WO2019109943A1 - Procédé et appareil de gestion de plate-forme en nuage, dispositif électronique et support de stockage lisible - Google Patents

Procédé et appareil de gestion de plate-forme en nuage, dispositif électronique et support de stockage lisible Download PDF

Info

Publication number
WO2019109943A1
WO2019109943A1 PCT/CN2018/119340 CN2018119340W WO2019109943A1 WO 2019109943 A1 WO2019109943 A1 WO 2019109943A1 CN 2018119340 W CN2018119340 W CN 2018119340W WO 2019109943 A1 WO2019109943 A1 WO 2019109943A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud platform
license
node
information
deployed
Prior art date
Application number
PCT/CN2018/119340
Other languages
English (en)
Chinese (zh)
Inventor
田子晨
Original Assignee
北京金山云网络技术有限公司
北京金山云科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京金山云网络技术有限公司, 北京金山云科技有限公司 filed Critical 北京金山云网络技术有限公司
Publication of WO2019109943A1 publication Critical patent/WO2019109943A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present application relates to the field of cloud computing technologies, and in particular, to a cloud platform management method, apparatus, electronic device, and readable storage medium.
  • Openstack is an open source cloud computing platform management project. It mainly cooperates with various components such as Nova, Neutron and cinder to complete the related operations of the cloud platform. OpenStack supports almost all types of cloud environments. The goal of OpenStack is to provide a cloud computing management platform that is simple to implement, scalable, rich, and standardized. OpenStack provides IaaS (Infrastructure as a Service) solutions through a variety of complementary services.
  • IaaS Infrastructure as a Service
  • the cloud computing service provider can provide users with OpenStack-based cloud platform services, that is, deploy the OpenStack cloud platform for users and authorize users to use the OpenStack cloud platform.
  • the cloud computing service provider has a simple license management scheme for the user's OpenStack cloud platform, and usually only performs single-party license management for the OpenStack node.
  • flexible and effective license management for users' Openstack cloud platforms is required.
  • a license management scheme is needed to control the number of clusters and the functionality of the cluster.
  • An object of the embodiments of the present application is to provide a cloud platform management method, apparatus, electronic device, and readable storage medium for performing flexible license management on a cloud platform.
  • the specific technical solutions are as follows:
  • a first aspect of the embodiments of the present application provides a cloud platform management method, where the method includes: determining authorization permission information for the user, where the authorization permission information includes: a number of nodes, a node configuration, and a node. a period of use and a component type; digitally signing the license information, generating an authorization file according to the obtained signature information and the license information; and when the cloud platform of the user is deployed, the license file is Adding to the cloud platform of the user, deploying nodes in the cloud platform of the user according to the license information, and obtaining the deployed cloud platform.
  • the determining the license information for the user includes: determining the license information for the user according to the usage requirement of the user in the cloud platform.
  • the method before the deploying the node in the cloud platform of the user according to the license permission information, the method further includes: verifying, in the license file, Whether the signature information and the authorization permission information correspond; if the verification is passed, the signature information and the authorization permission information are stored in the cloud platform of the user.
  • the determining the license information for the user according to the usage requirement of the user in the cloud platform includes: determining whether the node is included according to the usage requirement Determining, in the request, determining whether the authorization for the number of nodes in the license information is on or off; determining whether to authorize the node configuration in the license information according to whether the requirement for the node configuration is included in the usage requirement For enabling or disabling; determining whether the license for the node usage period in the license information is turned on or off according to whether the usage requirement includes a requirement for a node usage period; whether the component type is included according to the usage requirement The requirement is to determine whether the license for the component type in the license information is turned on or off.
  • the deploying, by the user, the node in the cloud platform of the user according to the license information including: when adding a node, acquiring the number of nodes to be added a node configuration, and determining whether the sum of the number of nodes in the cloud platform and the number of nodes in the node to be added is not greater than the number of nodes in the license information, and the cloud platform has Whether the node configuration of the adding node and the total configuration of the node configuration of the node to be added are not greater than the node configuration in the license information; when the determination result is yes, the node to be added is added.
  • the method further includes: Receiving an operation instruction for expanding a node in the deployed cloud platform, adding node information to be extended to the authorization permission information, obtaining updated authorization permission information, and digitally signing the updated authorization permission information And generating an updated license file according to the obtained updated signature information and the updated license information; and installing the extended node on the deployed cloud platform according to the updated license file.
  • the method further includes: verifying The signature information and the expiration date in the license file in the deployed cloud platform; if the verification result is successful, periodically verify the license on the deployed cloud platform, and determine whether the deployed cloud platform is It runs within the scope of the license.
  • the performing the periodic authorization certificate verification on the deployed cloud platform, determining whether the deployed cloud platform is running within the scope of the license includes: Verifying whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information; and verifying whether the configuration of the nodes in the deployed cloud platform is not greater than the nodes in the license information. Configuring whether the motherboard serial number of the node in the deployed cloud platform is in the license information; verifying whether the current time in the deployed cloud platform is within the validity period of the license information If the verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license, otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
