WO2015027931A1 - Method and system for realizing cross-domain remote command - Google Patents

Method and system for realizing cross-domain remote command Download PDF

Info

Publication number
WO2015027931A1
WO2015027931A1 PCT/CN2014/085370 CN2014085370W WO2015027931A1 WO 2015027931 A1 WO2015027931 A1 WO 2015027931A1 CN 2014085370 W CN2014085370 W CN 2014085370W WO 2015027931 A1 WO2015027931 A1 WO 2015027931A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
route server
domain
target
routing information
Prior art date
Application number
PCT/CN2014/085370
Other languages
French (fr)
Inventor
Hongchang ZHOU
Jie Chen
Pu CAI
Xiaojie DONG
Shengyu YIN
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015027931A1 publication Critical patent/WO2015027931A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Definitions

  • the present disclosure relates to internet technique field, and more particularly to a method and a system for realizing a cross-domain remote command.
  • SSH Secure Shell
  • IDC Internet Data Center
  • the SSH protocol is usually applied to machines (such as servers) only within a same IDC (also known as intra-domain) which can direct access to each other, but cannot be directly applied to machines in different IDCs (also known as cross-domain).
  • a company's business may be distributed in multiple IDCs and across many geographical areas, which makes different machines in different IDCs have requirement to use the SSH protocol, for example, when a machine A in one IDC needs to check documents on a machine B in another IDC. Therefore, how to make a machine in one IDC remotely command a machine in another IDC becomes one of the problems need to be solved.
  • a method for realizing a cross-domain remote command from a source domain to a target domain may include: sending a remote command execution application to a full network management module by a client in the source domain, wherein the remote command execution application comprises an IP address of the client and an IP address of a target server; according to the IP address of the client and the IP address of the target server, determining whether the remote command execution application is a cross-domain remote command execution application, if yes, returning routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain, by the full network management module; according to the routing information of the route server in the source domain, establishing a link between the client and the route server in the source domain according to a security protocol, by the client itself; generating a data package having routing information of the target server and sending the data package to the route server in the target domain, by the route server in the source domain; according
  • a system for realizing a cross-domain remote command may include: a client in a source domain, a full network management module, and a route server in a source domain, a route server in a target domain and a target server.
  • the client in the source domain is configured to sending a remote command execution application to a full network management module, wherein the remote command execution application comprises an IP address of the client and an IP address of a target server.
  • the full network management module is configured to determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client and the IP address of the target server, if yes, return routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain.
  • the client is further configured to establish a link between itself and the route server in the source domain according to a security protocol, according to the routing information of the route server in the source domain.
  • the route server in the source domain is configured to generate a data package having routing information of the target server and sending the data package to the route server in the target domain.
  • the route server in the target domain is configured to establish a link between itself and the target server according to the security protocol and the routing information in the data package and return the data package returned by the target server to the route server in the source domain.
  • the route server in the source domain is further configured to forward the data package to the client.
  • routing information is sent to the client in the source domain by the full network management module, and then the client establishes a link between itself and the route server in the source domain according to the routing information.
  • the route server in the source domain sends a data package including the routing information of the target server to the route server in the target domain and returns the data package to the route server in the source domain, and then the route server in the source domain sends the data package to the client, thereby establishing a remote command channel between the source domain and the target domain, shielding physical isolation between different IDCs and realizing a cross-domain remote command.
  • the retransfer requests for resending the assigned file segment guarantee the reliability of the transferring.
  • FIG. 1 is a block diagram of an embodiment of running environment for performing the method provided by various embodiments of the present disclosure.
  • FIG. 2 is a flow chart of a method for realizing a remote command provided by one embodiment of the present disclosure.
  • FIG. 3 is a sequence diagram for realizing an intra-domain remote command according to the embodiment illustrated in IFG. 2.
  • FIG. 4 is a flow chart of the step of returning routing information of the route server in the source domain and the route server in the target domain.
  • FIG. 5 is a sequence diagram for realizing a cross-domain remote command according to the embodiment illustrated in IFG. 2.
  • FIG. 6 is a flow chart of a method for realizing a remote command provided by another embodiment of the present disclosure.
  • FIG. 7 is a flow chart of a method for realizing a remote command provided by another embodiment of the present disclosure.
  • FIG. 8 is a block diagram of a system for realizing a remote command provided by yet another embodiment of the present disclosure.
  • FIG. 9 is a block diagram of a system for realizing a remote command provided by still yet another embodiment of the present disclosure.
  • an IDC for initiating a remote command is defined as a source domain
  • another IDC for receiving the remote command is defined as a target domain.
  • the method and system in the embodiments of the present invention can provide remote commands cross the source domain and the target domain, shield physical isolation between different IDCs, and realize a cross-domain remote command.
  • FIG. 1 shows a block diagram of an embodiment of running environment for performing the method provided by various embodiments of the present disclosure.
  • the runtime environment includes a full network management module 101 and at least two IDCs.
  • the at least two IDCs include a first IDC 102 and a second IDC 103 shown in FIG. 1.
  • Each of the IDC includes a plurality of machines (e.g., server) therein.
  • one of the first IDC 102 and the second IDC 103 is defined as a source domain configured for initiating a remote command
  • the other one of the first IDC 102 and the second IDC 103 is defined as a target domain for receiving the remote command sent by the client in the source domain
  • the first IDC 102 is defined as the source domain
  • the second IDC 103 is defined as the target domain.
  • the first IDC 102 may include a client 1021 for initiating the remote command.
  • the second IDC 103 may include a target server 1031 for receiving the remote command.
  • the first IDC 102 may further include a route server 1022, and the second IDC 103 may further include a route server 1032.
  • the first IDC 102 may further include a control server 1023 for forwarding the information between the full network management module 101 and the client 1021.
  • FIG. 1 only shows one embodiment of the running environment, and the implement of the present invention is not limited thereto.
  • the IDCs and the full network management module may be coupled through a communication network for information exchange, such as sending/receiving verify information, sending/receiving files.
  • a communication network for information exchange, such as sending/receiving verify information, sending/receiving files.
  • Any number of terminals or servers may be included in the data center, and other devices may also be included.
  • the communication network may include any appropriate type of communication network for providing network connections to the server and the client or among multiple servers or terminals.
  • communication network may include the Internet or other types of computer networks or telecommunication networks, either wired or wireless.
  • the client may refer to any appropriate user terminal with certain computing capabilities, such as a personal computer (PC), a work station computer, a server computer, a hand-held computing device (tablet), a smart phone or mobile phone, or any other user-side computing device.
  • the server may refer to one or more server computers configured to provide certain server functionalities, such as file management.
  • An exemplary computing system for the client 1021, the route server 1022, the target server 1031, or the route server 1032 may include a processor, a storage medium, a monitor, a communication module, a database, peripherals, and one or more bus to couple the devices together. Certain devices may be omitted and other devices may be included.
  • the processor may include any appropriate processor or processors. Further, processor can include multiple cores for multi-thread or parallel processing.
  • Storage medium may include memory modules, such as ROM, RAM, and flash memory modules, and mass storages, such as CD-ROM, U-disk, removable hard disk, etc. Storage medium may store computer programs for implementing various processes, when executed by processor.
  • the monitor may include display devices for displaying certain user interface contents such as splash screens.
  • Peripherals may include I/O devices such as keyboard and mouse, and communication module may include network devices for establishing connections through the communication network.
  • Database may include one or more databases for storing certain data and for performing certain operations on the stored data, such as database management, data extraction/analysis.
  • FIG. 2 is a flowchart illustrating one embodiment of a method for realizing a cross-domain remote command.
  • any one of the client and the servers may include one or more processors operation with a memory and a plurality of modules.
  • the memory or the non-transitory computer readable storage medium of the memory stores the following programs executed by the one or more processors.
  • Step 11 a client in the source domain sends a remote command execution application to a full network management module, wherein the remote command execution application comprises an IP address of the client and an IP address of a target server.
  • the remote command execution application may include an IP address of the client, an IP address of a target server and a remote command string to be executed, etc, so that the full network management module can determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client and the IP address of the target server and returning corresponding routing information.
  • the full network management module may communicate with machines in IDCs, responsible for routing management, including routing allocation and recovery. Each machine may regular report heartbeat to the full network management module.
  • users can enter the target server's IP address in the client and apply remote command ID and password to the full network management module.
  • the client may show a client login window.
  • the user can follow the SSH protocol format to enter the username and the password in the window to quickly achieve remote command operations.
  • the remote command sent to the full network management module by the client may also include the user name and the password.
  • the method may further include: the full network management module verifies the username and the password and obtains a verification result thereof. If the verification result is pass, Step 12 will be executed, if the verification result is fail, the remote command execution application will be rejected.
  • the full network management module is also used for user ID and password authentication.
  • the full network management module may store the command string and the name of the operator in a database for future audits.
  • Step 12 the full network management module determines whether the remote command execution application is a cross-domain remote command execution application, according to the IP address of the client and the IP address of the target server. If yes, the full network management module returns routing information of a route server in the source domain to the client and sends routing information of a route server in the target domain and routing information of the target server to the route server in the source domain.
  • the full network management module stores full list of network machines, the list of network machines records information (including IP address) about each machine in the full network and the corresponding IDC thereof.
  • the full network management module may find IDC corresponding to the client and the target server in the list of network machines, according to the ID address of the client and the IP address of the target server.
  • the full network management module may determine the remote command execution application is not a cross-domain remote command execution application, i.e., is an intra-domain command execution application, and the full network management module may return routing information of the target server to the client.
  • the client may establish a link between itself and the target server, according to the routing information of the target server and the security protocol, to complete an intra-domain command.
