WO2013163944A1 - Procédé de partage de comptes d'informatique en nuage pour services iaas, plateforme de partage et dispositif de réseau - Google Patents

Procédé de partage de comptes d'informatique en nuage pour services iaas, plateforme de partage et dispositif de réseau Download PDF

Info

Publication number
WO2013163944A1
WO2013163944A1 PCT/CN2013/074847 CN2013074847W WO2013163944A1 WO 2013163944 A1 WO2013163944 A1 WO 2013163944A1 CN 2013074847 W CN2013074847 W CN 2013074847W WO 2013163944 A1 WO2013163944 A1 WO 2013163944A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
account
cloud
operation request
iaas
Prior art date
Application number
PCT/CN2013/074847
Other languages
English (en)
Chinese (zh)
Inventor
柴晓前
李彦
朱文杰
邹现军
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2013163944A1 publication Critical patent/WO2013163944A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/508Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
    • H04L41/5096Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to distributed or central networked applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1453Methods or systems for payment or settlement of the charges for data transmission involving significant interaction with the data transmission network
    • H04L12/1457Methods or systems for payment or settlement of the charges for data transmission involving significant interaction with the data transmission network using an account

Definitions

  • the invention relates to a method for sharing an IaaS service cloud account, and a sharing platform and a network device.
  • the application requires that the application number submitted on May 4, 2012 is 201210137495.3, and the invention name is "a method for sharing an IaaS service cloud account, and a sharing platform.
  • the priority of the Chinese Patent Application the entire disclosure of which is incorporated herein by reference.
  • the embodiments of the present invention relate to the field of communications technologies, and in particular, to a method for sharing an IaaS service cloud account, a sharing platform, and a network device. Background technique
  • Cloud computing allocates resources according to user needs. According to user charges, users do not need to purchase hardware and software. All software and hardware resource requirements can be met by remote access using the software provider's hardware and software. Through the shared use of resources, resource utilization can be improved, and the cost of use and maintenance costs can be reduced.
  • IAAS Infrastructure as a Service
  • VM Virtual Machines
  • Storage capacity is another common form of resource representation.
  • Embodiments of the present invention provide a method for sharing an IaaS service cloud account, a sharing platform, and a network device, so as to share a cloud account between multiple users.
  • An embodiment of the present invention provides a method for sharing an infrastructure as a service cloud account for an IaaS service, including:
  • At least one cloud account for accessing an infrastructure cloud providing the IaaS service, where the cloud account is a cloud account of the first user;
  • At least one cloud account of the first user to the second user as the second user accessing the infrastructure cloud providing the IaaS service according to the association relationship between the first user and the second user Entering an account, so that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • An embodiment of the present invention provides a shared platform, which is a shared platform for serving an IaaS service cloud account, and includes:
  • the first storage unit 52 is configured to save at least one cloud account for accessing the infrastructure cloud that provides the IaaS service, as the cloud account of the first user, and also used to save the second user identifier and the access account. Correspondence relationship;
  • the first processing unit 51 is configured to create an account for the second user to access the shared platform, and the account of the access sharing platform includes the identifier of the second user; according to the association between the first user and the second user a relationship, the at least one cloud account of the first user is designated as the access account of the second user accessing the infrastructure cloud of the IaaS service, so that the client of the second user is configured according to The account of the access sharing platform and the access account access the infrastructure cloud that provides the IaaS service corresponding to the access account.
  • the cloud account registered by the first user may be designated as the first according to the association relationship between the first user and the second user.
  • the second user accesses the access account of the infrastructure cloud that provides the IaaS service, thereby using the second
  • the user can use the cloud account registered for the first user to realize the sharing of the cloud account between the users.
  • 1 is a flow chart of a method for sharing an infrastructure as a method for serving an IaaS service cloud account
  • FIG. 2 is a flowchart of an embodiment of a method for creating a virtual machine according to an embodiment of the present invention
  • FIG. 3 is a flowchart of an embodiment of implementing a cloud storage method according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a system for sharing an infrastructure as a service cloud account for an IaaS service according to the present invention
  • FIG. 5 is a schematic structural diagram of a shared infrastructure as a shared platform for serving IaaS service cloud accounts according to the present invention. detailed description
  • FIG. 1 is a flowchart of a method for sharing an infrastructure as a method for serving an IaaS service cloud account. As shown in FIG. 1, the method may include:
  • the cloud account described in the embodiment of the present invention is an account that is applied to the IaaS service provider to access and use the IaaS service, and may include a username, a password, and/or a related access authentication key (such as an Access Key, Secret Access Key) and so on.
  • At least one cloud account here includes the following meanings: One or more cloud accounts that are saved are used to access an infrastructure cloud that provides IaaS services, including user names and authentication information, that is, cloud accounts and IaaS services.
  • the relationship of infrastructure clouds is a many-to-one relationship.
  • the cloud account that is used to access the infrastructure cloud of the IaaS service may be included in the following two implementation manners:
  • the sharing platform receives the cloud account creation request sent by the first user client, and applies, according to the cloud account creation request, the first user to the infrastructure cloud that provides the IaaS service to apply for at least one infrastructure cloud for accessing the IaaS service.
  • Cloud account and save the cloud account;
  • the sharing platform receives and saves at least one cloud account registered by the first user, and the cloud account is obtained by the first user from the infrastructure cloud that provides the IaaS service.
  • the registration here means that the first user provides the cloud account information owned by the first user to the sharing platform according to the format of the shared platform.
  • the cloud account of the at least one first user for the second user as the infrastructure cloud of the second user accessing the IaaS service. Entering an account, so that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • the association relationship between the first user and the second user in the embodiment of the present invention may be any relationship that the first user agrees to authorize the second user to use the cloud account, where the first user may be the operator or manager of the shared platform. , or a third-party company, or an individual, the second user can be an individual.
  • the association relationship embodies an association between the first user and the second user, which may be a correspondence relationship table, that is, an association relationship table.
  • the association table may be stored in a shared platform, or may be stored on a separate storage device. For example, after the second user logs in to the shared platform, the IaaS service object operation request is sent, or the shared platform creates an access for the second user. After sharing the account of the platform, by sharing The platform queries the association relationship table to specify the access account for the second user.
  • association relationship can be saved on the shared platform, and can be queried when needed.
  • association relationship can also be saved on the client of the first user, and the shared platform goes to the client of the first user when needed. Get it, etc.
  • At least one of the cloud accounts registered for the first user as the access account of the second user to access the infrastructure cloud providing the IaaS service may include the following situations:
  • the client receiving the second user specifies an access account for the second user that sends the operation request of the IaaS service object after the operation request of the IaaS service object sent after the account is logged in according to the account of the access sharing platform. .
  • At least one of the registered cloud accounts is designated as the second user for the second user according to the association relationship.
  • At least one cloud account of the first user is specified as the second user accessing the second user.
  • the access account of the infrastructure cloud of the IaaS service is provided.
  • the corresponding relationship between the second user identifier and the access account may be saved for subsequent use.
  • the sharing platform After the access account is specified for the second user, the sharing platform encapsulates the IaaS service object operation according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account. And requesting, by the infrastructure cloud that provides the laaS service corresponding to the access account, the encapsulated LAAS service object operation request; the infrastructure cloud that provides the laaS service corresponding to the access account is configured according to the encapsulated laaS service The object operation request returns a response message to the shared platform; the sharing platform receives the response message sent by the infrastructure cloud that provides the laaS service corresponding to the access account, and encapsulates the response message, and sends the response message to the client of the second user. Encapsulated response message.
  • the response message includes a laaS service object returned by the infrastructure cloud providing the laaS service
  • the laaS service object is a target object provided by the infrastructure cloud of the laaS service for the user to perform the operation remotely.