  • a second aspect of the embodiments of the present application provides a cloud platform management apparatus, including: an authorization permission information acquisition module, configured to determine authorization permission information for the user, where the authorization permission information includes: a number of nodes , a node configuration period, a node usage period, and a component type; a license file generating module, configured to digitally sign the license information, generate an authorization license file according to the obtained signature information and the license information; and a cloud platform deployment module, When the cloud platform of the user is deployed, the license file is added to the cloud platform of the user, and the node in the cloud platform of the user is deployed according to the license information, and deployed. After the cloud platform.
  • an authorization permission information acquisition module configured to determine authorization permission information for the user, where the authorization permission information includes: a number of nodes , a node configuration period, a node usage period, and a component type
  • a license file generating module configured to digitally sign the license information, generate an authorization license file according to the obtained signature information and the license information
  • the authorization determining module is specifically configured to determine authorization information for the user according to a user's usage requirement for the cloud platform node.
  • the cloud platform management apparatus of the embodiment of the present application further includes: a signature information verification module, configured to verify the signature information and the authorization in the license file Whether the license information corresponds to the information storage module is configured to store the signature information and the license permission information in the cloud platform of the user if the signature information verification module passes the verification.
  • a signature information verification module configured to verify the signature information and the authorization in the license file Whether the license information corresponds to the information storage module is configured to store the signature information and the license permission information in the cloud platform of the user if the signature information verification module passes the verification.
  • the license information obtaining module is specifically configured to determine, according to whether the requirement for the number of nodes is included in the usage requirement, determine a node in the license information.
  • the number of licenses is turned on or off; determining whether the license configured for the node in the license information is turned on or off according to whether the requirement for the node is included in the usage requirement; whether the pair is included according to the usage requirement Determining the license period of the node in the license information to be turned on or off; determining whether the component type is in the license information according to whether the requirement for the component type is included in the use requirement
  • the license is either on or off.
  • the cloud platform deployment module is specifically configured to: when adding a node, obtain the number of nodes and node configurations of the node to be added, and determine that the cloud platform has been added. Whether the sum of the number of nodes of the node and the number of nodes of the node to be added is not greater than the number of nodes in the license information, and the node configuration of the node in the cloud platform and the node to be added Whether the total configuration of the node configuration is not greater than the node configuration in the license information; when the determination result is yes, the node to be added is added.
  • the cloud platform management apparatus of the embodiment of the present application further includes: an authorization license information update module, configured to receive, if received, a node in the deployed cloud platform The extended operation instruction adds the node information to be extended to the license information to obtain updated license information; and the license file update module is configured to digitally sign the updated license information according to the obtained update The signature information and the updated license information generate an updated license file; the extended node installation module is configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
  • an authorization license information update module configured to receive, if received, a node in the deployed cloud platform
  • the extended operation instruction adds the node information to be extended to the license information to obtain updated license information
  • the license file update module is configured to digitally sign the updated license information according to the obtained update
  • the signature information and the updated license information generate an updated license file
  • the extended node installation module is configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
  • the cloud platform management apparatus of the embodiment of the present application further includes: a first verification module, configured to verify signature information in the license file in the deployed cloud platform And the expiration date; the second verification module is configured to perform periodic authorization verification on the deployed cloud platform when the first verification module is successfully verified, and determine whether the deployed cloud platform runs on the license. In the range.
  • the second verification module is configured to verify whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information. Verifying whether the configuration of the node in the deployed cloud platform is not greater than the configuration of the node in the license information; verifying whether the serial number of the motherboard of the node in the deployed cloud platform is in the license information; Whether the current time in the deployed cloud platform is within the validity period of the license information; if the verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license, otherwise Determining that the deployed cloud platform is not running within the scope of the license.
  • a third aspect of the embodiments of the present application provides an electronic device, including: a processor and a machine readable storage medium, the machine readable storage medium storing machine executable instructions executable by the processor, The steps of the cloud platform management method described in any of the above are implemented when the processor executes the machine executable instructions.
  • a fourth aspect of the embodiments of the present application provides a computer readable storage medium, where the computer readable storage medium stores a computer program, and when the computer program is executed by a processor, implementing the cloud of any of the foregoing The steps of the platform management method.
  • a fifth aspect of the embodiments of the present application provides a computer program product comprising instructions, when executed on a computer, causing a computer to perform the steps of any of the cloud platform management methods described above.
  • the cloud platform management method, the device, the electronic device, and the readable storage medium provided by the embodiment of the present application determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type;
  • the license information is digitally signed, and the license file is generated according to the obtained signature information and the license information; when the user's cloud platform is deployed, the license file is added to the user's cloud platform, and the license information is deployed according to the license information.