  • FIG. 3 shows a timing diagram for realizing an intra-domain command. That is, the cross-domain remote command and the intra-domain command can be invoked through the same client in the source domain (e.g. the client 1021 in FIG. 1).
  • the full network management module determines the remote command execution application is a cross-domain remote command execution application and returns routing information of a route server in the source domain back to the client and sends routing information of a route server in the target domain and routing information of the target server to the route server in the source domain.
  • the step of returning routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain may includes following steps.
  • Step 121 the full network management module selects the route server in the source domain from a data center of the source domain and selecting the route server in the target domain from a data center of the target domain.
  • Step 122 the full network management module selects a free port of from ports of the route server in the source domain and a free port from ports of the route server in the target domain separately.
  • Step 123 the full network management module returns an IP address and the free port of the route server in the source domain as the routing information thereof to the client, and sends an IP address and the free port of the route server in the target domain as the routing information thereof to the route server in the source domain.
  • the full network management module may find IDC corresponding to the client and the target server, determines a data center corresponding to the client as a source domain data center (such as the first IDC 102), and determines a data center corresponding to the target server as a target domain data center (such as the second IDC 103).
  • the full network management module may select a server in the source domain having lightest load as a route server in the source domain and select a server in the target domain having lightest load as a route server in the target domain. Assuming a company respectively deploys 8 route servers in Shenzhen and Shantou, each route server has 1000 ports for supporting the remote command, then the 8 route servers may support 8000 remote commands from Shenzhen to Shantou.
  • the full network management module may select a free port from the ports of the route server in the source domain and the ports of the route server in the target domain to allocate to the remote command.
  • the full network management module informs the route server in the source domain and the target domain to release the corresponding port.
  • the full network management module returns the IP address and the free port of the route server in the source domain as the routing information thereof to the client, and sends the IP address and the free port of the route server in the target domain as the routing information thereof to the route server in the source domain.
  • the full network management module returns the routing information of the route server in the source domain to the route server in the source domain.
  • Step 13 the client establishes a link between itself and the route server in the source domain according to a security protocol and the routing information of the route server in the source domain.
  • Step 14 the route server in the source domain generates a data package having routing information of the target server and sends the data package to the route server in the target domain.
  • Step 15 the route server in the target domain establishes a link between itself and the target server according to the security protocol, and returns the data package returned by the target server to the route server in the source domain.
  • Step 16 the route server in the source domain forwards the data package to the client.
  • FIG. 5 is a sequence diagram of a method for realizing a cross-domain remote command provided by the above embodiment of the present disclosure.
  • the client establishes a link to the route server in the source domain according to the security protocol (SSH protocol, for example). Based on the SSH protocol, after the route server in the source domain linking to the client, the data package including routing information of the target server is established and sent to the route server in the target domain.
  • SSH protocol security protocol
  • the route server in the target domain establishes a SSH link to the target server. After the target server has returned the data package to the route server in the target domain, the route server in the target domain returns the data package to the client to establish a link between the client and the target server.
  • a disconnecting link request will be sent by the client or the target server, and a disconnecting link data package will be generated for disconnecting the link and releasing link resources.
  • the client may send the disconnecting link request to the route server in the source domain, according to the security protocol and the routing information of the route server in the source domain.
  • the route server in the source domain may generate a disconnecting link data package having the routing information of the target server and send the disconnecting link data package to the route server in the target domain.
  • the route server in the target domain may disconnect the link to the target server and releasing link resources according to the routing information in the disconnecting link data package.
  • the client may send a request to the full network management module for deleting the routing information.
  • the full network management module may delete the routing information of the route server in the source domain and the route server in the target domain.
  • the target server may send the disconnecting link request to the route server in the target domain according to the security protocol and the routing information in the data package. Then the route server in the target domain may establish a disconnecting link data package and send the disconnecting link data package to the route server in the source domain. The route server in the source domain may disconnect the link between the client and releasing link resources according to the disconnecting link data package.
  • routing information is sent to the client in the source domain by the full network management module, and then the client establishes a link between itself and the route server in the source domain according to the routing information.
  • the route server in the source domain then sends a data package including the routing information of the target server to the route server in the target domain and returns the data package to the route server in the source domain, and then the route server in the source domain sends the data package to the client, thereby establishing a remote command channel between the source domain and the target domain, shielding physical isolation between different IDCs and realizing a cross-domain remote command.
  • FIG. 6 is a flowchart illustrating another embodiment of a method for realizing a cross-domain remote command.
  • FIG. 7 is architecture diagram of the route server in the source domain and the route server in the target domain in accordance with the method shown in FIG. 6. Referring to FIGS. 6 and 7, the method may include following steps.
  • a client in the source domain sends a remote command execution application to the full network management module.
  • the remote command execution application may include an IP address of the client, an IP address of a target server and remote command string to be executed, etc.
  • Step 202 the full network management module determines whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client and the IP address of the target server. If yes, the full network management module returns routing information of a route server in the source domain back to the client and sends routing information of a route server in the target domain and routing information of the target server to the route server in the source domain.
  • Step 201 and step 202 may refer to the corresponding step in above embodiment.
  • Step 203 the client establishes a link between itself and the route server in the source domain according to the security protocol and the routing information of the route server in the source domain.
  • a third party proxy software may be embedded in the route server in the source domain.
  • the route server in the source domain may include a management thread, a TCP intranet receive package thread and an encryption-decryption and extranet send-receive package thread, etc.
  • Step 204 the management thread of the route server in the source domain receives and stores the routing information of the route server in the source domain, the routing information of the route server in the target domain and the routing information of the target server in the target domain, and informs the TCP intranet receive package thread to listen and response the port according to the routing information of the route server in the source domain.
  • Step 205 the TCP intranet receive package thread of the route server in the source domain responds a link request received by the port and sent from the client, and obtains the routing information of the route server in the target domain and the routing information of the target server in the target domain through the port.
  • the TCP intranet receive package thread generates the data package having the routing information as a packet header according to the routing information obtained by the port, and sends the data package to a buffer queue of a encryption-decryption and extranet send-receive package thread.
  • the packet header can be E_TCP_FIRST_ENMS G.
  • Step 207 the encryption-decryption and extranet send-receive package thread obtains the data package from the buffer queue, encrypts data besides the package header, and sends the encrypted data to the route server in the target domain according to the package header.
  • Step 208 after receiving the data package, the TCP extranet send-receive package thread of the route server in the target domain adds the data package into a buffer queue of the encryption-decryption and intranet send-receive package thread.
  • Step 209 the encryption-decryption and intranet send-receive package thread of the route server in the target domain obtains the data package from the buffer queue, decrypts the data package and establishes a link between the route server in the target domain and the target server according to the security protocol and the routing information in the package header of the data package.
  • Step 210 after the link between target server and the route server in the target domain has been established, the target server according to security protocol sends the data package to the encryption-decryption and intranet send-receive package thread of the route server in the target domain.
  • Step 211 the encryption-decryption and intranet send-receive package thread encrypts the data package and adds the encrypted data package into the buffer queue of the TCP extranet send-receive package thread of the route server in the target domain.
  • Step 212 the TCP extranet send-receive package thread obtains the data package from the buffer queue, sends the data package to the encryption-decryption and extranet send-receive package thread.
  • Step 213 the encryption-decryption and extranet send-receive package thread of the route server in the source domain decrypts the data package and adds the decrypted data package to the buffer queue of the TCP intranet receive package thread of the route server in the source domain.
  • step 214 the TCP intranet receive package thread of the route server in the source domain obtains the data package from the buffer queue and sending the data package to the client.
  • FIG. 8 is a block diagram of a system for realizing a cross-domain remote command.
  • the system 10 may include a client 11 in a source domain, a full network management module 12, a route server 13 in the source domain, a route server 14 in a target domain and a target server 15.
  • the route server 13 in the source domain and the client 11 in the source domain is in a data center IDC1.
  • the route server 14 in the target server is in another data center IDC2.
  • the target server 15 may in a same data center with the client 11 in the source domain.
  • the target server 15 may in a same data center with the route server 14 in the target domain.
  • the target server 15 and the route server 14 in the target domain are belonging to a same data center, for example.
  • the client 11 in the source domain is configured to sending a remote command execution application to the full network management module 12, wherein the remote command execution application includes an IP address of the client 11 and an IP address of a target server 15;
  • the full network management module 12 is configured to determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client 11 and the IP address of the target server 15, if yes, return routing information of the route server 13 in the source domain to the client and sending routing information of the route server 14 in the target domain and routing information of the target server 15 to the route server 13 in the source domain;
  • the client 11 is further configured to establish a link between itself and the route server 13 in the source domain according to a security protocol, according to the routing information of the route server 13 in the source domain;
  • the route server 13 in the source domain is configured to generate a data package having routing information of the target server 15 and sending the data package to the route server 14 in the target domain;
  • the route server 14 in the target domain is configured to establish a link between itself and the target server 15 according to the security protocol and the routing information in the data package and return the data package returned by the target server 15 to the route server in 13 the source domain.
  • the route server 13 in the source domain is further configured to forward the data package to the client 11.
  • the remote command execution application may include a user account and a password input by a user.