  • the laaS business object includes, but is not limited to, one or more of a virtual machine, a security group, a key pair, a storage object, and the like.
  • This embodiment is a scheme written from the shared platform side.
  • the cloud account registered by the first user may be designated as the first according to the association relationship between the first user and the second user.
  • the second user accesses the access account of the infrastructure cloud that provides the laaS service, so that the second user can use the cloud account registered for the first user to realize the sharing of the cloud account between the users.
  • the method may further include setting an operation authority for the second user, that is, setting an operation authority for the second user corresponding to the identifier of the second user, and further saving the operation authority set for the user in the bdfgh.
  • the method further includes: after receiving an operation request of the laaS service object sent by the client of the second user after the account is logged in based on the account of the access sharing platform, according to the operation set by the user corresponding to the second user identifier Determining, by the authority, whether the user corresponding to the second user identifier has the right to perform the operation request on the laaS service object, and determining that the user corresponding to the second user identifier has the authority corresponding to executing the operation request Performing a subsequent operation, the subsequent operation, for example, may encapsulate the LAAS service object operation request according to the message format of the infrastructure cloud providing the laaS service corresponding to the specified access account, and corresponding to the access account
  • the infrastructure cloud providing the laaS service sends the encapsulated
  • the client that receives the second user sends After the operation request of the IaaS service object is sent, the user corresponding to the operation request of the IaaS service object may not be determined, and the client receiving the second user is based on the access sharing platform. After the operation request of the IaaS business object sent after the account is logged in, the subsequent operation is directly performed.
  • the method further includes receiving an infrastructure cloud providing the IaaS service corresponding to the access account.
  • the encapsulated IaaS service object operates to send a response message to the request; and further encapsulates the response message, and sends the encapsulated response message to the second user's client.
  • the method After receiving the response message sent by the infrastructure cloud providing the IaaS service corresponding to the access account according to the encapsulated IaaS service object operation request, the method further parses the response message to obtain a success or failure.
  • the operation result information is saved, and the operation result information is saved in the sharing platform, so as to provide a reference for the second user to determine the infrastructure cloud that provides the IaaS service corresponding to the access account.
  • the foregoing method is mainly for the case that one or more cloud accounts saved on the shared platform correspond to an infrastructure cloud that provides an IaaS service, and if the shared platform simultaneously registers a plurality of cloud accounts of the infrastructure cloud providing the IaaS service, the receiving After the operation request of the IaaS service object sent by the second user's client after the account is logged in, the method may further include: first determining, according to the operation request of the IaaS service object, the infrastructure cloud that provides the IaaS service. And then, the account corresponding to the determined infrastructure cloud is used as the designated access account of the operation request of the IaaS service object.
  • the operation request of the IaaS service object includes an identifier of an infrastructure cloud that is to be accessed by the second user client to provide an IaaS service, and the infrastructure cloud corresponding to the identifier of the infrastructure cloud is determined to be an infrastructure cloud that provides IaaS services; Or, according to the previously stored correspondence between the second user identifier and the access account, finding that the corresponding relationship has obtained multiple access corresponding to the second user identifier The account, and then the infrastructure cloud that provides the IaaS service is found according to the access account; or the operation request of the IaaS service object does not include the identifier of the infrastructure cloud to be accessed by the second user client, and the second user is pre-
  • the selection rules for the provided infrastructure cloud determine the infrastructure cloud that provides IaaS services.
  • the selection rule may be: the second user pre-provides its acceptable service quality of service (QoS), such as request delay duration, request failure rate, IaaS service object abnormal ratio, etc., and these parameters are Specifying the weight, filtering all the infrastructure clouds that can provide the IaaS service according to the QoS and its weight, and determining the infrastructure cloud for providing the IaaS service to the second user from the filtered infrastructure cloud that can provide the IaaS service, determining The method may be: sorting according to the quality of the QoS, and selecting the infrastructure cloud with the highest QoS quality to provide the IaaS service.
  • QoS quality of service
  • the IaaS service object in the response message received by the shared platform includes the IaaS service object identifier, and the shared platform may also establish the second user identifier after receiving the IaaS service object identifier for the first time. Corresponding relationship with the identifier of the IaaS service object, for the subsequent shared platform to verify whether the user has the right to initiate an operation for the IaaS service object, or to perform statistics, charging, and the like according to the user.
  • the shared platform may receive the IaaS service object identifier for the first time from the following two ways:
  • the second user passes the IaaS service object identifier provided by the IaaS service object operation request, or the infrastructure cloud that provides the IaaS service processes the IaaS service submitted by the second user.
  • the IaaS service object identifier is allocated to the generated IaaS service object, and the IaaS service object identifier is returned to the sharing platform by the response message of the IaaS service object operation request.
  • the sharing platform allocates a unique prefix or suffix to the second user identifier, and saves the correspondence between the second user identifier and the prefix or suffix, and the message between the client and the shared platform of the second user Use the IaaS business object identifier without adding a prefix or suffix, and the identifier of the IaaS business object with the prefix or suffix added between the shared platform and the infrastructure cloud providing the IaaS service to prevent object conflicts between different users, then encapsulation The IaaS business object operation request, or When the response message is encapsulated, the prefix or suffix corresponding to the second user identifier is obtained according to the correspondence between the second user identifier and the prefix or suffix, and the laaS included in the operation request of the laaS service object is obtained. The service object identifier is added with a prefix or suffix, or the prefix or suffix of the laaS service object identifier included in the response message is used as the identifier of the encapsulated
  • the sharing platform assigns an alias to the laaS service object, and the alias may be uniquely associated with the laaS service object, and save the correspondence between the laaS service object of the second user identifier and the specified alias,
  • the message between the user client and the shared platform uses the laaS service object identifier provided by the user, and the alias of the laaS service object is used between the shared platform and the infrastructure cloud providing the laaS service to prevent object conflicts between different users.
  • the alias is replaced with the corresponding laaS service object identifier as the identifier of the encapsulated laaS service object.
  • the specified access account may be used to create a virtual machine or implement cloud storage.
  • the following sections describe two specific application examples of the present invention: virtual machine creation and cloud storage implementation.
  • the laaS service is a virtual machine service of the infrastructure cloud
  • the foregoing laaS service object may be one or more of a key pair, a virtual machine, a security group, and the like.
  • the response message returned by the infrastructure cloud providing the laaS service includes providing a laaS service.
  • the result of the infrastructure cloud processing the laaS service object operation request including a key pair name, a private key in the generated key pair, wherein the key pair name is one of identifiers of the laaS service object.
  • the method further includes: sending a private key of the generated key pair to a client of the second user, where the sharing platform does not save the private key.
  • the key pair is used as the IaaS service object
  • the IaaS service object is a key pair
  • the IaaS service object operation request sent by the second user is an operation request for creating a key pair.
  • the response message includes a result of the infrastructure cloud processing the IaaS service object operation request, and also includes a private key in the generated key pair.
  • the method further includes: the sharing platform saving the private key of the key pair and the correspondence between the key pair and the infrastructure cloud.
  • the second user client When the second user client creates a virtual machine, that is, the sent IaaS service object operation request is an operation request for creating a virtual machine, the second user client carries the key pair name in the IaaS service object operation request, after the virtual machine is created,
  • the access virtual machine SSH (Secure Shell) client can access the virtual machine through the sharing platform.
  • the shared platform uses the key of the virtual machine saved by the shared platform to perform virtual machine login authentication. After the authentication is passed, the user interface is provided to the second user client, and the virtual machine login authentication is transparent to the second user, that is, the specific process of the virtual machine login authentication is invisible to the user.
  • the sharing platform determines the access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier, and the specific determining method may be as follows: Step 103;
