WO2017124965A1 - Network access method for multiple operating system terminal and multiple operating system terminal - Google Patents

Network access method for multiple operating system terminal and multiple operating system terminal Download PDF

Info

Publication number
WO2017124965A1
WO2017124965A1 PCT/CN2017/071012 CN2017071012W WO2017124965A1 WO 2017124965 A1 WO2017124965 A1 WO 2017124965A1 CN 2017071012 W CN2017071012 W CN 2017071012W WO 2017124965 A1 WO2017124965 A1 WO 2017124965A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
network
operating system
virtual
module
Prior art date
Application number
PCT/CN2017/071012
Other languages
French (fr)
Chinese (zh)
Inventor
王永辉
Original Assignee
深圳前海达闼云端智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海达闼云端智能科技有限公司 filed Critical 深圳前海达闼云端智能科技有限公司
Publication of WO2017124965A1 publication Critical patent/WO2017124965A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present invention relates to the field of virtualization technologies, and in particular, to a method for accessing a network by a multi-operating system terminal and a multi-operating system terminal.
  • Virtualization technology is a resource management technology that can break the uncuttable barrier between physical structures and enable users to apply various physical resources in the computer in a better way than the original configuration. Since the virtual part of various physical resources in the computer is not limited by the way of existing resources, geographical or physical configuration, virtualization technology has received more and more attention.
  • the existing network access mode is as follows: Since one terminal has only one network access device, and one network access device corresponds to one IP (Internet Protocol) address, multiple operating systems share the IP address. Specifically, after obtaining the network access request of the operating system A, it is determined whether the IP address is occupied by other operating systems. If no operating system occupies the IP address, the IP address is sent to the operating system A, so that the operating system A accesses the network through the IP address. If the operating system B occupies the IP address, the occupation of the operating system B is interrupted, and the IP address is sent to the operating system A, so that the operating system A accesses the network through the IP address.
  • IP Internet Protocol
  • an embodiment of the present invention provides a method for a multi-operating system terminal to access a network and a multi-operating system terminal.
  • an embodiment of the present invention provides a method for a multi-operating system terminal to access a network, where the method includes:
  • the operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module;
  • the virtual network proxy module After acquiring the network access request, the virtual network proxy module allocates a first Internet Protocol IP address to the operating system, and sends the first IP address to the operating system by using the virtual network access module.
  • the first IP address allocated by the virtual network proxy module for different operating systems is different;
  • the operating system accesses the network according to the first IP address.
  • the allocating the first Internet Protocol IP address to the operating system includes:
  • the determining the second IP address of the multiple operating system terminal accessing the network includes:
  • the assigning the first IP address to the operating system according to the preset network security policy and the second IP address including:
  • the network type is a private network, converting the second IP address to a third IP address according to a preset network security policy and a preset private network protocol stack, and the third IP address As the first IP address;
  • the third IP address is a virtual IP address associated with the second IP address.
  • the using the third IP address as the first IP address includes:
  • the private network is a virtual private network VPN.
  • the method further includes:
  • the second IP address is subnet-divided according to a preset network security policy, and an IP address is selected from the divided subnets as the first IP address.
  • the embodiment of the present invention provides a multi-operating system terminal, where the multi-operating system terminal includes: multiple operating systems, a virtual network access module, and a virtual network proxy module;
  • Each operating system corresponds to a virtual network access module
  • the operating system is configured to send a network access request to the virtual network proxy module by using the virtual network access module, and obtain the first Internet allocated by the virtual network proxy module by using the virtual network access module a protocol IP address, accessing the network according to the first IP address;
  • the virtual network access module is configured to send a network access request of the operating system to the virtual network proxy module, and send the first IP address allocated by the virtual network proxy module to the operating system;
  • the virtual network proxy module is configured to allocate a first IP address to the operating system after acquiring the network access request, and send the first IP address to the operation by using the virtual network access module.
  • the first IP address assigned by the virtual network proxy module to different operating systems is different.
  • the virtual network proxy module is configured to determine a second IP address of the multi-operating system terminal accessing the network; and according to the preset network security policy and the second IP address, The operating system assigns the first IP address.
  • the virtual network proxy module is configured to determine, according to the network driver of the multiple operating system terminal, a public network IP address of the multi-operating system terminal accessing the network, and use the public network IP address as the second IP address. address.
  • the virtual network proxy module is configured to determine a network type that the operating system accesses; when the network type is a private network, according to a preset network security policy and a preset dedicated network protocol stack, Converting the second IP address to a third IP address, using the third IP address as a first IP address; and the third IP address being a virtual IP address associated with the second IP address.
  • the virtual network proxy module is configured to perform subnetting on the third IP address, and select an IP address from the divided subnets as the first IP address.
  • the private network is a virtual private network VPN.
  • the virtual network proxy module is further configured to: when the network type is a public network, perform subnetting on the second IP address according to a preset network security policy, and select from the divided subnets.
  • An IP address is used as the first IP address.
  • the operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module; after obtaining the network access request, the virtual network proxy module allocates an IP address to the operating system, and sends the IP address through the virtual network access module.
  • the virtual network proxy module allocates different IP addresses for different operating systems; the operating system accesses the network according to the IP address, so that each operating system can access the simultaneous network according to different IP addresses.
  • FIG. 1 shows a multi-operating system terminal access network provided in an embodiment of the present invention. Schematic diagram of the process
  • FIG. 2 is a schematic diagram of a multi-operating system terminal provided in another embodiment of the present invention.
  • FIG. 3 is a schematic flowchart diagram of another method for accessing a network by a multi-operating system terminal according to another embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a multi-operating system terminal provided in another embodiment of the present invention.
  • the present application proposes a method for a multi-operating system terminal to access a network, the method being applied to a multi-operating system terminal, and the multi-operating system terminal is as shown in the embodiment shown in FIG. 4 to the multi-operating system terminal.
  • the multi-operating system terminal includes multiple operating systems, a virtual network access module, and a virtual network proxy module.
  • the operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module.
  • the virtual network proxy module allocates a first IP (Internet Protocol) address to the operating system.
  • the first IP address is sent to the operating system through the virtual network access module, and the first IP address allocated by the virtual network proxy module for different operating systems is different; the operating system accesses the network according to the first IP address, thereby The operating system can access the simultaneous network according to different IP addresses.
  • this embodiment provides a method for a multi-operating system terminal to access a network.
  • the process of the method provided in this embodiment is as follows:
  • the operating system sends a network access request to the virtual network proxy module by using a corresponding virtual network access module.
  • the virtual network proxy module After obtaining the network access request, the virtual network proxy module allocates a first Internet Protocol IP address to the operating system, and sends the first IP address to the operating system through the virtual network access module, where the virtual network proxy module is a different operating system.
  • the first IP addresses assigned are different;
  • assigning the first internet protocol IP address to the operating system including:
  • the operating system is assigned a first IP address according to a preset network security policy and a second IP address.
  • determining a second IP address of the multi-operating system terminal accessing the network includes:
  • the public network IP address of the multi-operating system terminal accessing the network is determined, and the public network IP address is used as the second IP address.
  • assigning the first IP address to the operating system according to the preset network security policy and the second IP address including:
  • the network type is a private network, converting the second IP address to the third IP address according to the preset network security policy and the preset private network protocol stack, and using the third IP address as the first IP address;
  • the third IP address is a virtual IP address associated with the second IP address.
  • the third IP address is used as the first IP address, including:
  • the private network is a virtual private network VPN.
  • the method further includes:
  • the second IP address is subnetted according to a preset network security policy, and an IP address is selected from the divided subnets as the first IP address.
  • the operating system accesses the network according to the first IP address.
  • the operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module; after obtaining the network access request, the virtual network proxy module allocates an IP address to the operating system, and sends the IP address through the virtual network access module.
  • the virtual network proxy module allocates different IP addresses for different operating systems; the operating system accesses the network according to the IP address, so that each operating system can access the simultaneous network according to different IP addresses.
  • this embodiment provides a method for a multi-operating system terminal to access a network.
  • the present embodiment uses a multi-operating system terminal as shown in FIG. 2, and the multi-operating system terminal includes two operating systems.
  • the virtual network access module vWIFI-P module 201 and vWIFI-E module 202
  • the virtual network proxy module vWIFI-BE module 204
  • the multi-operating system terminal perform network access through the WIFI mode as an example for description.
  • one operating system is a personal operating system for running A personal application
  • another operating system is an enterprise operating system, used to run enterprise applications.
  • the application data of the two operating systems can be transmitted through different data channels, and the personal application can be operated normally in the personal operating system.
  • Enterprise applications in enterprise operating systems are isolated, and enterprise application data is transmitted over isolated data channels, reducing the risk of enterprise application data leakage.
  • Access module When virtualizing two operating systems through virtualization, two virtual networks will be virtualized.
  • Access module vWIFI-P module 201 and vWIFI-E module 202.
  • the specific implementation manner of virtualizing two network access modules includes, but is not limited to, being implemented by using a virtualization technology with the assistance of a WIFI Driver (WIFI network driver) and a VPN Stack (Virtual Private Network Protocol Stack).
  • WIFI network driver WIFI network driver
  • VPN Stack Virtual Private Network Protocol Stack
  • the personal operating system accesses the network through the vWIFI-P module 201, and allocates independent network channels for the personal operating system according to the VPN Stack and the Secure Policy.
  • the enterprise operating system performs network access through the vWIFI-E module 202, and realizes complete encrypted transmission of enterprise care system data with the assistance of the VPN Stack, thereby enhancing the security of enterprise data.
  • the vWIFI-P module 201 implements the vWIFI-P module 201 as a network proxy interface of the real WIFI device by calling the device virtualization framework API supported by the virtualization, and its function is a proxy of the real network device. It has a separate IP address and communicates with the vWIFI-BE module 204 to realize network data transmission.
  • the vWIFI-E module 202 implements the vWIFI-P module 201 as a network proxy interface of the real WIFI device by calling the device virtualization framework API supported by the virtualization, and its function is a proxy of the real network device. It has a separate IP address and communicates with the vWIFI-BE module 204 to realize network data transmission.
  • the vWIFI-BE module 204 implements the vWIFI-BE module 204 as a network proxy server of the vWIFI-P module 201 and the vWIFI-E module 202 by calling the device virtualization framework API supported by the virtualization, and the function is to connect the real network device with the virtual network device. Network device connection.
  • the vWIFI-BE module 204 communicates with the real WIFI Driver to implement data transmission.
  • the vWIFI-BE module 204 communicates with the VPN stack, and establishes different types of network connections according to the Secure Policy, and provides dedicated, independent, and secure channels for different vWIFI-P modules 201 and vWIFI-E modules 202.