  • the nodes in the user's cloud platform get the deployed cloud platform.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • implementing any of the products or methods of the present application does not necessarily require that all of the advantages described above be achieved at the same time.
  • FIG. 1 is a flowchart of a cloud platform management method according to an embodiment of the present application
  • FIG. 2 is another flowchart of a cloud platform management method according to an embodiment of the present application.
  • FIG. 3 is a flowchart of a method for deploying a cloud platform node according to an embodiment of the present application
  • FIG. 4 is still another flowchart of a cloud platform management method according to an embodiment of the present application.
  • FIG. 5 is a structural diagram of a cloud platform management apparatus according to an embodiment of the present application.
  • FIG. 6 is another structural diagram of a cloud platform management apparatus according to an embodiment of the present application.
  • FIG. 7 is still another structural diagram of a cloud platform management apparatus according to an embodiment of the present application.
  • FIG. 8 is a structural diagram of an electronic device according to an embodiment of the present application.
  • the deployment tool and the cloud platform of the cloud platform are separated, and the deployment tool may be a server or a virtual machine independent of the cloud platform, and an independent deployment tool acquires the number of nodes in the cloud platform.
  • Information such as node configuration and component type requires authentication and other operations, which is complicated to implement and causes the deployment system to be too heavy.
  • the deployment tool can only obtain a single piece of information, such as the number of nodes. Therefore, the cloud platform license management function is single.
  • the deployment tool can only deploy the cloud platform. After the cloud platform is deployed, the cloud platform cannot be verified. Legitimacy.
  • the embodiment of the present application provides a cloud platform management method, device, electronic device, and readable storage medium, which can perform copyright control, scale control, and use period control on a cloud platform, according to a user's use of the cloud platform. It is expected that a variety of licensing methods may be provided, and the licensing method may be a single one or a combination of multiple authorization methods. At the same time, the corresponding license information is generated, and the cloud platform is deployed according to the license information, and the basic functions and extended functions of the cloud platform are provided.
  • the cloud platform deployment tool of the embodiment of the present application is integrated in the cloud platform, and can communicate with components in the cloud platform, so that the component information can be conveniently obtained, because components in the cloud platform need to be activated through the license, and The deployment tool can be combined with the license to control the components, so that the cloud platform can be deployed more conveniently and efficiently. After the cloud platform is deployed, the legality of the cloud platform can be verified.
  • the execution body of the cloud platform management method provided by the embodiment of the present application may be a server in the cloud platform.
  • the cloud platform management method provided by the embodiment of the present application is first introduced in detail.
  • FIG. 1 is a flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
  • S101 Determine license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
  • the license information for the user is determined according to the user's use requirement of the node in the cloud platform.
  • the cloud platform management in the embodiment of the present application includes three phases: a license file preparation phase, a node deployment phase, and a cloud platform use phase. This step belongs to the license file preparation phase.
  • the nodes in the cloud platform refer to servers. According to different roles of the nodes in the cloud platform, the nodes can be divided into: computing nodes, storage nodes, network nodes, and the like. The number of nodes is also the number of nodes.
  • the node configuration may include: a number of CPUs (Central Processing Units), a memory capacity, and the like, which are not limited in this embodiment of the present application. For different users, the usage requirements of the cloud platform may be different.
  • the usage requirement of the cloud platform by the A user is mainly a storage function
  • the usage requirement of the cloud user by the B user is a computing function
  • the use of the cloud platform by the C user is used.
  • the requirements are storage functions and calculation functions. Therefore, in the embodiment of the present application, the license information for different users may be different, wherein the license information may be used to indicate resources that the user is authorized to use, and related information of the resources, exemplary, license The contents carried in the information can be seen in Table 1.
  • the license_name is the name of the license, for example, the game
  • the sale_type is the license support method, including: the number of nodes (for example, the number of compute nodes, the number of network nodes, the number of storage nodes), The configuration of the node (for example, the number of CPUs of the node, the memory capacity, and the storage type supported by the cloud platform, and the like), and the types of components authorized in the nodes (Neutron, Nova, Cinder, etc.), etc. Provides basic Openstack functionality (computing, networking, storage, and authentication) components as well as extended Openstack features.
  • the sale_info is the opening or closing status of the corresponding license mode, that is, whether to authorize the number of nodes, whether to configure the license for the node, etc.; date is the expiration date that each node and each component in the cloud platform can use.
  • the license information can be input by the relevant personnel.
  • the server that executes the main body is the cloud platform.
  • the background personnel can input the license information locally at the server, or the user can input the license information at the user terminal.
  • the user terminal sends it to the server.
  • the license information may also be determined according to the user's usage requirements of the nodes in the cloud platform.
  • the user requirements may include functions (such as storage functions and computing functions) that the user needs to provide the cloud platform, and the amount of resources that need to be occupied (such as the need to occupy 3) Computing nodes, 1 storage node), etc. It can also include technical solutions that users need to implement with the cloud platform.
  • the user can fill in the user requirements list and send it to the server.
  • the server analyzes the user's needs and obtains the license information. For example, the user can fill in the demand list when registering.
  • the user needs to implement some intelligent analysis algorithm by means of the cloud platform. After the background personnel analyzes the algorithm complexity of the intelligent analysis algorithm, it is determined that the implementation of the intelligent analysis algorithm requires five computing nodes and two storage nodes, and then it is determined.
  • the obtained license information may indicate that the user is authorized to use 5 compute nodes and 2 storage nodes in the cloud platform.