  • the second user identifier, the specification of the virtual machine to be created, and the key pair name are encapsulated in the operation request of the IaaS service object, and the encapsulated IaaS service is sent to the infrastructure cloud that provides the IaaS service corresponding to the access account.
  • the operation request returned by the infrastructure cloud that provides the IaaS service includes an identifier of the IaaS service object generated according to the IaaS service object operation request, and the IaaS service object is the created virtual machine.
  • the IaaS service object operation request is an operation request for creating a virtual machine
  • the virtual machine is generated by using a username and a password
  • the user name and password are login user names and passwords of the virtual machine created by logging in, where the virtual machine is created.
  • the operation request includes the second user identifier and a specification of the virtual machine to be created, optionally including a login user name or password provided by the second user;
  • the sharing platform determines the access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier. For details, refer to step 103.
  • the operation request for creating the virtual machine is carried.
  • the information is encapsulated in an operation request of the IaaS service object, and sends an operation request of the encapsulated IaaS service object to the infrastructure cloud that provides the IaaS service corresponding to the access account; and the response returned by the infrastructure cloud that provides the IaaS service
  • the message includes an identifier of the IaaS service object generated according to the IaaS service object operation request, and the IaaS service object is the created virtual machine.
  • the method includes: for an created virtual machine, the IaaS business object operation request is a virtual machine stop operation request, a virtual machine change operation request, a virtual machine Restart operation request or virtual machine delete operation request, the IaaS business object operation request includes the second user identifier, the identifier of the virtual machine that needs to be stopped, changed, restarted or deleted; according to the saved second user Corresponding relationship between the identifier and the access account determines an access account of the infrastructure cloud that provides the IaaS service corresponding to the second user identifier; and the second user identifier, the virtual machine that needs to be stopped, changed, restarted, or deleted
  • the identifier is encapsulated in an operation request of the IaaS service object, and sends an operation request of the encapsulated IaaS service object to the infrastructure cloud that provides
  • the foregoing IaaS service object may be a storage object or a storage block bucket.
  • the operation request for creating the storage block includes a name or storage of the storage block.
  • the identifier of the object after receiving the IaaS service object operation request, the sharing platform determines, according to the correspondence between the second user identifier and the access account that is saved by the shared platform, the infrastructure cloud that provides the IaaS service corresponding to the second user identifier.
  • the operation request for creating a storage block or the operation request for saving a storage object or the other operation request of the storage object is encapsulated in an operation request of an IaaS service object, and provides a basis for providing an IaaS service corresponding to the access account.
  • the facility cloud sends an operation request of the encapsulated IaaS service object; the infrastructure cloud response message providing the IaaS service includes a processing result of processing the IaaS service object operation request.
  • the method may further include: determining, by the IaaS service object operation request, whether the target user that changes the access right of the storage object that is included in the IaaS service object operation request is the second user of the shared platform, and if yes, the sharing platform saves the object The new access right does not send an access permission operation request to change the storage object to the infrastructure cloud providing the storage service, otherwise, send the re-encapsulated change access permission operation of the storage object to the infrastructure cloud providing the storage service request.
  • FIG. 2 is a flowchart of an embodiment of a method for creating a virtual machine (VM). As shown in FIG. 2, the method may include:
  • Step 201 Register at least one cloud account for accessing the infrastructure cloud providing the IaaS service on the shared platform, as the cloud account of the client of the first user; the specific registration process may refer to the related description of the foregoing embodiment of the present invention.
  • the sharing platform can simultaneously register multiple cloud accounts of the infrastructure cloud that provides IaaS services. For each infrastructure cloud that provides IaaS services, one or more of the infrastructure cloud's Yunma can be registered with the shared platform.
  • Step 202 The second user client of the shared platform accessing the shared platform creates an account of the second user client to access the shared platform.
  • the sharing platform generates an account for accessing the shared platform for each second user that uses the cloud service through the shared platform, where the account of the access sharing platform includes at least a user identifier of the second user, and optionally has an access sharing.
  • Certification information for the platform such as passwords, certificates, etc.
  • Second user client The account of the access sharing platform is used to access the sharing platform, and the cloud service provided by the infrastructure cloud is used through the sharing platform.
  • the authentication information corresponding to the account of the access sharing platform is provided, such as providing a password or a certificate, and the sharing platform uses the authentication information to authenticate the identity of the second user, and after the authentication is passed, Open cloud business access capabilities for users.
  • Step 203 The sharing platform, according to the association relationship between the first user and the second user, specifies, for the second user, at least one cloud account of the first user as the second user access
  • the access account of the infrastructure cloud of the IaaS service so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • Facility cloud The access account of the infrastructure cloud of the IaaS service, so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • the sharing platform specifies an access account for the second user in step 202.
  • a second user can be assigned to an access account of the infrastructure cloud, one of the foundations.
  • the access account of the facility cloud can be assigned to multiple second users.
  • the process of associating the first user with the second user and the process of assigning an access account to the second user may refer to related descriptions of other embodiments of the present invention.
  • the sharing platform specifies, as the second user, the cloud account registered by the first user as the second user to access the access account of the infrastructure cloud of the IaaS according to the association relationship between the first user and the second user.
  • the preferred implementation of the foregoing sharing platform for the cloud account registered by the first user as the first user according to the association relationship between the first user and the second user as the second user accessing the infrastructure cloud providing the IaaS is:
  • the shared platform is uniformly allocated according to the load condition of each access account of the infrastructure cloud, so that each access account of the infrastructure cloud is made.
  • the number of associated users is basically equal, where the load refers to the number of second users associated with it, regardless of whether the second user is currently used or not; or, the sharing platform groups the users according to the different rights granted to the user, and Assign to an IaaS access account based on the packet.
  • the manner in which the sharing platform specifies the access account for the second user may be fixed or dynamically specified.
  • the shared platform specifies the access account for the second user in a fixed manner, that is, a user is fixedly bound to an access account corresponding to an infrastructure cloud, and the user identifier and the infrastructure cloud are saved on the shared platform.
  • Such a user can view and manage the status information of cloud instances stored in the infrastructure cloud providing IaaS services at any time.
  • a cloud instance refers to an IaaS service object created by the infrastructure cloud according to the request of the second user.
  • the created virtual machine is a cloud instance, and one storage space allocated for the user, that is, the stored block is a cloud instance.
  • the sharing platform When the sharing platform specifies the access account for the second user in a dynamic manner, that is, when a user is using the cloud service (such as an operation request for sending an IaaS service), the sharing platform temporarily specifies the IaaS for the user.
  • the cloud account of the infrastructure cloud of the service is used as an access account, and the cloud account is released after the user requests the processing, that is, the cloud account is no longer bound.
  • the sharing platform can dynamically assign an access account of the infrastructure cloud to the user according to the load of the infrastructure cloud that provides the IaaS service corresponding to each access account, such as assigning a lower current load to the user.
  • the access account of the facility cloud processes the operational request of the user's IaaS service, where the load refers to the number of second users associated with which the infrastructure cloud is currently being used.
  • the sharing platform may assign operation rights to the user according to the identity of the second user, for example, the ordinary user can only use the VM, but cannot create the intermediate user, and the intermediate user can only create a maximum of 5 VMs.
  • the advanced user can apply for the specification comparison. High VM and so on, and save the user rights.
  • Step 204 The sharing platform sends an operation request for creating a key pair of the second user, and receives a key pair returned by the corresponding infrastructure cloud that provides the IaaS service.
  • the key pair keypa ir is a key-value pair, including a public key and a private key, for the second user client to access the virtual machine VM.