  • Secure Policy can dynamically establish network security policies based on user security level requirements to form a network dynamic security mechanism. Provide dynamic security for the upper system. And the Secure Policy can be set in advance through a dedicated interface, or can be set in advance through a network server. This implementation The example does not limit the specific mode of the preset network full policy and the specific setting time.
  • the operating system sends a network access request to the virtual network proxy module by using a corresponding virtual network access module.
  • Each operating system corresponds to a virtual network access module.
  • the personal operating system when the APP1 (Application) in the personal operating system is connected to the network, the personal operating system initiates a network access request 1 to the vWIFI-BE module 204 through the vWIFI-P module 201, requesting access to the public network through the WIFI.
  • the APP1 Application
  • the personal operating system initiates a network access request 1 to the vWIFI-BE module 204 through the vWIFI-P module 201, requesting access to the public network through the WIFI.
  • the personal operating system may also initiate a network access request 1 to the vWIFI-BE module 204 through the vWIFI-P module 201 when the personal operating system is started.
  • the personal operating system initiates to the vWIFI-BE module 204 through the vWIFI-P module 201.
  • the specific trigger condition of the network access request 1 is limited.
  • the virtual network proxy module After obtaining the network access request, the virtual network proxy module allocates a first Internet Protocol IP address to the operating system;
  • the first IP address allocated by the virtual network proxy module for different operating systems is different
  • This step is implemented in the specific implementation, including but not limited to the following two sub-steps:
  • Sub-step 1 After obtaining the network access request, the virtual network proxy module determines the second IP address of the multi-operating system terminal accessing the network;
  • the network driver of the multi-operating system terminal determines the public network IP address of the multi-operating system terminal to access the network, and the public network IP address is used as the second IP address.
  • the vWIFI-BE module 204 is based on the real physical WIFI device of the WIFI driver, and obtains the IP address of the device accessing the network, and uses the IP address as the public network IP address.
  • the sub-step 1 obtains the public network IP address of the multi-operating system terminal accessing the network, the IP obtained in the sub-step 1 regardless of which operating system in the multi-operating system terminal The addresses are the same.
  • the vWIFI-BE module 204 in the multi-operating system terminal shown in FIG. 2 obtains the network access request 1 of the personal operating system, it is determined that the public network IP address of the multi-operating system terminal accessing the network is 192.168.1.0, Then, after obtaining the network access request 2 of the enterprise operating system, the vWIFI-BE module 204 in the multi-operating system terminal shown in FIG. 2 determines that the public network IP address of the multi-operating system terminal accessing the network is also 192.168.1.0.
  • the public network IP address 192.168.1.0 is only a schematic description. In the actual application, the public network IP address can be other addresses. This embodiment does not limit the specific public network IP address.
  • Sub-step 2 Assign the first IP address to the operating system according to the preset network security policy and the second IP address.
  • the private network such as the VPN
  • Step 2.1 Determine the network type that the operating system accesses. If the network type is a private network, go to step 2.2. If the network type is a public network, go to step 2.3.
  • the operating system determines that the network type it accesses is a shared network, and go to step 2.3. If the operating system is an enterprise operating system, determine that the network type it accesses is a private network, and go to step 2.2.
  • Step 2.2 Convert the second IP address to the third IP address according to the preset network security policy and the preset private network protocol stack, and allocate the first IP address to the operating system according to the third IP address;
  • the third IP address is a virtual IP address associated with the second IP address.
  • the specific implementation manner of converting the second IP address into the third IP address includes but is not limited to: selecting a corresponding network protocol from a preset private network protocol stack according to a network security policy and a dedicated network accessed by the operating system, according to the selection
  • the network protocol translates the second IP address to form a virtual IP address, which is the third IP address.
  • the second IP address is 192.168.1.10
  • the second IP address is converted to form a virtual IP address 192.169.1.2
  • the virtual IP address is used as the third IP address.
  • the specific implementation manner of allocating the first IP address to the operating system according to the third IP address includes but is not limited to the following two methods:
  • Manner 1 The third IP address is used as the first IP address.
  • Manner 2 subnetting the third IP address; selecting an IP address from the divided subnets as the first IP address.
  • the specific method of subnetting can use the existing NET protocol, the bridge, the IP translation, and the like, and is not specifically limited in this embodiment.
  • the selection of the above two methods includes, but is not limited to, if only one operating system terminal runs an operating system that accesses the private network, you can select mode one or mode two. If multiple operating system terminals have multiple operating systems that access the private network, in order to ensure that each operating system of the access private network assigns different IP addresses, mode 1 cannot be selected, and mode 2 needs to be selected.
  • the network security policy is based on the VPN policy in Figure 2.
  • the configuration of the vWIFI-P module 201 and the vWIFI-E module 202 are configured for different upper-layer operating systems based on the configuration of the network access mode of the upper-layer operating system. Virtual private network.
  • the policy can be configured by using different communication protocols, different encryption methods, different authentication certificates, time and place information. It realizes dynamic adjustment of the network access security of each front-end operating system and the visibility of the front-end operating systems to the external network.
  • Secure Policy is mainly based on the user's configuration and requirements, including but not limited to:
  • the vWIFI-P module 201 is configured with an independent MAC address.
  • the vWIFI-BE module 204 selects an encryption protocol corresponding to the enterprise operating system from the VPN stack according to the policy of the Secure Policy, encrypts the public network IP address 192.168.1.0, and obtains the encrypted public network IP address 192.169.1.0. 192.169.1.0 as the intranet IP address assigned to the enterprise operating system.
  • subnet the 192.169.1.0; select an IP address 192.169.1.1 from the divided subnets as the intranet IP address assigned to the operating system.
  • the vWIFI-BE module 204 establishes an internal network share by using the internal network sharing technology of the software according to the policy of the vWIFI policy, and assigns an independent IP address to the vWIFI-E module 202, which may be an independent intranet IP address (method 2). Or the same IP address as the external device accesses the network (method 1).
  • Step 2.3 Subnetting the second IP address according to the preset network security policy, and selecting an IP address from the divided subnets as the first IP address.
  • the vWIFI-BE module 204 establishes an internal network share by using the internal network sharing technology of the software according to the policy of the vWIFI policy, and allocates an independent intranet IP address to the vWIFI-P module 201.
  • the virtual network proxy module sends the first IP address to the operating system by using the virtual network access module.
  • the operating system accesses the network according to the first IP address.
  • the method provided in this embodiment can ensure that each operating system is assigned a unique IP address through subnet division, VPN, etc., and not only can the network accessed by the operating system be controlled within a limited range of use, but also because of different The operating system uses different IP addresses for network access, so each operating system can access the network at the same time for data transmission.
  • network security policy network access and security of the operating system can be dynamically adjusted according to external information such as time and place.
  • a multi-operating system terminal can run more than two operating systems, which is not the most The specific number of operating systems that the operating system terminal actually runs is limited.
  • the multi-operating system terminal accesses the network through the WIFI mode.
  • the network can be accessed through the leased line or the network is accessed in other manners. The actual way to enter the network is limited.
  • this embodiment is only described by using the VPN as a dedicated network. In the actual application process, it may also be another type of dedicated network. This embodiment does not limit the specific private network.
  • the operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module; after obtaining the network access request, the virtual network proxy module allocates an IP address to the operating system, and sends the IP address through the virtual network access module.
  • the virtual network proxy module allocates different IP addresses for different operating systems; the operating system accesses the network according to the IP address, so that each operating system can access the simultaneous network according to different IP addresses.
  • this embodiment provides a multi-operating system terminal.
  • the principle of solving a problem by a multi-operating system terminal is similar to that of a multi-operating system terminal accessing a network.
  • the multiple operating system terminal includes: a plurality of operating systems 401, a virtual network access module 402, and a virtual network proxy module 403;
  • Each operating system 401 corresponds to a virtual network access module 402;
  • the operating system 401 is configured to send a network access request to the virtual network proxy module 403 through the corresponding virtual network access module 402; acquire the virtual network proxy by using the virtual network access module 402.
  • the first Internet Protocol IP address allocated by the module 403 is connected to the network according to the first IP address;
  • the virtual network access module 402 is configured to send the network access request of the operating system 401 to the virtual network proxy module 403; send the first IP address assigned by the virtual network proxy module 403 to the operating system 401;
  • the virtual network proxy module 403 is configured to allocate a first IP address to the operating system 401 after obtaining the network access request, and send the first IP address to the operating system 401 through the virtual network access module 402, where the virtual network proxy module 403 is The first IP addresses assigned by different operating systems 401 are different.
  • the virtual network proxy module 403 is configured to determine a second IP address of the multi-operating system terminal accessing the network, and allocate a first IP address to the operating system according to the preset network security policy and the second IP address.
  • the virtual network proxy module 403 is configured to determine, according to the network driver of the multi-operating system terminal, a public network IP address of the multi-operating system terminal accessing the network, and use the public network IP address as the second IP address.
  • the virtual network proxy module 403 is configured to determine a network type that the operating system accesses; when the network type is a private network, the second IP address is determined according to a preset network security policy and a preset private network protocol stack. Converted to a third IP address with the third IP address as the first IP address; the third IP address is the virtual IP address associated with the second IP address.
  • the virtual network proxy module 403 is configured to perform subnetting on the third IP address, and select one IP address from the divided subnets as the first IP address.
  • the private network is a virtual private network VPN.
  • the virtual network proxy module 403 is further configured to: when the network type is a public network, perform subnetting on the second IP address according to the preset network security policy, and select an IP address from the divided subnets as the first An IP address.
  • the operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module; after obtaining the network access request, the virtual network proxy module allocates an IP address to the operating system, and sends the IP address through the virtual network access module.
  • the virtual network proxy module allocates different IP addresses for different operating systems; the operating system accesses the network according to the IP address, so that each operating system can access the simultaneous network according to different IP addresses.
  • the existing functional component modules can be used for implementation.
  • the processing module can use existing data processing components.
  • the positioning server used in the existing positioning technology has the function component implemented; as for the receiving module, any device with the signal transmission function has
  • the A, n parameter calculation, strength adjustment, etc. performed by the processing module are all existing technical means, and those skilled in the art can realize the corresponding design and development.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a network access method for a multiple operating system terminal and a multiple operating system terminal, and belongs to the technical field of virtualization. The method comprises: an operating system sends, using a corresponding virtual network access module, a network access request to a virtual network agent module; after receiving the network access request, the virtual network agent module allocates a first IP address to the operating system, and sends the first IP address to the operating system by using the virtual network access module, wherein first IP addresses allocated by the virtual network agent module to different operating systems are different from each other; and the operating system accesses the network according to the first IP address. In the present invention, after a network access request from an operating system is received, an IP address is allocated to the operating system, and the IP address is sent to the operating system. IP addresses allocated by the virtual network agent module to different operating systems are different from each other, allowing multiple operating systems to simultaneously access a network by use of different IP addresses.