  • the full network management module 12 is further configured to verify the user account and the password and obtain a verification result thereof, if the verification result is pass, start to execute the step of determining whether the remote command execution application is a cross-domain remote command execution application, otherwise, reject the remote command execution application.
  • the full network management module 12 is configured to select the route server 13 in the source domain from a data center of the source domain and select the route server 14 in the target domain from a data center of the target domain, select a free port from ports of the route server 13 in the source domain and a free port from ports of the route server 14 in the target domain separately, then return an IP address and the free port of the selected route server 13 in the source domain as the routing information thereof to the client, and send an IP address and the free port of the route server 14 in the target domain as the routing information thereof to the route server 13 in the source domain.
  • the remote command execution application may include a command string.
  • the full network management module 12 is further configured to receive the remote command execution application, and store the command string and the user account into a database.
  • the full network management module 12 determines the remote command execution application is not a cross-domain remote command execution application, the full network management module 12 is further configured to return the routing information of the target server to the client.
  • the client 11 is further configured to establish a link between the client itself and the target server, according to the routing information of the target server and the security protocol.
  • the full network management module 12 is configured to send the routing information of the route server in the source domain to the route server in the source domain.
  • the client 11 is configured to send a disconnecting link request to the route server in the source domain according to the security protocol and the routing information of the route server in the source domain.
  • the route server 13 in the source domain is further configured to generate a disconnecting link data package having the routing information of the target server and send the disconnecting link data package to the route server in the target domain.
  • the route server 14 in the target domain is further configured to disconnect the link to the target server and release link resources according to the routing information in the disconnecting link data package.
  • the target server 15 is further configured to send a disconnecting link request to the route server 14 in the target domain according to the security protocol and the routing information in the data package.
  • the route server 14 in the target domain is further configured to generate a disconnecting link data package and send the disconnecting link data package to the route server 13 in the source domain.
  • the route server 13 in the source domain is further configured to disconnect the link to the client and release link resources according to the disconnecting link data package.
  • the client 11 is further configured to send a request to the full network management module 12 for deleting the routing information.
  • the full network management module 12 is further configured to delete the routing information of the route server 13 in the source domain and the route server 14 in the target domain.
  • system may include a control server 16, configured to forward massages between the client 11 in the source domain and the full network management module 12.
  • the full network management module sends routing information to the client first, and then the client establishes a link between itself and the route server in the source domain according to the routing information.
  • the route server in the source domain then sends a data package including the routing information of the target server to the route server in the target domain and returns the data package to the route server in the source domain, and then the route server in the source domain sends the data package to the client, thereby establishing a remote command channel between the source domain and the target domain, shielding physical isolation between different IDCs and realizing a cross-domain remote command.
  • Other details of the system for realizing cross-domain remote command may refer to FIGS. 1 to 7, and corresponding description.
  • FIG. 9 is a block diagram of a system for realizing a cross-domain remote command provided by yet another embodiment of the present disclosure.
  • the system 20 may include a client 21 in a source domain, a full network management module 22, a route server 23 in the source domain, a route server 24 in a target domain and a target server 25.
  • the client 21 in the source domain is configured to sending a remote command execution application to the full network management module 22, wherein the remote command execution application includes an IP address of the client 21 and an IP address of a target server 25.
  • the full network management module 22 is configured to determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client 21 and the IP address of the target server 25, if yes, return routing information of the route server 23 in the source domain to the client and sending routing information of the route server 24 in the target domain and routing information of the target server 25 to the route server 23 in the source domain.
  • the client 21 is further configured to establish a link between itself and the route server 23 in the source domain according to a security protocol, according to the routing information of the route server 23 in the source domain.
  • the route server 23 in the source domain is configured to generate a data package having routing information of the target server 25 and sending the data package to the route server 24 in the target domain.
  • the route server 24 in the target domain is configured to establish a link between itself and the target server 25 according to the security protocol and the routing information in the data package and return the data package returned by the target server 25 to the route server in 23 the source domain.
  • the route server 23 in the source domain is further configured to forward the data package to the client 21.
  • system may include a control server 26, configured to forward massages between the client 21 in the source domain and the full network management module 22.
  • the route server 23 in the source domain may include a management thread 231, a TCP intranet receive package thread 232 and an extranet send-receive package thread 233.
  • the route server 24 in the target domain may include a TCP extranet send-receive package thread 241, and an encryption-decryption and intranet send-receive package thread 242.
  • the management thread 231 of the route server 23 in the source domain is configured to receive and store the routing information of the route server in the source domain, the routing information of the route server in the target domain and the routing information of the target server in the target domain, inform a TCP intranet receive package thread to listen and response the port according to the routing information of the route server in the source domain.
  • the TCP intranet receive package thread 232 is configured to respond a link request received by the port and sent from the client and obtain the routing information of the route server in the target domain and the routing information of the target server in the target domain through the port.
  • the TCP intranet receive package thread 232 is further configured to generate the data package having the routing information as a packet header according to the routing information obtained by the port, send the data package to a buffer queue of a encryption-decryption and extranet send-receive package thread.
  • the encryption-decryption and extranet send-receive package thread 233 is configured to obtain the data package from the buffer queue, encrypt data besides the package header, send the encrypted data to the route server in the target domain according to the package header.
  • the TCP extranet send-receive package thread 241 of the route server 24 in the target domain is configured to add the data package into a buffer queue of the encryption-decryption and intranet send-receive package thread 242, after receiving the data package.
  • the encryption-decryption and intranet send-receive package thread 242 is configured to obtain the data package from the buffer queue, decrypt the data package and establish a link between the route server 24 in the target domain and the target server 25 according to the security protocol and the routing information in the package header of the data package.
  • the target server 25 is further configured to send the data package to the encryption-decryption and intranet send-receive package thread 242 of the route server 24 in the target domain according to security protocol, after the link between target server 25 and the route server 24 in the target domain has been established.
  • the encryption-decryption and intranet send-receive package thread 242 is configured to encrypt the data package and add the encrypted data package into the buffer queue of the TCP extranet send-receive package thread 241 of the route server 24 in the target domain.
  • the TCP extranet send-receive package thread 241 is configured to obtain the data package from the buffer queue, send the data package to the encryption-decryption and extranet send-receive package thread 233.
  • the encryption-decryption and extranet send-receive package thread 233 of the route server 23 in the source domain is configured to decrypt the data package and add the decrypted data package to the buffer queue of the TCP intranet receive package thread 232 of the route server 23 in the source domain.
  • the TCP intranet receive package thread 232 of the route server 23 in the source domain is configured to obtain the data package from the buffer queue and send the data package to the client 21.
  • the route server 24 in the target domain may include a management thread, configured to communicate with the full network management module 22, receive and send routing information and establish a corresponding route.
  • module may refer to, be part of, or include an Application Specific Integrated Circuit (ASIC); an electronic circuit; a combinational logic circuit; a field programmable gate array (FPGA); a processor (shared, dedicated, or group) that executes code; other suitable hardware components that provide the described functionality; or a combination of some or all of the above, such as in a system-on-chip.
  • ASIC Application Specific Integrated Circuit
  • FPGA field programmable gate array
  • processor shared, dedicated, or group
  • the term module may include memory (shared, dedicated, or group) that stores code executed by the processor.
  • the device for transferring message file in the above-mentioned embodiments processes a message
  • illustration is made according to the division of the above-mentioned functional modules, and in practical application, the above-mentioned functions can be assigned to be performed by different functional modules as required, i.e., dividing the internal structure of the device into different functional modules to perform all or some of the above-described functions.
  • the device for realizing a remote command and the method for realizing a remote command provided by the above-mentioned embodiments belong to the same concept, and its specific implementation process is seen in the method embodiment, which will not be repeated here.
  • Embodiments within the scope of the present disclosure may also include computer-readable media for carrying or having computer-executable instructions or data structures stored thereon.
  • Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer.
  • Such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code means in the form of computer-executable instructions or data structures.
  • a network or another communications connection either hardwired, wireless, or combination thereof
  • a "tangible" computer-readable medium expressly excludes software per se (not stored on a tangible medium) and a wireless, air interface. Thus, any such connection is properly termed a computer-readable medium. Combinations of the above should also be included within the scope of the computer-readable media.
  • Computer-executable instructions include, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions.
  • Computer-executable instructions also include program modules that are executed by computers in stand-alone or network environments.
  • program modules include routines, programs, objects, components, and data structures, etc. that performs particular tasks or implement particular abstract data types.
  • Computer-executable instructions, associated data structures, and program modules represent examples of the program code means for executing Steps of the methods disclosed herein.
  • the particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such Steps.
  • Program modules may also comprise any tangible computer-readable medium in connection with the various hardware computer components disclosed herein, when operating to perform a particular function based on the instructions of the program contained in the medium.
  • stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.
  • the term “if” may be construed to mean “when” or “upon” or “in response to determining” or “in accordance with a determination” or “in response to detecting,” that a stated condition precedent is true, depending on the context.
  • the phrase “if it is determined [that a stated condition precedent is true]” or “if [a stated condition precedent is true]” or “when [a stated condition precedent is true]” may be construed to mean “upon determining” or “in response to determining” or “in accordance with a determination” or “upon detecting” or “in response to detecting” that the stated condition precedent is true, depending on the context.