  • the key pair application request may be that after the sharing platform receives the operation request of the IaaS service object sent by the second user after logging in based on the account of the access sharing platform, the sharing platform sends the information to the corresponding infrastructure cloud.
  • the sharing platform After receiving the operation request of the IaaS service object, the sharing platform determines an access account for the operation request, and applies and receives the key to the infrastructure cloud that provides the Ia.S service corresponding to the access account. Correct. For a specific process of determining an access account for the operation request in this embodiment, refer to related descriptions of other embodiments of the present invention, and details are not described herein again.
  • the sharing platform Determining, by the sharing platform, that the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object according to the operation authority set by the user corresponding to the second user identifier, and determining the location
  • the operation request of the IaaS service object is encapsulated according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the access account, and The infrastructure cloud that provides the IaaS service corresponding to the access account sends the encapsulated IaaS service object operation request.
  • the sharing platform applies at least one key pair keypa ir (including the public key and the private key) in the infrastructure cloud providing the IaaS service corresponding to the specified access account according to the operation request of the business object, and the specific keypa ir is generated by the The infrastructure cloud that provides the IaaS service is completed.
  • the infrastructure that provides the IaaS service generates the key pair and then stores the public key.
  • the private key corresponding to the keypa ir is sent to the shared platform through the response message.
  • the shared platform After the shared platform receives the private key sent by the infrastructure cloud, there are two cases: The shared platform saves the private key and the shared platform does not save the private key.
  • the second user can access the virtual machine by using the username and password, and the step 204 of creating the key pair may be omitted.
  • the shared platform saves the private key
  • the shared platform does not save the private key
  • the infrastructure cloud creates the virtual machine without using the key pair, and uses the username and password
  • the following embodiments are introduced in three cases. If the private key of the key pair is not saved on the shared platform, see Step 2051-2071. For the process of saving the private key of the key pair on the shared platform, see Step 2052-2072.
  • the infrastructure cloud creates a VM
  • the infrastructure cloud For the process of creating a virtual machine using a key pair and using a username and password, see Step 2053 2063. In these three cases, one of them can be selected according to the user's preference and the capabilities of the infrastructure cloud.
  • Step 2051 Send the private key of the assigned key pair to the client of the second user.
  • the sharing platform provides the key of the infrastructure cloud assigned by the IaaS service to the final second user, and the second user saves the private key to facilitate its use of other ssh (Secure Shell, Secure Shell Protocol) tools. Access to the cloud.
  • the sharing platform saves the correspondence between the user identifier and the key pair of the second user. If the sharing platform registers a plurality of infrastructure clouds, the correspondence between the key pair and the infrastructure cloud that generates the key pair needs to be saved.
  • the sharing platform may assign an alias to each key pair keypair, save the corresponding relationship between the alias and the key pair name, and provide the alias to the second user. As shown in Table 1:
  • mykeypair is used in messages between user2 and the shared platform; alias keypair—for—user 1 is used in messages between the shared platform and the cloud.
  • the sharing platform saves the correspondence between the key pair alias and the key pair name.
  • the sharing platform may assign a prefix or suffix to each second user, and each second user has a different prefix or suffix, and the sharing platform communicates with the infrastructure cloud that generates the key pair, in the key Add a prefix or suffix to the name.
  • Step 2011 The sharing platform applies, according to an operation request for creating a virtual machine sent by the second user, to the corresponding infrastructure cloud to create a virtual machine, and receives the created virtual machine returned by the infrastructure cloud.
  • the second user initiates an operation request for creating a virtual machine to the shared platform for creating a virtual machine.
  • the operation request for creating a virtual machine includes the second user identifier, a specification of a virtual machine to be created, and a key pair identifier.
  • the specifications of the virtual machine VM to be created are as follows: The image image used to create the VM, the size of the VM, etc., after verifying that the second user authority passes, the shared platform queries the keypair alias table mentioned in Table 1 of step 2051.
  • the infrastructure cloud submits an operation request to create a virtual machine. If the creation is successful, the infrastructure cloud returns a response message to the shared platform, where the response message carries the identifier of the virtual machine that has been created, otherwise an error is returned. After the creation is successful, the mapping between the virtual machine identifier and the second user may be saved on the shared platform, and other information of the virtual machine, such as an IP address, a specification, and the like, may also be saved.
  • the sharing platform provides the virtual machine to the second user.
  • the sharing platform may Install an agent for the created vm, the agent can monitor the running status of the vm, and automatically report to the shared platform periodically, and the shared platform analyzes the received information to obtain the status of the VM.
  • the sharing platform can record the point in time when the VM is created, and according to the charging rules of the infrastructure cloud (such as the deduction time interval), determine and configure a time interval for acquiring the VM state, and pass the infrastructure cloud at each time interval.
  • the provided interface obtains the status of the VM. For example, the hourly charge, that is, the charge per hour, the VM state is acquired once the VM starts 59 minutes.
  • Step 2071 The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
  • the second user initiates an operation request for the IaaS service of the specific cloud instance to the shared platform to manage the virtual machine that has been created, such as stopping, changing, restarting, viewing, or deleting the virtual machine.
  • the operation request of the IaaS service specifies the identifier of the virtual machine, and the sharing platform determines whether the virtual machine corresponds to the second user identifier according to the correspondence between the saved virtual machine identifier and the second user identifier, so as to verify whether the user is The virtual machine can be managed, and if the corresponding relationship is verified, the access account bound by the second user identifier is used to initiate an operation for the virtual machine to the corresponding infrastructure cloud.
  • the infrastructure cloud corresponding to the access account performs a corresponding operation on the operation request of the IaaS service object, and returns a response message to the shared platform, where the response message includes the result of the corresponding operation, and is shared by the sharing
  • the station returns the result to the second user client.
  • Step 2052 Save the private key of the created one or more key pairs on the shared platform.
  • the shared platform saves the private key of the key pair and also stores the correspondence between the key pair and the infrastructure cloud that created the key pair.
  • Step 2062 The sharing platform applies for creating a virtual machine to the corresponding infrastructure cloud according to the operation request for creating a virtual machine sent by the second user, where the virtual machine creation request includes the second user identifier and the virtual machine to be created.
  • the specification optionally including a key pair identifier, and receiving the identifier of the created virtual machine and the address information of the virtual machine (such as IP, Internet Protocol) returned by the infrastructure cloud. If the key pair identifier is not included in the operation request, the sharing platform selects a keypair from the keypair corresponding to the cloud account specified by the operation request as a keypair for creating the virtual machine, which may be randomly selected or selected according to the security group.
  • step 2061 For the VM creation and monitoring description of this step, refer to the related description of step 2061, which will not be described here.
  • Step 2072 The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
  • step 2071 For a description of this step, refer to the related description of step 2071, and details are not described herein again.
  • Step 2053 The sharing platform applies for creating a virtual machine to the corresponding infrastructure cloud according to the operation request for creating a virtual machine sent by the second user, where the virtual machine creation request includes the second user identifier, and the virtual machine to be created. Specifications, optional: root password, or username and password other than root. If the operation request does not include any username and password, the infrastructure cloud can generate a password for the root user and request it through the operation. The response message returns the generated password to the second user.
  • the sharing platform receives the identifier of the created virtual machine and the address information of the virtual machine (such as IP, Internet Protocol) returned by the infrastructure cloud, and optionally, the password of the root user generated by the infrastructure cloud.
  • the address information of the virtual machine such as IP, Internet Protocol
  • step 2061 For other virtual machine creation and monitoring descriptions of this step, refer to the related description of step 2061. I won't go into details here.
  • Step 2063 The second user manages the created virtual machine or accesses the created virtual machine through the shared platform.
  • step 2071 For a description of this step, refer to the related description of step 2071, and details are not described herein again.
  • FIG. 3 is a flowchart of an embodiment of implementing a cloud storage method according to an embodiment of the present invention. As shown in FIG. 3, the method may include:
  • Step 301 Register at least one cloud account for accessing the infrastructure cloud providing the IaaS service on the shared platform, as the cloud account of the client of the first user; the specific registration process may refer to the related description of the foregoing embodiment of the present invention.
  • Step 302 The sharing platform creates an account for the second user to access the shared platform for the second user to access the shared platform.
  • Step 303 The sharing platform, according to the association relationship between the first user and the second user, specifies, for the second user, at least one cloud account of the first user as the second user access
  • the access account of the infrastructure cloud of the IaaS service so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • Facility cloud The access account of the infrastructure cloud of the IaaS service, so that the client of the second user accesses the basis of providing the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account.
  • Step 304 Send an operation request of the second user to create a storage block, and receive an identifier of the created block returned by the corresponding infrastructure cloud.
  • the creating action of the directory or the block is that the sharing platform automatically initiates a creation command to the cloud when the second user connects the second user to the specified access account, or receives the second user after the login based on the account of the access sharing platform.
  • the sharing platform initiates creation to the corresponding infrastructure cloud.
  • the sharing platform sends an IaaS that creates at least one root directory or block bucket to the specified access account.
  • the service corresponding to the operation request, and receiving a response message returned by the corresponding infrastructure cloud, where the response message includes an identifier of a block or a directory created for implementing the cloud storage, and the sharing platform assigns the second user to the block or directory, and The corresponding relationship between the second user identifier and the block or directory identifier is saved on the shared platform.
  • the sharing platform may allocate a unique storage object prefix or suffix to the second user identifier, and after the second user client sends the IaaS service object operation request, add the identifier and the location of the block to the storage object identifier.
  • the storage object prefix or suffix is described, and the identifier of the added block and the storage object identifier or the storage object identifier after the suffix are encapsulated in the encapsulated IaaS service object operation request sent to the infrastructure cloud.
  • the prefix may use a unique identifier corresponding to the user name or username of the user.
  • the sharing platform saves the correspondence between the identifier of the block and the storage object identifier or the suffix after the storage object identifier and the real identifier of the storage object, after the second user client sends the IaaS service object operation request,
  • the method further includes: determining, according to the added identifier of the block, the correspondence between the storage object identifier or the storage object identifier after the storage object prefix or the suffix, and the storage object identifier, the storage object identifier in the IaaS service object operation request message. Replacing the original storage object identifier with the real identifier of the storage object; and encapsulating the real identifier of the storage object in the encapsulated IaaS business object operation request sent to the infrastructure cloud.
  • Step 305 The second user manages the storage object by using the shared platform.
  • the sharing platform After receiving the storage object management operation initiated by the second user, the sharing platform determines, according to the saved right information, whether the user has the right to perform the operation corresponding to the operation request. If the second user has permission to perform the operation, further operations are performed.
  • the rights here may include: a permission limit of a user saved by the sharing platform, such as a maximum storage space limit, or/and an access control information of the operated object saved by the sharing platform.
  • a permission limit of a user saved by the sharing platform such as a maximum storage space limit
  • an access control information of the operated object saved by the sharing platform is shared platform management.
  • the access control of the infrastructure cloud is not the same.
  • the method may further The method includes: determining, by the IaaS service object operation request, a target user that changes an access right of a storage object that is included in the IaaS service object operation request, whether the second user of the shared platform is saved, and if yes, saving the new access right of the object, and does not provide the
  • the infrastructure cloud of the storage service sends an access permission operation request to change the storage object, otherwise, a re-encapsulated access permission operation request to change the storage object is sent to the infrastructure cloud providing the storage service.
  • FIG. 4 is a shared infrastructure of the present invention as a system for serving an IaaS service cloud account.
  • a schematic diagram of the structure includes a sharing platform 41 and an infrastructure cloud providing device 42 that provides IaaS services, and the infrastructure cloud may have multiple.
  • the system of the present invention may further include a first user client 43 and a second user client 44.
  • the sharing platform 41 is configured to save at least one cloud account for accessing the infrastructure cloud that provides the IaaS service, as the cloud account of the first user, and create an account for the second user to access the shared platform for the second user. And assigning, by the second user, at least one cloud account of the first user as the second user accessing an infrastructure cloud providing IaaS service according to an association relationship between the first user and the second user; An account, such that the client of the second user accesses the infrastructure cloud that provides the IaaS service corresponding to the access account according to the account of the access sharing platform and the access account;
  • the infrastructure cloud providing device 42 is configured to register a cloud account for the first user by using the sharing platform, and access the infrastructure cloud by using the specified access account by the second user. After the device, the second user is provided with an IaaS service.
  • the sharing platform 41 is further configured to save a correspondence between the second user identifier and an access account.
  • the sharing platform saves at least one cloud account for accessing an infrastructure cloud of the IaaS service,
  • the cloud account is the cloud account of the first user, and the sharing platform 41 receives the cloud account creation request sent by the first user client 43 according to the cloud account creation request to the infrastructure cloud that provides the laaS service.
  • the providing device 42 applies for at least one cloud account as the cloud account of the first user, and saves the cloud account; or the sharing platform 41 receives and saves at least one cloud account registered by the first user,
  • the at least one cloud account registered by the first user is requested by the first user to the providing device 42 of the infrastructure cloud providing the laaS service.
  • the receiving, by the second user, the at least one cloud account of the first user as the second user accessing the access account of the infrastructure cloud that provides the laaS service includes: the sharing platform 41 receiving the second user
  • the client 44 specifies, according to the association relationship, at least one cloud account of the first user as the second user according to the association relationship when the operation request of the laaS service object is sent after the account is accessed by the account of the access sharing platform.
  • the second user accesses the access account of the infrastructure cloud that provides the laaS service; or the sharing platform 41 creates the account of the second user client accessing the shared platform for the second user accessing the sharing platform 41, Assigning, according to the association relationship, at least one cloud account of the first user to the second user as an access account of an infrastructure cloud that provides a laaS service for the second user; or, in the second After the user's client 44 subscribes the laaS service to the sharing platform 41, the sharing platform 41 specifies the second user according to the association relationship.
  • Providing means cloud infrastructure least one of said first user account as cloud users access the second business providing access account laaS 42.
  • the sharing platform 41 specifies, after the second user specifies the access account of the infrastructure cloud that provides the laaS service for the second user, the sharing platform 41 provides the laaS service according to the specified access account.
  • the message format of the infrastructure cloud encapsulates the laaS service object operation request, and sends the encapsulated laaS service object operation request to an infrastructure cloud that provides a laaS service corresponding to the access account;
  • the sharing platform 41 receives the a response message sent by the providing device 42 of the infrastructure cloud providing the laaS service corresponding to the specified access account according to the encapsulated laaS service object operation request;
  • the sharing platform 41 encapsulating the response message, and reporting to the The client 44 of the second user sends the encapsulated response message.
  • the second user specifies that the second user specifies that the sharing platform 41 can also set the operation authority for the second user corresponding to the second user identifier and save; and then receive the second user.
  • the client 44 determines, after the operation request of the IaaS service object that is sent after the login of the account of the access sharing platform, the sharing platform 41 determines the operation authority according to the operation authority set by the user corresponding to the second user identifier.
  • the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account encapsulates the IaaS service object operation request, and sends the encapsulated to the infrastructure cloud providing device 44 that provides the IaaS service corresponding to the access account.