Description

多操作系统终端接入网络的方法及多操作系统终端Method for multi-operating system terminal accessing network and multi-operating system terminal 技术领域Technical field
本发明涉及虚拟化技术领域,尤其涉及多操作系统终端接入网络的方法及多操作系统终端。The present invention relates to the field of virtualization technologies, and in particular, to a method for accessing a network by a multi-operating system terminal and a multi-operating system terminal.
背景技术Background technique
虚拟化技术,是一种资源管理技术,可以打破实体结构间的不可切割的障碍,使用户比原本的组态更好的方式应用计算机中各种实体资源。由于计算机中各种实体资源的虚拟部份是不受现有资源的架设方式,地域或物理组态所限制,虚拟化技术得到越来越多的重视。Virtualization technology is a resource management technology that can break the uncuttable barrier between physical structures and enable users to apply various physical resources in the computer in a better way than the original configuration. Since the virtual part of various physical resources in the computer is not limited by the way of existing resources, geographical or physical configuration, virtualization technology has received more and more attention.
在智能终端领域,通过虚拟化技术可以实现一台智能终端运行多个操作系统的用户需求。该需求的实现虽然可以带来较好的用户体验,但是,多个操作系统如何通过多操作系统终端的同一个网络连接设备接入网络成为亟待解决的问题。In the field of intelligent terminals, the requirements of users who run multiple operating systems on one intelligent terminal can be realized through virtualization technology. Although the implementation of the requirement can bring about a better user experience, how to access multiple networks through the same network connection device of multiple operating system terminals becomes an urgent problem to be solved.
现有网络接入方式为:由于一个终端仅有一个网络接入装置,而一个网络接入装置对应一个IP(Internet Protocol,互联网协议)地址,因此,多个操作系统共用该IP地址。具体的,当获取到操作系统A的网络接入请求后,判断该IP地址是否被其他操作系统占用。若无任何操作系统占用该IP地址,则将该IP地址发送至操作系统A,使操作系统A通过该IP地址接入网络。若操作系统B占用该IP地址,则中断操作系统B的占用,将该IP地址发送至操作系统A,使操作系统A通过该IP地址接入网络。The existing network access mode is as follows: Since one terminal has only one network access device, and one network access device corresponds to one IP (Internet Protocol) address, multiple operating systems share the IP address. Specifically, after obtaining the network access request of the operating system A, it is determined whether the IP address is occupied by other operating systems. If no operating system occupies the IP address, the IP address is sent to the operating system A, so that the operating system A accesses the network through the IP address. If the operating system B occupies the IP address, the occupation of the operating system B is interrupted, and the IP address is sent to the operating system A, so that the operating system A accesses the network through the IP address.
上述方式,多个操作系统虽然均能进行网络接入,但不能同时进行网络接入。 In the above manner, although multiple operating systems can perform network access, network access cannot be performed at the same time.
发明内容Summary of the invention
为解决上述问题,本发明实施例提出了一种多操作系统终端接入网络的方法及多操作系统终端。To solve the above problem, an embodiment of the present invention provides a method for a multi-operating system terminal to access a network and a multi-operating system terminal.
第一方面,本发明实施例提供了一种多操作系统终端接入网络的方法,所述方法包括:In a first aspect, an embodiment of the present invention provides a method for a multi-operating system terminal to access a network, where the method includes:
操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;The operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module;
所述虚拟网络代理模块获取所述网络接入请求后,为所述操作系统分配第一互联网协议IP地址,并通过所述虚拟网络接入模块将所述第一IP地址发送至所述操作系统,所述虚拟网络代理模块为不同的操作系统分配的第一IP地址各不相同;After acquiring the network access request, the virtual network proxy module allocates a first Internet Protocol IP address to the operating system, and sends the first IP address to the operating system by using the virtual network access module. The first IP address allocated by the virtual network proxy module for different operating systems is different;
所述操作系统根据所述第一IP地址接入网络。The operating system accesses the network according to the first IP address.
可选地,所述为所述操作系统分配第一互联网协议IP地址,包括:Optionally, the allocating the first Internet Protocol IP address to the operating system includes:
确定所述多操作系统终端接入网络的第二IP地址;Determining a second IP address of the multi-operating system terminal accessing the network;
根据预设的网络安全策略及所述第二IP地址,为所述操作系统分配第一IP地址。Assigning a first IP address to the operating system according to a preset network security policy and the second IP address.
可选地,所述确定所述多操作系统终端接入网络的第二IP地址,包括:Optionally, the determining the second IP address of the multiple operating system terminal accessing the network includes:
根据所述多操作系统终端的网络驱动确定所述多操作系统终端接入网络的公网IP地址,将所述公网IP地址作为第二IP地址。Determining, according to the network driver of the multi-operating system terminal, the public network IP address of the multi-operating system terminal accessing the network, and using the public network IP address as the second IP address.
可选地,所述根据预设的网络安全策略及所述第二IP地址,为所述操作系统分配第一IP地址,包括:Optionally, the assigning the first IP address to the operating system according to the preset network security policy and the second IP address, including:
确定所述操作系统接入的网络类型;Determining a type of network accessed by the operating system;
若所述网络类型为专用网络,则根据预设的网络安全策略及预设的专用网络协议栈,将所述第二IP地址转换为第三IP地址,将所述第三IP地址 作为第一IP地址;If the network type is a private network, converting the second IP address to a third IP address according to a preset network security policy and a preset private network protocol stack, and the third IP address As the first IP address;
所述第三IP地址为与所述第二IP地址相关的虚拟IP地址。The third IP address is a virtual IP address associated with the second IP address.
可选地,所述将所述第三IP地址作为第一IP地址,包括:Optionally, the using the third IP address as the first IP address includes:
对所述第三IP地址进行子网划分;Subnetting the third IP address;
从划分的子网中选择一个IP地址作为第一IP地址。Select an IP address from the divided subnets as the first IP address.
可选地,所述专用网络为虚拟专用网络VPN。Optionally, the private network is a virtual private network VPN.
可选地,所述确定所述操作系统接入的网络类型之后,还包括:Optionally, after the determining the type of the network accessed by the operating system, the method further includes:
若所述网络类型为公用网络,则根据预设的网络安全策略对所述第二IP地址进行子网划分,从划分的子网中选择一个IP地址作为第一IP地址。If the network type is a public network, the second IP address is subnet-divided according to a preset network security policy, and an IP address is selected from the divided subnets as the first IP address.
第二方面,本发明实施例提供了一种多操作系统终端,所述多操作系统终端包括:多个操作系统,虚拟网络接入模块,虚拟网络代理模块;In a second aspect, the embodiment of the present invention provides a multi-operating system terminal, where the multi-operating system terminal includes: multiple operating systems, a virtual network access module, and a virtual network proxy module;
每个操作系统对应一个虚拟网络接入模块;Each operating system corresponds to a virtual network access module;
所述操作系统,用于通过对应的所述虚拟网络接入模块向所述虚拟网络代理模块发送网络接入请求;通过所述虚拟网络接入模块获取所述虚拟网络代理模块分配的第一互联网协议IP地址,根据所述第一IP地址接入网络;The operating system is configured to send a network access request to the virtual network proxy module by using the virtual network access module, and obtain the first Internet allocated by the virtual network proxy module by using the virtual network access module a protocol IP address, accessing the network according to the first IP address;
所述虚拟网络接入模块,用于向所述虚拟网络代理模块发送所述操作系统的网络接入请求;将所述虚拟网络代理模块分配的所述第一IP地址发送至所述操作系统;The virtual network access module is configured to send a network access request of the operating system to the virtual network proxy module, and send the first IP address allocated by the virtual network proxy module to the operating system;
所述虚拟网络代理模块,用于获取所述网络接入请求后,为所述操作系统分配第一IP地址,并通过所述虚拟网络接入模块将所述第一IP地址发送至所述操作系统,所述虚拟网络代理模块为不同的操作系统分配的第一IP地址各不相同。The virtual network proxy module is configured to allocate a first IP address to the operating system after acquiring the network access request, and send the first IP address to the operation by using the virtual network access module. The first IP address assigned by the virtual network proxy module to different operating systems is different.
可选地,所述虚拟网络代理模块,用于确定所述多操作系统终端接入网络的第二IP地址;根据预设的网络安全策略及所述第二IP地址,为所述 操作系统分配第一IP地址。Optionally, the virtual network proxy module is configured to determine a second IP address of the multi-operating system terminal accessing the network; and according to the preset network security policy and the second IP address, The operating system assigns the first IP address.
可选地,所述虚拟网络代理模块,用于根据所述多操作系统终端的网络驱动确定所述多操作系统终端接入网络的公网IP地址,将所述公网IP地址作为第二IP地址。Optionally, the virtual network proxy module is configured to determine, according to the network driver of the multiple operating system terminal, a public network IP address of the multi-operating system terminal accessing the network, and use the public network IP address as the second IP address. address.
可选地,所述虚拟网络代理模块,用于确定所述操作系统接入的网络类型;当所述网络类型为专用网络时,根据预设的网络安全策略及预设的专用网络协议栈,将所述第二IP地址转换为第三IP地址,将所述第三IP地址作为第一IP地址;所述第三IP地址为与所述第二IP地址相关的虚拟IP地址。Optionally, the virtual network proxy module is configured to determine a network type that the operating system accesses; when the network type is a private network, according to a preset network security policy and a preset dedicated network protocol stack, Converting the second IP address to a third IP address, using the third IP address as a first IP address; and the third IP address being a virtual IP address associated with the second IP address.
可选地,所述虚拟网络代理模块,用于对所述第三IP地址进行子网划分;从划分的子网中选择一个IP地址作为第一IP地址。Optionally, the virtual network proxy module is configured to perform subnetting on the third IP address, and select an IP address from the divided subnets as the first IP address.
可选地,所述专用网络为虚拟专用网络VPN。Optionally, the private network is a virtual private network VPN.
可选地,所述虚拟网络代理模块,还用于当所述网络类型为公用网络时,根据预设的网络安全策略对所述第二IP地址进行子网划分,从划分的子网中选择一个IP地址作为第一IP地址。Optionally, the virtual network proxy module is further configured to: when the network type is a public network, perform subnetting on the second IP address according to a preset network security policy, and select from the divided subnets. An IP address is used as the first IP address.
有益效果如下:The benefits are as follows:
操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;虚拟网络代理模块获取网络接入请求后,为操作系统分配IP地址,并通过虚拟网络接入模块将IP地址发送至操作系统,其中,虚拟网络代理模块为不同的操作系统分配的IP地址各不相同;操作系统根据IP地址接入网络,从而使得各操作系统可以根据不同的IP地址接入同时网络。The operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module; after obtaining the network access request, the virtual network proxy module allocates an IP address to the operating system, and sends the IP address through the virtual network access module. To the operating system, the virtual network proxy module allocates different IP addresses for different operating systems; the operating system accesses the network according to the IP address, so that each operating system can access the simultaneous network according to different IP addresses.
附图说明DRAWINGS
下面将参照附图描述本发明的具体实施例,其中:Specific embodiments of the present invention will be described below with reference to the accompanying drawings, in which:
图1示出了本发明一种实施例中提供的一种多操作系统终端接入网络的 方法的流程示意图;FIG. 1 shows a multi-operating system terminal access network provided in an embodiment of the present invention. Schematic diagram of the process;
图2示出了本发明另一种实施例中提供的一种多操作系统终端示意图;2 is a schematic diagram of a multi-operating system terminal provided in another embodiment of the present invention;