Abstract

The disclosed embodiments relate generally to a method and a system for realizing a cross-domain remote command. In accordance with one embodiment, the method may include, sending a remote command execution application to a full network management module by a client in the source domain, determining whether the remote command execution application is a cross-domain remote command execution application, if yes, returning routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and the target server to the route server in the source domain, by the full network management module; establishing a link between the client and the route server in the source domain, by the client itself; generating a data package having routing information of the target server and sending the data package to the route server in the target domain, by the route server in the source domain; establishing a link between the route server in the target domain and the target server, by the route server in the target domain itself.

Description

METHOD AND SYSTEM FOR REALIZING CROSS-DOMAIN
REMOTE COMMAND
CROSS-REFERENCE
[0001] This application claims priority to CN Patent Application No. CN 201310381703.9, filed on August 28, 2013, which are hereby incorporated herein by reference in its entirety.
FIELD OF THE INVENTION
[0002] The present disclosure relates to internet technique field, and more particularly to a method and a system for realizing a cross-domain remote command.
BACKGROUND OF THE INVENTION
[0003] Secure Shell (SSH) protocol is a security protocol, which built on a basic of transport-application layer protocol. The SSH protocol is designed to provide a security protocol for remote login session and other network services. Telecommunications and other Internet service providers use existing Internet communication lines and bandwidth resources to establish a standardized professional-grade telecom room environment of Internet Data Center (IDC). IDC provides server hosting, leasing and related value-added and other aspects of comprehensive services to enterprises and governments.
[0004] The SSH protocol is usually applied to machines (such as servers) only within a same IDC (also known as intra-domain) which can direct access to each other, but cannot be directly applied to machines in different IDCs (also known as cross-domain). However, a company's business may be distributed in multiple IDCs and across many geographical areas, which makes different machines in different IDCs have requirement to use the SSH protocol, for example, when a machine A in one IDC needs to check documents on a machine B in another IDC. Therefore, how to make a machine in one IDC remotely command a machine in another IDC becomes one of the problems need to be solved.
SUMMARY OF THE INVENTION
[0005] Therefore, it is necessary to provide a method and a system for realizing a cross-domain remote command, which can effectively solve the problem mentioned above.
[0006] In accordance with one embodiment, a method for realizing a cross-domain remote command from a source domain to a target domain, may include: sending a remote command execution application to a full network management module by a client in the source domain, wherein the remote command execution application comprises an IP address of the client and an IP address of a target server; according to the IP address of the client and the IP address of the target server, determining whether the remote command execution application is a cross-domain remote command execution application, if yes, returning routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain, by the full network management module; according to the routing information of the route server in the source domain, establishing a link between the client and the route server in the source domain according to a security protocol, by the client itself; generating a data package having routing information of the target server and sending the data package to the route server in the target domain, by the route server in the source domain; according to the routing information in the data package, establishing a link between the route server in the target domain and the target server according to the security protocol and returning the data package returned by the target server to the route server in the source domain, by the route server in the target domain itself; and forwarding the data package to the client by the route server in the source domain.
[0007] In accordance with another embodiment, a system for realizing a cross-domain remote command, may include: a client in a source domain, a full network management module, and a route server in a source domain, a route server in a target domain and a target server. The client in the source domain is configured to sending a remote command execution application to a full network management module, wherein the remote command execution application comprises an IP address of the client and an IP address of a target server. The full network management module is configured to determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client and the IP address of the target server, if yes, return routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain. The client is further configured to establish a link between itself and the route server in the source domain according to a security protocol, according to the routing information of the route server in the source domain. The route server in the source domain is configured to generate a data package having routing information of the target server and sending the data package to the route server in the target domain. The route server in the target domain is configured to establish a link between itself and the target server according to the security protocol and the routing information in the data package and return the data package returned by the target server to the route server in the source domain. The route server in the source domain is further configured to forward the data package to the client.
[0008] In the embodiments of the present invention, routing information is sent to the client in the source domain by the full network management module, and then the client establishes a link between itself and the route server in the source domain according to the routing information. The route server in the source domain sends a data package including the routing information of the target server to the route server in the target domain and returns the data package to the route server in the source domain, and then the route server in the source domain sends the data package to the client, thereby establishing a remote command channel between the source domain and the target domain, shielding physical isolation between different IDCs and realizing a cross-domain remote command.
[0009] In the embodiments of the present disclosure, the retransfer requests for resending the assigned file segment guarantee the reliability of the transferring.
BRIEF DESCRIPTION OF THE DRAWINGS
[0010] FIG. 1 is a block diagram of an embodiment of running environment for performing the method provided by various embodiments of the present disclosure. [0011] FIG. 2 is a flow chart of a method for realizing a remote command provided by one embodiment of the present disclosure.
[0012] FIG. 3 is a sequence diagram for realizing an intra-domain remote command according to the embodiment illustrated in IFG. 2.
[0013] FIG. 4 is a flow chart of the step of returning routing information of the route server in the source domain and the route server in the target domain.
[0014] FIG. 5 is a sequence diagram for realizing a cross-domain remote command according to the embodiment illustrated in IFG. 2.
[0015] FIG. 6 is a flow chart of a method for realizing a remote command provided by another embodiment of the present disclosure.
[0016] FIG. 7 is a flow chart of a method for realizing a remote command provided by another embodiment of the present disclosure.
[0017] FIG. 8 is a block diagram of a system for realizing a remote command provided by yet another embodiment of the present disclosure.
[0018] FIG. 9 is a block diagram of a system for realizing a remote command provided by still yet another embodiment of the present disclosure.
[0019] The drawings described herein are for illustrative purposes only of selected embodiments and not all possible implementations, and are not intended to limit the scope of the present disclosure.
[0020] Corresponding reference numerals indicate corresponding parts throughout the several views of the drawings.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
[0021] Various embodiments of the disclosure are discussed in detail below. While specific implementations are discussed, it should be understood that this is done for illustration purposes only.
[0022] The embodiments discussed below relate generally to a method and a system for providing a cross-domain remote command between different machines in different IDCs. In the embodiments of the present invention, an IDC for initiating a remote command is defined as a source domain, and another IDC for receiving the remote command is defined as a target domain. The method and system in the embodiments of the present invention can provide remote commands cross the source domain and the target domain, shield physical isolation between different IDCs, and realize a cross-domain remote command.
[0023] FIG. 1 shows a block diagram of an embodiment of running environment for performing the method provided by various embodiments of the present disclosure. The runtime environment includes a full network management module 101 and at least two IDCs. The at least two IDCs include a first IDC 102 and a second IDC 103 shown in FIG. 1. Each of the IDC includes a plurality of machines (e.g., server) therein.
[0024] In the embodiments of the present invention, one of the first IDC 102 and the second IDC 103 is defined as a source domain configured for initiating a remote command, and the other one of the first IDC 102 and the second IDC 103 is defined as a target domain for receiving the remote command sent by the client in the source domain. In the following exemplary embodiments, the first IDC 102 is defined as the source domain and the second IDC 103 is defined as the target domain. The first IDC 102 may include a client 1021 for initiating the remote command. The second IDC 103 may include a target server 1031 for receiving the remote command. In the embodiments of the present invention, the first IDC 102 may further include a route server 1022, and the second IDC 103 may further include a route server 1032. In addition, the first IDC 102 may further include a control server 1023 for forwarding the information between the full network management module 101 and the client 1021. Of course, FIG. 1 only shows one embodiment of the running environment, and the implement of the present invention is not limited thereto.
[0025] The IDCs and the full network management module may be coupled through a communication network for information exchange, such as sending/receiving verify information, sending/receiving files. Any number of terminals or servers may be included in the data center, and other devices may also be included.
[0026] The communication network may include any appropriate type of communication network for providing network connections to the server and the client or among multiple servers or terminals. For example, communication network may include the Internet or other types of computer networks or telecommunication networks, either wired or wireless.
[0027] In some cases, the client may refer to any appropriate user terminal with certain computing capabilities, such as a personal computer (PC), a work station computer, a server computer, a hand-held computing device (tablet), a smart phone or mobile phone, or any other user-side computing device. The server, as used herein, may refer to one or more server computers configured to provide certain server functionalities, such as file management.
[0028] An exemplary computing system for the client 1021, the route server 1022, the target server 1031, or the route server 1032 may include a processor, a storage medium, a monitor, a communication module, a database, peripherals, and one or more bus to couple the devices together. Certain devices may be omitted and other devices may be included.
[0029] The processor may include any appropriate processor or processors. Further, processor can include multiple cores for multi-thread or parallel processing. Storage medium may include memory modules, such as ROM, RAM, and flash memory modules, and mass storages, such as CD-ROM, U-disk, removable hard disk, etc. Storage medium may store computer programs for implementing various processes, when executed by processor.
[0030] Further, the monitor may include display devices for displaying certain user interface contents such as splash screens. Peripherals may include I/O devices such as keyboard and mouse, and communication module may include network devices for establishing connections through the communication network. Database may include one or more databases for storing certain data and for performing certain operations on the stored data, such as database management, data extraction/analysis.
[0031] FIG. 2 is a flowchart illustrating one embodiment of a method for realizing a cross-domain remote command. In the embodiment, any one of the client and the servers may include one or more processors operation with a memory and a plurality of modules. In some implementations, the memory or the non-transitory computer readable storage medium of the memory stores the following programs executed by the one or more processors.
[0032] Referring to FIGS. 1 and 2, in Step 11, a client in the source domain sends a remote command execution application to a full network management module, wherein the remote command execution application comprises an IP address of the client and an IP address of a target server.
[0033] The remote command execution application may include an IP address of the client, an IP address of a target server and a remote command string to be executed, etc, so that the full network management module can determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client and the IP address of the target server and returning corresponding routing information.
[0034] The full network management module may communicate with machines in IDCs, responsible for routing management, including routing allocation and recovery. Each machine may regular report heartbeat to the full network management module.
[0035] Preferable, before Step 11, users can enter the target server's IP address in the client and apply remote command ID and password to the full network management module.
[0036] When the user calls the client to send a remote command execution application, the client may show a client login window. Taking the SSH protocol as an example, the user can follow the SSH protocol format to enter the username and the password in the window to quickly achieve remote command operations.
[0037] Accordingly, the remote command sent to the full network management module by the client may also include the user name and the password. Before the step 11, the method may further include: the full network management module verifies the username and the password and obtains a verification result thereof. If the verification result is pass, Step 12 will be executed, if the verification result is fail, the remote command execution application will be rejected. In other words, the full network management module is also used for user ID and password authentication.
[0038] Furthermore, when the user enters the remote command, the user can enter name of the operator.
[0039] Furthermore, after the full network management module receives the remote command execution application, the full network management module may store the command string and the name of the operator in a database for future audits.
[0040] In Step 12, the full network management module determines whether the remote command execution application is a cross-domain remote command execution application, according to the IP address of the client and the IP address of the target server. If yes, the full network management module returns routing information of a route server in the source domain to the client and sends routing information of a route server in the target domain and routing information of the target server to the route server in the source domain.
