and the virtual machine is generated by using a username and a password, the user name and password are login user names and passwords of the virtual machine created by logging in, where the virtual machine is created. The operation request includes the second user identifier and a specification of the virtual machine to be created, optionally including a login user name or password provided by the second user; After the virtual machine creates the request, the sharing platform determines the access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier. For details, refer to step 103. The operation request for creating the virtual machine is carried. The information is encapsulated in an operation request of the IaaS service object, and sends an operation request of the encapsulated IaaS service object to the infrastructure cloud that provides the IaaS service corresponding to the access account; and the response returned by the infrastructure cloud that provides the IaaS service The message includes an identifier of the IaaS service object generated according to the IaaS service object operation request, and the IaaS service object is the created virtual machine.
当然, 在创建了虚拟机之后, 还可以对已经创建的虚拟机进行其他的操 作, 例如停止、 更改、 重启或删除等。 当对已经创建的虚拟机进行其他的操 作时, 所述方法包括: 对于一个已创建的虚拟机, 所述 IaaS业务对象操作请 求为虚拟机的停止操作请求、 虚拟机的更改操作请求、 虚拟机的重启操作请 求或虚拟机的删除操作请求, 所述 IaaS业务对象操作请求包括所述第二用户 标识、 所需停止、 更改、 重启或删除的虚拟机的标识; 根据其所保存的第二 用户标识与接入账号的对应关系确定所述第二用户标识对应的提供 IaaS业务 的基础设施云的接入账号; 将所述第二用户标识、 所需停止、 更改、 重启或 删除的虚拟机的标识封装在 IaaS业务对象的操作请求中, 并向所述接入账号 对应的提供 IaaS业务的基础设施云发送封装后的 IaaS业务对象的操作请求; 所述提供 IaaS 业务的基础设施云返回的响应消息包括所述基础设施云处理 IaaS业务对象操作请求的处理结果。  Of course, after the virtual machine is created, you can perform other operations on the virtual machine that has already been created, such as stopping, changing, restarting, or deleting. When performing other operations on the created virtual machine, the method includes: for an created virtual machine, the IaaS business object operation request is a virtual machine stop operation request, a virtual machine change operation request, a virtual machine Restart operation request or virtual machine delete operation request, the IaaS business object operation request includes the second user identifier, the identifier of the virtual machine that needs to be stopped, changed, restarted or deleted; according to the saved second user Corresponding relationship between the identifier and the access account determines an access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier; and the second user identifier, the virtual machine that needs to be stopped, changed, restarted, or deleted The identifier is encapsulated in an operation request of the IaaS service object, and sends an operation request of the encapsulated IaaS service object to the infrastructure cloud that provides the IaaS service corresponding to the access account; and the response returned by the infrastructure cloud that provides the IaaS service The message includes the processing result of the infrastructure cloud processing IaaS business object operation request
若 IaaS业务为基础设施云的存储业务,则前述 IaaS业务对象可以是存储 对象或存储块 bucket。  If the IaaS service is a storage service of the infrastructure cloud, the foregoing IaaS service object may be a storage object or a storage block bucket.
当所述 IaaS业务对象操作请求为创建存储块的操作请求或保存存储对象 的操作请求或存储对象的拷贝、 删除等其他操作请求, 其中所述创建存储块 的操作请求包括存储块的名称或存储对象的标识; 则接收到该 IaaS业务对象 操作请求后, 共享平台根据其所保存的第二用户标识与接入账号的对应关系 确定所述第二用户标识对应的提供 IaaS业务的基础设施云的接入账号; 并将 所述创建存储块的操作请求或保存存储对象的操作请求或存储对象的所述其 他操作请求封装在 IaaS业务对象的操作请求中, 并向所述所述接入账号对应 的提供 IaaS业务的基础设施云发送封装后的 IaaS业务对象的操作请求;所述 提供 IaaS业务的基础设施云响应消息包括处理所述 IaaS业务对象操作请求的 处理结果。 When the IaaS service object operation request is an operation request for creating a storage block or save an operation request of a storage object or a copy, delete, or the like of the storage object, the operation request for creating the storage block includes a name or storage of the storage block. The identifier of the object; after receiving the IaaS service object operation request, the sharing platform determines, according to the correspondence between the second user identifier and the access account that is saved by the shared platform, the infrastructure cloud that provides the IaaS service corresponding to the second user identifier. Access account; and The operation request for creating a storage block or the operation request for saving a storage object or the other operation request of the storage object is encapsulated in an operation request of an IaaS service object, and provides a basis for providing an IaaS service corresponding to the access account. The facility cloud sends an operation request of the encapsulated IaaS service object; the infrastructure cloud response message providing the IaaS service includes a processing result of processing the IaaS service object operation request.
当所述 IaaS业务对象为存储对象,且第二用户发送的所述 IaaS业务对象 操作请求为更改所述存储对象的访问权限, 则在接收所述第二用户客户端发 送的 IaaS业务对象操作请求之后, 所述方法还可以包括: 判断所述 IaaS业务 对象操作请求携带的更改其所包含的存储对象的访问权限的目标用户是否所 述共享平台的第二用户, 若是, 则共享平台保存该对象的新访问权限, 并不 向提供存储业务的基础设施云发送更改所述存储对象的访问权限操作请求, 否则, 向提供存储业务的基础设施云发送重新封装的更改所述存储对象的访 问权限操作请求。  When the IaaS service object is a storage object, and the IaaS service object operation request sent by the second user is to change the access right of the storage object, receiving the IaaS service object operation request sent by the second user client After the method, the method may further include: determining, by the IaaS service object operation request, whether the target user that changes the access right of the storage object that is included in the IaaS service object operation request is the second user of the shared platform, and if yes, the sharing platform saves the object The new access right does not send an access permission operation request to change the storage object to the infrastructure cloud providing the storage service, otherwise, send the re-encapsulated change access permission operation of the storage object to the infrastructure cloud providing the storage service request.
图 2为本发明实施例创建一种虚拟机 ( Virtual Machine, 简称 VM )方法 实施例的流程图。 如图 2所示, 该方法可以包括:  FIG. 2 is a flowchart of an embodiment of a method for creating a virtual machine (VM). As shown in FIG. 2, the method may include:
步骤 201、 在共享平台注册至少一个用于接入提供 IaaS业务的基础设施 云的云账号, 作为第一用户的客户端的云账号; 具体的注册过程可以参考本 发明前述实施例的相关描述。  Step 201: Register at least one cloud account for accessing the infrastructure cloud providing the IaaS service on the shared platform, as the cloud account of the client of the first user; the specific registration process may refer to the related description of the foregoing embodiment of the present invention.
共享平台可同时注册多个提供 IaaS业务的基础设施云的云账号。 对于每 一个提供 IaaS业务的基础设施云, 可以向共享平台注册一个或多个该基础设 施云的云麻号。  The sharing platform can simultaneously register multiple cloud accounts of the infrastructure cloud that provides IaaS services. For each infrastructure cloud that provides IaaS services, one or more of the infrastructure cloud's Yunma can be registered with the shared platform.
步骤 202、 共享平台接入共享平台的第二用户客户端创建第二用户客户 端接入共享平台的账号。  Step 202: The second user client of the shared platform accessing the shared platform creates an account of the second user client to access the shared platform.
具体的, 共享平台为每一个通过共享平台使用云业务的第二用户生成一 个接入共享平台的账号, 该接入共享平台的账号至少包括第二用户的用户标 识, 可选的有接入共享平台的认证信息, 如密码、 证书等。 第二用户客户端 使用该接入共享平台的账号接入共享平台, 并通过共享平台使用基础设施云 提供的云业务。 第二用户在接入共享平台时, 提供和该接入共享平台的账号 对应的认证信息, 如提供密码或证书等, 共享平台使用该认证信息认证第二 用户的身份, 并在认证通过后, 为用户开放云业务访问能力。 Specifically, the sharing platform generates an account for accessing the shared platform for each second user that uses the cloud service through the shared platform, where the account of the access sharing platform includes at least a user identifier of the second user, and optionally has an access sharing. Certification information for the platform, such as passwords, certificates, etc. Second user client The account of the access sharing platform is used to access the sharing platform, and the cloud service provided by the infrastructure cloud is used through the sharing platform. When the second user accesses the shared platform, the authentication information corresponding to the account of the access sharing platform is provided, such as providing a password or a certificate, and the sharing platform uses the authentication information to authenticate the identity of the second user, and after the authentication is passed, Open cloud business access capabilities for users.
步骤 203、 共享平台根据所述第一用户与第二用户之间的关联关系, 为 所述第二用户指定至少一个所述第一用户的云账号作为第二用户接入提供 Step 203: The sharing platform, according to the association relationship between the first user and the second user, specifies, for the second user, at least one cloud account of the first user as the second user access
IaaS业务的基础设施云的接入账号, 以使得所述第二用户的客户端根据所述 接入共享平台的账号和所述接入账号接入所述接入账号对应的提供 IaaS业务 的基础设施云。 The access account of the infrastructure cloud of the IaaS service, so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account. Facility cloud.
共享平台为步骤 202中的第二用户指定接入账号, 对于提供某一 IaaS业 务的某一特定基础设施云, 一个第二用户可以指定到一个该基础设施云的接 入账号上, 一个该基础设施云的接入账号可以指定给多个第二用户。  The sharing platform specifies an access account for the second user in step 202. For a specific infrastructure cloud providing a certain IaaS service, a second user can be assigned to an access account of the infrastructure cloud, one of the foundations. The access account of the facility cloud can be assigned to multiple second users.
所述第一用户和第二用户的关联关系及为第二用户指定接入账号的过程 可以参考本发明其他实施例的相关描述。 共享平台根据所述第一用户和第二 用户的关联关系为第二用户指定为第一用户注册的云账号作为第二用户接入 提供 IaaS的基础设施云的接入账号。  The process of associating the first user with the second user and the process of assigning an access account to the second user may refer to related descriptions of other embodiments of the present invention. The sharing platform specifies, as the second user, the cloud account registered by the first user as the second user to access the access account of the infrastructure cloud of the IaaS according to the association relationship between the first user and the second user.
前述共享平台根据所述第一用户和第二用户的关联关系为第二用户指定 为第一用户注册的云账号作为第二用户接入提供 IaaS的基础设施云的接入账 号的优选实现是: 当共享平台上注册了多个某一基础设施云的接入账号时, 共享平台根据该基础设施云的每个接入账号的负载情况, 均衡分配, 使得该 基础设施云的每个接入账号所关联的用户数基本相当, 这里的负载指其所关 联的第二用户的数量, 无论第二用户当前使用与否; 或者, 共享平台按照为 用户赋予的权限的不同, 对用户进行分组, 并根据分组指定到一个 IaaS接入 账号。  The preferred implementation of the foregoing sharing platform for the cloud account registered by the first user as the first user according to the association relationship between the first user and the second user as the second user accessing the infrastructure cloud providing the IaaS is: When multiple access accounts of a certain infrastructure cloud are registered on the shared platform, the shared platform is uniformly allocated according to the load condition of each access account of the infrastructure cloud, so that each access account of the infrastructure cloud is made. The number of associated users is basically equal, where the load refers to the number of second users associated with it, regardless of whether the second user is currently used or not; or, the sharing platform groups the users according to the different rights granted to the user, and Assign to an IaaS access account based on the packet.
共享平台为第二用户指定接入账号的方式可以是固定的, 也可以是动态 指定的。 当共享平台为第二用户指定接入账号的方式是固定方式时, 即一个用户 被固定绑定到某一个基础设施云对应的接入账号, 并在共享平台保存该用户 标识和基础设施云的接入账号的对应关系。 这样一个用户可以随时查看和管 理保存在提供 IaaS业务的基础设施云的云实例的状态信息。 云实例指基础设 施云根据第二用户的请求所创建的一个 IaaS业务对象, 如: 所创建的虚拟机 是一个云实例, 为用户分配的一个存储空间即存储的块是一个云实例。 The manner in which the sharing platform specifies the access account for the second user may be fixed or dynamically specified. When the shared platform specifies the access account for the second user in a fixed manner, that is, a user is fixedly bound to an access account corresponding to an infrastructure cloud, and the user identifier and the infrastructure cloud are saved on the shared platform. The correspondence between access accounts. Such a user can view and manage the status information of cloud instances stored in the infrastructure cloud providing IaaS services at any time. A cloud instance refers to an IaaS service object created by the infrastructure cloud according to the request of the second user. For example, the created virtual machine is a cloud instance, and one storage space allocated for the user, that is, the stored block is a cloud instance.