图3示出了本发明另一种实施例中提供的另一种多操作系统终端接入网络的方法的流程示意图;FIG. 3 is a schematic flowchart diagram of another method for accessing a network by a multi-operating system terminal according to another embodiment of the present invention;
图4示出了本发明另一种实施例中提供的一种多操作系统终端的结构示意图。FIG. 4 is a schematic structural diagram of a multi-operating system terminal provided in another embodiment of the present invention.
具体实施方式detailed description
为了使本发明的技术方案及优点更加清楚明白,以下结合附图对本发明的示例性实施例进行进一步详细的说明,显然,所描述的实施例仅是本发明的一部分实施例,而不是所有实施例的穷举。并且在不冲突的情况下,本说明中的实施例及实施例中的特征可以互相结合。The embodiments of the present invention are further described in detail with reference to the accompanying drawings, in which FIG. An exhaustive example. And in the case of no conflict, the features in the embodiments and the embodiments in the description can be combined with each other.
目前同一设备中的多个操作系统进行网络接入时,需要公用一个IP地址,使得多个操作系统不能同时进行网络接入。另外,当多个操作系统接入的网络类型不同时,存在不同的操作系统连接各自网络的需求,而这种场景下,目前的接入网络的方法不能满足该需求。因此,本申请提出了一种多操作系统终端接入网络的方法,该方法应用于一种多操作系统终端,该多操作系统终端如图4至所示的实施例所述的多操作系统终端。该多操作系统终端包括多个操作系统,虚拟网络接入模块,虚拟网络代理模块。其中,操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;虚拟网络代理模块获取网络接入请求后,为操作系统分配第一IP(Internet Protocol,互联网协议)地址,并通过虚拟网络接入模块将第一IP地址发送至操作系统,虚拟网络代理模块为不同的操作系统分配的第一IP地址各不相同;操作系统根据第一IP地址接入网络,从而使得各操作系统可以根据不同的IP地址接入同时网络。 Currently, when multiple operating systems in the same device access the network, an IP address needs to be shared, so that multiple operating systems cannot simultaneously access the network. In addition, when the network types accessed by multiple operating systems are different, there is a need for different operating systems to connect to their respective networks. In this scenario, the current method of accessing the network cannot meet the requirement. Therefore, the present application proposes a method for a multi-operating system terminal to access a network, the method being applied to a multi-operating system terminal, and the multi-operating system terminal is as shown in the embodiment shown in FIG. 4 to the multi-operating system terminal. . The multi-operating system terminal includes multiple operating systems, a virtual network access module, and a virtual network proxy module. The operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module. After obtaining the network access request, the virtual network proxy module allocates a first IP (Internet Protocol) address to the operating system. The first IP address is sent to the operating system through the virtual network access module, and the first IP address allocated by the virtual network proxy module for different operating systems is different; the operating system accesses the network according to the first IP address, thereby The operating system can access the simultaneous network according to different IP addresses.
结合上述实施环境,参见图1所示的实施例,本实施例提供了一种多操作系统终端接入网络的方法,本实施例提供的方法流程具体如下:With reference to the foregoing implementation environment, referring to the embodiment shown in FIG. 1 , this embodiment provides a method for a multi-operating system terminal to access a network. The process of the method provided in this embodiment is as follows:
101:操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;101: The operating system sends a network access request to the virtual network proxy module by using a corresponding virtual network access module.
102:虚拟网络代理模块获取网络接入请求后,为操作系统分配第一互联网协议IP地址,并通过虚拟网络接入模块将第一IP地址发送至操作系统,虚拟网络代理模块为不同的操作系统分配的第一IP地址各不相同;102: After obtaining the network access request, the virtual network proxy module allocates a first Internet Protocol IP address to the operating system, and sends the first IP address to the operating system through the virtual network access module, where the virtual network proxy module is a different operating system. The first IP addresses assigned are different;
可选地,为操作系统分配第一互联网协议IP地址,包括:Optionally, assigning the first internet protocol IP address to the operating system, including:
确定多操作系统终端接入网络的第二IP地址;Determining a second IP address of the multi-operating system terminal accessing the network;
根据预设的网络安全策略及第二IP地址,为操作系统分配第一IP地址。The operating system is assigned a first IP address according to a preset network security policy and a second IP address.
可选地,确定多操作系统终端接入网络的第二IP地址,包括:Optionally, determining a second IP address of the multi-operating system terminal accessing the network includes:
根据多操作系统终端的网络驱动确定多操作系统终端接入网络的公网IP地址,将公网IP地址作为第二IP地址。According to the network driver of the multi-operating system terminal, the public network IP address of the multi-operating system terminal accessing the network is determined, and the public network IP address is used as the second IP address.
可选地,根据预设的网络安全策略及第二IP地址,为操作系统分配第一IP地址,包括:Optionally, assigning the first IP address to the operating system according to the preset network security policy and the second IP address, including:
确定操作系统接入的网络类型;Determine the type of network that the operating system accesses;
若网络类型为专用网络,则根据预设的网络安全策略及预设的专用网络协议栈,将第二IP地址转换为第三IP地址,将第三IP地址作为第一IP地址;If the network type is a private network, converting the second IP address to the third IP address according to the preset network security policy and the preset private network protocol stack, and using the third IP address as the first IP address;
第三IP地址为与第二IP地址相关的虚拟IP地址。The third IP address is a virtual IP address associated with the second IP address.
可选地,将第三IP地址作为第一IP地址,包括:Optionally, the third IP address is used as the first IP address, including:
对第三IP地址进行子网划分;Subnetting the third IP address;
从划分的子网中选择一个IP地址作为第一IP地址。Select an IP address from the divided subnets as the first IP address.
可选地,专用网络为虚拟专用网络VPN。 Optionally, the private network is a virtual private network VPN.
可选地,确定操作系统接入的网络类型之后,还包括:Optionally, after determining the type of the network accessed by the operating system, the method further includes:
若网络类型为公用网络,则根据预设的网络安全策略对第二IP地址进行子网划分,从划分的子网中选择一个IP地址作为第一IP地址。If the network type is a public network, the second IP address is subnetted according to a preset network security policy, and an IP address is selected from the divided subnets as the first IP address.
103:操作系统根据第一IP地址接入网络。103: The operating system accesses the network according to the first IP address.
有益效果:Beneficial effects:
操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;虚拟网络代理模块获取网络接入请求后,为操作系统分配IP地址,并通过虚拟网络接入模块将IP地址发送至操作系统,其中,虚拟网络代理模块为不同的操作系统分配的IP地址各不相同;操作系统根据IP地址接入网络,从而使得各操作系统可以根据不同的IP地址接入同时网络。The operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module; after obtaining the network access request, the virtual network proxy module allocates an IP address to the operating system, and sends the IP address through the virtual network access module. To the operating system, the virtual network proxy module allocates different IP addresses for different operating systems; the operating system accesses the network according to the IP address, so that each operating system can access the simultaneous network according to different IP addresses.
结合上述实施环境,本实施例提供了一种多操作系统终端接入网络的方法,为了便于说明,本实施例以图2所示的多操作系统终端,该多操作系统终端包括2个操作系统,虚拟网络接入模块(vWIFI-P模块201和vWIFI-E模块202),虚拟网络代理模块(vWIFI-BE模块204),且该多操作系统终端通过WIFI方式进行网络接入为例进行说明。With reference to the foregoing implementation environment, this embodiment provides a method for a multi-operating system terminal to access a network. For convenience of description, the present embodiment uses a multi-operating system terminal as shown in FIG. 2, and the multi-operating system terminal includes two operating systems. The virtual network access module (vWIFI-P module 201 and vWIFI-E module 202), the virtual network proxy module (vWIFI-BE module 204), and the multi-operating system terminal perform network access through the WIFI mode as an example for description.
其中,图2所示的多操作系统终端,该多操作系统终端通过虚拟化技术,在虚拟化Kernerl(内核)203上虚拟出2个操作系统,其中一个操作系统为个人操作系统,用于运行个人应用程序,另一个操作系统为企业操作系统,用于运行企业应用程序。通过将个人应用程序与企业应用程序分别运行于不同的操作系统中,可以使得两个操作系统中应用程序数据通过不同的数据通道传输,在个人操作系统中个人应用程序正常运行的同时,可以将企业操作系统中的企业应用程序进行隔离,通过隔离的数据通道传输企业应用程序数据,降低了企业应用程序数据泄露的风险。The multi-operating system terminal shown in FIG. 2, the multi-operating system terminal virtualizes two operating systems on the virtualized Kernerl (kernel) 203 through virtualization technology, wherein one operating system is a personal operating system for running A personal application, another operating system is an enterprise operating system, used to run enterprise applications. By running the personal application and the enterprise application separately in different operating systems, the application data of the two operating systems can be transmitted through different data channels, and the personal application can be operated normally in the personal operating system. Enterprise applications in enterprise operating systems are isolated, and enterprise application data is transmitted over isolated data channels, reducing the risk of enterprise application data leakage.
在通过虚拟化技术虚拟出2个操作系统的同时,会虚拟出2个虚拟网络 接入模块,vWIFI-P模块201和vWIFI-E模块202。When virtualizing two operating systems through virtualization, two virtual networks will be virtualized. Access module, vWIFI-P module 201 and vWIFI-E module 202.
其中,虚拟出2个网络接入模块的具体实现方式包括但不限于:通过虚拟化技术在WIFI Driver(WIFI网络驱动)和VPN Stack(虚拟专用网络协议栈)的协助下实现。个人操作系统通过vWIFI-P模块201进行网络接入,根据VPN Stack及Secure Policy(网络安全策略)为个人操作系统分配独立的网络通道。企业操作系统通过vWIFI-E模块202进行网络接入,并在VPN Stack的协助下实现企业操心系统数据的完全加密传输,增强企业数据的安全性。The specific implementation manner of virtualizing two network access modules includes, but is not limited to, being implemented by using a virtualization technology with the assistance of a WIFI Driver (WIFI network driver) and a VPN Stack (Virtual Private Network Protocol Stack). The personal operating system accesses the network through the vWIFI-P module 201, and allocates independent network channels for the personal operating system according to the VPN Stack and the Secure Policy. The enterprise operating system performs network access through the vWIFI-E module 202, and realizes complete encrypted transmission of enterprise care system data with the assistance of the VPN Stack, thereby enhancing the security of enterprise data.
vWIFI-P模块201,通过调用虚拟化支持的设备虚拟化框架API实现vWIFI-P模块201作为真实WIFI设备的网络代理接口,其功能是真实网络设备的代理。具备独立的IP地址,与vWIFI-BE模块204进行通信实现网络数据的传输。The vWIFI-P module 201 implements the vWIFI-P module 201 as a network proxy interface of the real WIFI device by calling the device virtualization framework API supported by the virtualization, and its function is a proxy of the real network device. It has a separate IP address and communicates with the vWIFI-BE module 204 to realize network data transmission.
vWIFI-E模块202,通过调用虚拟化支持的设备虚拟化框架API实现vWIFI-P模块201作为真实WIFI设备的网络代理接口,其功能是真实网络设备的代理。具备独立的IP地址,与vWIFI-BE模块204进行通信实现网络数据的传输。The vWIFI-E module 202 implements the vWIFI-P module 201 as a network proxy interface of the real WIFI device by calling the device virtualization framework API supported by the virtualization, and its function is a proxy of the real network device. It has a separate IP address and communicates with the vWIFI-BE module 204 to realize network data transmission.