[0041] The full network management module stores full list of network machines, the list of network machines records information (including IP address) about each machine in the full network and the corresponding IDC thereof. The full network management module may find IDC corresponding to the client and the target server in the list of network machines, according to the ID address of the client and the IP address of the target server.
[0042] If the IP address of client and the target server belong to a same IDC, the full network management module may determine the remote command execution application is not a cross-domain remote command execution application, i.e., is an intra-domain command execution application, and the full network management module may return routing information of the target server to the client. The client may establish a link between itself and the target server, according to the routing information of the target server and the security protocol, to complete an intra-domain command. Referring to FIG. 3, FIG. 3 shows a timing diagram for realizing an intra-domain command. That is, the cross-domain remote command and the intra-domain command can be invoked through the same client in the source domain (e.g. the client 1021 in FIG. 1).
[0043] If the IP address of client and the target server belong to different IDCs, for example, the IP address of the client belongs to the first IDC 102 and the IP address of the target server belongs to the second IDC 103, the full network management module determines the remote command execution application is a cross-domain remote command execution application and returns routing information of a route server in the source domain back to the client and sends routing information of a route server in the target domain and routing information of the target server to the route server in the source domain.
[0044] Specific, referring to FIG. 4, the step of returning routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain may includes following steps.
[0045] In Step 121, the full network management module selects the route server in the source domain from a data center of the source domain and selecting the route server in the target domain from a data center of the target domain.
[0046] In Step 122, the full network management module selects a free port of from ports of the route server in the source domain and a free port from ports of the route server in the target domain separately.
[0047] In Step 123, the full network management module returns an IP address and the free port of the route server in the source domain as the routing information thereof to the client, and sends an IP address and the free port of the route server in the target domain as the routing information thereof to the route server in the source domain.
[0048] Specific, the full network management module may find IDC corresponding to the client and the target server, determines a data center corresponding to the client as a source domain data center (such as the first IDC 102), and determines a data center corresponding to the target server as a target domain data center (such as the second IDC 103). The full network management module may select a server in the source domain having lightest load as a route server in the source domain and select a server in the target domain having lightest load as a route server in the target domain. Assuming a company respectively deploys 8 route servers in Shenzhen and Shantou, each route server has 1000 ports for supporting the remote command, then the 8 route servers may support 8000 remote commands from Shenzhen to Shantou. The full network management module may select a free port from the ports of the route server in the source domain and the ports of the route server in the target domain to allocate to the remote command. When the execution of the remote command is completed, the full network management module informs the route server in the source domain and the target domain to release the corresponding port.
[0049] The full network management module returns the IP address and the free port of the route server in the source domain as the routing information thereof to the client, and sends the IP address and the free port of the route server in the target domain as the routing information thereof to the route server in the source domain.
[0050] Furthermore, the full network management module returns the routing information of the route server in the source domain to the route server in the source domain.
[0051] In Step 13, the client establishes a link between itself and the route server in the source domain according to a security protocol and the routing information of the route server in the source domain.
[0052] In Step 14, the route server in the source domain generates a data package having routing information of the target server and sends the data package to the route server in the target domain.
[0053] In Step 15, the route server in the target domain establishes a link between itself and the target server according to the security protocol, and returns the data package returned by the target server to the route server in the source domain.
[0054] In Step 16, the route server in the source domain forwards the data package to the client.
[0055] When the client receives routing information of the route server in the source domain, the route server in the target domain and the target server, Step 13 and Step 14 may be executed to realize the cross-domain remote command. Referring to FIG. 5, FIG. 5 is a sequence diagram of a method for realizing a cross-domain remote command provided by the above embodiment of the present disclosure. Specific, according to the IP address and the port in the routing information of the route server in the source domain, the client establishes a link to the route server in the source domain according to the security protocol (SSH protocol, for example). Based on the SSH protocol, after the route server in the source domain linking to the client, the data package including routing information of the target server is established and sent to the route server in the target domain. According to the routing information in the data package, the route server in the target domain establishes a SSH link to the target server. After the target server has returned the data package to the route server in the target domain, the route server in the target domain returns the data package to the client to establish a link between the client and the target server.
[0056] After the step of establishing a link between the route server in the target domain and the target server, according to the security protocol, a disconnecting link request will be sent by the client or the target server, and a disconnecting link data package will be generated for disconnecting the link and releasing link resources.
[0057] Specific, if the disconnecting link request is sent by the client, the client may send the disconnecting link request to the route server in the source domain, according to the security protocol and the routing information of the route server in the source domain. The route server in the source domain may generate a disconnecting link data package having the routing information of the target server and send the disconnecting link data package to the route server in the target domain. The route server in the target domain may disconnect the link to the target server and releasing link resources according to the routing information in the disconnecting link data package.
[0058] Furthermore, the client may send a request to the full network management module for deleting the routing information. The full network management module may delete the routing information of the route server in the source domain and the route server in the target domain.
[0059] If the disconnecting link request is sent by the target server, the target server may send the disconnecting link request to the route server in the target domain according to the security protocol and the routing information in the data package. Then the route server in the target domain may establish a disconnecting link data package and send the disconnecting link data package to the route server in the source domain. The route server in the source domain may disconnect the link between the client and releasing link resources according to the disconnecting link data package.
[0060] In the method for realizing a cross-domain remote command, routing information is sent to the client in the source domain by the full network management module, and then the client establishes a link between itself and the route server in the source domain according to the routing information. The route server in the source domain then sends a data package including the routing information of the target server to the route server in the target domain and returns the data package to the route server in the source domain, and then the route server in the source domain sends the data package to the client, thereby establishing a remote command channel between the source domain and the target domain, shielding physical isolation between different IDCs and realizing a cross-domain remote command.
[0061] FIG. 6 is a flowchart illustrating another embodiment of a method for realizing a cross-domain remote command. FIG. 7 is architecture diagram of the route server in the source domain and the route server in the target domain in accordance with the method shown in FIG. 6. Referring to FIGS. 6 and 7, the method may include following steps.
[0062] In step 201, a client in the source domain sends a remote command execution application to the full network management module. The remote command execution application may include an IP address of the client, an IP address of a target server and remote command string to be executed, etc.
[0063] In Step 202, the full network management module determines whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client and the IP address of the target server. If yes, the full network management module returns routing information of a route server in the source domain back to the client and sends routing information of a route server in the target domain and routing information of the target server to the route server in the source domain.
[0064] Step 201 and step 202 may refer to the corresponding step in above embodiment.
[0065] In Step 203, the client establishes a link between itself and the route server in the source domain according to the security protocol and the routing information of the route server in the source domain.
[0066] In the exemplary embodiment, a third party proxy software may be embedded in the route server in the source domain. The route server in the source domain may include a management thread, a TCP intranet receive package thread and an encryption-decryption and extranet send-receive package thread, etc.
[0067] In Step 204, the management thread of the route server in the source domain receives and stores the routing information of the route server in the source domain, the routing information of the route server in the target domain and the routing information of the target server in the target domain, and informs the TCP intranet receive package thread to listen and response the port according to the routing information of the route server in the source domain.
[0068] In Step 205, the TCP intranet receive package thread of the route server in the source domain responds a link request received by the port and sent from the client, and obtains the routing information of the route server in the target domain and the routing information of the target server in the target domain through the port.
[0069] In Step 206, the TCP intranet receive package thread generates the data package having the routing information as a packet header according to the routing information obtained by the port, and sends the data package to a buffer queue of a encryption-decryption and extranet send-receive package thread.
[0070] For example, the packet header can be E_TCP_FIRST_ENMS G.
[0071] In Step 207, the encryption-decryption and extranet send-receive package thread obtains the data package from the buffer queue, encrypts data besides the package header, and sends the encrypted data to the route server in the target domain according to the package header.
[0072] In Step 208, after receiving the data package, the TCP extranet send-receive package thread of the route server in the target domain adds the data package into a buffer queue of the encryption-decryption and intranet send-receive package thread.
[0073] In Step 209, the encryption-decryption and intranet send-receive package thread of the route server in the target domain obtains the data package from the buffer queue, decrypts the data package and establishes a link between the route server in the target domain and the target server according to the security protocol and the routing information in the package header of the data package.
[0074] In Step 210, after the link between target server and the route server in the target domain has been established, the target server according to security protocol sends the data package to the encryption-decryption and intranet send-receive package thread of the route server in the target domain.
[0075] In Step 211, the encryption-decryption and intranet send-receive package thread encrypts the data package and adds the encrypted data package into the buffer queue of the TCP extranet send-receive package thread of the route server in the target domain.
[0076] In Step 212, the TCP extranet send-receive package thread obtains the data package from the buffer queue, sends the data package to the encryption-decryption and extranet send-receive package thread.
[0077] In Step 213, the encryption-decryption and extranet send-receive package thread of the route server in the source domain decrypts the data package and adds the decrypted data package to the buffer queue of the TCP intranet receive package thread of the route server in the source domain.
[0078] In step 214, the TCP intranet receive package thread of the route server in the source domain obtains the data package from the buffer queue and sending the data package to the client.
[0079] FIG. 8 is a block diagram of a system for realizing a cross-domain remote command. Referring to FIG. 8, the system 10 may include a client 11 in a source domain, a full network management module 12, a route server 13 in the source domain, a route server 14 in a target domain and a target server 15. The route server 13 in the source domain and the client 11 in the source domain is in a data center IDC1. The route server 14 in the target server is in another data center IDC2. In some cases, the target server 15 may in a same data center with the client 11 in the source domain. In some other cases, the target server 15 may in a same data center with the route server 14 in the target domain. In FIG. 8, the target server 15 and the route server 14 in the target domain are belonging to a same data center, for example.
[0080] The client 11 in the source domain is configured to sending a remote command execution application to the full network management module 12, wherein the remote command execution application includes an IP address of the client 11 and an IP address of a target server 15;
[0081] The full network management module 12 is configured to determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client 11 and the IP address of the target server 15, if yes, return routing information of the route server 13 in the source domain to the client and sending routing information of the route server 14 in the target domain and routing information of the target server 15 to the route server 13 in the source domain;
[0082] The client 11 is further configured to establish a link between itself and the route server 13 in the source domain according to a security protocol, according to the routing information of the route server 13 in the source domain;
[0083] The route server 13 in the source domain is configured to generate a data package having routing information of the target server 15 and sending the data package to the route server 14 in the target domain;
[0084] The route server 14 in the target domain is configured to establish a link between itself and the target server 15 according to the security protocol and the routing information in the data package and return the data package returned by the target server 15 to the route server in 13 the source domain.
[0085] The route server 13 in the source domain is further configured to forward the data package to the client 11.