当共享平台为第二用户指定接入账号的方式是动态指定时,即一个用户在 使用云业务的时候(如发送 IaaS业务的操作请求时) , 共享平台才临时为该 用户指定某一提供 IaaS业务的基础设施云的云账号作为接入账号, 用户请求 处理完后释放该云账号, 即不再绑定该云账号。 这种方式中, 共享平台可以 根据各个接入账号所对应的提供 IaaS业务的基础设施云的负载等, 来动态为 用户指定基础设施云的接入账号, 如为用户分配当前负载较低的基础设施云 的接入账号处理用户的 IaaS业务的操作请求, 这里的负载指其所关联的当前 正在使用基础设施云的第二用户的数量。  When the sharing platform specifies the access account for the second user in a dynamic manner, that is, when a user is using the cloud service (such as an operation request for sending an IaaS service), the sharing platform temporarily specifies the IaaS for the user. The cloud account of the infrastructure cloud of the service is used as an access account, and the cloud account is released after the user requests the processing, that is, the cloud account is no longer bound. In this manner, the sharing platform can dynamically assign an access account of the infrastructure cloud to the user according to the load of the infrastructure cloud that provides the IaaS service corresponding to each access account, such as assigning a lower current load to the user. The access account of the facility cloud processes the operational request of the user's IaaS service, where the load refers to the number of second users associated with which the infrastructure cloud is currently being used.
可选的, 共享平台根据第二用户的身份可以为用户分配操作权限, 如: 普 通用户只能使用 VM, 但不能创建, 中级用户限制其最大只能创建 5个 VM, 高 级用户可以申请规格比较高的 VM等等, 并保存该用户权限。  Optionally, the sharing platform may assign operation rights to the user according to the identity of the second user, for example, the ordinary user can only use the VM, but cannot create the intermediate user, and the intermediate user can only create a maximum of 5 VMs. The advanced user can apply for the specification comparison. High VM and so on, and save the user rights.
步骤 204、 共享平台发送第二用户的创建密钥对的操作请求, 并接收对应 的提供 IaaS业务的基础设施云返回的密钥对。  Step 204: The sharing platform sends an operation request for creating a key pair of the second user, and receives a key pair returned by the corresponding infrastructure cloud that provides the IaaS service.
该密钥对 keypa ir是个键值对, 包括公钥和私钥, 用于第二用户客户端接 入虚拟机 VM。  The key pair keypa ir is a key-value pair, including a public key and a private key, for the second user client to access the virtual machine VM.
该密钥对申请请求可以是共享平台接收到第二用户在基于所述接入共享 平台的账号登录后发送的 IaaS业务对象的操作请求后, 共享平台向对应的基 础设施云发送。  The key pair application request may be that after the sharing platform receives the operation request of the IaaS service object sent by the second user after logging in based on the account of the access sharing platform, the sharing platform sends the information to the corresponding infrastructure cloud.
共享平台在接收 IaaS业务对象的操作请求后,为所述操作请求确定一个接 入账号, 向所述接入账号对应的提供 I aa.S业务的基础设施云申请并接收密钥 对。 本实施例中的为所述操作请求确定一个接入账号的具体过程可以参考本 发明的其他实施例的相关描述, 这里不再赘述。 After receiving the operation request of the IaaS service object, the sharing platform determines an access account for the operation request, and applies and receives the key to the infrastructure cloud that provides the Ia.S service corresponding to the access account. Correct. For a specific process of determining an access account for the operation request in this embodiment, refer to related descriptions of other embodiments of the present invention, and details are not described herein again.
所述共享平台根据所述为第二用户标识对应的用户设定的操作权限判断 所述第二用户标识对应的用户是否拥有对所述 IaaS业务对象执行所述操作请 求的权限, 并在确定所述第二用户标识对应的用户拥有执行所述操作请求所 对应的权限时, 根据所述接入账号对应的提供 IaaS业务的基础设施云的消息 格式封装所述 IaaS业务对象操作请求, 并向所述接入账号对应的提供 IaaS业 务的基础设施云发送所述封装的 IaaS业务对象操作请求。  Determining, by the sharing platform, that the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object according to the operation authority set by the user corresponding to the second user identifier, and determining the location When the user corresponding to the second user identifier has the right to execute the operation request, the operation request of the IaaS service object is encapsulated according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the access account, and The infrastructure cloud that provides the IaaS service corresponding to the access account sends the encapsulated IaaS service object operation request.
共享平台根据业务对象的操作请求, 在指定的接入账号对应的提供 IaaS 业务的基础设施云中至少申请一个密钥对 keypa i r (包括公钥和私钥 ) , 具体 的 keypa i r的生成是由提供 IaaS业务的基础设施云来完成的,提供 IaaS业务的 基础设施云生成密钥对 keypa i r后保存其中的公钥, 将密钥对 keypa i r对应的 私钥通过响应消息发送给共享平台。  The sharing platform applies at least one key pair keypa ir (including the public key and the private key) in the infrastructure cloud providing the IaaS service corresponding to the specified access account according to the operation request of the business object, and the specific keypa ir is generated by the The infrastructure cloud that provides the IaaS service is completed. The infrastructure that provides the IaaS service generates the key pair and then stores the public key. The private key corresponding to the keypa ir is sent to the shared platform through the response message.
共享平台接收到基础设施云发送的私钥后, 存在两种情况: 共享平台保 存私钥和共享平台不保存私钥。  After the shared platform receives the private key sent by the infrastructure cloud, there are two cases: The shared platform saves the private key and the shared platform does not save the private key.
需要说明的是, 如果创建虚拟机时为第二用户分配的是用户名和密码, 则第二用户可以通过用户名和密码接入虚拟机, 则该创建密钥对的步骤 204 可省略。  It should be noted that, if the user name and password are assigned to the second user when the virtual machine is created, the second user can access the virtual machine by using the username and password, and the step 204 of creating the key pair may be omitted.
为了说明共享平台保存私钥、 共享平台不保存私钥、 以及基础设施云创 建虚拟机时不使用密钥对, 而使用用户名及密码的方式, 如下分三种情况进 行介绍本发明的实施例, 密钥对的私钥不保存在共享平台的处理过程请参见 步骤 2051-2071 , 密钥对的私钥保存在共享平台的处理过程请参见步骤 2052-2072, 基础设施云创建虚拟机时不使用密钥对, 而使用用户名及密码的 方式创建虚拟机的处理过程请参见步骤 2053 2063 , 这三种情况可以根据用 户的偏好及基础设施云的能力选择其中一种。  In order to explain that the shared platform saves the private key, the shared platform does not save the private key, and the infrastructure cloud creates the virtual machine without using the key pair, and uses the username and password, the following embodiments are introduced in three cases. If the private key of the key pair is not saved on the shared platform, see Step 2051-2071. For the process of saving the private key of the key pair on the shared platform, see Step 2052-2072. When the infrastructure cloud creates a VM, For the process of creating a virtual machine using a key pair and using a username and password, see Step 2053 2063. In these three cases, one of them can be selected according to the user's preference and the capabilities of the infrastructure cloud.
步骤 2051、 将所述分配的密钥对的私钥发送给所述第二用户的客户端。 共享平台将提供 IaaS业务的基础设施云分配的密钥对 keypair的私钥提 供给最终第二用户, 由第二用户保存该私钥, 以方便其通过其他 ssh ( Secure Shell, 安全外壳协议) 工具接入云。 共享平台保存第二用户的用户标识和密 钥对的对应关系, 若共享平台注册了多个基础设施云, 则还需保存密钥对和 生成该密钥对的基础设施云的对应关系。 Step 2051: Send the private key of the assigned key pair to the client of the second user. The sharing platform provides the key of the infrastructure cloud assigned by the IaaS service to the final second user, and the second user saves the private key to facilitate its use of other ssh (Secure Shell, Secure Shell Protocol) tools. Access to the cloud. The sharing platform saves the correspondence between the user identifier and the key pair of the second user. If the sharing platform registers a plurality of infrastructure clouds, the correspondence between the key pair and the infrastructure cloud that generates the key pair needs to be saved.
为了防止同一接入账号所绑定的不同用户的密钥对 keypair重名,可以有 如下两种处理方式:  To prevent key pairs of different users bound to the same access account from being duplicated, you can do the following two methods:
1 )共享平台可以为每个密钥对 keypair分配一个别名, 保存该别名和密 钥对 keypair名称的对应关系, 并提供该别名给第二用户。 如表 1所示:  1) The sharing platform may assign an alias to each key pair keypair, save the corresponding relationship between the alias and the key pair name, and provide the alias to the second user. As shown in Table 1:
表 1
Figure imgf000018_0001
Table 1
Figure imgf000018_0001
其中 , mykeypair 在 user2 与共享平台间的消息中使用; 别名 keypair— for— user 1在共享平台与 cloud间的消息中使用。  Wherein mykeypair is used in messages between user2 and the shared platform; alias keypair—for—user 1 is used in messages between the shared platform and the cloud.
共享平台保存所述密钥对别名与密钥对名称之间的对应关系。  The sharing platform saves the correspondence between the key pair alias and the key pair name.
2 )共享平台可以为每个第二用户分配一个前缀或后缀, 每个第二用户的 前缀或后缀不同, 共享平台在和生成该密钥对的基础设施云进行通信的过程 中, 在密钥对名称上增加前缀或后缀。  2) The sharing platform may assign a prefix or suffix to each second user, and each second user has a different prefix or suffix, and the sharing platform communicates with the infrastructure cloud that generates the key pair, in the key Add a prefix or suffix to the name.
步骤 2061、 共享平台根据第二用户发送的创建虚拟机的操作请求, 向对 应的基础设施云申请创建虚拟机, 并接收所述基础设施云返回的创建的虚拟 机。  Step 2011: The sharing platform applies, according to an operation request for creating a virtual machine sent by the second user, to the corresponding infrastructure cloud to create a virtual machine, and receives the created virtual machine returned by the infrastructure cloud.
第二用户向共享平台发起创建虚拟机的操作请求, 用于创建虚拟机。 所 述创建虚拟机的操作请求包括所述第二用户标识、 所需创建的虚拟机的规格 和密钥对标识。 所需创建的虚拟机 VM 的规格如: 创建 VM所使用的镜像 image, VM的大小等, 共享平台在验证该第二用户权限通过后, 通过查询步 骤 2051的表 1所提到的 keypair别名表或者增加的前缀或后缀, 以得到用以 向基础设施云发送的密钥对名称, 然后读取步骤 203为该第二用户分配的接 入账号, 之后使用该接入账号和该得到的密钥对名称向接入账号对应的提供 IaaS业务的基础设施云提交创建虚拟机的操作请求。 若创建成功, 则所述基 础设施云向所述共享平台返回响应消息, 该响应消息中携带已经创建的虚拟 机的标识, 否则返回错误。 若创建成功后, 可以在共享平台保存该虚拟机标 识与该第二用户的对应关系, 同时还可以保存该虚拟机的其他信息, 如: IP 地址、 规格等等。 共享平台提供该虚拟机给第二用户。 The second user initiates an operation request for creating a virtual machine to the shared platform for creating a virtual machine. The operation request for creating a virtual machine includes the second user identifier, a specification of a virtual machine to be created, and a key pair identifier. The specifications of the virtual machine VM to be created are as follows: The image image used to create the VM, the size of the VM, etc., after verifying that the second user authority passes, the shared platform queries the keypair alias table mentioned in Table 1 of step 2051. Or add a prefix or suffix to get The key pair name sent to the infrastructure cloud, and then reading the access account assigned to the second user in step 203, and then using the access account and the obtained key pair name to provide the IaaS service corresponding to the access account The infrastructure cloud submits an operation request to create a virtual machine. If the creation is successful, the infrastructure cloud returns a response message to the shared platform, where the response message carries the identifier of the virtual machine that has been created, otherwise an error is returned. After the creation is successful, the mapping between the virtual machine identifier and the second user may be saved on the shared platform, and other information of the virtual machine, such as an IP address, a specification, and the like, may also be saved. The sharing platform provides the virtual machine to the second user.
为了使得共享平台可以实时获取第二用户创建的 VM的状态信息, 如是 否存在未通过管理命令的关机等操作, 以便更为精确的对第二用户使用基础 设施云的信息进行记录, 共享平台可以为所创建的 vm安装一个代理程序, 该代理程序可以监控 vm 的运行情况, 并定时自动向共享平台上报, 共享平 台通过接收到的信息进行分析以获取 VM的状态。 或者, 共享平台可以记录 创建 VM的时间点, 并根据基础设施云的计费规则 (如扣费时间间隔) , 确 定并配置一个定时获取 VM状态的间隔, 在每个时间间隔点通过基础设施云 提供的接口获取 VM的状态,如按小时收费, 即每小时扣一次费用,则在 VM 启动 59分钟时获取一次 VM状态。  In order to enable the sharing platform to obtain the status information of the VM created by the second user in real time, such as whether there is a shutdown or the like that does not pass the management command, so as to more accurately record the information of the second user using the infrastructure cloud, the sharing platform may Install an agent for the created vm, the agent can monitor the running status of the vm, and automatically report to the shared platform periodically, and the shared platform analyzes the received information to obtain the status of the VM. Alternatively, the sharing platform can record the point in time when the VM is created, and according to the charging rules of the infrastructure cloud (such as the deduction time interval), determine and configure a time interval for acquiring the VM state, and pass the infrastructure cloud at each time interval. The provided interface obtains the status of the VM. For example, the hourly charge, that is, the charge per hour, the VM state is acquired once the VM starts 59 minutes.
步骤 2071、 第二用户通过共享平台管理已经创建的虚拟机或接入已经创 建的虚拟机。  Step 2071: The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