vWIFI-BE模块204,通过调用虚拟化支持的设备虚拟化框架API实现vWIFI-BE模块204作为vWIFI-P模块201,vWIFI-E模块202的网络代理服务端,其功能是将真实网络设备与虚拟网络设备连接。vWIFI-BE模块204与真实的WIFI Driver通信实现数据的传输。vWIFI-BE模块204与VPN Stack通信,根据Secure Policy建立不同类型的网络连接,为不同的vWIFI-P模块201,vWIFI-E模块202提供专用、独立、安全的通道。The vWIFI-BE module 204 implements the vWIFI-BE module 204 as a network proxy server of the vWIFI-P module 201 and the vWIFI-E module 202 by calling the device virtualization framework API supported by the virtualization, and the function is to connect the real network device with the virtual network device. Network device connection. The vWIFI-BE module 204 communicates with the real WIFI Driver to implement data transmission. The vWIFI-BE module 204 communicates with the VPN stack, and establishes different types of network connections according to the Secure Policy, and provides dedicated, independent, and secure channels for different vWIFI-P modules 201 and vWIFI-E modules 202.
Secure Policy,可以根据用户的安全级别要求,动态建立网络安全策略,形成网路动态安全机制。为上层系统提供动态的安全保护。且Secure Policy可以预先通过专用接口进行设置,也可以预先通过网络服务器设置,本实施 例不对预设网络完全策略的具体方式,及具体设置时间进行限定。Secure Policy can dynamically establish network security policies based on user security level requirements to form a network dynamic security mechanism. Provide dynamic security for the upper system. And the Secure Policy can be set in advance through a dedicated interface, or can be set in advance through a network server. This implementation The example does not limit the specific mode of the preset network full policy and the specific setting time.
参见图3,本实施例提供的方法流程具体如下:Referring to FIG. 3, the process of the method provided in this embodiment is specifically as follows:
301:操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;301: The operating system sends a network access request to the virtual network proxy module by using a corresponding virtual network access module.
其中,每个操作系统对应一个虚拟网络接入模块。Each operating system corresponds to a virtual network access module.
例如:个人操作系统中的APP1(Application,应用程序)连接网络时,个人操作系统通过vWIFI-P模块201向vWIFI-BE模块204发起网络接入请求1,请求通过WIFI接入公共网络。For example, when the APP1 (Application) in the personal operating system is connected to the network, the personal operating system initiates a network access request 1 to the vWIFI-BE module 204 through the vWIFI-P module 201, requesting access to the public network through the WIFI.
还可以在个人操作系统启动时,个人操作系统通过vWIFI-P模块201向vWIFI-BE模块204发起网络接入请求1,本实施例个人操作系统通过vWIFI-P模块201向vWIFI-BE模块204发起网络接入请求1的具体触发条件进行限定。The personal operating system may also initiate a network access request 1 to the vWIFI-BE module 204 through the vWIFI-P module 201 when the personal operating system is started. In this embodiment, the personal operating system initiates to the vWIFI-BE module 204 through the vWIFI-P module 201. The specific trigger condition of the network access request 1 is limited.
302:虚拟网络代理模块获取网络接入请求后,为操作系统分配第一互联网协议IP地址;302: After obtaining the network access request, the virtual network proxy module allocates a first Internet Protocol IP address to the operating system;
其中,虚拟网络代理模块为不同的操作系统分配的第一IP地址各不相同;The first IP address allocated by the virtual network proxy module for different operating systems is different;
本步骤在具体实施时,包括但不限于通过如下2个子步骤实现:This step is implemented in the specific implementation, including but not limited to the following two sub-steps:
子步骤1:虚拟网络代理模块获取网络接入请求后,确定多操作系统终端接入网络的第二IP地址;Sub-step 1: After obtaining the network access request, the virtual network proxy module determines the second IP address of the multi-operating system terminal accessing the network;
具体的,根据多操作系统终端的网络驱动确定多操作系统终端接入网络的公网IP地址,将公网IP地址作为第二IP地址。Specifically, the network driver of the multi-operating system terminal determines the public network IP address of the multi-operating system terminal to access the network, and the public network IP address is used as the second IP address.
例如,vWIFI-BE模块204根据WIFI driver真实的物理WIFI设备,并获得设备接入网络的IP地址,将该IP地址作为公网IP地址。For example, the vWIFI-BE module 204 is based on the real physical WIFI device of the WIFI driver, and obtains the IP address of the device accessing the network, and uses the IP address as the public network IP address.
由于子步骤1中获取的是多操作系统终端接入网络的公网IP地址,因此,无论多操作系统终端中的哪个操作系统,其在子步骤1中获取到的IP 地址均相同。Since the sub-step 1 obtains the public network IP address of the multi-operating system terminal accessing the network, the IP obtained in the sub-step 1 regardless of which operating system in the multi-operating system terminal The addresses are the same.
例如,若图2所示多操作系统终端中的vWIFI-BE模块204获取到个人操作系统的网络接入请求1后,确定该多操作系统终端接入网络的公网IP地址为192.168.1.0,则图2所示多操作系统终端中vWIFI-BE模块204获取到企业操作系统的网络接入请求2后,确定多操作系统终端接入网络的公网IP地址也为192.168.1.0。For example, if the vWIFI-BE module 204 in the multi-operating system terminal shown in FIG. 2 obtains the network access request 1 of the personal operating system, it is determined that the public network IP address of the multi-operating system terminal accessing the network is 192.168.1.0, Then, after obtaining the network access request 2 of the enterprise operating system, the vWIFI-BE module 204 in the multi-operating system terminal shown in FIG. 2 determines that the public network IP address of the multi-operating system terminal accessing the network is also 192.168.1.0.
当然,此处的公网IP地址192.168.1.0仅为示意性说明,实际应用中公网IP地址可以为其他地址,本实施例不对具体的公网IP地址进行限定。Of course, the public network IP address 192.168.1.0 is only a schematic description. In the actual application, the public network IP address can be other addresses. This embodiment does not limit the specific public network IP address.
子步骤2:根据预设的网络安全策略及第二IP地址,为操作系统分配第一IP地址。Sub-step 2: Assign the first IP address to the operating system according to the preset network security policy and the second IP address.
由于VPN等专用网络需要对交互的数据进行加密处理,且不同的专用网络处理方式不同,因此,本步骤在具体实现时包括但不限于通过如下步骤实现:The private network, such as the VPN, needs to encrypt the data to be exchanged, and the different private network processing methods are different. Therefore, this step is implemented in the specific implementation, but is not limited to the following steps:
步骤2.1:确定操作系统接入的网络类型,若网络类型为专用网络,则执行步骤2.2,若网络类型为公用网络,则执行步骤2.3;Step 2.1: Determine the network type that the operating system accesses. If the network type is a private network, go to step 2.2. If the network type is a public network, go to step 2.3.
例如,若操作系统为个人操作系统,则确定其接入的网络类型为共用网络,执行步骤2.3。若操作系统为企业操作系统,则确定其接入的网络类型为专用网络,执行步骤2.2。For example, if the operating system is a personal operating system, determine that the network type it accesses is a shared network, and go to step 2.3. If the operating system is an enterprise operating system, determine that the network type it accesses is a private network, and go to step 2.2.
步骤2.2:根据预设的网络安全策略及预设的专用网络协议栈,将第二IP地址转换为第三IP地址,根据第三IP地址为操作系统分配第一IP地址;Step 2.2: Convert the second IP address to the third IP address according to the preset network security policy and the preset private network protocol stack, and allocate the first IP address to the operating system according to the third IP address;
其中,第三IP地址为与第二IP地址相关的虚拟IP地址。The third IP address is a virtual IP address associated with the second IP address.
将第二IP地址转换为第三IP地址的具体实现方式,包括但不限于:根据网络安全策略及操作系统接入的专用网络,从预设的专用网络协议栈选择对应的网络协议,根据选择的网络协议将第二IP地址进行转换,形成虚拟的IP地址,该虚拟的IP地址作为第三IP地址。 The specific implementation manner of converting the second IP address into the third IP address includes but is not limited to: selecting a corresponding network protocol from a preset private network protocol stack according to a network security policy and a dedicated network accessed by the operating system, according to the selection The network protocol translates the second IP address to form a virtual IP address, which is the third IP address.
例如,若第二IP地址为192.168.1.10将第二IP地址进行转换,形成虚拟的IP地址192.169.1.2,该虚拟的IP地址作为第三IP地址。For example, if the second IP address is 192.168.1.10, the second IP address is converted to form a virtual IP address 192.169.1.2, and the virtual IP address is used as the third IP address.
对于根据第三IP地址为操作系统分配第一IP地址的具体实现方式,包括但不限于如下两种方式:The specific implementation manner of allocating the first IP address to the operating system according to the third IP address includes but is not limited to the following two methods:
方式一:将第三IP地址作为第一IP地址。Manner 1: The third IP address is used as the first IP address.
方式二:对第三IP地址进行子网划分;从划分的子网中选择一个IP地址作为第一IP地址。Manner 2: subnetting the third IP address; selecting an IP address from the divided subnets as the first IP address.
其中,子网划分的具体方法可以使用现有的NET协议、网桥、IP翻译等方式,本实施例不进行具体限定。The specific method of subnetting can use the existing NET protocol, the bridge, the IP translation, and the like, and is not specifically limited in this embodiment.
上述两种方式的选择依据,包括但不限于:若多操作系统终端中运行有唯一一个接入专用网络的操作系统,则可以选择方式一,也可以选择方式二。若多操作系统终端中运行有多个接入专用网络的操作系统,为了保证每个接入专用网络的操作系统分配不同的IP地址,则不能选择方式一,需要选择方式二。The selection of the above two methods includes, but is not limited to, if only one operating system terminal runs an operating system that accesses the private network, you can select mode one or mode two. If multiple operating system terminals have multiple operating systems that access the private network, in order to ensure that each operating system of the access private network assigns different IP addresses, mode 1 cannot be selected, and mode 2 needs to be selected.
网络安全策略,以图2中的VPN Policy为例,主要根据用户对上层操作系统对网络接入方式的配置,为不同的上层操作系统的vWIFI-P模块201,vWIFI-E模块202等前端分配虚拟专用网络。可以采用不同的通信协议,不同的加密方式,不同的认证证书,时间地点等信息进行策略配置。实现动态调整前端各操作系统的网络接入安全性,及前端各操作系统对于外部网络的可见性。The network security policy is based on the VPN policy in Figure 2. The configuration of the vWIFI-P module 201 and the vWIFI-E module 202 are configured for different upper-layer operating systems based on the configuration of the network access mode of the upper-layer operating system. Virtual private network. The policy can be configured by using different communication protocols, different encryption methods, different authentication certificates, time and place information. It realizes dynamic adjustment of the network access security of each front-end operating system and the visibility of the front-end operating systems to the external network.
Secure Policy主要根据用户的配置和要求为上层策略,包括但不限于:Secure Policy is mainly based on the user's configuration and requirements, including but not limited to:
1.是否允许vWIFI-P模块201,vWIFI-E模块202分配IP地址;1. Whether the vWIFI-P module 201 and the vWIFI-E module 202 are allowed to allocate an IP address;
2.分配哪种类型网络的IP地址,可为内部子网IP地址或与WIFI Driver分配同样网络的IP地址;2. Which type of network IP address is assigned, which can be an internal subnet IP address or an IP address of the same network as the WIFI Driver;
3.是否为vWIFI-P模块201,vWIFI-E模块202等前端分配虚拟的网络 地址;3. Whether to assign a virtual network to the front end of the vWIFI-P module 201, vWIFI-E module 202, etc. address;
4.是否为vWIFI-P模块201,vWIFI-E模块202配置独立的MAC地址。4. Whether the vWIFI-P module 201, the vWIFI-E module 202 is configured with an independent MAC address.
例如,vWIFI-BE模块204根据Secure Policy的策略,从VPN Stack中选择企业操作系统对应的加密协议,对公网IP地址192.168.1.0进行加密,得到加密后的公网IP地址192.169.1.0,将192.169.1.0作为分配给企业操作系统的内网IP地址。For example, the vWIFI-BE module 204 selects an encryption protocol corresponding to the enterprise operating system from the VPN stack according to the policy of the Secure Policy, encrypts the public network IP address 192.168.1.0, and obtains the encrypted public network IP address 192.169.1.0. 192.169.1.0 as the intranet IP address assigned to the enterprise operating system.