  • S102 Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
  • the license information may be digitally signed to obtain signature information corresponding to the license information.
  • Digital signature is an encryption method that guarantees the integrity of information transmission, enables the receiver to authenticate the sender, and prevents the repudiation in the transaction.
  • the public key and the private key in the digital signature process may be pre-set asymmetric key pairs.
  • the message digest (Message-Digest) of the license information may be extracted by using a preset hash algorithm (such as the secure hash algorithm SHA), and the information digest is encrypted by using the private key to obtain the license information.
  • the signature information is combined with the obtained signature information and the license information to obtain a license file.
  • the receiver After receiving the license file, the receiver can decrypt the signature information in the license file by using the public key, and extract the information digest of the license information according to the same hash algorithm, and the decrypted information and the extracted information. For comparison, if the decrypted information is the same as the extracted information digest, it can be determined that the license information has not been tampered with; if the decrypted information is different from the extracted digest, it can be determined that the license information has been tampered with.
  • the step belongs to the node deployment phase, and after the license file is generated, the cloud platform can be deployed.
  • the license file is added to the user's cloud platform.
  • the license file is added to the database of the cloud platform.
  • the license file includes: signature information and license information, so the cloud can be deployed according to the license information.
  • the nodes in the platform For example, the authorization for the number of nodes in the license information is: deploying 3 storage nodes and 2 compute nodes.
  • the authorization for configuring the node in the license information is: the number of deployed CPUs is 10, then, in the right When the cloud platform is deployed, the cloud platform can be deployed according to the license information, and the deployed cloud platform can be obtained.
  • the cloud platform management method determines the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; digitally signing the license information, according to the The signature information and the license information generate a license file; when the user's cloud platform is deployed, the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and deployed. After the cloud platform.
  • the embodiment of the present application can perform combined authorization on the number of nodes in the cloud platform, the node configuration, and the component types in the node, thereby performing flexible authorization and license management on the cloud platform, and digitally signing the license information to ensure the license information. Not easy to be tampered with.
  • FIG. 2 is another flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
  • S201 Determine, according to the usage requirement of the user in the cloud platform, the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
  • S202 Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
  • the digital signature technique encrypts the initial information with the sender's private key and transmits the obtained encrypted information together with the initial information to the recipient.
  • the receiver can decrypt the encrypted initial information only by using the sender's public key, decrypt the encrypted initial information through the public key, and compare the obtained decrypted information with the initial information. If they are the same, the received initial information is received. It is complete and has not been modified during transmission. Otherwise, the initial information has been modified, so the digital signature can verify the integrity of the information.
  • Digital signature is the process of encryption
  • digital signature verification is the process of decryption.
  • the license file may be obtained by using the public key.
  • the signature information in the decryption is decrypted, and the obtained decryption information is compared with the license information. If the information is the same, it indicates that the license information has not been tampered with. Therefore, the integrity of the license information on the cloud platform is ensured by means of public and private keys, so that the license information is not easily falsified. Then, after the verification is passed, the signature information and the license information can be stored in the user's cloud platform.
  • S201 and S202 are the same as S101 and S102 in the embodiment of FIG. 1, respectively, the steps in S204 and S103 are the same, and all implementations of S101, S102, and S103 are applicable to FIG. 2, and all of the same or similar beneficial effects can be achieved. , will not repeat them here.
  • the cloud platform management method determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node use period, and the component type.
  • the embodiment of the present application can perform combined authorization for the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like, thereby performing flexible authorization and license management on the cloud platform.
  • the license information is not easily tampering.
  • the S203 and S204 in the foregoing embodiment of FIG. 2 are the node deployment stage.
  • the flowchart of the node deployment method in the cloud platform in the embodiment of the present application can be seen in FIG. 3, including the following steps:
  • the license file may be generated according to the user's use requirements of the cloud platform. After the license file is obtained, the license file may be provided to the user, so that the user can use the license file according to the license file.
  • the platform is deployed, and of course, the administrator can deploy the cloud platform. When deploying a cloud platform, you first need to add the license file to the cloud platform.
  • the license file includes: signature information and license information.
  • the signature information can be verified, that is, the integrity of the license information is verified, and the license information is determined.
  • the method of verifying the signature information may be: verifying whether the signature information and the license information in the license file correspond to each other. For details, refer to S203 in the embodiment of FIG. 2, and details are not described herein again.
  • the license information also includes an expiration date, which is the expiration date of the cloud platform. When verifying the signature information, the expiration date in the license information may also be verified. If the current time is within the valid period, the verification is successful.
  • the license information is usable; if the current time is not within the validity period, it indicates that the verification fails, and the license information is not available, and the process proceeds to S307, and the process ends.
  • S303 Store signature information and license information.
  • the signature information and the license information are stored in the cloud platform, that is, the database of the cloud platform, so that the cloud platform can be deployed according to the license information.
  • the signature information and the expiration date of each node may be verified.