第二用户向共享平台发起针对特定云实例的 IaaS业务的操作请求以管理 已经创建的虚拟机, 例如停止、 更改、 重启、 查看或删除虚拟机。 该 IaaS业 务的操作请求会指定虚拟机的标识, 共享平台根据其保存的虚拟机标识与第 二用户标识的对应关系来确定该虚拟机是否和该第二用户标识对应, 以险证 该用户是否可以管理该虚拟机, 若存在对应关系则验证通过, 则使用该第二 用户标识绑定的接入账号向对应的基础设施云发起针对该虚拟机的操作。 接 入账号对应的基础设施云针对该 IaaS业务对象的操作请求执行相应的操作, 并向共享平台返回响应消息, 响应消息中包括相应操作的结果, 并由共享平 台将所述结果返回给第二用户客户端。 The second user initiates an operation request for the IaaS service of the specific cloud instance to the shared platform to manage the virtual machine that has been created, such as stopping, changing, restarting, viewing, or deleting the virtual machine. The operation request of the IaaS service specifies the identifier of the virtual machine, and the sharing platform determines whether the virtual machine corresponds to the second user identifier according to the correspondence between the saved virtual machine identifier and the second user identifier, so as to verify whether the user is The virtual machine can be managed, and if the corresponding relationship is verified, the access account bound by the second user identifier is used to initiate an operation for the virtual machine to the corresponding infrastructure cloud. The infrastructure cloud corresponding to the access account performs a corresponding operation on the operation request of the IaaS service object, and returns a response message to the shared platform, where the response message includes the result of the corresponding operation, and is shared by the sharing The station returns the result to the second user client.
步骤 2052、 在共享平台保存所创建的一个或多个密钥对的私钥。  Step 2052: Save the private key of the created one or more key pairs on the shared platform.
共享平台保存密钥对的私钥, 还可以保存该密钥对与创建该密钥对的基 础设施云的对应关系。  The shared platform saves the private key of the key pair and also stores the correspondence between the key pair and the infrastructure cloud that created the key pair.
步骤 2062、 共享平台根据第二用户发送的创建虚拟机的操作请求, 向对 应的基础设施云申请创建虚拟机, 所述虚拟机创建请求包括所述第二用户标 识、 所需创建的虚拟机的规格, 可选的包括密钥对标识, 并接收所述基础设 施云返回的所创建的虚拟机的标识和虚拟机的地址信息 (如 IP , Internet Protocol )。 若该操作请求中未包括密钥对标识, 则共享平台从为该操作请求 指定的云账号对应的 keypair集中选择一个 keypair作为创建虚拟机的 keypair , 可以是随机选择, 或者根据安全组选择。  Step 2062: The sharing platform applies for creating a virtual machine to the corresponding infrastructure cloud according to the operation request for creating a virtual machine sent by the second user, where the virtual machine creation request includes the second user identifier and the virtual machine to be created. The specification, optionally including a key pair identifier, and receiving the identifier of the created virtual machine and the address information of the virtual machine (such as IP, Internet Protocol) returned by the infrastructure cloud. If the key pair identifier is not included in the operation request, the sharing platform selects a keypair from the keypair corresponding to the cloud account specified by the operation request as a keypair for creating the virtual machine, which may be randomly selected or selected according to the security group.
此步骤的虚拟机创建和监控描述可以参考步骤 2061的相关描述,这里不 再赘述。  For the VM creation and monitoring description of this step, refer to the related description of step 2061, which will not be described here.
步骤 2072、 第二用户通过共享平台管理已经创建的虚拟机或接入已经创 建的虚拟机。  Step 2072: The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
此步骤的相关描述可以参考步骤 2071的相关描述, 这里不再赘述。  For a description of this step, refer to the related description of step 2071, and details are not described herein again.
步骤 2053、 共享平台根据第二用户发送的创建虚拟机的操作请求, 向对 应的基础设施云申请创建虚拟机, 所述虚拟机创建请求包括所述第二用户标 识、 所需创建的虚拟机的规格, 可选的包括: root用户密码, 或者 root以外 其他的用户名及密码, 若该操作请求中未包括任何用户名和对应密码, 则基 础设施云可以为 root用户生成密码, 并通过该操作请求的响应消息返回该生 成的密码给第二用户。  Step 2053: The sharing platform applies for creating a virtual machine to the corresponding infrastructure cloud according to the operation request for creating a virtual machine sent by the second user, where the virtual machine creation request includes the second user identifier, and the virtual machine to be created. Specifications, optional: root password, or username and password other than root. If the operation request does not include any username and password, the infrastructure cloud can generate a password for the root user and request it through the operation. The response message returns the generated password to the second user.
共享平台接收所述基础设施云返回的所创建的虚拟机的标识和虚拟机的 地址信息 (如 IP, Internet Protocol ) , 可选的, 包括基础设施云生成的 root 用户的密码。  The sharing platform receives the identifier of the created virtual machine and the address information of the virtual machine (such as IP, Internet Protocol) returned by the infrastructure cloud, and optionally, the password of the root user generated by the infrastructure cloud.
此步骤的其他虚拟机创建和监控描述可以参考步骤 2061的相关描述,这 里不再赘述。 For other virtual machine creation and monitoring descriptions of this step, refer to the related description of step 2061. I won't go into details here.
步骤 2063、 第二用户通过共享平台管理已经创建的虚拟机或接入已经创 建的虚拟机。  Step 2063: The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
此步骤的相关描述可以参考步骤 2071的相关描述, 这里不再赘述。  For a description of this step, refer to the related description of step 2071, and details are not described herein again.
图 3为本发明实施例实现云存储方法实施例的流程图。 如图 3所示, 该 方法可以包括:  FIG. 3 is a flowchart of an embodiment of implementing a cloud storage method according to an embodiment of the present invention. As shown in FIG. 3, the method may include:
步骤 301、 在共享平台注册至少一个用于接入提供 IaaS业务的基础设施 云的云账号, 作为第一用户的客户端的云账号; 具体的注册过程可以参考本 发明前述实施例的相关描述。  Step 301: Register at least one cloud account for accessing the infrastructure cloud providing the IaaS service on the shared platform, as the cloud account of the client of the first user; the specific registration process may refer to the related description of the foregoing embodiment of the present invention.
步骤 302、 共享平台为欲接入共享平台的第二用户创建第二用户客户端 接入共享平台的账号。  Step 302: The sharing platform creates an account for the second user to access the shared platform for the second user to access the shared platform.
步骤 303、 共享平台根据所述第一用户与第二用户之间的关联关系, 为 所述第二用户指定至少一个所述第一用户的云账号作为第二用户接入提供 Step 303: The sharing platform, according to the association relationship between the first user and the second user, specifies, for the second user, at least one cloud account of the first user as the second user access
IaaS业务的基础设施云的接入账号, 以使得所述第二用户的客户端根据所述 接入共享平台的账号和所述接入账号接入所述接入账号对应的提供 IaaS业务 的基础设施云。 The access account of the infrastructure cloud of the IaaS service, so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account. Facility cloud.
本实施例中步骤 301-303的具体描述可以参考步骤 201-203的相关描述, 以及接入账号的指定等可以参考本发明其他实施例的相关描述, 这里不再一 一赘述。  For a detailed description of the steps 301-303 in this embodiment, reference may be made to the related descriptions of the steps 201-203, and the designation of the access account, and the related descriptions of other embodiments of the present invention, and details are not described herein again.
步骤 304、 发送第二用户的创建存储块的操作请求, 并接收对应的基础 设施云返回的所创建块的标识。  Step 304: Send an operation request of the second user to create a storage block, and receive an identifier of the created block returned by the corresponding infrastructure cloud.
该目录或块的创建动作是共享平台在关联第二用户到指定接入账号时共 享平台自动向 Cloud发起创建命令, 或者接收到第二用户在基于所述接入共 享平台的账号登录后发送的 IaaS业务对象的操作请求时, 共享平台向对应的 基础设施云发起创建的。  The creating action of the directory or the block is that the sharing platform automatically initiates a creation command to the cloud when the second user connects the second user to the specified access account, or receives the second user after the login based on the account of the access sharing platform. When the operation request of the IaaS business object is requested, the sharing platform initiates creation to the corresponding infrastructure cloud.
共享平台向指定的接入账号发送创建至少一个根目录或块 bucket的 IaaS 业务对应的操作请求, 并接收相应的基础设施云返回的响应消息, 所述响应 消息包括为实现云存储所创建的块或目录的标识, 共享平台将第二用户指定 到该块或目录, 并在共享平台保存第二用户标识与该块或目录标识的对应关 系。 The sharing platform sends an IaaS that creates at least one root directory or block bucket to the specified access account. The service corresponding to the operation request, and receiving a response message returned by the corresponding infrastructure cloud, where the response message includes an identifier of a block or a directory created for implementing the cloud storage, and the sharing platform assigns the second user to the block or directory, and The corresponding relationship between the second user identifier and the block or directory identifier is saved on the shared platform.
共享平台可以为所述第二用户标识分配唯一的存储对象前缀或后缀,在所 述第二用户客户端发送 IaaS业务对象操作请求之后, 为所述存储对象标识中 增加所述块的标识和所述存储对象前缀或后缀, 并将所述增加了块的标识和 存储对象前缀或后缀后的存储对象标识封装在向所述基础设施云发送的所述 封装的 IaaS业务对象操作请求中。 优选的, 这个前缀可以使用该用户的用户 名或用户名对应的唯一标识。  The sharing platform may allocate a unique storage object prefix or suffix to the second user identifier, and after the second user client sends the IaaS service object operation request, add the identifier and the location of the block to the storage object identifier. The storage object prefix or suffix is described, and the identifier of the added block and the storage object identifier or the storage object identifier after the suffix are encapsulated in the encapsulated IaaS service object operation request sent to the infrastructure cloud. Preferably, the prefix may use a unique identifier corresponding to the user name or username of the user.
共享平台保存所述增加了块的标识和存储对象前缀或后缀后的存储对象 标识与存储对象真实标识之间的对应关系, 在所述第二用户客户端发送 IaaS 业务对象操作请求之后, 所述方法还包括: 根据所述增加了块的标识和存储 对象前缀或后缀后的存储对象标识与存储对象真实标识之间的对应关系, 确 定所述 IaaS业务对象操作请求消息中的存储对象标识对应的真实标识; 用所 述存储对象的真实标识替代原存储对象标识; 并将所述存储对象的真实标识 封装在向所述基础设施云发送的所述封装的 IaaS业务对象操作请求中。  The sharing platform saves the correspondence between the identifier of the block and the storage object identifier or the suffix after the storage object identifier and the real identifier of the storage object, after the second user client sends the IaaS service object operation request, The method further includes: determining, according to the added identifier of the block, the correspondence between the storage object identifier or the storage object identifier after the storage object prefix or the suffix, and the storage object identifier, the storage object identifier in the IaaS service object operation request message. Replacing the original storage object identifier with the real identifier of the storage object; and encapsulating the real identifier of the storage object in the encapsulated IaaS business object operation request sent to the infrastructure cloud.
步骤 305、 第二用户通过共享平台管理存储对象。  Step 305: The second user manages the storage object by using the shared platform.
共享平台接收到第二用户发起的存储对象管理操作后, 根据其所保存权 限信息判断该用户是否有权限执行该操作请求对应的操作。 如果第二用户有 执行该操作的权限, 进一步执行后续操作。  After receiving the storage object management operation initiated by the second user, the sharing platform determines, according to the saved right information, whether the user has the right to perform the operation corresponding to the operation request. If the second user has permission to perform the operation, further operations are performed.
这里的权限可以包括: 共享平台保存的用户的权限限制, 如最大存储空 间限制, 或 /和共享平台保存的被操作对象的访问控制信息, 这里需要说明的 是这个访问控制信息是共享平台管理的,和基础设施云的访问控制并不相同。  The rights here may include: a permission limit of a user saved by the sharing platform, such as a maximum storage space limit, or/and an access control information of the operated object saved by the sharing platform. Here, it should be noted that the access control information is shared platform management. , and the access control of the infrastructure cloud is not the same.
若所述 IaaS业务对象操作请求为更改所述存储对象的访问权限, 则在接 收所述第二用户客户端发送的 IaaS业务对象操作请求之后, 所述方法还可以 包括: 判断所述 IaaS业务对象操作请求携带的更改其所包含的存储对象的访 问权限的目标用户是否所述共享平台的第二用户, 若是, 则保存该对象的新 访问权限, 并不向提供存储业务的基础设施云发送更改所述存储对象的访问 权限操作请求, 否则, 向提供存储业务的基础设施云发送重新封装的更改所 述存储对象的访问权限操作请求。 If the IaaS service object operation request is to change the access right of the storage object, after receiving the IaaS service object operation request sent by the second user client, the method may further The method includes: determining, by the IaaS service object operation request, a target user that changes an access right of a storage object that is included in the IaaS service object operation request, whether the second user of the shared platform is saved, and if yes, saving the new access right of the object, and does not provide the The infrastructure cloud of the storage service sends an access permission operation request to change the storage object, otherwise, a re-encapsulated access permission operation request to change the storage object is sent to the infrastructure cloud providing the storage service.