或者,对192.169.1.0进行子网划分;从划分的子网中选择一个IP地址192.169.1.1作为分配给操作系统的内网IP地址。Alternatively, subnet the 192.169.1.0; select an IP address 192.169.1.1 from the divided subnets as the intranet IP address assigned to the operating system.
通过步骤2,vWIFI-BE模块204根据vWIFI Policy的策略,利用软件内部网络共享技术建立内部网络共享,为vWIFI-E模块202分配独立的IP地址,可以是独立的内网IP地址(方式二)或者与外部设备接入网络相同的IP地址(方式一)。Through the step 2, the vWIFI-BE module 204 establishes an internal network share by using the internal network sharing technology of the software according to the policy of the vWIFI policy, and assigns an independent IP address to the vWIFI-E module 202, which may be an independent intranet IP address (method 2). Or the same IP address as the external device accesses the network (method 1).
步骤2.3,根据预设的网络安全策略对第二IP地址进行子网划分,从划分的子网中选择一个IP地址作为第一IP地址。Step 2.3: Subnetting the second IP address according to the preset network security policy, and selecting an IP address from the divided subnets as the first IP address.
通过步骤2.3,vWIFI-BE模块204根据vWIFI Policy的策略,利用软件内部网络共享技术建立内部网络共享,为vWIFI-P模块201分配独立的内网IP地址。Through step 2.3, the vWIFI-BE module 204 establishes an internal network share by using the internal network sharing technology of the software according to the policy of the vWIFI policy, and allocates an independent intranet IP address to the vWIFI-P module 201.
303:虚拟网络代理模块通过虚拟网络接入模块将第一IP地址发送至操作系统;303: The virtual network proxy module sends the first IP address to the operating system by using the virtual network access module.
304:操作系统根据第一IP地址接入网络。304: The operating system accesses the network according to the first IP address.
本实施例提供的方法,通过子网划分、VPN等方式,可以保证为每个操作系统分配唯一一个IP地址,不仅可以将操作系统接入的网络控制在有限的使用范围内,而且由于不同的操作系统使用不同IP地址进行网络接入,因此各操作系统可以同时接入网络,进行数据传输。通过网络安全策略,可以根据时间、地点等外部信息动态调整优化操作系统的网络接入及安全。 The method provided in this embodiment can ensure that each operating system is assigned a unique IP address through subnet division, VPN, etc., and not only can the network accessed by the operating system be controlled within a limited range of use, but also because of different The operating system uses different IP addresses for network access, so each operating system can access the network at the same time for data transmission. Through the network security policy, network access and security of the operating system can be dynamically adjusted according to external information such as time and place.
需要说明的是,本实施例仅以多操作系统终端中运行2个操作系统为例进行说明,在实际应用过程中,一个多操作系统终端可以运行多于2个操作系统,本实施例不对多操作系统终端实际运行的操作系统具体数量进行限定。It should be noted that, in this embodiment, only two operating systems running in a multi-operating system terminal are used as an example. In the actual application process, a multi-operating system terminal can run more than two operating systems, which is not the most The specific number of operating systems that the operating system terminal actually runs is limited.
另外,本实施例仅以多操作系统终端通过WIFI方式进行网络接入,在实际应用过程中,还可以通过专线方式接入网络,或其他方式接入网络,本实施例不对多操作系统终端接入网络的实际方式进行限定。In addition, in this embodiment, only the multi-operating system terminal accesses the network through the WIFI mode. In the actual application process, the network can be accessed through the leased line or the network is accessed in other manners. The actual way to enter the network is limited.
此外,本实施例仅以VPN作为专用网络进行说明,在实际应用过程中,还可以为其他形式的专用网络,本实施例不对具体专用网络进行限定。In addition, this embodiment is only described by using the VPN as a dedicated network. In the actual application process, it may also be another type of dedicated network. This embodiment does not limit the specific private network.
有益效果:Beneficial effects:
操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;虚拟网络代理模块获取网络接入请求后,为操作系统分配IP地址,并通过虚拟网络接入模块将IP地址发送至操作系统,其中,虚拟网络代理模块为不同的操作系统分配的IP地址各不相同;操作系统根据IP地址接入网络,从而使得各操作系统可以根据不同的IP地址接入同时网络。The operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module; after obtaining the network access request, the virtual network proxy module allocates an IP address to the operating system, and sends the IP address through the virtual network access module. To the operating system, the virtual network proxy module allocates different IP addresses for different operating systems; the operating system accesses the network according to the IP address, so that each operating system can access the simultaneous network according to different IP addresses.
基于同一发明构思,参见图4所示的实施例,本实施例提供了一种多操作系统终端,由于多操作系统终端解决问题的原理与一种多操作系统终端接入网络的方法相似,因此多操作系统终端的实施可以参见方法的实施,重复之处不再赘述。Based on the same inventive concept, referring to the embodiment shown in FIG. 4, this embodiment provides a multi-operating system terminal. The principle of solving a problem by a multi-operating system terminal is similar to that of a multi-operating system terminal accessing a network. For the implementation of multiple operating system terminals, refer to the implementation of the method, and the repeated description will not be repeated.
参见图4,该多操作系统终端,包括:多个操作系统401,虚拟网络接入模块402,虚拟网络代理模块403;Referring to FIG. 4, the multiple operating system terminal includes: a plurality of operating systems 401, a virtual network access module 402, and a virtual network proxy module 403;
每个操作系统401对应一个虚拟网络接入模块402;Each operating system 401 corresponds to a virtual network access module 402;
操作系统401,用于通过对应的虚拟网络接入模块402向虚拟网络代理模块403发送网络接入请求;通过虚拟网络接入模块402获取虚拟网络代理 模块403分配的第一互联网协议IP地址,根据第一IP地址接入网络;The operating system 401 is configured to send a network access request to the virtual network proxy module 403 through the corresponding virtual network access module 402; acquire the virtual network proxy by using the virtual network access module 402. The first Internet Protocol IP address allocated by the module 403 is connected to the network according to the first IP address;
虚拟网络接入模块402,用于向虚拟网络代理模块403发送操作系统401的网络接入请求;将虚拟网络代理模块403分配的第一IP地址发送至操作系统401;The virtual network access module 402 is configured to send the network access request of the operating system 401 to the virtual network proxy module 403; send the first IP address assigned by the virtual network proxy module 403 to the operating system 401;
虚拟网络代理模块403,用于获取网络接入请求后,为操作系统401分配第一IP地址,并通过虚拟网络接入模块402将第一IP地址发送至操作系统401,虚拟网络代理模块403为不同的操作系统401分配的第一IP地址各不相同。The virtual network proxy module 403 is configured to allocate a first IP address to the operating system 401 after obtaining the network access request, and send the first IP address to the operating system 401 through the virtual network access module 402, where the virtual network proxy module 403 is The first IP addresses assigned by different operating systems 401 are different.
可选地,虚拟网络代理模块403,用于确定多操作系统终端接入网络的第二IP地址;根据预设的网络安全策略及第二IP地址,为操作系统分配第一IP地址。Optionally, the virtual network proxy module 403 is configured to determine a second IP address of the multi-operating system terminal accessing the network, and allocate a first IP address to the operating system according to the preset network security policy and the second IP address.
可选地,虚拟网络代理模块403,用于根据多操作系统终端的网络驱动确定多操作系统终端接入网络的公网IP地址,将公网IP地址作为第二IP地址。Optionally, the virtual network proxy module 403 is configured to determine, according to the network driver of the multi-operating system terminal, a public network IP address of the multi-operating system terminal accessing the network, and use the public network IP address as the second IP address.
可选地,虚拟网络代理模块403,用于确定操作系统接入的网络类型;当网络类型为专用网络时,根据预设的网络安全策略及预设的专用网络协议栈,将第二IP地址转换为第三IP地址,将第三IP地址作为第一IP地址;第三IP地址为与第二IP地址相关的虚拟IP地址。Optionally, the virtual network proxy module 403 is configured to determine a network type that the operating system accesses; when the network type is a private network, the second IP address is determined according to a preset network security policy and a preset private network protocol stack. Converted to a third IP address with the third IP address as the first IP address; the third IP address is the virtual IP address associated with the second IP address.
可选地,虚拟网络代理模块403,用于对第三IP地址进行子网划分;从划分的子网中选择一个IP地址作为第一IP地址。Optionally, the virtual network proxy module 403 is configured to perform subnetting on the third IP address, and select one IP address from the divided subnets as the first IP address.
可选地,专用网络为虚拟专用网络VPN。Optionally, the private network is a virtual private network VPN.
可选地,虚拟网络代理模块403,还用于当网络类型为公用网络时,根据预设的网络安全策略对第二IP地址进行子网划分,从划分的子网中选择一个IP地址作为第一IP地址。Optionally, the virtual network proxy module 403 is further configured to: when the network type is a public network, perform subnetting on the second IP address according to the preset network security policy, and select an IP address from the divided subnets as the first An IP address.
有益效果如下: The benefits are as follows:
操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;虚拟网络代理模块获取网络接入请求后,为操作系统分配IP地址,并通过虚拟网络接入模块将IP地址发送至操作系统,其中,虚拟网络代理模块为不同的操作系统分配的IP地址各不相同;操作系统根据IP地址接入网络,从而使得各操作系统可以根据不同的IP地址接入同时网络。The operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module; after obtaining the network access request, the virtual network proxy module allocates an IP address to the operating system, and sends the IP address through the virtual network access module. To the operating system, the virtual network proxy module allocates different IP addresses for different operating systems; the operating system accesses the network according to the IP address, so that each operating system can access the simultaneous network according to different IP addresses.
上述实施例中,均可以采用现有的功能元器件模块来实施。例如,处理模块可以采用现有的数据处理元器件,至少,现有定位技术中采用的定位服务器上便具备实现该功能元器件;至于接收模块,则是任意一个具备信号传输功能的设备都具备的元器件;同时,处理模块进行的A、n参数计算、强度调整等采用的都是现有的技术手段,本领域技术人员经过相应的设计开发即可实现。In the above embodiments, the existing functional component modules can be used for implementation. For example, the processing module can use existing data processing components. At least, the positioning server used in the existing positioning technology has the function component implemented; as for the receiving module, any device with the signal transmission function has At the same time, the A, n parameter calculation, strength adjustment, etc. performed by the processing module are all existing technical means, and those skilled in the art can realize the corresponding design and development.
为了描述的方便,以上所述装置的各部分以功能分为各种模块或单元分别描述。当然,在实施本发明时可以把各模块或单元的功能在同一个或多个软件或硬件中实现。For convenience of description, the various parts of the above described devices are described in terms of functions divided into various modules or units. Of course, the functions of the various modules or units may be implemented in one or more software or hardware in the practice of the invention.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使 得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device to produce a machine The instructions executed by a processor of a computer or other programmable data processing device generate means for implementing the functions specified in one or more blocks of the flowchart or in a block or blocks of the flowchart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。 While the preferred embodiment of the invention has been described, it will be understood that Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and