  • IaaS business object operation request if the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object, and when determining that the user corresponding to the second user identifier has the authority corresponding to executing the operation request, according to the The message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account encapsulates the IaaS service object operation request, and sends the encapsulated to the infrastructure cloud providing device 44 that provides the IaaS service corresponding to the access account. IaaS business object operation request.
  • the sharing platform 41 is further configured to receive a response message that is sent by the infrastructure cloud that provides the IaaS service corresponding to the access account according to the encapsulated IaaS service object operation request, encapsulate the response message, and send the response message to the second
  • the client's client sends 44 the encapsulated response message.
  • the sharing platform 41 After the sharing platform 41 receives the operation request of the IaaS service object sent by the client 44 of the second user after logging in based on the account of the access sharing platform, the sharing platform 41 requests the operation according to the IaaS service object. Determining an infrastructure cloud that provides an IaaS service, and using the account corresponding to the determined infrastructure cloud as the designated access account of the operation request of the IaaS service object.
  • the sharing platform 41 determines, according to the operation request of the IaaS service object, the infrastructure cloud that provides the IaaS service, specifically: the operation request of the IaaS service object includes an identifier of an infrastructure cloud to be accessed by the second user, The shared platform determines that the infrastructure cloud corresponding to the identifier of the infrastructure cloud is an infrastructure cloud that provides an IaaS service; or the operation request of the IaaS service object does not include an identifier of an infrastructure cloud to be accessed by the second user, The sharing platform determines an infrastructure cloud providing IaaS services according to a selection rule of an infrastructure cloud provided by a second user in advance.
  • FIG. 5 is a schematic structural diagram of a shared infrastructure as a shared platform for serving an IaaS service cloud account according to the present invention.
  • the shared platform includes a first processing unit 51, a first storage unit 52, and a first Transmitting unit 54.
  • the first memory 52 is configured to save at least one cloud account for accessing the infrastructure cloud providing the laaS service as the cloud account of the first user; and the first processing unit 51 is configured to create a second user client for the second user.
  • Accessing the account of the shared platform, the account of the access sharing platform includes the identifier of the second user; and assigning at least one of the first users to the second user according to the association relationship between the first user and the second user
  • the user's cloud account is used as the second user to access the access account of the infrastructure cloud that provides the laaS service, so that the client of the second user is connected according to the account of the access sharing platform and the access account.
  • the first sending unit 54 sends the specified access account to the client of the second user.
  • the first storage unit 52 is further configured to save a correspondence between the second user identifier and the access account.
  • the sharing platform further includes a first receiver 53, and the first receiving unit 53 is configured to receive a cloud account creation request sent by the first user client, and send the request to the first processing unit 51, where The first processing unit 51 applies, according to the cloud account creation request, the at least one cloud account to the infrastructure cloud that provides the laaS service as the cloud account of the first user; or the first receiving unit 53 receives the first At least one cloud account registered by the user, and the at least one cloud account registered by the first user is saved by the first storage unit 52, wherein at least one cloud account registered by the first user is used by the first user
  • the infrastructure cloud application that provides the laaS service is available.
  • the first processing unit 51 for the second user, to specify at least one cloud account of the first user as the second user accessing an access account of the infrastructure cloud that provides the laaS service, includes: the first receiving The unit 53 receives an operation request of the laaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, and sends an operation request of the laaS service object to the first processing unit 51,
  • the first processing unit 51 specifies, according to the association relationship, the at least one cloud account of the first user as the second user to access the access account of the infrastructure cloud that provides the laaS service; or
  • the first processing unit 51 when creating a second user client accessing the account of the sharing platform for the second user accessing the sharing platform, according to the
  • the first processing unit 51 specifies, for the second user, at least one cloud account of the first user as an access account of the second user to access an infrastructure cloud that provides IaaS services; or After the second user sends the subscription to the IaaS service to the first receiving unit
  • the first processing unit 51 assigns at least one cloud account of the first user to the second user as the access account of the infrastructure cloud that provides the IaaS service to the second user
  • the first The processing unit 51 encapsulates the IaaS service object operation request according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account, and the first sending unit 54 provides the corresponding corresponding to the access account.
  • the infrastructure cloud providing device of the IaaS service sends the encapsulated IaaS service object operation request; the first receiving unit 53 receives the infrastructure cloud that provides the IaaS service corresponding to the specified access account, according to the encapsulated IaaS
  • the response message sent by the service object operation request is encapsulated, and the response message is encapsulated, and the encapsulated response message is sent by the first sending unit 54 to the client of the second user.
  • the second user specifying that the second user specifies that the first processing unit 51 sets an operation authority for the second user corresponding to the second user identifier and saves the first
  • the first processing unit 51 Determining, according to the operation authority set by the user corresponding to the second user identifier, whether the user corresponding to the second user identifier has the right to perform the operation request on the IaaS service object, and determining the second user
  • the first processing unit 51 encapsulates the IaaS service object operation according to the message format of the infrastructure cloud that provides the IaaS service corresponding to the specified access account.
  • the first processing unit 51 parses the response message, and obtains operation result information indicating success or failure, and is used by the first storage unit. 52 saves the operation result information.
  • the first processing unit 51 After the first receiving unit 53 receives an operation request of the laaS service object sent by the client of the second user after logging in based on the account of the access sharing platform, the first processing unit 51 is configured according to the laaS service object.
  • the operation request determines an infrastructure cloud that provides a laaS service, and uses the account corresponding to the determined infrastructure cloud as the designated access account of the operation request of the laaS service object.
  • the first processing unit 51 determines that the infrastructure cloud corresponding to the identifier of the infrastructure cloud is an infrastructure cloud that provides a laaS service; or the operation request of the laaS service object does not include an infrastructure that the second user needs to access
  • the identifier of the cloud the first processing unit 51 determines an infrastructure cloud providing the laaS service according to the selection rule of the infrastructure cloud provided by the second user in advance.
  • the first processing unit 51 may further allocate a unique prefix or suffix to the second user identifier, and save, by the first storage unit 52, a correspondence between the second user identifier and the prefix or suffix; If the sharing platform encapsulates the laaS service object operation request, or encapsulates the response message, the method may include: acquiring, according to the correspondence between the second user identifier and the prefix or suffix, the second user identifier a prefix or a suffix; when the laaS service object operation request includes a service object identifier, adding a prefix or a suffix to the laaS service object identifier included in the laaS service object operation request, or when the response message includes a service object identifier, And reducing a prefix or a suffix for the laaS service object identifier included in the response message, as an identifier of the encapsulated laaS service object.
  • the first processing unit 51 may further allocate an alias for the laaS service object, and save, by the first storage unit 52, a correspondence between the laaS service object and the alias.
  • the encapsulating the IaaS service object operation request, or encapsulating the response message specifically includes: when the IaaS service object operation request includes a service object identifier, the IaaS service included in the IaaS service object operation request The object identifier is replaced with the corresponding alias, or when the response message includes the service object identifier, the IaaS service object identifier alias included in the response message is replaced with the corresponding IaaS service object identifier, as the encapsulated IaaS service.
  • the identity of the object specifically includes: when the IaaS service object operation request includes a service object identifier, the IaaS service included in the IaaS service object operation request The object identifier is replaced with the corresponding alias, or when the response message includes the service object
  • the sharing platform in the embodiment of the present invention may include a storage unit, and each unit included in the sharing platform may be located in the storage unit.
  • each unit included in the sharing platform may be located in the storage unit.
  • modules in the apparatus in the embodiments may be distributed in the apparatus of the embodiment according to the description of the embodiments, or may be correspondingly changed in one or more apparatuses different from the embodiment.
  • the modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.

