WO2023050110A1 - Procédé de mise en œuvre d'un changement automatique de mot de passe ayant un mécanisme de tolérance aux défauts pour hôte en nuage et hôte bastion en nuage - Google Patents

Procédé de mise en œuvre d'un changement automatique de mot de passe ayant un mécanisme de tolérance aux défauts pour hôte en nuage et hôte bastion en nuage Download PDF

Info

Publication number
WO2023050110A1
WO2023050110A1 PCT/CN2021/121543 CN2021121543W WO2023050110A1 WO 2023050110 A1 WO2023050110 A1 WO 2023050110A1 CN 2021121543 W CN2021121543 W CN 2021121543W WO 2023050110 A1 WO2023050110 A1 WO 2023050110A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud
computing platform
cloud computing
automatic
bastion
Prior art date
Application number
PCT/CN2021/121543
Other languages
English (en)
Chinese (zh)
Inventor
吴中岱
王骏翔
郭磊
胡蓉
韩冰
刘晋
Original Assignee
中远海运科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中远海运科技股份有限公司 filed Critical 中远海运科技股份有限公司
Priority to PCT/CN2021/121543 priority Critical patent/WO2023050110A1/fr
Publication of WO2023050110A1 publication Critical patent/WO2023050110A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the invention relates to the technical field of cloud computing and information security, in particular to a method for realizing automatic encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion hosts.
  • Cloud host is an important part of cloud computing in infrastructure applications. It is located at the bottom of the cloud computing industry chain pyramid, and its products originate from cloud computing platforms. The platform integrates three core elements of Internet applications: computing, storage, and network, and provides users with public Internet infrastructure services. Cloud host is a virtualization technology similar to VPS host. VPS uses virtual software. VZ or VM virtualizes multiple parts similar to independent hosts on one host. operating system, the management method is the same as that of the host. With the development of cloud computing, the network security issues cannot be ignored.
  • the bastion host plays a key role in performing security compliance audits in the hybrid cloud environment.
  • the infrastructure is highly heterogeneous and widely distributed;
  • the scale of cloud resources continues to grow, requiring the bastion machine to have sufficient scalability;
  • the construction of the cloud computing platform has introduced a large number of different types of IT infrastructure.
  • the API interface of the computing platform also requires the bastion machine to have better adaptability and flexibility in asset access and management; in addition, because the current cloud computing platform has multiple enterprises, organizations, and tenants, resulting in the distribution of IT assets The scope is wide and the management is relatively decentralized.
  • the operation and maintenance security audit system based on the bastion machine needs to provide a multi-level authorization management system to adapt to the current IT management model
  • the infrastructure is highly heterogeneous and widely distributed, and the labor cost of password and other information maintenance is high.
  • the construction of a cloud computing platform introduces a large number of different types of IT infrastructure, including traditional physical bare metal devices within the enterprise, cloud computing virtualized resources, and so on.
  • the traditional bastion host does not have good adaptability and flexibility in asset access and management.
  • the addition, deletion, and modification of cloud host accounts need to be completed manually on both sides of the cloud resource and the bastion host.
  • the cost of configuration and manual maintenance is high, and the accuracy and real-time performance are not enough.
  • the isolation of the cloud computing platform and the traditional bastion host makes it difficult to realize real-time linkage and automatic encryption.
  • the cloud computing platform is relatively isolated from the traditional bastion host. It is difficult for cloud computing platform tenants and bastion host users to link up. It is often necessary to manually maintain the resources of the cloud computing platform and the bastion host. Due to the isolation of the traditional bastion host and the cloud computing platform, the cloud computing platform It is difficult to regularly and automatically change encryption through the cloud computing platform.
  • the present invention develops a A method for automatically changing encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion machines, which can complete the automatic synchronization of cloud asset information in the cloud computing platform of the cloud computing platform and the bastion machine, and can issue password policies through the cloud computing platform to realize cloud computing.
  • the cloud asset information in the computing platform is automatically changed; under the unified management of the cloud platform, the random change of the cloud asset information in all cloud computing platforms is completed, and the information is synchronized with the cloud bastion machine, and the automatic change is realized.
  • the cloud tenant directly logs in to the cloud bastion machine through the cloud platform.
  • the cloud computing platform uses the self-developed bastion machine verification module and uses the cloud computing service orchestration technology to develop the cloud resource automatic encryption technology, which can directly set the cloud asset information encryption plan in the cloud computing platform on the cloud computing platform.
  • the docking between the platform and the open source bastion host completes automatic encryption and information synchronization.
  • the cloud computing platform has added an automatic password change fault-tolerant mechanism to improve the stability of automatic password changes, support strategic periodic batch password changes, increase the differentiation of passwords between different systems, and increase the complexity to meet management needs and meet different business scenarios. Resource security compliance requirements.