  • the verification method is the same as that of S302, and details are not described herein. Through the verification of this step, it can be guaranteed that the deployed cloud platform can be used.
  • the license file is added to the cloud platform, and the signature information and the expiration date are verified. After the verification succeeds, the signature information is stored and The license information is used to deploy the node according to the license information. After the node is deployed, the signature information and the validity period of each node can be verified. After the verification succeeds, the cloud platform is successfully deployed.
  • the embodiment of the present application verifies the signature information of the digitally signed license information, and ensures the integrity of the license information on the cloud platform, so that the license information is not easily falsified.
  • FIG. 4 is still another flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
  • S401 Determine, according to a user usage requirement of a node in the cloud platform, the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
  • S402. Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
  • the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained.
  • the license information can be stored in the cloud platform, after the cloud platform is deployed, the license information can also be viewed and updated. If the user needs to extend the deployed cloud platform, the user sends an operation instruction for expanding the node in the deployed cloud platform, and after receiving the operation instruction, the cloud platform adds the node to be extended to the authorization information. Information, get updated license information.
  • the embodiment of the present application may further extend components in the node, and may also delete nodes in the cloud platform, delete components in the node, and the like, and expand the node as an example for description.
  • the updated license information is digitally signed, and an updated license file is generated according to the obtained updated signature information and the updated license information.
  • the method in this step is the same as the method in the embodiment S102 of FIG. 1, and details are not described herein again.
  • This step differs from S102 in that the license information in this step is updated license information as compared with the license information in S102.
  • the deployed node may be installed on the deployed cloud platform according to the updated license file. For example, if two storage nodes need to be added to the license information in the updated license file, this step adds two storage nodes based on the deployed cloud platform obtained in S403.
  • S401, S402, and S403 are the same as S101, S102, and S103 in the embodiment of FIG. 1, all implementations of S101, S102, and S103 are applicable to FIG. 4, and all of the same or similar beneficial effects can be achieved. Let me repeat.
  • the cloud platform management method provided by the embodiment of the present application, after obtaining the deployed cloud platform, if receiving an operation instruction for expanding a node in the deployed cloud platform, adding the information to be extended to the license information, Updated license information; digitally sign the updated license information, generate an updated license file according to the obtained updated signature information and updated license information; and perform the deployed cloud platform according to the updated license file Expansion node installation.
  • the embodiment of the present application can also update the license information according to the user's need for the cloud platform extension, and then update the signature information and the license file corresponding to the license information, thereby flexibly expanding the cloud platform.
  • determining the license information for the user according to the usage requirement of the node in the cloud platform by the user may include:
  • the license for the number of nodes in the license information is turned on or off.
  • the requirement of using the node includes the requirement of the term of use of the node, it is determined whether the license for the use term of the node in the license information is turned on or off.
  • the number of nodes, the node configuration, the node usage period, the component type, and the like may be combined and authorized, that is, the number of nodes, the node configuration, the node usage period, the component type, and the like may be applied to the application.
  • the boil type variable can be used to indicate the on or off status of the license. For example, if the number of nodes is authorized, the value of the Boolean variable corresponding to the number of nodes can be set to TRUE. Otherwise, You can set the value of a Boolean variable corresponding to the number of nodes to FALSE.
  • the number of nodes, the node configuration, the node usage period, the component type, and the like may be set to be turned on or off, and multiple authorization modes are obtained, and the cloud is obtained through multiple authorization modes.
  • the platform is managed so that the cloud platform can be flexibly licensed and managed.
  • the nodes in the cloud platform of the user are deployed according to the license information, including:
  • the number of nodes to be added and the node configuration are obtained, and it is determined whether the sum of the number of nodes that have added nodes in the cloud platform and the number of nodes to be added is not greater than the number of nodes in the license information. And the total configuration of the node configuration of the added node in the cloud platform and the node configuration of the node to be added is not greater than the node configuration in the license information; when the judgment result is yes, the node to be added is added.
  • the cloud platform may be deployed according to the license information.
  • the cluster information information of all nodes
  • the cloud platform needs to be checked according to the license information.
  • you need to obtain information about the node to be added number of nodes, node configuration, component type in the node, etc.
  • the number of nodes to be added is equal to the number of nodes in the cloud platform.
  • the node configuration includes: the number of CPUs and the size of the memory.
  • the signature information and the expiration date are first verified when the node is added.
  • the number of CPUs in the license information is read, and then the number of CPUs of the node to be added is obtained, and finally the number of CPUs is added to the number of CPUs in the cloud platform cluster, and the license is authorized.
  • the number of CPUs in the information is compared. If the number of CPUs after the addition is less than or equal to the number of CPUs in the license information, that is, if the node to be added can be successfully deployed, the node to be added is added.
  • the cloud platform can be deployed through the license information, which can prevent the user from deploying the cloud platform beyond the scope of the license information license.
  • the method further includes:
  • the service in the cloud platform may be authenticated.
  • the keystone is a component in the cloud platform.
  • For identity authentication Create a Token (temporary token in authentication).
  • the token is created, the signature information and the expiration date are read from the nova database, the signature information is verified, and the expiration date is valid.
  • a token is created for the keystone.