本领域普通技术人员可以理解: 实现上述方法实施例的全部或部分步骤 可以通过程序指令相关的硬件来完成, 前述的程序可以存储于一计算机可读 取存储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述 的存储介质包括: ROM, RAM, 磁碟或者光盘等各种可以存储程序代码的介 图 4为本发明一种共享基础设施作为服务 IaaS业务云账号的系统的结构 示意图,该系统包括共享平台 41和提供 IaaS业务的基础设施云提供装置 42, 所述基础设施云可以有多个。 当然本发明的系统可以进一步包括第一用户客 户端 43和第二用户客户端 44。  A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The foregoing storage medium includes: ROM, RAM, magnetic disk or optical disk, and the like, which can store program code. FIG. 4 is a shared infrastructure of the present invention as a system for serving an IaaS service cloud account. A schematic diagram of the structure includes a sharing platform 41 and an infrastructure cloud providing device 42 that provides IaaS services, and the infrastructure cloud may have multiple. Of course, the system of the present invention may further include a first user client 43 and a second user client 44.
所述共享平台 41 ,用于保存至少一个用于接入提供 IaaS业务的基础设施 云的云账号, 作为第一用户的云账号; 为第二用户创建第二用户客户端接入 共享平台的账号; 根据第一用户与第二用户之间的关联关系, 为所述第二用 户指定至少一个所述第一用户的云账号作为所述第二用户接入提供 IaaS业务 的基础设施云的接入账号, 以使得所述第二用户的客户端根据所述接入共享 平台的账号和所述接入账号接入所述接入账号对应的提供 IaaS业务的基础设 施云;  The sharing platform 41 is configured to save at least one cloud account for accessing the infrastructure cloud that provides the IaaS service, as the cloud account of the first user, and create an account for the second user to access the shared platform for the second user. And assigning, by the second user, at least one cloud account of the first user as the second user accessing an infrastructure cloud providing IaaS service according to an association relationship between the first user and the second user; An account, such that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account;
所述基础设施云的提供装置 42, 用于通过所述共享平台为所述第一用户 注册云账号, 并且在所述第二用户使用上述指定的接入账号接入所述基础设 施云的提供装置后, 为所述第二用户提供 IaaS业务。  The infrastructure cloud providing device 42 is configured to register a cloud account for the first user by using the sharing platform, and access the infrastructure cloud by using the specified access account by the second user. After the device, the second user is provided with an IaaS service.
所述共享平台 41还用于保存所述第二用户标识与接入账号的对应关系。 所述共享平台保存至少一个用于接入 IaaS业务的基础设施云的云账号, 所述云账号为第一用户的云账号包括:所述共享平台 41接收所述第一用户客 户端 43发送的云账号创建请求, 根据所述云账号创建请求向提供 laaS业务 的基础设施云的提供装置 42申请至少一个云账号,作为所述第一用户的云账 号, 并保存所述云账号; 或者, 所述共享平台 41接收并保存所述第一用户注 册的至少一个云账号, 所述第一用户注册的至少一个云账号由所述第一用户 向所述提供 laaS业务的基础设施云的提供装置 42申请得到。 The sharing platform 41 is further configured to save a correspondence between the second user identifier and an access account. The sharing platform saves at least one cloud account for accessing an infrastructure cloud of the IaaS service, The cloud account is the cloud account of the first user, and the sharing platform 41 receives the cloud account creation request sent by the first user client 43 according to the cloud account creation request to the infrastructure cloud that provides the laaS service. The providing device 42 applies for at least one cloud account as the cloud account of the first user, and saves the cloud account; or the sharing platform 41 receives and saves at least one cloud account registered by the first user, The at least one cloud account registered by the first user is requested by the first user to the providing device 42 of the infrastructure cloud providing the laaS service.
所述为所述第二用户指定至少一个所述第一用户的云账号作为所述第二 用户接入提供 laaS业务的基础设施云的接入账号包括: 所述共享平台 41接 收第二用户的客户端 44在基于所述接入共享平台的账号登录后发送的 laaS 业务对象的操作请求时, 根据所述关联关系, 为所述第二用户指定至少一个 所述第一用户的云账号作为所述第二用户接入提供 laaS业务的基础设施云的 接入账号; 或者, 所述共享平台 41在为接入共享平台 41的第二用户创建第 二用户客户端接入共享平台的账号时, 根据所述关联关系, 为所述第二用户 指定至少一个所述第一用户的云账号作为所述第二用户接入提供 laaS业务的 基础设施云的接入账号; 或者, 在所述第二用户的客户端 44向所述共享平台 41订购所述 laaS业务后, 所述共享平台 41根据所述关联关系, 为所述第二 用户指定至少一个所述第一用户的云账号作为所述第二用户接入提供 laaS业 务的基础设施云的提供装置 42的接入账号。  The receiving, by the second user, the at least one cloud account of the first user as the second user accessing the access account of the infrastructure cloud that provides the laaS service includes: the sharing platform 41 receiving the second user The client 44 specifies, according to the association relationship, at least one cloud account of the first user as the second user according to the association relationship when the operation request of the laaS service object is sent after the account is accessed by the account of the access sharing platform. The second user accesses the access account of the infrastructure cloud that provides the laaS service; or the sharing platform 41 creates the account of the second user client accessing the shared platform for the second user accessing the sharing platform 41, Assigning, according to the association relationship, at least one cloud account of the first user to the second user as an access account of an infrastructure cloud that provides a laaS service for the second user; or, in the second After the user's client 44 subscribes the laaS service to the sharing platform 41, the sharing platform 41 specifies the second user according to the association relationship. Providing means cloud infrastructure least one of said first user account as cloud users access the second business providing access account laaS 42.
所述共享平台 41第二用户指定在为所述第二用户指定接入提供 laaS业 务的基础设施云的接入账号之后,所述共享平台 41根据所述指定的接入账号 对应的提供 laaS业务的基础设施云的消息格式封装所述 laaS业务对象操作请 求, 并向所述接入账号对应的提供 laaS 业务的基础设施云发送所述封装的 laaS业务对象操作请求;所述共享平台 41接收所述指定的接入账号对应的提 供 laaS业务的基础设施云的提供装置 42根据所述封装的 laaS业务对象操作 请求发送的响应消息; 所述共享平台 41封装所述响应消息, 并向所述第二用 户的客户端 44发送所述封装的响应消息。 创建第二用户客户端接入共享平台第二用户指定第二用户指定所述共享 平台 41还可以为所述第二用户标识对应的第二用户设定操作权限并保存;则 在接收第二用户的客户端 44 在基于所述接入共享平台的账号登录后发送的 IaaS业务对象的操作请求之后,所述共享平台 41根据所述为第二用户标识对 应的用户设定的操作权限判断所述第二用户标识对应的用户是否拥有对所述 IaaS业务对象执行所述操作请求的权限, 并在确定所述第二用户标识对应的 用户拥有执行所述操作请求所对应的权限时, 根据所述指定的接入账号对应 的提供 IaaS业务的基础设施云的消息格式封装所述 IaaS业务对象操作请求, 并向所述接入账号对应的提供 IaaS业务的基础设施云提供装置 44发送所述 封装的 IaaS业务对象操作请求。 The sharing platform 41 specifies, after the second user specifies the access account of the infrastructure cloud that provides the laaS service for the second user, the sharing platform 41 provides the laaS service according to the specified access account. The message format of the infrastructure cloud encapsulates the laaS service object operation request, and sends the encapsulated laaS service object operation request to an infrastructure cloud that provides a laaS service corresponding to the access account; the sharing platform 41 receives the a response message sent by the providing device 42 of the infrastructure cloud providing the laaS service corresponding to the specified access account according to the encapsulated laaS service object operation request; the sharing platform 41 encapsulating the response message, and reporting to the The client 44 of the second user sends the encapsulated response message. Create a second user client access sharing platform, the second user specifies that the second user specifies that the sharing platform 41 can also set the operation authority for the second user corresponding to the second user identifier and save; and then receive the second user. The client 44 determines, after the operation request of the IaaS service object that is sent after the login of the account of the access sharing platform, the sharing platform 41 determines the operation authority according to the operation authority set by the user corresponding to the second user identifier. Whether the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object, and when determining that the user corresponding to the second user identifier has the authority corresponding to executing the operation request, according to the The message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account encapsulates the IaaS service object operation request, and sends the encapsulated to the infrastructure cloud providing device 44 that provides the IaaS service corresponding to the access account. IaaS business object operation request.
所述共享平台 41还用于接收所述接入账号对应的提供 IaaS业务的基础 设施云根据所述封装的 IaaS业务对象操作请求发送的响应消息; 封装所述响 应消息, 并向所述第二用户的客户端发 44送所述封装的响应消息。  The sharing platform 41 is further configured to receive a response message that is sent by the infrastructure cloud that provides the IaaS service corresponding to the access account according to the encapsulated IaaS service object operation request, encapsulate the response message, and send the response message to the second The client's client sends 44 the encapsulated response message.
在所述共享平台 41接收第二用户的客户端 44在基于所述接入共享平台 的账号登录后发送的 IaaS业务对象的操作请求之后, 所述共享平台 41根据 所述 IaaS业务对象的操作请求确定提供 IaaS业务的基础设施云,将所述确定 的基础设施云对应的账号作为所述 IaaS业务对象的操作请求的指定的接入账 号。  After the sharing platform 41 receives the operation request of the IaaS service object sent by the client 44 of the second user after logging in based on the account of the access sharing platform, the sharing platform 41 requests the operation according to the IaaS service object. Determining an infrastructure cloud that provides an IaaS service, and using the account corresponding to the determined infrastructure cloud as the designated access account of the operation request of the IaaS service object.
所述共享平台 41根据所述 IaaS业务对象的操作请求确定提供 IaaS业务 的基础设施云, 具体包括: 所述 IaaS业务对象的操作请求包括第二用户所要 接入的基础设施云的标识, 所述共享平台确定所述基础设施云的标识对应的 基础设施云为提供 IaaS业务的基础设施云; 或者, 所述 IaaS业务对象的操作 请求不包括第二用户所要接入的基础设施云的标识, 则所述共享平台根据第 二用户预先提供的基础设施云的选择规则确定提供 IaaS业务的基础设施云。  The sharing platform 41 determines, according to the operation request of the IaaS service object, the infrastructure cloud that provides the IaaS service, specifically: the operation request of the IaaS service object includes an identifier of an infrastructure cloud to be accessed by the second user, The shared platform determines that the infrastructure cloud corresponding to the identifier of the infrastructure cloud is an infrastructure cloud that provides an IaaS service; or the operation request of the IaaS service object does not include an identifier of an infrastructure cloud to be accessed by the second user, The sharing platform determines an infrastructure cloud providing IaaS services according to a selection rule of an infrastructure cloud provided by a second user in advance.
图 5为本发明一种共享基础设施作为服务 IaaS业务云账号的共享平台的 结构示意图, 所述共享平台包括第一处理单元 51、 第一存储单元 52和第一 发送单元 54。 FIG. 5 is a schematic structural diagram of a shared infrastructure as a shared platform for serving an IaaS service cloud account according to the present invention. The shared platform includes a first processing unit 51, a first storage unit 52, and a first Transmitting unit 54.
第一存储器 52,用于保存至少一个用于接入提供 laaS业务的基础设施云 的云账号, 作为第一用户的云账号; 第一处理单元 51 , 用于为第二用户创建 第二用户客户端接入共享平台的账号, 所述接入共享平台的账号包括第二用 户的标识; 根据第一用户与第二用户之间的关联关系, 为所述第二用户指定 至少一个所述第一用户的云账号作为所述第二用户接入提供 laaS业务的基础 设施云的接入账号, 以使得所述第二用户的客户端根据所述接入共享平台的 账号和所述接入账号接入所述接入账号对应的提供 laaS业务的基础设施云; 第一发送单元 54, 将所述指定的接入账号发送给第二用户的客户端。  The first memory 52 is configured to save at least one cloud account for accessing the infrastructure cloud providing the laaS service as the cloud account of the first user; and the first processing unit 51 is configured to create a second user client for the second user. Accessing the account of the shared platform, the account of the access sharing platform includes the identifier of the second user; and assigning at least one of the first users to the second user according to the association relationship between the first user and the second user The user's cloud account is used as the second user to access the access account of the infrastructure cloud that provides the laaS service, so that the client of the second user is connected according to the account of the access sharing platform and the access account. And the first sending unit 54 sends the specified access account to the client of the second user.
所述第一存储单元 52 还用于保存所述第二用户标识与所述接入账号的 对应关系。  The first storage unit 52 is further configured to save a correspondence between the second user identifier and the access account.