[0086] Furthermore, the remote command execution application may include a user account and a password input by a user. The full network management module 12 is further configured to verify the user account and the password and obtain a verification result thereof, if the verification result is pass, start to execute the step of determining whether the remote command execution application is a cross-domain remote command execution application, otherwise, reject the remote command execution application.
[0087] The full network management module 12 is configured to select the route server 13 in the source domain from a data center of the source domain and select the route server 14 in the target domain from a data center of the target domain, select a free port from ports of the route server 13 in the source domain and a free port from ports of the route server 14 in the target domain separately, then return an IP address and the free port of the selected route server 13 in the source domain as the routing information thereof to the client, and send an IP address and the free port of the route server 14 in the target domain as the routing information thereof to the route server 13 in the source domain.
[0088] Furthermore, the remote command execution application may include a command string. The full network management module 12 is further configured to receive the remote command execution application, and store the command string and the user account into a database.
[0089] If the full network management module 12 determines the remote command execution application is not a cross-domain remote command execution application, the full network management module 12 is further configured to return the routing information of the target server to the client. The client 11 is further configured to establish a link between the client itself and the target server, according to the routing information of the target server and the security protocol.
[0090] Furthermore, the full network management module 12 is configured to send the routing information of the route server in the source domain to the route server in the source domain.
[0091] Furthermore, the client 11 is configured to send a disconnecting link request to the route server in the source domain according to the security protocol and the routing information of the route server in the source domain.
[0092] The route server 13 in the source domain is further configured to generate a disconnecting link data package having the routing information of the target server and send the disconnecting link data package to the route server in the target domain.
[0093] The route server 14 in the target domain is further configured to disconnect the link to the target server and release link resources according to the routing information in the disconnecting link data package.
[0094] The target server 15 is further configured to send a disconnecting link request to the route server 14 in the target domain according to the security protocol and the routing information in the data package.
[0095] The route server 14 in the target domain is further configured to generate a disconnecting link data package and send the disconnecting link data package to the route server 13 in the source domain. The route server 13 in the source domain is further configured to disconnect the link to the client and release link resources according to the disconnecting link data package.
[0096] Furthermore, the client 11 is further configured to send a request to the full network management module 12 for deleting the routing information. The full network management module 12 is further configured to delete the routing information of the route server 13 in the source domain and the route server 14 in the target domain.
[0097] In addition, the system may include a control server 16, configured to forward massages between the client 11 in the source domain and the full network management module 12.
[0098] In the exemplary embodiment of the present invention, the full network management module sends routing information to the client first, and then the client establishes a link between itself and the route server in the source domain according to the routing information. The route server in the source domain then sends a data package including the routing information of the target server to the route server in the target domain and returns the data package to the route server in the source domain, and then the route server in the source domain sends the data package to the client, thereby establishing a remote command channel between the source domain and the target domain, shielding physical isolation between different IDCs and realizing a cross-domain remote command. [0099] Other details of the system for realizing cross-domain remote command may refer to FIGS. 1 to 7, and corresponding description.
[0100] FIG. 9 is a block diagram of a system for realizing a cross-domain remote command provided by yet another embodiment of the present disclosure. Referring to FIG. 9, the system 20 may include a client 21 in a source domain, a full network management module 22, a route server 23 in the source domain, a route server 24 in a target domain and a target server 25.
[0101] The client 21 in the source domain is configured to sending a remote command execution application to the full network management module 22, wherein the remote command execution application includes an IP address of the client 21 and an IP address of a target server 25.
[0102] The full network management module 22 is configured to determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client 21 and the IP address of the target server 25, if yes, return routing information of the route server 23 in the source domain to the client and sending routing information of the route server 24 in the target domain and routing information of the target server 25 to the route server 23 in the source domain.
[0103] The client 21 is further configured to establish a link between itself and the route server 23 in the source domain according to a security protocol, according to the routing information of the route server 23 in the source domain.
[0104] The route server 23 in the source domain is configured to generate a data package having routing information of the target server 25 and sending the data package to the route server 24 in the target domain. [0105] The route server 24 in the target domain is configured to establish a link between itself and the target server 25 according to the security protocol and the routing information in the data package and return the data package returned by the target server 25 to the route server in 23 the source domain.
[0106] The route server 23 in the source domain is further configured to forward the data package to the client 21.
[0107] In addition, the system may include a control server 26, configured to forward massages between the client 21 in the source domain and the full network management module 22.
[0108] In the exemplary embodiment of the present invention, the route server 23 in the source domain may include a management thread 231, a TCP intranet receive package thread 232 and an extranet send-receive package thread 233. The route server 24 in the target domain may include a TCP extranet send-receive package thread 241, and an encryption-decryption and intranet send-receive package thread 242.
[0109] The management thread 231 of the route server 23 in the source domain is configured to receive and store the routing information of the route server in the source domain, the routing information of the route server in the target domain and the routing information of the target server in the target domain, inform a TCP intranet receive package thread to listen and response the port according to the routing information of the route server in the source domain.
[0110] The TCP intranet receive package thread 232 is configured to respond a link request received by the port and sent from the client and obtain the routing information of the route server in the target domain and the routing information of the target server in the target domain through the port.
[0111] The TCP intranet receive package thread 232 is further configured to generate the data package having the routing information as a packet header according to the routing information obtained by the port, send the data package to a buffer queue of a encryption-decryption and extranet send-receive package thread.
[0112] The encryption-decryption and extranet send-receive package thread 233 is configured to obtain the data package from the buffer queue, encrypt data besides the package header, send the encrypted data to the route server in the target domain according to the package header.
[0113] The TCP extranet send-receive package thread 241 of the route server 24 in the target domain is configured to add the data package into a buffer queue of the encryption-decryption and intranet send-receive package thread 242, after receiving the data package.
[0114] The encryption-decryption and intranet send-receive package thread 242 is configured to obtain the data package from the buffer queue, decrypt the data package and establish a link between the route server 24 in the target domain and the target server 25 according to the security protocol and the routing information in the package header of the data package.
[0115] The target server 25 is further configured to send the data package to the encryption-decryption and intranet send-receive package thread 242 of the route server 24 in the target domain according to security protocol, after the link between target server 25 and the route server 24 in the target domain has been established.
[0116] The encryption-decryption and intranet send-receive package thread 242 is configured to encrypt the data package and add the encrypted data package into the buffer queue of the TCP extranet send-receive package thread 241 of the route server 24 in the target domain.
[0117] The TCP extranet send-receive package thread 241 is configured to obtain the data package from the buffer queue, send the data package to the encryption-decryption and extranet send-receive package thread 233.
[0118] The encryption-decryption and extranet send-receive package thread 233 of the route server 23 in the source domain is configured to decrypt the data package and add the decrypted data package to the buffer queue of the TCP intranet receive package thread 232 of the route server 23 in the source domain.
[0119] The TCP intranet receive package thread 232 of the route server 23 in the source domain is configured to obtain the data package from the buffer queue and send the data package to the client 21.
[0120] The route server 24 in the target domain may include a management thread, configured to communicate with the full network management module 22, receive and send routing information and establish a corresponding route.
[0121] As used herein, the term "module" may refer to, be part of, or include an Application Specific Integrated Circuit (ASIC); an electronic circuit; a combinational logic circuit; a field programmable gate array (FPGA); a processor (shared, dedicated, or group) that executes code; other suitable hardware components that provide the described functionality; or a combination of some or all of the above, such as in a system-on-chip. The term module may include memory (shared, dedicated, or group) that stores code executed by the processor.
[0122] It should be noted that when the device for transferring message file in the above-mentioned embodiments, processes a message, illustration is made according to the division of the above-mentioned functional modules, and in practical application, the above-mentioned functions can be assigned to be performed by different functional modules as required, i.e., dividing the internal structure of the device into different functional modules to perform all or some of the above-described functions. In addition, the device for realizing a remote command and the method for realizing a remote command provided by the above-mentioned embodiments belong to the same concept, and its specific implementation process is seen in the method embodiment, which will not be repeated here.
[0123] Embodiments within the scope of the present disclosure may also include computer-readable media for carrying or having computer-executable instructions or data structures stored thereon. Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code means in the form of computer-executable instructions or data structures. When information is transferred or provided over a network or another communications connection (either hardwired, wireless, or combination thereof) to a computer, the computer properly views the connection as a computer-readable medium. A "tangible" computer-readable medium expressly excludes software per se (not stored on a tangible medium) and a wireless, air interface. Thus, any such connection is properly termed a computer-readable medium. Combinations of the above should also be included within the scope of the computer-readable media.
[0124] Computer-executable instructions include, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Computer-executable instructions also include program modules that are executed by computers in stand-alone or network environments. Generally, program modules include routines, programs, objects, components, and data structures, etc. that performs particular tasks or implement particular abstract data types. Computer-executable instructions, associated data structures, and program modules represent examples of the program code means for executing Steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such Steps. Program modules may also comprise any tangible computer-readable medium in connection with the various hardware computer components disclosed herein, when operating to perform a particular function based on the instructions of the program contained in the medium.
[0125] Although some of the various drawings illustrate a number of logical stages in a particular order, stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.
[0126] Reference throughout this specification to "one embodiment," "an embodiment," "specific embodiment," or the like in the singular or plural means that one or more particular features, structures, or characteristics described in connection with an embodiment is included in at least one embodiment of the present disclosure. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment," "in a specific embodiment," or the like in the singular or plural in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0127] The terminology used in the description of the disclosure herein is for the purpose of describing particular examples only and is not intended to be limiting of the disclosure. As used in the description of the disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Also, as used in the description herein and throughout the claims that follow, the meaning of "in" includes "in" and "on" unless the context clearly dictates otherwise. It will also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. It will be further understood that the terms "may include," "including," "comprises," and/or "comprising," when used in this specification, specify the presence of stated features, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, operations, elements, components, and/or groups thereof. [0128] As used herein, the term "if" may be construed to mean "when" or "upon" or "in response to determining" or "in accordance with a determination" or "in response to detecting," that a stated condition precedent is true, depending on the context. Similarly, the phrase "if it is determined [that a stated condition precedent is true]" or "if [a stated condition precedent is true]" or "when [a stated condition precedent is true]" may be construed to mean "upon determining" or "in response to determining" or "in accordance with a determination" or "upon detecting" or "in response to detecting" that the stated condition precedent is true, depending on the context.
[0129] The order by which the foregoing embodiments of the present disclosure are presented merely reflects the convenience of description. It does not imply the preference among the embodiments.
[0130] The above descriptions are only preferred embodiments of the present disclosure, and are not intended to limit the present disclosure. Any amendments, replacement and modification made to the above embodiments under the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims

WHAT IS CLAIMED IS:
1. A method for realizing a cross-domain remote command from a source domain to a target domain, the method comprising:
sending a remote command execution application to a full network management module by a client in the source domain, wherein the remote command execution application comprises an IP address of the client and an IP address of a target server;
according to the IP address of the client and the IP address of the target server, determining whether the remote command execution application is a cross-domain remote command execution application, if yes, returning routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain, by the full network management module;
according to the routing information of the route server in the source domain, establishing a link between the client and the route server in the source domain according to a security protocol, by the client itself;
generating a data package having routing information of the target server and sending the data package to the route server in the target domain, by the route server in the source domain;
according to the routing information in the data package, establishing a link between the route server in the target domain and the target server according to the security protocol and returning the data package returned by the target server to the route server in the source domain, by the route server in the target domain itself; and
forwarding the data package to the client by the route server in the source domain.
2. The method as claimed in claim 1, wherein the remote command execution application further comprises an user account and a password input by a user, before the step of according to the IP address of the client and the IP address of the target server, determining whether the remote command execution application is a cross-domain remote command execution application by the full network management module, the method further comprises:
verifying the user account and the password by the full network management module and obtaining a verification result thereof, if the verification result is pass, starting to execute the step of determining whether the remote command execution application is a cross-domain remote command execution application, otherwise, rejecting the remote command execution application.
3. The method as claimed in claim 1, wherein the step of returning routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain comprises:
selecting the route server in the source domain from a data center of the source domain and selecting the route server in the target domain from a data center of the target domain, by the full network management module;
selecting a free port from ports of the route server in the source domain and a free port from ports of the route server in the target domain separately; returning an IP address and the free port of the selected route server in the source domain as the routing information thereof to the client, and sending an IP address and the free port of the route server in the target domain as the routing information thereof to the route server in the source domain.
4. The method as claimed in claim 2, wherein the remote command execution application further comprises a command string, the full network management module receives the remote command execution application, stores the command string and the user account into a database.
5. The method as claimed in claim 1, wherein if the full network management module determines the remote command execution application is not a cross-domain remote command execution application, the method further comprises:
returning the routing information of the target server to the client by the full network management module;
establishing a link between the client and the target server by the client itself, according to the routing information of the target server and the security protocol.
6. The method as claimed in claim 3, wherein the step of returning routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain further comprises:
sending the routing information of the route server in the source domain to the route server in the source domain.
7. The method as claimed in claim 6, wherein the step of establishing a link between the client and the route server in the source domain according to a security protocol, according to the routing information of the route server in the source domain, comprises:
receiving and storing the routing information of the route server in the source domain, the routing information of the route server in the target domain and the routing information of the target server in the target domain, informing a TCP intranet receive package thread to listen and response the port according to the routing information of the route server in the source domain, by a management thread of the route server in the source domain; responding a link request received by the port and sent from the client and obtaining the routing information of the route server in the target domain and the routing information of the target server in the target domain through the port, by the TCP intranet receive package thread;
according to the routing information obtained by the port, generating the data package having the routing information as a packet header, sending the data package to a buffer queue of a encryption-decryption and extranet send-receive package thread, by the TCP intranet receive package thread; and
obtaining the data package from the buffer queue, encrypting data besides the package header, sending the encrypted data to the route server in the target domain according to the package header, by the encryption-decryption and extranet send-receive package thread.
8. The method as claimed in claim 6, wherein the step of establishing a link between the route server in the target domain and the target server according to the security protocol, comprises:
adding the data package into a buffer queue of the encryption-decryption and intranet send-receive package thread by the TCP extranet send-receive package thread of the route server in the target domain, after receiving the data package; and
obtaining the data package from the buffer queue, decrypting the data package and establishing a link between the route server in the target domain and the target server according to the security protocol and the routing information in the package header of the data package, by the encryption-decryption and intranet send-receive package thread of the route server in the target domain.
9. The method as claimed in claim 6, wherein the step of returning the data package returned by the target server to the route server and forwarding the data package to the client by the route server in the source domain, comprises:
sending the data package to the encryption-decryption and intranet send-receive package thread of the route server in the target domain according to security protocol by the target server, after the link between target server and the route server in the target domain has been established; encrypting the data package and adding the encrypted data package into the buffer queue of the TCP extranet send-receive package thread of the route server in the target domain, by the encryption-decryption and intranet send-receive package thread;
obtaining the data package from the buffer queue, sending the data package to the encryption-decryption and extranet send-receive package thread, by the TCP extranet send-receive package thread;
decrypting the data package and adding the decrypted data package to the buffer queue of the TCP intranet receive package thread of the route server in the source domain, by the encryption-decryption and extranet send-receive package thread of the route server in the source domain; and obtaining the data package from the buffer queue and sending the data package to the client, by the TCP intranet receive package thread of the route server in the source domain.
10. The method as claimed in claim 1, after the step of establishing a link between the route server in the target domain and the target server according to the security protocol, further comprising:
sending a disconnecting link request to the route server in the source domain according to the security protocol and the routing information of the route server in the source domain, by the client;
generating a disconnecting link data package having the routing information of the target server and sending the disconnecting link data package to the route server in the target domain by the route server in the source domain; and
disconnecting the link to the target server and releasing link resources according to the routing information in the disconnecting link data package, by the route server in the target domain.
11. The method as claimed in claim 10, further comprising:
sending a request to the full network management module for deleting the routing information, by the client;
deleting the routing information of the route server in the source domain and the route server in the target domain by the full network management module.
12. The method as claimed in claim 1, after the step of establishing a link between the route server in the target domain and the target server according to the security protocol, further comprising:
sending a disconnecting link request to the route server in the target domain according to the security protocol and the routing information in the data package, by the target server;
generating a disconnecting link data package and sending the disconnecting link data package to the route server in the source domain, by the route server in the target domain; and
disconnecting the link to the client and releasing link resources according to the disconnecting link data package, by the route server in the source domain.
13. A system for realizing a cross-domain remote command, the system comprising a client in a source domain, a full network management module, and a route server in a source domain, a route server in a target domain and a target server, wherein:
the client in the source domain is configured to sending a remote command execution application to a full network management module, wherein the remote command execution application comprises an IP address of the client and an IP address of a target server;
the full network management module is configured to determine whether the remote command execution application is a cross-domain remote command execution application according to the IP address of the client and the IP address of the target server, if yes, return routing information of a route server in the source domain to the client and sending routing information of a route server in the target domain and routing information of the target server to the route server in the source domain; the client is further configured to establish a link between itself and the route server in the source domain according to a security protocol, according to the routing information of the route server in the source domain;
the route server in the source domain is configured to generate a data package having routing information of the target server and sending the data package to the route server in the target domain;
the route server in the target domain is configured to establish a link between itself and the target server according to the security protocol and the routing information in the data package and return the data package returned by the target server to the route server in the source domain; and the route server in the source domain is further configured to forward the data package to the client.
14. The system as claimed in claim 13, wherein the remote command execution application further comprises an user account and a password input by a user, the full network management module is further configured to verify the user account and the password and obtain a verification result thereof, if the verification result is pass, start to execute the step of determining whether the remote command execution application is a cross-domain remote command execution application, otherwise, reject the remote command execution application.
15. The system as claimed in claim 13, wherein, the full network management module is configured to select the route server in the source domain from a data center of the source domain and select the route server in the target domain from a data center of the target domain, select a free port from ports of the route server in the source domain and a free port from ports of the route server in the target domain separately, return an IP address and the free port of the selected route server in the source domain as the routing information thereof to the client, and send an IP address and the free port of the route server in the target domain as the routing information thereof to the route server in the source domain.
16. The system as claimed in claim 14, wherein the remote command execution application further comprises a command string, the full network management module is further configured to receive the remote command execution application, and store the command string and the user account into a database.
17. The system as claimed in claim 13, wherein if the full network management module determines the remote command execution application is not a cross-domain remote command execution application, the full network management module is further configured to return the routing information of the target server to the client, and the client is further configured to establish a link between the client itself and the target server, according to the routing information of the target server and the security protocol.
18. The system as claimed in claim 13, wherein the full network management module is further configured to send the routing information of the route server in the source domain to the route server in the source domain.
19. The system as claimed in claim 18, wherein the route server in the source domain comprises a management thread, a TCP intranet receive package thread and an encryption-decryption and extranet send-receive package thread:
the management thread of the route server in the source domain is configured to receive and store the routing information of the route server in the source domain, the routing information of the route server in the target domain and the routing information of the target server in the target domain, inform a TCP intranet receive package thread to listen and response the port according to the routing information of the route server in the source domain;
the TCP intranet receive package thread is configured to respond a link request received by the port and sent from the client and obtain the routing information of the route server in the target domain and the routing information of the target server in the target domain through the port;
the TCP intranet receive package thread is further configured to according to the routing information obtained by the port, generate the data package having the routing information as a packet header, send the data package to a buffer queue of a encryption-decryption and extranet send-receive package thread; and
the encryption-decryption and extranet send-receive package thread is configured to obtain the data package from the buffer queue, encrypt data besides the package header, send the encrypted data to the route server in the target domain according to the package header.
20. The system as claimed in claim 19, wherein the route server in the target domain comprises a TCP extranet send-receive package thread, and a encryption-decryption and intranet send-receive package thread:
the TCP extranet send-receive package thread of the route server in the target domain is configured to add the data package into a buffer queue of the encryption-decryption and intranet send-receive package thread, after receiving the data package; and
the encryption-decryption and intranet send-receive package thread is configured to obtain the data package from the buffer queue, decrypt the data package and establish a link between the route server in the target domain and the target server according to the security protocol and the routing information in the package header of the data package.
21. The system as claimed in claim 20, wherein,
the target server is further configured to send the data package to the encryption-decryption and intranet send-receive package thread of the route server in the target domain according to security protocol, after the link between target server and the route server in the target domain has been established;
the encryption-decryption and intranet send-receive package thread is configured to encrypt the data package and add the encrypted data package into the buffer queue of the TCP extranet send-receive package thread of the route server in the target domain;
the TCP extranet send-receive package thread is configured to obtain the data package from the buffer queue, send the data package to the encryption-decryption and extranet send-receive package thread;
the encryption-decryption and extranet send-receive package thread of the route server in the source domain is configured to decrypt the data package and add the decrypted data package to the buffer queue of the TCP intranet receive package thread of the route server in the source domain; and
the TCP intranet receive package thread of the route server in the source domain is configured to obtain the data package from the buffer queue and send the data package to the client.
22. The system as claimed in claim 13, wherein,
the client is further configured to send a disconnecting link request to the route server in the source domain according to the security protocol and the routing information of the route server in the source domain;
the route server in the source domain is further configured to generate a disconnecting link data package having the routing information of the target server and send the disconnecting link data package to the route server in the target domain; and
the route server in the target domain is further configured ot disconnect the link to the target server and release link resources according to the routing information in the disconnecting link data package.
23. The system as claimed in claim 22, wherein the client is further configured to send a request to the full network management module for deleting the routing information; the full network management module is further configured to delete the routing information of the route server in the source domain and the route server in the target domain.
24. The system as claimed in claim 13, wherein the target server is further configured to send a disconnecting link request to the route server in the target domain according to the security protocol and the routing information in the data package; the route server in the target domain is further configured to generate a disconnecting link data package and send the disconnecting link data package to the route server in the source domain; and the route server in the source domain is further configured to disconnect the link to the client and release link resources according to the disconnecting link data package.
PCT/CN2014/085370 2013-08-28 2014-08-28 Method and system for realizing cross-domain remote command WO2015027931A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310381703.9 2013-08-28
CN201310381703.9A CN104426864B (en) 2013-08-28 2013-08-28 The realization method and system of cross-region remote order