  • the signature information and the expiration date in the license file in the deployed cloud platform are verified.
  • the signature information is decrypted, whether the decrypted information and the license information are verified are the same, and the license information is prevented from being tampered with.
  • the distributed cloud platform can be periodically authenticated and authenticated to determine whether the deployed cloud platform is running under the license.
  • nova-compute (a service for computing in the nova component) collects the CPU and memory of the nodes in the cloud platform, and nova-conductor (the service for database interaction in the nova component) is responsible for integrating the CPU and memory of the entire cloud platform. Then, the license information in the cloud platform database is read, and after the signature information is verified, the node configuration is verified. The nova-conductor can also obtain the number of computing, network, and storage nodes of the cloud platform, and then read the license information in the cloud platform database, and verify the signature, and then verify the number of nodes. In the embodiment of the present application, the serial number of the physical node of the Openstack cloud platform may also be verified according to the license information.
  • the motherboard serial number of the node is obtained by nova-compute (the service used for computing in the nova component), and then obtained by nova-conductor (the service for database interaction in the nova component). And verify the license information; for a separate storage node, the storage daemon obtains the serial number of the node of the node, and then completes the verification; for a separate network node, the network daemon (such as neutron-openvswitch-agent) completes the verification of the serial number of the motherboard .
  • nova-compute the service used for computing in the nova component
  • nova-conductor the service for database interaction in the nova component
  • FIG. 5 is a structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
  • the license information obtaining module 501 is configured to determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; specifically, according to the user's use requirements for the nodes in the cloud platform. , determining license information for the user;
  • the license file generating module 502 is configured to digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information;
  • the cloud platform deployment module 503 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. .
  • the cloud platform management device determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type. Digitally signing the license information, and generating a license file according to the obtained signature information and the license information; when deploying the user's cloud platform, adding the license file to the user's cloud platform, according to the license information, Deploy the nodes in the user's cloud platform and get the deployed cloud platform.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • the device in the embodiment of the present application is a device that applies the foregoing cloud platform management method, and all embodiments of the cloud platform management method are applicable to the device, and all of the same or similar beneficial effects can be achieved.
  • FIG. 6 is another structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
  • the license information obtaining module 601 is configured to determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; specifically, according to the user's use requirements for the nodes in the cloud platform. , determining license information for the user;
  • the license file generating module 602 is configured to digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information;
  • the signature information verification module 603 is configured to verify whether the signature information and the license permission information in the license file correspond to each other;
  • the information storage module 604 is configured to: if the signature information verification module passes the verification, store the signature information and the license information in the cloud platform of the user;
  • the cloud platform deployment module 605 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. .
  • the cloud platform management device determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type.
  • the embodiment of the present application can perform combined authorization for the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like, thereby performing flexible authorization and license management on the cloud platform.
  • the license information is not easily tampering.
  • FIG. 7 is still another structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
  • the license information obtaining module 701 is configured to determine the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type;
  • the license file generating module 702 is configured to digitally sign the license information, and generate an authorization license file according to the obtained signature information and the license information;
  • the cloud platform deployment module 703 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. ;
  • the license information update module 704 is configured to: if the operation instruction for expanding the node in the deployed cloud platform is received, add the node information to be extended to the license information to obtain the updated license information;
  • the license file update module 705 is configured to digitally sign the updated license information, and generate an updated license file according to the obtained updated signature information and the updated license information;
  • the extended node installation module 706 is configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
  • the cloud platform management apparatus provided by the embodiment of the present application, after receiving the deployed cloud platform, adds an operation instruction for expanding a node in the deployed cloud platform, and adds information to be extended to the license information, and obtains Updated license information; digitally sign the updated license information, generate an updated license file according to the obtained updated signature information and updated license information; and perform the deployed cloud platform according to the updated license file Expansion node installation.
  • the embodiment of the present application can also update the license information according to the user's use requirements for the cloud platform extension, thereby flexibly expanding the cloud platform.
  • the license information obtaining module is specifically configured to determine the license information for the user according to the user's use requirements of the nodes in the cloud platform.
  • the license information obtaining module is specifically configured to determine whether the license for the number of nodes in the license information is turned on or off according to whether the requirement of the number of nodes is included in the use requirement; Whether the requirements of the node configuration are included in the requirement, determining whether the license for configuring the node in the license information is turned on or off; determining whether the license period is authorized in the license information according to whether the requirement of using the node includes the use term of the node.
  • the license is turned on or off; depending on whether the requirements for the component type are included in the usage requirements, it is determined whether the license type for the component type in the license information is turned on or off.