Abstract

L'invention concerne un procédé de partage de comptes d'informatique en nuage pour service IaaS (Infrastructure en tant que Service), consistant à : sauvegarder au moins un compte d'informatique en nuage utilisé pour accéder à un nuage d'infrastructure fournissant le service IaaS, le compte d'informatique en nuage étant le compte d'informatique en nuage d'un premier utilisateur ; à créer, pour un second utilisateur, un compte destiné à un terminal client de second utilisateur lui permettant d'accéder à une plateforme de partage ; conformément à la relation d'association entre le premier utilisateur et le second utilisateur, à spécifier pour le second utilisateur au moins un compte d'informatique en nuage de premier utilisateur en tant que compte d'accès permettant au second utilisateur d'accéder au nuage d'infrastructure fournissant le service IaaS de manière à ce que le terminal client du second utilisateur, en fonction du compte accédant à la plateforme de partage et au compte d'accès, accède au nuage d'infrastructure fournissant le service IaaS correspondant au compte d'accès. Le second utilisateur peut donc utiliser le compte de nuage enregistré pour le premier utilisateur, cela permettant un partage de comptes d'informatique en nuage entre utilisateurs.
PCT/CN2013/074847 2012-05-04 2013-04-27 Procédé de partage de comptes d'informatique en nuage pour services iaas, plateforme de partage et dispositif de réseau WO2013163944A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210137495.3A CN103384237B (zh) 2012-05-04 2012-05-04 一种共享IaaS业务云账号的方法、及共享平台和网络装置
CN201210137495.3 2012-05-04

Publications (1)

Publication Number Publication Date
WO2013163944A1 true WO2013163944A1 (fr) 2013-11-07

Family

ID=49491934

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/074847 WO2013163944A1 (fr) 2012-05-04 2013-04-27 Procédé de partage de comptes d'informatique en nuage pour services iaas, plateforme de partage et dispositif de réseau

Country Status (2)