Claims (14)

  1. 一种多操作系统终端接入网络的方法,其特征在于,所述方法包括:A method for a multi-operating system terminal to access a network, the method comprising:
    操作系统通过对应的虚拟网络接入模块向虚拟网络代理模块发送网络接入请求;The operating system sends a network access request to the virtual network proxy module through the corresponding virtual network access module;
    所述虚拟网络代理模块获取所述网络接入请求后,为所述操作系统分配第一互联网协议IP地址,并通过所述虚拟网络接入模块将所述第一IP地址发送至所述操作系统,所述虚拟网络代理模块为不同的操作系统分配的第一IP地址各不相同;After acquiring the network access request, the virtual network proxy module allocates a first Internet Protocol IP address to the operating system, and sends the first IP address to the operating system by using the virtual network access module. The first IP address allocated by the virtual network proxy module for different operating systems is different;
    所述操作系统根据所述第一IP地址接入网络。The operating system accesses the network according to the first IP address.
  2. 根据权利要求1所述的方法,其特征在于,所述为所述操作系统分配第一互联网协议IP地址,包括:The method of claim 1, wherein the assigning the first internet protocol IP address to the operating system comprises:
    确定所述多操作系统终端接入网络的第二IP地址;Determining a second IP address of the multi-operating system terminal accessing the network;
    根据预设的网络安全策略及所述第二IP地址,为所述操作系统分配第一IP地址。Assigning a first IP address to the operating system according to a preset network security policy and the second IP address.
  3. 根据权利要求2所述的方法,其特征在于,所述确定所述多操作系统终端接入网络的第二IP地址,包括:The method according to claim 2, wherein the determining the second IP address of the multi-operating system terminal accessing the network comprises:
    根据所述多操作系统终端的网络驱动确定所述多操作系统终端接入网络的公网IP地址,将所述公网IP地址作为第二IP地址。Determining, according to the network driver of the multi-operating system terminal, the public network IP address of the multi-operating system terminal accessing the network, and using the public network IP address as the second IP address.
  4. 根据权利要求2所述的方法,其特征在于,所述根据预设的网络安全策略及所述第二IP地址,为所述操作系统分配第一IP地址,包括:The method according to claim 2, wherein the assigning the first IP address to the operating system according to the preset network security policy and the second IP address comprises:
    确定所述操作系统接入的网络类型;Determining a type of network accessed by the operating system;
    若所述网络类型为专用网络,则根据预设的网络安全策略及预设的专用 网络协议栈,将所述第二IP地址转换为第三IP地址,将所述第三IP地址作为第一IP地址;If the network type is a dedicated network, according to a preset network security policy and a preset dedicated a network protocol stack, converting the second IP address into a third IP address, and using the third IP address as the first IP address;
    所述第三IP地址为与所述第二IP地址相关的虚拟IP地址。The third IP address is a virtual IP address associated with the second IP address.
  5. 根据权利要求4所述的方法,其特征在于,所述将所述第三IP地址作为第一IP地址,包括:The method according to claim 4, wherein the using the third IP address as the first IP address comprises:
    对所述第三IP地址进行子网划分;Subnetting the third IP address;
    从划分的子网中选择一个IP地址作为第一IP地址。Select an IP address from the divided subnets as the first IP address.
  6. 根据权利要求4或5所述的方法,其特征在于,所述专用网络为虚拟专用网络VPN。The method according to claim 4 or 5, wherein the private network is a virtual private network VPN.
  7. 根据权利要求4所述的方法,其特征在于,所述确定所述操作系统接入的网络类型之后,还包括:The method of claim 4, after the determining the type of the network accessed by the operating system, further comprising:
    若所述网络类型为公用网络,则根据预设的网络安全策略对所述第二IP地址进行子网划分,从划分的子网中选择一个IP地址作为第一IP地址。If the network type is a public network, the second IP address is subnet-divided according to a preset network security policy, and an IP address is selected from the divided subnets as the first IP address.
  8. 一种多操作系统终端,其特征在于,所述多操作系统终端包括:多个操作系统,虚拟网络接入模块,虚拟网络代理模块;A multi-operating system terminal, comprising: a plurality of operating systems, a virtual network access module, and a virtual network proxy module;
    每个操作系统对应一个虚拟网络接入模块;Each operating system corresponds to a virtual network access module;
    所述操作系统,用于通过对应的所述虚拟网络接入模块向所述虚拟网络代理模块发送网络接入请求;通过所述虚拟网络接入模块获取所述虚拟网络代理模块分配的第一互联网协议IP地址,根据所述第一IP地址接入网络;The operating system is configured to send a network access request to the virtual network proxy module by using the virtual network access module, and obtain the first Internet allocated by the virtual network proxy module by using the virtual network access module a protocol IP address, accessing the network according to the first IP address;
    所述虚拟网络接入模块,用于向所述虚拟网络代理模块发送所述操作系统的网络接入请求;将所述虚拟网络代理模块分配的所述第一IP地址发送 至所述操作系统;The virtual network access module is configured to send a network access request of the operating system to the virtual network proxy module, and send the first IP address allocated by the virtual network proxy module To the operating system;
    所述虚拟网络代理模块,用于获取所述网络接入请求后,为所述操作系统分配第一IP地址,并通过所述虚拟网络接入模块将所述第一IP地址发送至所述操作系统,所述虚拟网络代理模块为不同的操作系统分配的第一IP地址各不相同。The virtual network proxy module is configured to allocate a first IP address to the operating system after acquiring the network access request, and send the first IP address to the operation by using the virtual network access module. The first IP address assigned by the virtual network proxy module to different operating systems is different.
  9. 根据权利要求8所述的多操作系统终端,其特征在于,所述虚拟网络代理模块,用于确定所述多操作系统终端接入网络的第二IP地址;根据预设的网络安全策略及所述第二IP地址,为所述操作系统分配第一IP地址。The multi-operating system terminal according to claim 8, wherein the virtual network proxy module is configured to determine a second IP address of the multi-operating system terminal accessing the network; according to a preset network security policy and a The second IP address is configured to allocate a first IP address to the operating system.
  10. 根据权利要求9所述的多操作系统终端,其特征在于,所述虚拟网络代理模块,用于根据所述多操作系统终端的网络驱动确定所述多操作系统终端接入网络的公网IP地址,将所述公网IP地址作为第二IP地址。The multi-operating system terminal according to claim 9, wherein the virtual network proxy module is configured to determine, according to the network driver of the multi-operating system terminal, a public network IP address of the multi-operating system terminal accessing the network The public network IP address is used as the second IP address.
  11. 根据权利要求9所述的多操作系统终端,其特征在于,所述虚拟网络代理模块,用于确定所述操作系统接入的网络类型;当所述网络类型为专用网络时,根据预设的网络安全策略及预设的专用网络协议栈,将所述第二IP地址转换为第三IP地址,将所述第三IP地址作为第一IP地址;所述第三IP地址为与所述第二IP地址相关的虚拟IP地址。The multi-operating system terminal according to claim 9, wherein the virtual network proxy module is configured to determine a network type accessed by the operating system; when the network type is a private network, according to a preset a network security policy and a preset private network protocol stack, converting the second IP address into a third IP address, using the third IP address as a first IP address; and the third IP address being the first Two virtual IP addresses associated with the IP address.
  12. 根据权利要求11所述的多操作系统终端,其特征在于,所述虚拟网络代理模块,用于对所述第三IP地址进行子网划分;从划分的子网中选择一个IP地址作为第一IP地址。The multi-operating system terminal according to claim 11, wherein the virtual network proxy module is configured to perform subnetting on the third IP address, and select an IP address from the divided subnets as the first IP address.
  13. 根据权利要求11或12所述的多操作系统终端,其特征在于,所述专用网络为虚拟专用网络VPN。 The multi-operating system terminal according to claim 11 or 12, wherein the private network is a virtual private network VPN.
  14. 根据权利要求11所述的多操作系统终端,其特征在于,所述虚拟网络代理模块,还用于当所述网络类型为公用网络时,根据预设的网络安全策略对所述第二IP地址进行子网划分,从划分的子网中选择一个IP地址作为第一IP地址。 The multi-operating system terminal according to claim 11, wherein the virtual network proxy module is further configured to: when the network type is a public network, the second IP address according to a preset network security policy. Perform subnetting and select an IP address from the divided subnets as the first IP address.
PCT/CN2017/071012 2016-01-19 2017-01-12 Network access method for multiple operating system terminal and multiple operating system terminal WO2017124965A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610034469.6 2016-01-19
CN201610034469.6A CN105516397B (en) 2016-01-19 2016-01-19 Method for accessing multiple operating system terminals into network and multiple operating system terminals