所述共享平台还包括第一接收器 53 , 所述第一接收单元 53 , 用于接收所 述第一用户客户端发送的云账号创建请求, 并发送给所述第一处理单元 51 , 所述第一处理单元 51根据所述云账号创建请求向提供 laaS业务的基础设施 云申请至少一个云账号, 作为所述第一用户的云账号; 或者, 所述第一接收 单元 53 接收所述第一用户注册的至少一个云账号, 并由所述第一存储单元 52保存所述第一用户注册的至少一个云账号, 其中所述第一用户注册的至少 一个云账号由所述第一用户向所述提供 laaS业务的基础设施云申请得到。  The sharing platform further includes a first receiver 53, and the first receiving unit 53 is configured to receive a cloud account creation request sent by the first user client, and send the request to the first processing unit 51, where The first processing unit 51 applies, according to the cloud account creation request, the at least one cloud account to the infrastructure cloud that provides the laaS service as the cloud account of the first user; or the first receiving unit 53 receives the first At least one cloud account registered by the user, and the at least one cloud account registered by the first user is saved by the first storage unit 52, wherein at least one cloud account registered by the first user is used by the first user The infrastructure cloud application that provides the laaS service is available.
所述第一处理单元 51 为所述第二用户指定至少一个所述第一用户的云 账号作为所述第二用户接入提供 laaS业务的基础设施云的接入账号包括: 所 述第一接收单元 53 接收第二用户的客户端在基于所述接入共享平台的账号 登录后发送的 laaS业务对象的操作请求并将该 laaS业务对象的操作请求发送 给所述第一处理单元 51 , 所述第一处理单元 51根据所述关联关系, 为所述 第二用户指定至少一个所述第一用户的云账号作为所述第二用户接入提供 laaS业务的基础设施云的接入账号; 或者, 所述第一处理单元 51在为接入共 享平台的第二用户创建第二用户客户端接入共享平台的账号时, 根据所述关 联关系,所述第一处理单元 51为所述第二用户指定至少一个所述第一用户的 云账号作为所述第二用户接入提供 IaaS业务的基础设施云的接入账号;或者, 在所述第二用户向所述第一接收单元 53发送订购所述 IaaS业务后, 所述第 一处理单元 51根据所述关联关系,为所述第二用户指定至少一个所述第一用 户的云账号作为所述第二用户接入提供 IaaS业务的基础设施云的接入账号。 The first processing unit 51, for the second user, to specify at least one cloud account of the first user as the second user accessing an access account of the infrastructure cloud that provides the laaS service, includes: the first receiving The unit 53 receives an operation request of the laaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, and sends an operation request of the laaS service object to the first processing unit 51, The first processing unit 51 specifies, according to the association relationship, the at least one cloud account of the first user as the second user to access the access account of the infrastructure cloud that provides the laaS service; or The first processing unit 51, when creating a second user client accessing the account of the sharing platform for the second user accessing the sharing platform, according to the The first processing unit 51 specifies, for the second user, at least one cloud account of the first user as an access account of the second user to access an infrastructure cloud that provides IaaS services; or After the second user sends the subscription to the IaaS service to the first receiving unit 53, the first processing unit 51 specifies, according to the association relationship, at least one cloud of the first user for the second user. The account is used as the access account of the second user to access the infrastructure cloud that provides the IaaS service.
在所述第一处理单元 51 为所述第二用户指定至少一个所述第一用户的 云账号作为所述第二用户接入提供 IaaS业务的基础设施云的接入账号之后, 所述第一处理单元 51根据所述指定的接入账号对应的提供 IaaS业务的基础 设施云的消息格式封装所述 IaaS业务对象操作请求, 并由所述第一发送单元 54向所述接入账号对应的提供 IaaS业务的基础设施云的提供装置发送所述封 装的 IaaS业务对象操作请求; 所述第一接收单元 53接收所述指定的接入账 号对应的提供 IaaS业务的基础设施云根据所述封装的 IaaS业务对象操作请求 发送的响应消息; 封装所述响应消息, 并由所述第一发送单元 54向所述第二 用户的客户端发送所述封装的响应消息。  After the first processing unit 51 assigns at least one cloud account of the first user to the second user as the access account of the infrastructure cloud that provides the IaaS service to the second user, the first The processing unit 51 encapsulates the IaaS service object operation request according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account, and the first sending unit 54 provides the corresponding corresponding to the access account. The infrastructure cloud providing device of the IaaS service sends the encapsulated IaaS service object operation request; the first receiving unit 53 receives the infrastructure cloud that provides the IaaS service corresponding to the specified access account, according to the encapsulated IaaS The response message sent by the service object operation request is encapsulated, and the response message is encapsulated, and the encapsulated response message is sent by the first sending unit 54 to the client of the second user.
创建第二用户客户端接入共享平台第二用户指定第二用户指定所述第一 处理单元 51 为所述第二用户标识对应的所述第二用户设定操作权限并保存 在所述第一存储单元 52中; 则在所述第一接收单元 53接收第二用户的客户 端在基于所述接入共享平台的账号登录后发送的 IaaS业务对象的操作请求之 后,所述第一处理单元 51根据所述为第二用户标识对应的用户设定的操作权 限判断所述第二用户标识对应的用户是否拥有对所述 IaaS业务对象执行所述 操作请求的权限, 并在确定所述第二用户标识对应的用户拥有执行所述操作 请求所对应的权限时,所述第一处理单元 51根据所述指定的接入账号对应的 提供 IaaS业务的基础设施云的消息格式封装所述 IaaS业务对象操作请求,并 由所述第一发送单元 54向所述接入账号对应的提供 IaaS业务的基础设施云 的提供装置发送所述封装的 IaaS业务对象操作请求。  Creating a second user client access sharing platform, the second user specifying that the second user specifies that the first processing unit 51 sets an operation authority for the second user corresponding to the second user identifier and saves the first In the storage unit 52, after the first receiving unit 53 receives the operation request of the IaaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, the first processing unit 51 Determining, according to the operation authority set by the user corresponding to the second user identifier, whether the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object, and determining the second user When the user corresponding to the identifier has the right to execute the operation request, the first processing unit 51 encapsulates the IaaS service object operation according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account. Providing, and providing, by the first sending unit 54 to the access cloud, the infrastructure cloud providing the IaaS service The business object IaaS send operation request package.
在所述第一接收单元 53接收所述接入账号对应的提供 IaaS业务的基础 设施云根据所述封装的 laaS业务对象操作请求发送的响应消息之后, 所述第 一处理单元 51解析所述响应消息, 获取指代成功或失败的操作结果信息, 并 由所述第一存储单元 52保存所述操作结果信息。 Receiving, on the first receiving unit 53, the basis for providing the IaaS service corresponding to the access account After the response cloud is sent by the facility cloud according to the encapsulated laaS service object operation request, the first processing unit 51 parses the response message, and obtains operation result information indicating success or failure, and is used by the first storage unit. 52 saves the operation result information.
在所述第一接收单元 53 接收第二用户的客户端在基于所述接入共享平 台的账号登录后发送的 laaS业务对象的操作请求之后,所述第一处理单元 51 根据所述 laaS业务对象的操作请求确定提供 laaS业务的基础设施云,将所述 确定的基础设施云对应的账号作为所述 laaS业务对象的操作请求的指定的接 入账号。  After the first receiving unit 53 receives an operation request of the laaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, the first processing unit 51 is configured according to the laaS service object. The operation request determines an infrastructure cloud that provides a laaS service, and uses the account corresponding to the determined infrastructure cloud as the designated access account of the operation request of the laaS service object.
所述第一处理单元 51根据所述 laaS业务对象的操作请求确定提供 laaS 业务的基础设施云, 具体包括: 所述 laaS业务对象的操作请求包括第二用户 所要接入的基础设施云的标识 ,所述第一处理单元 51确定所述基础设施云的 标识对应的基础设施云为提供 laaS业务的基础设施云; 或者, 所述 laaS业务 对象的操作请求不包括第二用户所要接入的基础设施云的标识, 则所述第一 处理单元 51 根据第二用户预先提供的基础设施云的选择规则确定提供 laaS 业务的基础设施云。  Determining, by the first processing unit 51, the infrastructure cloud that provides the laaS service according to the operation request of the laaS service object, specifically: the operation request of the laaS service object includes an identifier of an infrastructure cloud to be accessed by the second user, The first processing unit 51 determines that the infrastructure cloud corresponding to the identifier of the infrastructure cloud is an infrastructure cloud that provides a laaS service; or the operation request of the laaS service object does not include an infrastructure that the second user needs to access The identifier of the cloud, the first processing unit 51 determines an infrastructure cloud providing the laaS service according to the selection rule of the infrastructure cloud provided by the second user in advance.
所述第一处理单元 51 还可以为所述第二用户标识分配一个唯一的前缀 或后缀,并由所述第一存储单元 52保存所述第二用户标识和所述前缀或后缀 的对应关系; 则所述共享平台封装所述 laaS业务对象操作请求, 或者封装所 述响应消息, 可以包括: 根据所述第二用户标识和所述前缀或后缀的对应关 系, 获取所述第二用户标识对应的前缀或后缀; 当所述 laaS业务对象操作请 求包括业务对象标识时,为所述 laaS业务对象操作请求包含的 laaS业务对象 标识增加前缀或后缀, 或者, 当所述响应消息包括业务对象标识时, 为所述 响应消息包含的 laaS业务对象标识减少前缀或后缀, 作为所述封装后的 laaS 业务对象的标识。  The first processing unit 51 may further allocate a unique prefix or suffix to the second user identifier, and save, by the first storage unit 52, a correspondence between the second user identifier and the prefix or suffix; If the sharing platform encapsulates the laaS service object operation request, or encapsulates the response message, the method may include: acquiring, according to the correspondence between the second user identifier and the prefix or suffix, the second user identifier a prefix or a suffix; when the laaS service object operation request includes a service object identifier, adding a prefix or a suffix to the laaS service object identifier included in the laaS service object operation request, or when the response message includes a service object identifier, And reducing a prefix or a suffix for the laaS service object identifier included in the response message, as an identifier of the encapsulated laaS service object.
或者, 所述第一处理单元 51还可以为所述 laaS业务对象分配一个别名, 并由所述第一存储单元 52保存所述 laaS业务对象和所述别名的对应关系。 则所述共享平台封装所述 IaaS业务对象操作请求, 或者封装所述响应消息, 具体包括: 当所述 IaaS业务对象操作请求包括业务对象标识时, 将所述 IaaS 业务对象操作请求包含的 IaaS业务对象标识替换为对应的别名, 或者, 当所 述响应消息包括业务对象标识时, 将所述响应消息包含的 IaaS业务对象标识 别名替换为对应的 IaaS业务对象标识,作为所述封装后的 IaaS业务对象的标 识。 Alternatively, the first processing unit 51 may further allocate an alias for the laaS service object, and save, by the first storage unit 52, a correspondence between the laaS service object and the alias. And the encapsulating the IaaS service object operation request, or encapsulating the response message, specifically includes: when the IaaS service object operation request includes a service object identifier, the IaaS service included in the IaaS service object operation request The object identifier is replaced with the corresponding alias, or when the response message includes the service object identifier, the IaaS service object identifier alias included in the response message is replaced with the corresponding IaaS service object identifier, as the encapsulated IaaS service. The identity of the object.
第二用户指定第二用户指定本发明的系统和各个装置实施例的相关处理 的具体实现可以参考本发明方法实施例的相关描述, 这里不再——赘述。  For a specific implementation of the second user designating the second user to specify the related processing of the system and the various device embodiments of the present invention, reference may be made to the related description of the method embodiment of the present invention, which is not described herein again.
当然, 本发明实施例所述的共享平台可以包括一个存储单元, 共享平台 的所包括的各个单元可以位于该存储单元内。 共享平台各个单元的在执行本 发明方法的具体实现过程可以参考本发明方法实施例的相关描述, 这里不再 一一赘述。  Of course, the sharing platform in the embodiment of the present invention may include a storage unit, and each unit included in the sharing platform may be located in the storage unit. For a specific implementation process of the method for performing the method of the present invention, reference may be made to the related description of the method embodiment of the present invention, and details are not described herein again.
本发明实施例的上述系统的具体工作工程可以参考本发明的其他实施 例, 这里不再——介绍。  The specific working process of the above system of the embodiment of the present invention can be referred to other embodiments of the present invention, and is not described here.
本领域技术人员可以理解附图只是一个优选实施例的示意图, 附图中 的模块或流程并不一定是实施本发明所必须的。  A person skilled in the art can understand that the drawings are only a schematic diagram of a preferred embodiment, and the modules or processes in the drawings are not necessarily required to implement the invention.
本领域技术人员可以理解实施例中的装置中的模块可以按照实施例描述 进行分布于实施例的装置中, 也可以进行相应变化位于不同于本实施例的一 个或多个装置中。 上述实施例的模块可以合并为一个模块, 也可以进一步拆 分成多个子模块。  Those skilled in the art can understand that the modules in the apparatus in the embodiments may be distributed in the apparatus of the embodiment according to the description of the embodiments, or may be correspondingly changed in one or more apparatuses different from the embodiment. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
最后应说明的是: 以上实施例仅用以说明本发明的技术方案, 而非对其 限制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通技术 人员应当理解: 其依然可以对前述各实施例所记载的技术方案进行修改, 或 者对其中部分技术特征进行等同替换; 而这些修改或者替换, 并不使相应技 术方案的本质脱离本发明各实施例技术方案的精神和范围。  It should be noted that the above embodiments are only for explaining the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: The technical solutions described in the foregoing embodiments are modified, or some of the technical features are equivalently replaced. The modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