  • the cloud platform deployment module is specifically configured to: when adding a node, obtain the number of nodes and node configurations of the node to be added, and determine the number of nodes that have added nodes in the cloud platform and nodes to be added. Whether the sum of the number of nodes is not greater than the number of nodes in the license information, and whether the node configuration of the added node of the cloud platform and the total configuration of the node configuration of the node to be added are not greater than the node configuration in the license information; When the judgment result is yes, add the node to be added.
  • the cloud platform management apparatus further includes:
  • the first verification module is configured to verify signature information and an expiration date in the license file in the deployed cloud platform
  • the second verification module is configured to perform periodic authorization verification on the deployed cloud platform when the first verification module is successfully verified, and determine whether the deployed cloud platform runs within the scope of the license.
  • the second verification module is specifically configured to verify whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information; and verify the configuration of the nodes in the deployed cloud platform. Whether it is not greater than the configuration of the node in the license information; verify whether the motherboard serial number of the node in the deployed cloud platform is in the license information; verify whether the current time in the deployed cloud platform is within the validity period of the license information. If the above verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license. Otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
  • FIG. 8 is a structural diagram of an electronic device according to an embodiment of the present application, including: a processor 801 and a machine readable storage medium 802.
  • the machine readable storage medium 802 stores There are machine executable instructions executable by the processor 801 that, when executed by the processor 801, implement the steps of any of the cloud platform management methods described above.
  • the processor 801 may be a general-purpose processor, including: a CPU, an NP (Network Processor), or the like; or a DSP (Digital Signal Processing) or an ASIC (Application Specific Integrated Circuit). , FPGA (Field-Programmable Gate Array) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
  • NP Network Processor
  • DSP Digital Signal Processing
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • other programmable logic devices discrete gate or transistor logic devices, discrete hardware components.
  • the machine-readable storage medium 802 may include a RAM (Random Access Memory), and may also include a non-volatile memory, such as at least one disk storage. Alternatively, the machine readable storage medium 802 can also be at least one storage device located remotely from the processor 801.
  • RAM Random Access Memory
  • non-volatile memory such as at least one disk storage.
  • the machine readable storage medium 802 can also be at least one storage device located remotely from the processor 801.
  • the processor executes the machine executable instructions stored on the machine readable storage medium, so that the license for the user can be determined according to the user's use requirements of the nodes in the cloud platform.
  • Information wherein the license information includes: a number of nodes, a node configuration, a node usage period, and a component type; digitally signing the license information, generating an authorization license file according to the obtained signature information and the license information;
  • the platform is deployed, the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • the embodiment of the present application further provides a computer readable storage medium.
  • the computer readable storage medium stores a computer program.
  • the steps of the cloud platform management method in the foregoing embodiment are implemented.
  • the license information for the user is determined according to the user's use requirement of the node in the cloud platform, wherein the license information includes : number of nodes, node configuration, node lifetime, and component type; digitally sign the license information, generate a license file based on the obtained signature information and license information; and license the user when deploying the cloud platform
  • the file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • the embodiment of the present application further provides a computer program product comprising instructions, when executed on a computer, causing the computer to perform the steps of any of the above cloud platform management methods.
  • the computer program product of the embodiment of the present application when it is running on a computer, determines the license information for the user according to the user's use requirement of the node in the cloud platform, wherein the license information includes: the number of nodes, the node configuration, The term of use of the node and the type of the component; digitally sign the license information, generate a license file based on the obtained signature information and the license information; add the license file to the user's cloud platform when deploying the user's cloud platform According to the license information, deploy the nodes in the user's cloud platform to obtain the deployed cloud platform.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • the number of nodes in the cloud platform, the node configuration, the component types in the nodes, and the like may be combined and authorized, thereby performing flexible authorization and license management on the cloud platform; Digital signatures ensure that license information is not easily tampered with.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un procédé et un appareil de gestion de plate-forme en nuage, un dispositif électronique et un support de stockage lisible, qui sont appliqués au domaine technique de l'informatique en nuage. Le procédé comporte les étapes consistant à: déterminer des informations d'autorisation pour un utilisateur, les informations d'autorisation comportant: le nombre de nœuds, une configuration de nœuds, une durée de vie en service d'un nœud et un type de composant; signer numériquement les informations d'autorisation, et générer un fichier d'autorisation d'après des informations de signature obtenues et les informations d'autorisation; et lorsqu'une plate-forme en nuage de l'utilisateur est déployée, ajouter le fichier d'autorisation à la plate-forme en nuage de l'utilisateur, et déployer, selon les informations d'autorisation, un nœud dans la plate-forme en nuage de l'utilisateur pour obtenir la plate-forme en nuage déployée. En comparaison de la technique antérieure, dans les modes de réalisation de la présente invention, au moyen de la configuration d'un ou de plusieurs nœuds parmi la multiplicité de nœuds, d'une configuration de nœuds et du type d'un composant dans un nœud, une plate-forme en nuage est autorisée de manière combinée, améliorant ainsi la souplesse d'un procédé de génération d'autorisations.
PCT/CN2018/119340 2017-12-05 2018-12-05 Procédé et appareil de gestion de plate-forme en nuage, dispositif électronique et support de stockage lisible WO2019109943A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711269676.0A CN109873711A (zh) 2017-12-05 2017-12-05 一种云平台管理方法、装置、电子设备及可读存储介质
CN201711269676.0 2017-12-05