Publications (1)

Publication Number Publication Date
WO2015027931A1 true WO2015027931A1 (en) 2015-03-05

Family

ID=52585607

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/085370 WO2015027931A1 (en) 2013-08-28 2014-08-28 Method and system for realizing cross-domain remote command

Country Status (2)

Country Link
CN (1) CN104426864B (en)
WO (1) WO2015027931A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111526189A (en) * 2020-04-13 2020-08-11 恒安嘉新(北京)科技股份公司 Equipment monitoring method and device, computer equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105119745A (en) * 2015-08-19 2015-12-02 浪潮(北京)电子信息产业有限公司 Method and system for improving availability of DB2 DPF
CN109936587B (en) * 2017-12-15 2022-02-22 北京京东乾石科技有限公司 Control method, control device, electronic apparatus, and storage medium
CN113746670B (en) * 2021-08-12 2023-07-21 中国电子科技集团公司电子科学研究院 Cross-domain network management method and device based on network management server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1750650A (en) * 2005-10-31 2006-03-22 北京中星微电子有限公司 Monitoring system based on internet
CN1960304A (en) * 2006-11-22 2007-05-09 北京神舟航天软件技术有限公司 Method for realizing cross-domain access by using local domain proxy server
CN101296402A (en) * 2007-04-27 2008-10-29 华为技术有限公司 Information acquisition method, gateway proxy and network system
TWI330483B (en) * 2008-12-17 2010-09-11 Moxa Inc Cross-domain communication system and method thereof
CN102938768A (en) * 2012-11-13 2013-02-20 浙江宇视科技有限公司 Method and device for cross-domain login and cross-domain monitoring service of roaming user

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1204712C (en) * 2003-06-11 2005-06-01 中国科学院计算技术研究所 Method for implementing cross-domain file sharing
CN101075240A (en) * 2006-08-25 2007-11-21 腾讯科技(深圳)有限公司 Method and system for spanned acquiring data
CN101662460B (en) * 2008-08-25 2015-07-15 阿里巴巴集团控股有限公司 Method, system and device for cross-domain communication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1750650A (en) * 2005-10-31 2006-03-22 北京中星微电子有限公司 Monitoring system based on internet
CN1960304A (en) * 2006-11-22 2007-05-09 北京神舟航天软件技术有限公司 Method for realizing cross-domain access by using local domain proxy server
CN101296402A (en) * 2007-04-27 2008-10-29 华为技术有限公司 Information acquisition method, gateway proxy and network system
TWI330483B (en) * 2008-12-17 2010-09-11 Moxa Inc Cross-domain communication system and method thereof
CN102938768A (en) * 2012-11-13 2013-02-20 浙江宇视科技有限公司 Method and device for cross-domain login and cross-domain monitoring service of roaming user

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111526189A (en) * 2020-04-13 2020-08-11 恒安嘉新(北京)科技股份公司 Equipment monitoring method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN104426864B (en) 2019-01-08
CN104426864A (en) 2015-03-18

Similar Documents

Publication Publication Date Title
US11228590B2 (en) Data processing method and apparatus based on mobile application entrance and system
EP3150022B1 (en) Client applications communicating via a user tunnel
US11777865B2 (en) Discovery and adjustment of path maximum transmission unit
US20200162245A1 (en) Method and system for performing ssl handshake
US11489831B2 (en) Communication system and computer readable storage medium
CN110855634A (en) Cross-network switching service system and method based on secure network
CN115086306B (en) Data transmission method and device, electronic equipment and storage medium
US11843642B1 (en) Serverless signaling in peer-to-peer session initialization
CN106464596A (en) Openflow communication method, system, controller, and service gateway
CN108900324B (en) Method and device for checking communication performance of virtual machine
CN108306872B (en) Network request processing method and device, computer equipment and storage medium
WO2015027931A1 (en) Method and system for realizing cross-domain remote command
US20210297821A1 (en) Short message service link for activity feed communications
US20190007306A1 (en) Device and method for controlling route of traffic flow
US11070978B2 (en) Technique for authenticating a user device
CN111163102B (en) Data processing method and device, network equipment and readable storage medium
US20130339727A1 (en) WAN Optimization Without Required User Configuration for WAN Secured VDI Traffic
WO2014089968A1 (en) Virtual machine system data encryption method and device
CN110673970A (en) Cross-process calling system and method based on web application
US8731532B2 (en) Method for delivering electronic documents using mobile telephony identifiers in a secure manner in conjunction with internet protocols and address systems
CN114338682A (en) Flow identity mark transmission method and device, electronic equipment and storage medium
CN110266705B (en) Control method and system
CN104753774A (en) Distributed enterprise integrated access gateway
JP2013126219A (en) Transfer server and transfer program
WO2018000393A1 (en) Method, device and system for managing network slice

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14841202

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC ( EPO FORM 1205A DATED 07/06/2016 )

122 Ep: pct application non-entry in european phase

Ref document number: 14841202

Country of ref document: EP

Kind code of ref document: A1