权 利 要 求 书 Claim
1、 一种共享基础设施作为服务 IaaS 业务云账号的方法, 其特征在于, 包括:  A method for sharing an infrastructure as a service cloud account for an IaaS service, characterized in that:
保存至少一个用于接入提供 IaaS业务的基础设施云的云账号, 所述云账 号为第一用户的云账号;  And storing at least one cloud account for accessing an infrastructure cloud providing the IaaS service, where the cloud account is a cloud account of the first user;
为第二用户创建第二用户客户端接入共享平台的账号;  Creating a second user client accessing the account of the sharing platform for the second user;
根据第一用户与第二用户之间的关联关系, 为所述第二用户的第二用户 指定至少一个所述第一用户的云账号作为所述第二用户接入所述提供 IaaS业 务的基础设施云的接入账号, 以使得所述第二用户的客户端根据所述接入共 享平台的账号和所述接入账号接入所述接入账号对应的提供 IaaS业务的基础 设施云。  Assigning, by the second user of the second user, at least one cloud account of the first user as a basis for the second user to access the provided IaaS service according to an association relationship between the first user and the second user The access account of the facility cloud, so that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
2、 根据权利要求 1所述的方法, 其特征在于,  2. The method of claim 1 wherein
所述保存至少一个用于接入 IaaS业务的基础设施云的云账号, 所述云账 号为第一用户的云账号包括:  The cloud account of the infrastructure cloud for accessing the IaaS service is saved, and the cloud account whose cloud account is the first user includes:
接收所述第一用户客户端发送的云账号创建请求, 根据所述云账号创建 请求向提供 IaaS业务的基础设施云申请至少一个用于接入 IaaS业务的基础设 施云的云账号, 作为所述第一用户的云账号, 并保存所述云账号;  Receiving a cloud account creation request sent by the first user client, requesting, by the cloud account creation request, at least one cloud account for accessing an infrastructure cloud of the IaaS service to the infrastructure cloud that provides the IaaS service, as the a cloud account of the first user, and saving the cloud account;
或者, 接收并保存所述第一用户注册的至少一个云账号, 所述云账号由 所述第一用户向所述提供 IaaS业务的基础设施云申请得到。  Or receiving and saving at least one cloud account registered by the first user, where the cloud account is obtained by the first user from the infrastructure cloud that provides the IaaS service.
3、 根据权利要求 1或 2所述的方法, 其特征在于,  3. A method according to claim 1 or 2, characterized in that
为所述第二用户指定至少一个所述第一用户的云账号作为所述第二用户 接入提供 IaaS业务的基础设施云的接入账号包括:  Assigning, by the second user, the at least one cloud account of the first user as the access account of the second user accessing the infrastructure cloud providing the IaaS service includes:
接收第二用户的客户端在基于所述接入共享平台的账号登录后发送的 IaaS业务对象的操作请求时, 根据所述关联关系, 为所述第二用户指定至少 一个所述第一用户的云账号作为所述第二用户接入提供 IaaS业务的基础设施 云的接入账号; 或者, 在为所述第二用户创建第二用户客户端接入共享平台的账号时, 根据所 述关联关系, 为所述第二用户指定至少一个所述第一用户的云账号作为所述 第二用户接入提供 laaS业务的基础设施云的接入账号; 或者, Receiving, by the client of the second user, an operation request of the IaaS service object sent after the login of the account of the access sharing platform, according to the association relationship, designating, by the second user, at least one of the first user The cloud account is used as the access account of the second user to access the infrastructure cloud that provides the IaaS service; or When the second user is configured to access the account of the second user to access the shared platform, the second user is designated as the second user by using at least one cloud account of the first user according to the association relationship. Access the access account of the infrastructure cloud that provides the laaS service; or,
在所述第二用户向所述共享平台订购所述 IaaS业务后, 根据所述关联关 系, 为所述第二用户指定至少一个所述第一用户的云账号作为所述第二用户 接入提供 IaaS业务的基础设施云的接入账号。  After the second user subscribes to the IaaS service to the sharing platform, according to the association relationship, at least one cloud account of the first user is designated as the second user access by the second user. The access account of the infrastructure cloud of the IaaS service.
4、 根据权利要求 3所述的方法, 其特征在于, 所述接收第二用户的客户 端在基于所述接入共享平台的账号登录后发送的 IaaS 业务对象的操作请求 时, 根据所述关联关系, 为所述第二用户指定至少一个所述第一用户的云账 号作为所述第二用户接入提供 IaaS业务的基础设施云的接入账号之后所述方 法还包括:  The method according to claim 3, wherein the receiving the second user's client is based on the operation request of the IaaS service object sent after the account is logged in based on the account of the access sharing platform The method further includes: after the at least one cloud account of the first user is specified as the second user accessing the access account of the infrastructure cloud that provides the IaaS service, the method further includes:
根据所述指定的接入账号对应的提供 IaaS业务的基础设施云的消息格式 封装所述 IaaS业务对象操作请求,并向所述接入账号对应的提供 IaaS业务的 基础设施云发送所述封装的 IaaS业务对象操作请求;  And the IaaS service object operation request is encapsulated according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account, and the encapsulated device is sent to the infrastructure cloud that provides the IaaS service corresponding to the access account. IaaS business object operation request;
接收所述指定的接入账号对应的提供 IaaS业务的基础设施云根据所述封 装的 IaaS业务对象操作请求发送的响应消息; 封装所述响应消息, 并向所述 第二用户的客户端发送所述封装的响应消息。  Receiving, by the infrastructure cloud that provides the IaaS service corresponding to the specified access account, a response message sent according to the encapsulated IaaS service object operation request; encapsulating the response message, and sending the response message to the second user's client Encapsulated response message.
5、 根据权利要求 3所述的方法, 其特征在于, 所述在为所述第二用户创 建第二用户客户端接入共享平台的账号时, 根据所述关联关系, 为所述第二 用户指定至少一个所述第一用户的云账号作为所述第二用户接入提供 IaaS业 务的基础设施云的接入账号之后, 或者, 所述在所述第二用户向共享平台订 购所述 IaaS业务后, 根据所述关联关系, 为所述第二用户指定至少一个所述 第一用户的云账号作为所述第二用户接入提供 IaaS业务的基础设施云的接入 账号之后, 还包括:  The method according to claim 3, wherein, when the second user client is configured to access the account of the shared platform for the second user, according to the association relationship, the second user is Specifying at least one cloud account of the first user as the access account of the second user accessing the infrastructure cloud providing the IaaS service, or the subscribing the IaaS service to the shared platform by the second user After the at least one cloud account of the first user is specified as the second user accessing the access account of the infrastructure cloud that provides the IaaS service, the method further includes:
接收第二用户的客户端在基于所述接入共享平台的账号登录后发送的 Receiving, after the client of the second user logs in based on the account of the access sharing platform
IaaS业务对象的操作请求; 根据所述指定的接入账号对应的提供 IaaS业务的基础设施云的消息格式 封装所述 IaaS业务对象操作请求,并向所述接入账号对应的提供 IaaS业务的 基础设施云发送所述封装的 IaaS业务对象操作请求; Operation request of the IaaS business object; And the IaaS service object operation request is encapsulated according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account, and the encapsulated device is sent to the infrastructure cloud that provides the IaaS service corresponding to the access account. IaaS business object operation request;
接收所述指定的接入账号对应的提供 IaaS业务的基础设施云根据所述封 装的 IaaS业务对象操作请求发送的响应消息; 封装所述响应消息, 并向所述 第二用户的客户端发送所述封装的响应消息。  Receiving, by the infrastructure cloud that provides the IaaS service corresponding to the specified access account, a response message sent according to the encapsulated IaaS service object operation request; encapsulating the response message, and sending the response message to the second user's client Encapsulated response message.
6、 根据权利要求 3或 4或 5所述的方法, 其特征在于, 还包括: 为所述 第二用户标识对应的所述第二用户设定操作权限并保存;  The method according to claim 3 or 4 or 5, further comprising: setting an operation authority for the second user corresponding to the second user identifier and saving;
在接收第二用户的客户端在基于所述接入共享平台的账号登录后发送的 IaaS业务对象的操作请求之后, 封装所述 IaaS业务对象操作请求之前, 该方 法还包括:  After the operation request of the IaaS service object sent by the client of the second user after the login of the account of the access sharing platform is performed, before the operation request of the IaaS service object is encapsulated, the method further includes:
根据所述为第二用户标识对应的用户设定的操作权限判断所述第二用户 标识对应的用户是否拥有对所述 IaaS业务对象执行所述操作请求的权限, 并 在确定所述第二用户标识对应的用户拥有执行所述操作请求所对应的权限 时, 封装所述 IaaS业务对象操作请求。  Determining, according to the operation authority set by the user corresponding to the second user identifier, whether the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object, and determining the second user When the user corresponding to the identifier has the authority corresponding to the execution of the operation request, the IaaS service object operation request is encapsulated.
7、 根据权利要求 3或 4或 5所述的方法, 其特征在于, 在所述接收第二 用户的客户端在基于所述接入共享平台的账号登录后发送的 IaaS业务对象的 操作请求之后, 还包括:  The method according to claim 3 or 4 or 5, wherein after the operation request of the IaaS service object sent by the client receiving the second user after logging in based on the account of the access sharing platform , Also includes:
根据所述 IaaS业务对象的操作请求确定提供 IaaS业务的基础设施云,将 所述确定的基础设施云的账号作为所述 IaaS业务对象的操作请求的指定的接 入账号。  And determining, according to the operation request of the IaaS service object, an infrastructure cloud that provides an IaaS service, and using the determined account of the infrastructure cloud as the designated access account of the operation request of the IaaS service object.
8、 根据权利要求 7所述的方法, 其特征在于, 所述根据所述 IaaS业务 对象的操作请求确定提供 IaaS业务的基础设施云, 具体包括:  The method according to claim 7, wherein the determining, according to the operation request of the IaaS service object, the infrastructure cloud that provides the IaaS service, specifically includes:
所述 IaaS业务对象的操作请求包括第二用户所要接入的基础设施云的标 识, 确定所述基础设施云的标识对应的基础设施云为提供 IaaS业务的基础设 施云 或者, 所述 laaS业务对象的操作请求不包括第二用户所要接入的基础设施云的 标识, 则根据第二用户预先提供的基础设施云的选择规则确定提供 laaS业务 的基础设施云。 The operation request of the IaaS service object includes an identifier of an infrastructure cloud to be accessed by the second user, and the infrastructure cloud corresponding to the identifier of the infrastructure cloud is determined to be an infrastructure cloud that provides an IaaS service, or The operation request of the laaS service object does not include the identifier of the infrastructure cloud to be accessed by the second user, and the infrastructure cloud providing the laaS service is determined according to the selection rule of the infrastructure cloud provided by the second user in advance.
9、 根据权利要求 4或 5或 6所述的方法, 其特征在于, 包括:  9. The method according to claim 4 or 5 or 6, characterized in that it comprises:
为所述第二用户标识分配一个唯一的前缀或后缀, 并保存所述第二用户 标识和所述前缀或后缀的对应关系;  Allocating a unique prefix or suffix to the second user identifier, and saving a correspondence between the second user identifier and the prefix or suffix;
则封装所述 laaS业务对象操作请求,或者封装所述响应消息,具体包括: 根据所述第二用户标识和所述前缀或后缀的对应关系, 获取所述第二用 户标识对应的前缀或后缀;  The encapsulating the laaS service object operation request, or encapsulating the response message, specifically includes: acquiring a prefix or a suffix corresponding to the second user identifier according to the correspondence between the second user identifier and the prefix or the suffix;
当所述 laaS业务对象操作请求包括业务对象标识时,为所述 laaS业务对 象操作请求包含的 laaS业务对象标识增加前缀或后缀, 或者, 当所述响应消 息包括业务对象标识时, 为所述响应消息包含的 laaS业务对象标识减少前缀 或后缀, 作为所述封装后的 laaS业务对象的标识。  Adding a prefix or a suffix to the laaS service object identifier included in the laaS service object operation request when the laaS service object operation request includes the service object identifier, or when the response message includes the service object identifier, The LAAS service object identifier included in the message reduces the prefix or suffix as the identifier of the encapsulated laaS service object.
10、 根据权利要求 4或 5或 6所述的方法, 其特征在于,  10. A method according to claim 4 or 5 or 6, characterized in that
为所述 laaS业务对象分配一个别名,并保存所述 laaS业务对象和所述别 名的对应关系。  Assigning an alias to the laaS business object and saving the correspondence between the laaS business object and the alias.
则封装所述 laaS业务对象操作请求,或者封装所述响应消息,具体包括: 当所述 laaS业务对象操作请求包括业务对象标识时,将所述 laaS业务对 象操作请求包含的 laaS业务对象标识替换为对应的别名, 或者, 当所述响应 消息包括业务对象标识时, 将所述响应消息包含的 laaS业务对象标识别名替 换为对应的 laaS业务对象标识, 作为所述封装后的 laaS业务对象的标识。  The encapsulating the laaS service object operation request, or encapsulating the response message, specifically includes: when the laaS service object operation request includes the service object identifier, replacing the laaS service object identifier included in the LAAS service object operation request with The corresponding alias, or when the response message includes the service object identifier, replace the laaS service object identifier with the corresponding laaS service object identifier as the identifier of the encapsulated laaS service object.
11、 根据权利要求 5-10任一项所述的方法, 其特征在于, 还包括: 建立所述第二用户标识和所述 laaS业务对象标识的对应关系。  The method according to any one of claims 5 to 10, further comprising: establishing a correspondence between the second user identifier and the laaS service object identifier.
12、根据权利要求 9-11任一项所述的方法, 其特征在于, 所述 laaS业务 对象为密钥对、 虚拟机、 安全组、 存储对象、 存储块中的一个或多个。  The method according to any one of claims 9-11, wherein the laaS service object is one or more of a key pair, a virtual machine, a security group, a storage object, and a storage block.
13、 根据权利要求 4和 5任一项所述的方法, 其特征在于, 所述 laaS业 务对象操作请求为申请密钥对, 所述响应消息包括分配给所述 laaS业务对象 操作请求的 laaS业务对象, 所述分配的 laaS业务对象为密钥对。 13. The method according to any one of claims 4 and 5, characterized in that the laaS industry The service object operation request is an application key pair, and the response message includes a laaS service object allocated to the laaS service object operation request, and the allocated laaS service object is a key pair.
14、 根据权利要求 13 所述的方法, 其特征在于, 在接收所述提供 laaS 业务的基础设施云发送的响应消息之后, 所述方法还包括:  The method according to claim 13, wherein after receiving the response message sent by the infrastructure cloud providing the laaS service, the method further includes:
保存所述提供 laaS业务的基础设施云处理所述 laaS业务对象操作请求后 生成的私钥, 或者  Saving the private key generated by the infrastructure cloud providing the laaS service after processing the laaS business object operation request, or
在接收所述响应消息之后, 将所述分配的密钥对的私钥发送给所述第二 用户的客户端。  After receiving the response message, the private key of the assigned key pair is sent to the client of the second user.
15、 根据权利要求 14所述的方法, 其特征在于,  15. The method of claim 14 wherein:
所述 laaS业务对象操作请求为创建虚拟机的操作请求, 所述创建虚拟机 的操作请求包括所述第二用户标识、所需创建的虚拟机的规格和密钥对名称; 查找所述第二用户标识对应的提供 laaS业务的基础设施云的接入账号; 将所述所需创建的虚拟机的规格和密钥对名称封装在所述 laaS业务对象 的操作请求中, 并向所述接入账号对应的提供 laaS业务的基础设施云发送封 装后的 laaS业务对象的操作请求;  The laaS service object operation request is an operation request for creating a virtual machine, and the operation request for creating a virtual machine includes the second user identifier, a specification of a virtual machine to be created, and a key pair name; An access account corresponding to the infrastructure cloud of the laaS service corresponding to the user identifier; encapsulating the specification and the key pair name of the virtual machine to be created in an operation request of the laaS service object, and accessing the access The infrastructure cloud that provides the laaS service corresponding to the account sends an operation request of the encapsulated laaS business object;
所述响应消息包括根据所述 laaS业务对象操作请求生成的 laaS业务对象 的标识, 所述 laaS业务对象为创建的虚拟机。  The response message includes an identifier of a laaS service object generated according to the laaS service object operation request, where the laaS service object is a created virtual machine.
16、 根据权利要求 13所述的方法, 其特征在于, 所述方法包括: 所述 laaS业务对象操作请求为创建虚拟机的操作请求, 所述创建虚拟机 的操作请求包括所述第二用户标识和所需创建的虚拟机的规格;  The method according to claim 13, wherein the method includes: the laaS service object operation request is an operation request for creating a virtual machine, and the operation request for creating a virtual machine includes the second user identifier And the specifications of the virtual machine that you need to create;
查找所述第二用户标识对应的提供 laaS业务的基础设施云的接入账号; 将所述所需创建的虚拟机的规格封装在所述 laaS 业务对象的操作请求 中, 并向所述所述接入账号对应的提供 laaS业务的基础设施云发送封装后的 laaS业务对象的操作请求;  Finding an access account of the infrastructure cloud that provides the laaS service corresponding to the second user identifier; encapsulating the specification of the virtual machine to be created in an operation request of the laaS service object, and reporting the The infrastructure cloud that provides the laaS service corresponding to the access account sends an operation request of the encapsulated laaS service object;
所述响应消息包括根据所述 laaS业务对象操作请求生成的 laaS业务对象 的标识, 所述 laaS业务对象为创建的虚拟机, 所述生成的 laaS业务对象的标 识为所述创建的虚拟机的标识。 The response message includes an identifier of a laaS service object generated according to the operation request of the laaS service object, where the laaS service object is a created virtual machine, and the generated LAAS service object is marked. Know the identity of the virtual machine created.
17、 根据权利要求 12或 13所述的方法, 其特征在于, 所述 IaaS业务对 象操作请求为创建存储块的操作请求或保存存储对象的操作请求, 所述创建 存储块的操作请求包括存储块的名称或存储对象的标识;  The method according to claim 12 or 13, wherein the IaaS service object operation request is an operation request for creating a storage block or an operation request for saving a storage object, and the operation request for creating a storage block includes a storage block. Name or identifier of the storage object;
查找所述第二用户标识对应的提供 IaaS业务的基础设施云的接入账号; 将所述创建存储块的操作请求或保存存储对象的操作请求封装在所述 Searching for an access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier; encapsulating the operation request for creating the storage block or an operation request for saving the storage object in the
IaaS业务对象的操作请求中, 并向所述所述接入账号对应的提供 IaaS业务的 基础设施云发送封装后的 IaaS业务对象的操作请求; An operation request of the IaaS service object, and sending an operation request of the encapsulated IaaS service object to the infrastructure cloud that provides the IaaS service corresponding to the access account;
所述响应消息包括处理所述创建存储块的操作请求或保存存储对象的操 作请求的结果。  The response message includes a result of processing the operation request to create the memory block or saving an operation request of the storage object.
18、 根据权利要求 17所述的方法, 其特征在于, 所述 IaaS业务对象操 作请求为更改所述存储对象的访问权限, 则在接收所述第二用户客户端发送 的 IaaS业务对象操作请求之后, 所述方法还包括:  The method according to claim 17, wherein the IaaS service object operation request is to change an access right of the storage object, and after receiving the IaaS service object operation request sent by the second user client The method further includes:
判断所述 IaaS业务对象操作请求携带的更改其所包含的存储对象的访问 权限的目标用户是否所述共享平台的第二用户, 若是, 则保存该对象的新访 问权限, 否则, 向所述提供 IaaS业务的基础设施云发送重新封装的所述 IaaS 业务对象操作请求。  Determining, by the IaaS service object operation request, a target user that changes an access right of a storage object that is included in the IaaS service object operation request, whether the second user of the shared platform is saved, and if so, saving the new access right of the object, otherwise, providing the The infrastructure cloud of the IaaS service sends the re-encapsulated IaaS business object operation request.
19、 一种共享基础设施作为服务 IaaS业务云账号的共享平台, 其特征在 于, 包括:  19. A shared infrastructure as a shared platform for service IaaS service cloud accounts, characterized by:
第一存储单元 52,用于保存至少一个用于接入提供 IaaS业务的基础设施 云的云账号, 作为第一用户的云账号, 还用于保存所述第二用户标识与所述 接入账号的对应关系;  The first storage unit 52 is configured to save at least one cloud account for accessing the infrastructure cloud that provides the IaaS service, as the cloud account of the first user, and also used to save the second user identifier and the access account. Correspondence relationship;
第一处理单元 51 ,为第二用户创建第二用户客户端接入共享平台的账号; 根据第一用户与第二用户之间的关联关系, 为所述第二用户指定至少一个所 述第一用户的云账号作为所述第二用户接入提供 IaaS业务的基础设施云的接 入账号, 以使得所述第二用户的客户端根据所述接入共享平台的账号和所述 接入账号接入所述接入账号对应的提供 IaaS业务的基础设施云。 The first processing unit 51 is configured to create an account for the second user to access the shared platform for the second user; and specify at least one of the first user for the second user according to the association relationship between the first user and the second user. The user's cloud account is used as the second user to access an access account of the infrastructure cloud that provides the IaaS service, so that the client of the second user is based on the account of the access sharing platform and the The access account accesses the infrastructure cloud that provides the IaaS service corresponding to the access account.
20、 根据权利要求 19所述的共享平台, 其特征在于, 所述共享平台还包 括第一接收单元 53;  The sharing platform according to claim 19, wherein the sharing platform further includes a first receiving unit 53;
所述第一接收单元 53 , 用于接收所述第一用户客户端发送的云账号创建 请求, 并发送给所述第一处理单元 51 , 所述第一处理单元 51根据所述云账 号创建请求向提供 IaaS业务的基础设施云申请至少一个云账号, 作为所述第 一用户的云账号;  The first receiving unit 53 is configured to receive a cloud account creation request sent by the first user client, and send the request to the first processing unit 51, where the first processing unit 51 creates a request according to the cloud account. Applying at least one cloud account to the infrastructure cloud providing the IaaS service as the cloud account of the first user;
或者, 所述第一接收单元 53接收所述第一用户注册的至少一个云账号, 并由所述第一存储单元 52保存所述第一用户注册的至少一个云账号,其中所 述第一用户注册的至少一个云账号由所述第一用户向所述提供 IaaS业务的基 础设施云申请得到。  Or the first receiving unit 53 receives at least one cloud account registered by the first user, and saves, by the first storage unit 52, at least one cloud account registered by the first user, where the first user The registered at least one cloud account is obtained by the first user from the infrastructure cloud providing the IaaS service.
21、 根据权利要求 19或 20所述的共享平台, 其特征在于,  21. A sharing platform according to claim 19 or 20, characterized in that
所述第一处理单元 51 为所述第二用户指定至少一个所述第一用户的云 账号作为所述第二用户接入提供 IaaS业务的基础设施云的接入账号包括: 所述第一接收单元 53 接收第二用户的客户端在基于所述接入共享平台 的账号登录后发送的 IaaS业务对象的操作请求并将该 IaaS业务对象的操作请 求发送给所述第一处理单元 51 , 所述第一处理单元 51根据所述关联关系, 为所述第二用户指定至少一个所述第一用户的云账号作为所述第二用户接入 提供 IaaS业务的基础设施云的接入账号;  The first processing unit 51, for the second user, to specify at least one cloud account of the first user as the access account of the second user accessing the infrastructure cloud providing the IaaS service, includes: the first receiving The unit 53 receives an operation request of the IaaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, and sends an operation request of the IaaS service object to the first processing unit 51, The first processing unit 51 specifies, according to the association relationship, at least one cloud account of the first user for the second user as an access account of the infrastructure cloud that provides the IaaS service to the second user;
或者,所述第一处理单元 51在为接入共享平台的第二用户创建第二用户 客户端接入共享平台的账号时, 根据所述关联关系, 所述第一处理单元 51为 所述第二用户指定至少一个所述第一用户的云账号作为所述第二用户接入提 供 IaaS业务的基础设施云的接入账号;  Alternatively, the first processing unit 51, when creating a second user client accessing the account of the shared platform for the second user accessing the sharing platform, according to the association relationship, the first processing unit 51 is the first The second user specifies at least one cloud account of the first user as an access account of the second user accessing the infrastructure cloud providing the IaaS service;
或者, 在所述第二用户向所述第一接收单元 53发送订购所述 IaaS业务 后, 所述第一处理单元 51根据所述关联关系, 为所述第二用户指定至少一个 所述第一用户的云账号作为所述第二用户接入提供 IaaS业务的基础设施云的 接入账号。 Or, after the second user sends the subscription to the IaaS service to the first receiving unit 53, the first processing unit 51 specifies at least one of the first users for the second user according to the association relationship. The user's cloud account is used as the second user to access the infrastructure cloud that provides the IaaS service. Access account.
22、 根据权利要求 21所述的共享平台, 其特征在于,  22. The sharing platform of claim 21, wherein
所述第一接收单元 53 接收第二用户的客户端在基于所述接入共享平台 的账号登录后发送的 IaaS业务对象的操作请求并将该 IaaS业务对象的操作请 求发送给所述第一处理单元 51 , 所述第一处理单元 51根据所述关联关系, 为所述第二用户指定至少一个所述第一用户的云账号作为所述第二用户接入 提供 IaaS业务的基础设施云的接入账号, 之后, 所述方法还包括:  The first receiving unit 53 receives an operation request of the IaaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, and sends an operation request of the IaaS service object to the first process. The unit 51, the first processing unit 51 assigns, according to the association relationship, at least one cloud account of the first user to the second user as the infrastructure cloud of the second user accessing the IaaS service. After entering the account, the method further includes:
所述第一处理单元 51根据所述指定的接入账号对应的提供 IaaS业务的 基础设施云的消息格式封装所述 IaaS业务对象操作请求, 并由所述第一发送 单元 54向所述接入账号对应的提供 IaaS业务的基础设施云的提供装置发送 所述封装的 IaaS业务对象操作请求;  The first processing unit 51 encapsulates the IaaS service object operation request according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account, and the first sending unit 54 accesses the access The providing device of the infrastructure cloud that provides the IaaS service corresponding to the account sends the encapsulated IaaS service object operation request;
所述第一接收单元 53接收所述指定的接入账号对应的提供 IaaS业务的 基础设施云根据所述封装的 IaaS业务对象操作请求发送的响应消息; 封装所 述响应消息,并由所述第一发送单元 54向所述第二用户的客户端发送所述封 装的响应消息。  The first receiving unit 53 receives a response message sent by the infrastructure cloud that provides the IaaS service corresponding to the specified access account according to the encapsulated IaaS service object operation request, and encapsulates the response message, and the A sending unit 54 sends the encapsulated response message to the client of the second user.
23、 根据权利要求 21所述的共享平台, 其特征在于, 所述第一处理单元 51 在为接入共享平台的第二用户创建第二用户客户端接入共享平台的账号 时, 根据所述关联关系, 所述第一处理单元 51为所述第二用户指定至少一个 所述第一用户的云账号作为所述第二用户接入提供 IaaS业务的基础设施云的 接入账号之后, 或者, 在所述第二用户向所述第一接收单元 53发送订购所述 IaaS业务后, 所述第一处理单元 51根据所述关联关系, 为所述第二用户指定 至少一个所述第一用户的云账号作为所述第二用户接入提供 IaaS业务的基础 设施云的接入账号之后,  The sharing platform according to claim 21, wherein the first processing unit 51, when creating a second user client accessing the account of the sharing platform for the second user accessing the sharing platform, according to the Correlation relationship, the first processing unit 51 specifies, for the second user, at least one cloud account of the first user as the access account of the infrastructure cloud that provides the IaaS service to the second user, or After the second user sends the subscription to the IaaS service to the first receiving unit 53, the first processing unit 51 specifies at least one of the first user for the second user according to the association relationship. After the cloud account is accessed as an access account of the infrastructure cloud that provides the IaaS service to the second user,
所述第一接收单元 53 接收第二用户的客户端在基于所述接入共享平台 的账号登录后发送的 IaaS业务对象的操作请求;  The first receiving unit 53 receives an operation request of the IaaS service object sent by the client of the second user after logging in based on the account of the access sharing platform;
根据第一处理单元 51所述指定的接入账号对应的提供 IaaS业务的基础 设施云的消息格式封装所述 IaaS业务对象操作请求, 并由所述第一发送单元 54向所述接入账号对应的提供 IaaS业务的基础设施云发送所述封装的 IaaS 业务对象操作请求; Providing the basis of the IaaS service corresponding to the designated access account specified by the first processing unit 51 The message format of the facility cloud encapsulates the IaaS service object operation request, and the first sending unit 54 sends the encapsulated IaaS service object operation request to the infrastructure cloud that provides the IaaS service corresponding to the access account.
所述第一接收单元 53接收所述指定的接入账号对应的提供 IaaS业务的 基础设施云的提供装置根据所述封装的 IaaS业务对象操作请求发送的响应消 息; 所述第一处理单元 51封装所述响应消息, 并由所述第一发送单元 54向 所述第二用户的客户端发送所述封装的响应消息。  The first receiving unit 53 receives a response message sent by the providing device of the infrastructure cloud that provides the IaaS service corresponding to the specified access account according to the encapsulated IaaS service object operation request; the first processing unit 51 encapsulates The response message, and the encapsulated response message is sent by the first sending unit 54 to the client of the second user.
24、 根据权利要求 22或 23所述的共享平台, 其特征在于, 在所述第一 接收单元 53 接收第二用户的客户端在基于所述接入共享平台的账号登录后 发送的 IaaS业务对象的操作请求之后,  The sharing platform according to claim 22 or 23, wherein the first receiving unit 53 receives an IaaS service object sent by a client of the second user after logging in based on the account of the access sharing platform. After the operation request,
所述第一处理单元 51根据所述 IaaS业务对象的操作请求确定提供 IaaS 业务的基础设施云, 将所述确定的基础设施云的账号作为所述 IaaS业务对象 的操作请求的指定的接入账号。  The first processing unit 51 determines, according to the operation request of the IaaS service object, an infrastructure cloud that provides an IaaS service, and uses the determined account of the infrastructure cloud as the designated access account of the operation request of the IaaS service object. .
PCT/CN2013/074847 2012-05-04 2013-04-27 Iaas service cloud account sharing method, sharing platform and network device WO2013163944A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210137495.3A CN103384237B (en) 2012-05-04 2012-05-04 Method for sharing IaaS cloud account, shared platform and network device
CN201210137495.3 2012-05-04