Publications (1)

Publication Number Publication Date
WO2019109943A1 true WO2019109943A1 (fr) 2019-06-13

Family

ID=66751259

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/119340 WO2019109943A1 (fr) 2017-12-05 2018-12-05 Procédé et appareil de gestion de plate-forme en nuage, dispositif électronique et support de stockage lisible

Country Status (2)

Country Link
CN (1) CN109873711A (fr)
WO (1) WO2019109943A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259447A (zh) * 2021-05-26 2021-08-13 中国电子信息产业集团有限公司第六研究所 云平台部署方法、装置、电子设备及存储介质

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112311739A (zh) * 2019-07-31 2021-02-02 北京金山云网络技术有限公司 一种服务管理方法、管理装置、电子设备及存储介质
CN110855668A (zh) * 2019-11-14 2020-02-28 浙江九州云信息科技有限公司 一种管理容器云平台授权证书的方法及系统
CN111478953B (zh) * 2020-03-27 2022-09-06 北京金山云网络技术有限公司 服务器集群的自构建方法、装置、系统、设备及存储介质
CN111585880B (zh) * 2020-05-13 2021-09-28 腾讯科技(深圳)有限公司 业务系统中的网关控制方法、装置及电子设备
CN114896621B (zh) * 2022-07-15 2022-10-14 深圳竹云科技股份有限公司 应用服务的获取方法、加密方法、装置、计算机设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010148877A1 (fr) * 2010-01-08 2010-12-29 中兴通讯股份有限公司 Procédé et système de commande d'authentification à l'aide d'une licence d'expansion
CN102324009A (zh) * 2011-09-07 2012-01-18 上海普元信息技术股份有限公司 基于云计算平台的软件版权控制系统及其方法
CN103944881A (zh) * 2014-03-19 2014-07-23 华存数据信息技术有限公司 一种云计算环境下云资源授权的方法
CN106789891A (zh) * 2016-11-22 2017-05-31 国云科技股份有限公司 一种适用于IaaS云平台的多维度软件授权控制方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102509034B (zh) * 2011-09-30 2014-11-26 广东电子工业研究院有限公司 一种软件许可控制装置的软件许可控制方法
US8606899B1 (en) * 2012-05-29 2013-12-10 Sansay, Inc. Systems and methods for dynamic session license control
US20150242599A1 (en) * 2014-02-26 2015-08-27 Schlumberger Technology Corporation Cluster license server
CN104065716A (zh) * 2014-06-18 2014-09-24 江苏物联网研究发展中心 一种基于OpenStack的提供Hadoop服务的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010148877A1 (fr) * 2010-01-08 2010-12-29 中兴通讯股份有限公司 Procédé et système de commande d'authentification à l'aide d'une licence d'expansion
CN102324009A (zh) * 2011-09-07 2012-01-18 上海普元信息技术股份有限公司 基于云计算平台的软件版权控制系统及其方法
CN103944881A (zh) * 2014-03-19 2014-07-23 华存数据信息技术有限公司 一种云计算环境下云资源授权的方法
CN106789891A (zh) * 2016-11-22 2017-05-31 国云科技股份有限公司 一种适用于IaaS云平台的多维度软件授权控制方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259447A (zh) * 2021-05-26 2021-08-13 中国电子信息产业集团有限公司第六研究所 云平台部署方法、装置、电子设备及存储介质
CN113259447B (zh) * 2021-05-26 2022-12-20 中国电子信息产业集团有限公司第六研究所 云平台部署方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
CN109873711A (zh) 2019-06-11

Similar Documents

Publication Publication Date Title
WO2019109943A1 (fr) Procédé et appareil de gestion de plate-forme en nuage, dispositif électronique et support de stockage lisible
US11489678B2 (en) Platform attestation and registration for servers
CN110287654B (zh) 使用硬件信任根的媒体客户端装置鉴权
US8954732B1 (en) Authenticating third-party programs for platforms
JP5314016B2 (ja) 情報処理装置、暗号鍵の管理方法、コンピュータプログラム及び集積回路
US8925055B2 (en) Device using secure processing zone to establish trust for digital rights management
US8966021B1 (en) Composable machine image
CN110677376B (zh) 认证方法、相关设备和系统及计算机可读存储介质
WO2018024061A1 (fr) Procédé, dispositif et système de concession de licence de contenu numérique partagé
US9405912B2 (en) Hardware rooted attestation
JP6371919B2 (ja) セキュアなソフトウェアの認証と検証
WO2016074506A1 (fr) Procédé et dispositif de réseau pour authentifier une intégrité de programme d'application
US20100083386A1 (en) Tokenized Resource Access
CN111625869B (zh) 数据处理方法及数据处理装置
Park et al. TM-Coin: Trustworthy management of TCB measurements in IoT
MX2012009025A (es) Autorizacion de funciones de software a traves de agentes delegados.
WO2018153018A1 (fr) Procédé et système de mise à jour de clé
US20140157368A1 (en) Software authentication
KR20130101964A (ko) 플랫폼 컴포넌트들의 보안 업그레이드 또는 다운그레이드를 위한 방법 및 시스템
CN111241492A (zh) 一种产品多租户安全授信方法、系统及电子设备
CN116964586A (zh) 授权加密
US20220284100A1 (en) Management of local signing of software packages using a trusted execution environment
Jain et al. An approach towards digital signatures for e-governance in india
US20240126886A1 (en) Trusted Computing for Digital Devices
JP2019057827A (ja) 分散認証システムおよびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18886352

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 22/09/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18886352

Country of ref document: EP

Kind code of ref document: A1