Country Link
CN (1) CN103384237B (fr)
WO (1) WO2013163944A1 (fr)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639516B (zh) * 2013-11-13 2018-02-06 华为技术有限公司 身份认证方法、设备及系统
US9146764B1 (en) 2014-09-30 2015-09-29 Amazon Technologies, Inc. Processing event messages for user requests to execute program code
US9600312B2 (en) 2014-09-30 2017-03-21 Amazon Technologies, Inc. Threading as a service
US9678773B1 (en) 2014-09-30 2017-06-13 Amazon Technologies, Inc. Low latency computational capacity provisioning
CN104484218B (zh) * 2014-11-18 2017-11-17 华为技术有限公司 一种虚拟机名称展示的方法、装置及系统
US9588790B1 (en) 2015-02-04 2017-03-07 Amazon Technologies, Inc. Stateful virtual compute system
US9733967B2 (en) 2015-02-04 2017-08-15 Amazon Technologies, Inc. Security protocols for low latency execution of program code
CN105337974B (zh) * 2015-10-28 2020-06-23 腾讯科技(深圳)有限公司 账号授权方法、账号登录方法、账号授权装置及客户端
CN105405041B (zh) * 2015-10-30 2021-02-05 腾讯科技(深圳)有限公司 一种信息处理方法及终端
US10102040B2 (en) 2016-06-29 2018-10-16 Amazon Technologies, Inc Adjusting variable limit on concurrent code executions
WO2018005829A1 (fr) * 2016-06-30 2018-01-04 Amazon Technologies, Inc. Exécution de code à la demande à l'aide d'alias de comptes croisés
CN106534096A (zh) * 2016-10-27 2017-03-22 乐视控股(北京)有限公司 主设备向从设备分享用户身份的方法、主设备和从设备
CN108200145A (zh) * 2017-12-28 2018-06-22 努比亚技术有限公司 账号共享方法、装置和计算机可读存储介质
CN108881190B (zh) * 2018-05-31 2020-12-18 联想(北京)有限公司 一种信息处理方法及装置
US10853115B2 (en) 2018-06-25 2020-12-01 Amazon Technologies, Inc. Execution of auxiliary functions in an on-demand network code execution system
CN109088854B (zh) * 2018-07-12 2021-09-07 中国联合网络通信集团有限公司 共享应用的访问方法、装置及可读存储介质
US11099870B1 (en) 2018-07-25 2021-08-24 Amazon Technologies, Inc. Reducing execution times in an on-demand network code execution system using saved machine states
CN109600349B (zh) * 2018-07-27 2020-01-17 北京字节跳动网络技术有限公司 一种业务数据的共享实现方法、装置、设备和介质
CN109361758A (zh) * 2018-11-09 2019-02-19 浙江数链科技有限公司 业务操作的执行方法及装置
US11943093B1 (en) 2018-11-20 2024-03-26 Amazon Technologies, Inc. Network connection recovery after virtual machine transition in an on-demand network code execution system
CN109587233B (zh) * 2018-11-28 2021-08-17 深圳前海微众银行股份有限公司 多云容器管理方法、设备及计算机可读存储介质
CN109873805B (zh) * 2019-01-02 2021-06-25 平安科技(深圳)有限公司 基于云安全的云桌面登陆方法、装置、设备和存储介质
US11861386B1 (en) 2019-03-22 2024-01-02 Amazon Technologies, Inc. Application gateways in an on-demand network code execution system
US11119809B1 (en) 2019-06-20 2021-09-14 Amazon Technologies, Inc. Virtualization-based transaction handling in an on-demand network code execution system
US11030343B1 (en) * 2020-01-28 2021-06-08 Snowflake Inc. System and method for creating a global data sharing listing
US11714682B1 (en) 2020-03-03 2023-08-01 Amazon Technologies, Inc. Reclaiming computing resources in an on-demand code execution system
US11550713B1 (en) 2020-11-25 2023-01-10 Amazon Technologies, Inc. Garbage collection in distributed systems using life cycled storage roots
US11593270B1 (en) 2020-11-25 2023-02-28 Amazon Technologies, Inc. Fast distributed caching using erasure coded object parts
CN112804193B (zh) * 2020-12-21 2023-09-01 航天信息股份有限公司 一种实现多平台业务互通的统一账号系统
US11388210B1 (en) 2021-06-30 2022-07-12 Amazon Technologies, Inc. Streaming analytics using a serverless compute system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345642A (zh) * 2007-07-09 2009-01-14 华硕电脑股份有限公司 数据分享的方法
US20110265147A1 (en) * 2010-04-27 2011-10-27 Huan Liu Cloud-based billing, credential, and data sharing management system
US20110307362A1 (en) * 2009-12-09 2011-12-15 Marcos Lara Method of Pay for Performance Accounting
CN102394837A (zh) * 2011-10-31 2012-03-28 孟伟 信息分享的方法、终端及系统
CN102427473A (zh) * 2011-11-28 2012-04-25 中国联合网络通信集团有限公司 跨平台资源构建方法及系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355476B (zh) * 2008-05-23 2011-05-11 林云帆 一种基于服务器群集的数据文件存储、分发和应用的系统和方法
US8631477B2 (en) * 2009-07-23 2014-01-14 International Business Machines Corporation Lifecycle management of privilege sharing using an identity management system
WO2011091056A1 (fr) * 2010-01-19 2011-07-28 Servicemesh, Inc. Systèmes et procédés pour couche d'abstraction d'informatique en nuage

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345642A (zh) * 2007-07-09 2009-01-14 华硕电脑股份有限公司 数据分享的方法
US20110307362A1 (en) * 2009-12-09 2011-12-15 Marcos Lara Method of Pay for Performance Accounting
US20110265147A1 (en) * 2010-04-27 2011-10-27 Huan Liu Cloud-based billing, credential, and data sharing management system
CN102394837A (zh) * 2011-10-31 2012-03-28 孟伟 信息分享的方法、终端及系统
CN102427473A (zh) * 2011-11-28 2012-04-25 中国联合网络通信集团有限公司 跨平台资源构建方法及系统

Also Published As

Publication number Publication date
CN103384237A (zh) 2013-11-06
CN103384237B (zh) 2017-02-22

Similar Documents

Publication Publication Date Title
WO2013163944A1 (fr) Procédé de partage de comptes d'informatique en nuage pour services iaas, plateforme de partage et dispositif de réseau
CN108108223B (zh) 基于Kubernetes的容器管理平台
CN107577516B (zh) 虚拟机密码重置方法、装置和系统
WO2018095416A1 (fr) Procédé, dispositif et système de traitement d'informations
US9294468B1 (en) Application-level certificates for identity and authorization
CN107005582B (zh) 一种使用存储在不同目录中的凭证来访问公共端点的方法
WO2021115449A1 (fr) Système, procédé et dispositif d'accès inter-domaines, support de stockage et dispositif électronique
EP2779529A1 (fr) Procédé et dispositif permettant de contrôler des ressources
WO2019037775A1 (fr) Fourniture d'un fichier de configuration de service
US8948399B2 (en) Dynamic key management
WO2015101125A1 (fr) Procédé et dispositif de contrôle d'accès au réseau
WO2013091196A1 (fr) Procédé, dispositif et système de définition d'un droit d'accès d'un utilisateur à une machine virtuelle
WO2022247751A1 (fr) Procédé, système et appareil pour accéder à distance à une application, dispositif, et support de stockage
US11431720B1 (en) Authentication and authorization with remotely managed user directories
WO2013097067A1 (fr) Procédé, dispositif et système pour réaliser une communication après une migration de machine virtuelle
WO2013078814A1 (fr) Procédé et dispositif d'attribution d'adresse ip
TW201517563A (zh) 雲閘道、雲閘道創建配置系統及方法
WO2011147361A1 (fr) Procédé, dispositif et système pour mettre en œuvre la gestion de ressources dans l'infonuagique
WO2012139528A1 (fr) Procédé d'autorisation et dispositif terminal
WO2015180364A1 (fr) Procédé et système d'hébergement de point d'accès à un réseau
WO2016165505A1 (fr) Procédé et appareil de commande de connexion
CN112615810B (zh) 一种访问控制方法及装置
CN110008019B (zh) 共享服务器资源的方法及装置、系统
CN106535089B (zh) 机器对机器虚拟私有网络
CN112948842A (zh) 一种鉴权方法及相关设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13785185

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13785185

Country of ref document: EP

Kind code of ref document: A1