Publications (1)

Publication Number Publication Date
WO2013163944A1 true WO2013163944A1 (en) 2013-11-07

Family

ID=49491934

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/074847 WO2013163944A1 (en) 2012-05-04 2013-04-27 Iaas service cloud account sharing method, sharing platform and network device

Country Status (2)

Country Link
CN (1) CN103384237B (en)
WO (1) WO2013163944A1 (en)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639516B (en) * 2013-11-13 2018-02-06 华为技术有限公司 Identity identifying method, equipment and system
US9146764B1 (en) 2014-09-30 2015-09-29 Amazon Technologies, Inc. Processing event messages for user requests to execute program code
US9678773B1 (en) 2014-09-30 2017-06-13 Amazon Technologies, Inc. Low latency computational capacity provisioning
US9600312B2 (en) 2014-09-30 2017-03-21 Amazon Technologies, Inc. Threading as a service
CN104484218B (en) * 2014-11-18 2017-11-17 华为技术有限公司 A kind of method, apparatus and system of the displaying of virtual machine title
US9733967B2 (en) 2015-02-04 2017-08-15 Amazon Technologies, Inc. Security protocols for low latency execution of program code
US9588790B1 (en) 2015-02-04 2017-03-07 Amazon Technologies, Inc. Stateful virtual compute system
CN105337974B (en) * 2015-10-28 2020-06-23 腾讯科技(深圳)有限公司 Account authorization method, account login method, account authorization device and client
CN105405041B (en) * 2015-10-30 2021-02-05 腾讯科技(深圳)有限公司 Information processing method and terminal
US10102040B2 (en) 2016-06-29 2018-10-16 Amazon Technologies, Inc Adjusting variable limit on concurrent code executions
EP3479229A1 (en) * 2016-06-30 2019-05-08 Amazon Technologies Inc. On-demand code execution using cross-account aliases
CN106534096A (en) * 2016-10-27 2017-03-22 乐视控股(北京)有限公司 Method for master device to share user identity with slave device, master device, and slave device
CN108200145A (en) * 2017-12-28 2018-06-22 努比亚技术有限公司 Account sharing method, device and computer readable storage medium
CN108881190B (en) * 2018-05-31 2020-12-18 联想(北京)有限公司 Information processing method and device
US10853115B2 (en) 2018-06-25 2020-12-01 Amazon Technologies, Inc. Execution of auxiliary functions in an on-demand network code execution system
CN109088854B (en) * 2018-07-12 2021-09-07 中国联合网络通信集团有限公司 Access method and device of shared application and readable storage medium
US11099870B1 (en) 2018-07-25 2021-08-24 Amazon Technologies, Inc. Reducing execution times in an on-demand network code execution system using saved machine states
CN109600349B (en) * 2018-07-27 2020-01-17 北京字节跳动网络技术有限公司 Method, device, equipment and medium for realizing service data sharing
CN109361758A (en) * 2018-11-09 2019-02-19 浙江数链科技有限公司 The execution method and device of business operation
US11943093B1 (en) 2018-11-20 2024-03-26 Amazon Technologies, Inc. Network connection recovery after virtual machine transition in an on-demand network code execution system
CN109587233B (en) * 2018-11-28 2021-08-17 深圳前海微众银行股份有限公司 Multi-cloud container management method, device and computer-readable storage medium
CN109873805B (en) * 2019-01-02 2021-06-25 平安科技(深圳)有限公司 Cloud desktop login method, device, equipment and storage medium based on cloud security
US11861386B1 (en) 2019-03-22 2024-01-02 Amazon Technologies, Inc. Application gateways in an on-demand network code execution system
US11119809B1 (en) 2019-06-20 2021-09-14 Amazon Technologies, Inc. Virtualization-based transaction handling in an on-demand network code execution system
US10999355B1 (en) * 2020-01-28 2021-05-04 Snowflake Inc. System and method for global data sharing
US11714682B1 (en) 2020-03-03 2023-08-01 Amazon Technologies, Inc. Reclaiming computing resources in an on-demand code execution system
US11550713B1 (en) 2020-11-25 2023-01-10 Amazon Technologies, Inc. Garbage collection in distributed systems using life cycled storage roots
US11593270B1 (en) 2020-11-25 2023-02-28 Amazon Technologies, Inc. Fast distributed caching using erasure coded object parts
CN112804193B (en) * 2020-12-21 2023-09-01 航天信息股份有限公司 Unified account system for realizing multi-platform service intercommunication
US11388210B1 (en) 2021-06-30 2022-07-12 Amazon Technologies, Inc. Streaming analytics using a serverless compute system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345642A (en) * 2007-07-09 2009-01-14 华硕电脑股份有限公司 Data sharing method
US20110265147A1 (en) * 2010-04-27 2011-10-27 Huan Liu Cloud-based billing, credential, and data sharing management system
US20110307362A1 (en) * 2009-12-09 2011-12-15 Marcos Lara Method of Pay for Performance Accounting
CN102394837A (en) * 2011-10-31 2012-03-28 孟伟 Information sharing method, terminal and system
CN102427473A (en) * 2011-11-28 2012-04-25 中国联合网络通信集团有限公司 Method and system for constructing cross-platform resource

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355476B (en) * 2008-05-23 2011-05-11 林云帆 System and method for storing, distributing and applying data files based on server cluster
US8931038B2 (en) * 2009-06-19 2015-01-06 Servicemesh, Inc. System and method for a cloud computing abstraction layer
US8631477B2 (en) * 2009-07-23 2014-01-14 International Business Machines Corporation Lifecycle management of privilege sharing using an identity management system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345642A (en) * 2007-07-09 2009-01-14 华硕电脑股份有限公司 Data sharing method
US20110307362A1 (en) * 2009-12-09 2011-12-15 Marcos Lara Method of Pay for Performance Accounting
US20110265147A1 (en) * 2010-04-27 2011-10-27 Huan Liu Cloud-based billing, credential, and data sharing management system
CN102394837A (en) * 2011-10-31 2012-03-28 孟伟 Information sharing method, terminal and system
CN102427473A (en) * 2011-11-28 2012-04-25 中国联合网络通信集团有限公司 Method and system for constructing cross-platform resource

Also Published As

Publication number Publication date
CN103384237B (en) 2017-02-22
CN103384237A (en) 2013-11-06

Similar Documents

Publication Publication Date Title
WO2013163944A1 (en) Iaas service cloud account sharing method, sharing platform and network device
US10505929B2 (en) Management and authentication in hosted directory service
CN108108223B (en) Kubernetes-based container management platform
CN107577516B (en) Virtual machine password resetting method, device and system
WO2018095416A1 (en) Information processing method, device and system
WO2018145605A1 (en) Authentication method and server, and access control device
US9294468B1 (en) Application-level certificates for identity and authorization
CN107005582B (en) Method for accessing public end point by using credentials stored in different directories
EP2779529A1 (en) Method and device for controlling resources
WO2019037775A1 (en) Issuance of service configuration file
WO2021115449A1 (en) Cross-domain access system, method and device, storage medium, and electronic device
US8948399B2 (en) Dynamic key management
WO2015101125A1 (en) Network access control method and device
WO2013091196A1 (en) Method, device, and system for setting user's right to access virtual machine
US11431720B1 (en) Authentication and authorization with remotely managed user directories
CN107800743B (en) Cloud desktop system, cloud management system and related equipment
WO2013097067A1 (en) Method, device and system for realizing communication after virtual machine migration
WO2013078814A1 (en) Ip address allocation method and device
TW201517563A (en) Could gateway establishing and configuring system and method
WO2011147361A1 (en) Method, device and system for implementing resource management in cloud computing
WO2022247751A1 (en) Method, system and apparatus for remotely accessing application, device, and storage medium
WO2012139528A1 (en) Authorization method and terminal device
WO2015180364A1 (en) Network access point hosting method and system
WO2016165505A1 (en) Connection control method and apparatus
CN112615810B (en) Access control method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13785185

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13785185

Country of ref document: EP

Kind code of ref document: A1