Publications (1)

Publication Number Publication Date
WO2017124965A1 true WO2017124965A1 (en) 2017-07-27

Family

ID=55724022

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/071012 WO2017124965A1 (en) 2016-01-19 2017-01-12 Network access method for multiple operating system terminal and multiple operating system terminal

Country Status (2)

Country Link
CN (1) CN105516397B (en)
WO (1) WO2017124965A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285913A (en) * 2021-12-07 2022-04-05 厦门厦华科技有限公司 Data transmission method across operating systems

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516397B (en) * 2016-01-19 2019-06-11 深圳前海达闼云端智能科技有限公司 Method for accessing multiple operating system terminals into network and multiple operating system terminals
CN106102098B (en) 2016-05-27 2019-09-13 华为技术有限公司 A kind of method and device accessing WIFI network
CN106789931B (en) * 2016-11-29 2020-05-19 北京元心科技有限公司 Multi-system network isolation sharing method and device
CN115150447A (en) * 2021-03-30 2022-10-04 Oppo广东移动通信有限公司 Network connection method and device, terminal device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1840733A1 (en) * 2004-12-22 2007-10-03 Fujitsu Ltd. Virtual machine management program, and virtual machine management method
CN101652749A (en) * 2007-04-05 2010-02-17 微软公司 Network group name for virtual machines
CN102404253A (en) * 2011-06-28 2012-04-04 西安交通大学 Method for designing virtual network adapter supporting hardware abstraction layer of Linux
CN102469098A (en) * 2010-11-11 2012-05-23 财团法人资讯工业策进会 Information safety protection host machine
CN102710814A (en) * 2012-06-21 2012-10-03 奇智软件(北京)有限公司 Method and device for controlling Internet protocol (IP) address of virtual machine
CN105516397A (en) * 2016-01-19 2016-04-20 深圳前海达闼云端智能科技有限公司 Method for accessing multiple operating system terminals into network and multiple operating system terminals

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1503286B1 (en) * 2003-07-30 2014-09-03 Jaluna SA Multiple operating system networking
TWI352909B (en) * 2007-09-05 2011-11-21 Htc Corp Method and system for supporting network sharing a
EP2568666A4 (en) * 2011-09-30 2014-01-08 Huawei Tech Co Ltd Ip address obtaining method and network access device
CN105224402A (en) * 2015-09-11 2016-01-06 上海斐讯数据通信技术有限公司 A kind of multisystem fast switch over method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1840733A1 (en) * 2004-12-22 2007-10-03 Fujitsu Ltd. Virtual machine management program, and virtual machine management method
CN101652749A (en) * 2007-04-05 2010-02-17 微软公司 Network group name for virtual machines
CN102469098A (en) * 2010-11-11 2012-05-23 财团法人资讯工业策进会 Information safety protection host machine
CN102404253A (en) * 2011-06-28 2012-04-04 西安交通大学 Method for designing virtual network adapter supporting hardware abstraction layer of Linux
CN102710814A (en) * 2012-06-21 2012-10-03 奇智软件(北京)有限公司 Method and device for controlling Internet protocol (IP) address of virtual machine
CN105516397A (en) * 2016-01-19 2016-04-20 深圳前海达闼云端智能科技有限公司 Method for accessing multiple operating system terminals into network and multiple operating system terminals

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285913A (en) * 2021-12-07 2022-04-05 厦门厦华科技有限公司 Data transmission method across operating systems
CN114285913B (en) * 2021-12-07 2023-10-10 厦门厦华科技有限公司 Cross-operating system data transmission method

Also Published As

Publication number Publication date
CN105516397B (en) 2019-06-11
CN105516397A (en) 2016-04-20

Similar Documents

Publication Publication Date Title
WO2017124965A1 (en) Network access method for multiple operating system terminal and multiple operating system terminal
US9294443B2 (en) Secure integration of hybrid clouds with enterprise networks
CN108062248B (en) Resource management method, system, equipment and storage medium of heterogeneous virtualization platform
US9300633B2 (en) Network-level access control management for the cloud
US9467395B2 (en) Cloud computing nodes for aggregating cloud computing resources from multiple sources
CN110191031B (en) Network resource access method and device and electronic equipment
WO2018113443A1 (en) Method and device for accessing linux container cluster using browser under multi-user environment
JP2019528005A (en) Method, apparatus, and system for a virtual machine to access a physical server in a cloud computing system
US20160323286A1 (en) Secure access to remote resources over a network
US20130326063A1 (en) Techniques for workload discovery and organization
WO2016028927A1 (en) Methods and system for allocating an ip address for an instance in a network function virtualization (nfv) system
US10938619B2 (en) Allocation of virtual interfaces to containers
WO2015149604A1 (en) Load balancing method, apparatus and system
US10237235B1 (en) System for network address translation
WO2019080320A1 (en) Multi-system network interconnection device, method and apparatus
US11876779B2 (en) Secure DNS using delegated credentials and keyless SSL
TW201517563A (en) Could gateway establishing and configuring system and method
WO2021063028A1 (en) Method and apparatus for providing network service for service, and computing device
US11556662B2 (en) Secure communications between virtual computing instances
EP4175221A1 (en) Method for accessing network, media gateway, electronic device, and storage medium
CN108462752B (en) Method and system for accessing shared network, VPC management equipment and readable storage medium
US20220217126A1 (en) Apparatus and method for secure router device
US20210266289A1 (en) Secured container management
US20170116016A1 (en) Screen compression service method and virtual network apparatus for performing the method
JP2022538200A (en) Resource sharing between client devices in a virtual workspace environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17740996

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 05/12/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 17740996

Country of ref document: EP

Kind code of ref document: A1