  • the present invention provides a method for automatically changing encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion hosts, which is characterized in that it specifically includes the following steps:
  • S1 deploys and integrates the open source bastion host, builds a cloud bastion host suitable for cloud business scenarios on the cloud computing platform through the open API interface of the open source bastion host, realizes the connection between the cloud computing platform and the cloud bastion host, and realizes the cloud
  • the cloud asset information of the computing platform and the cloud asset information of the cloud bastion machine are managed and maintained in a unified manner on the cloud computing platform; at the same time, a cloud bastion machine verification module is established on the connected cloud computing platform to ensure Under the structural environment, to verify and ensure the accuracy of the cloud asset information in the cloud computing platform synchronized between the cloud computing platform and the cloud bastion machine, to ensure that the automatic encryption plan can be executed normally;
  • S2 establishes a fault-tolerant mechanism response rule, and establishes a fault-tolerant mechanism response rule added in the cloud computing platform, which is used to increase the password differentiation between different systems and improve the stability of automatic password change; wherein, the fault-tolerant mechanism refers to the cloud computing platform.
  • the automatic encryption and fault-tolerant mechanism was added;
  • S3 establishes the response rules for real-time synchronization of cloud asset information in the cloud computing platform, establishes real-time response rules for cloud asset information in the cloud computing platform under business scenarios such as dynamic delivery and elastic scaling of cloud computing platform, and realizes the cloud Real-time automatic synchronization of cloud asset information on the cloud computing platform between the bastion host and the cloud computing platform;
  • S4 acquires the encryption policy, obtains the planned task customized by the cloud computing platform for automatic encryption, and determines the encryption strategy according to the planned task;
  • step S5 executes automatic encryption, and after obtaining the automatic encryption strategy, the cloud computing platform automatically calls the cloud computing platform and the cloud bastion machine docked in step S1, and completes the arrangement of the automatic encryption strategy of cloud asset information in the cloud computing platform Automatically responding to the fault-tolerant mechanism in step S2 and the verification module of the cloud bastion machine and performing regular automatic verification and performing batch re-encryption by the cloud bastion machine according to the described automatic encryption policy; and automatically by step S3
  • the execution result is synchronized by the cloud bastion host to the cloud computing platform, and takes effect in the corresponding cloud host.
  • the cloud bastion machine adopts a distributed architecture, supports cross-regional deployment of multiple computer rooms, supports horizontal expansion, and has no cloud asset information quantity and concurrency restrictions in the cloud computing platform;
  • the cloud asset information in the cloud computing platform includes: basic information such as ip and port of the cloud host, operation authority information of the cloud tenant, user names and password information of administrator users/non-administrator users in the cloud host resources, and other accounts. Cloud resource account information;
  • the cloud bastion host is provided to cloud tenants as one of the services provided by the cloud computing platform, and the cloud tenants can directly jump to use the cloud bastion host through the cloud computing platform.
  • the verification module of the cloud bastion machine is used for the cloud computing platform to automatically and/or manually complete the verification function with the cloud tenant on a regular basis, and to complete the verification of the relevant cloud in the cloud computing platform through automation technology.
  • Host cloud asset information verification verify its correctness through automatic remote login, and then verify with the cloud bastion host to ensure that the cloud asset information in the cloud platform is consistent with the cloud bastion, and initiate verification when the verification results are consistent.
  • the automatic re-encryption fault-tolerant mechanism includes: when the automatic re-encryption task is executed, the password verification function is performed synchronously one by one, and after the password modification is automatically completed, the previous password will be recorded. Then record the newly modified password together; then try to automatically verify the new password of the cloud host. If the verification fails, this cloud host task will be rolled back to ensure that the old password can be logged in; all automatic password change tasks are terminated and need Manual intervention, choose to skip or continue; if the verification is correct, continue to the next task.
  • the business scenarios such as dynamic delivery and elastic scaling include: through the dynamic scaling of cloud host resources, the newly expanded cloud host will have an independent account and password, and the independent account and The password will be synchronized with the cloud bastion host to ensure the operability of the new cloud host resources.
  • the cloud computing platform customizes the scheduled tasks for automatic encryption, including: start time, list of related cloud hosts, users related to cloud hosts, etc.
  • the present invention also provides a device for automatically changing encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion hosts, which is characterized in that it includes:
  • the open source bastion machine module which is used to build a cloud bastion machine suitable for cloud business scenarios on the cloud computing platform through the open api interface of the open source bastion machine itself, realize the connection between the cloud computing platform and the cloud bastion machine, and realize all
  • the cloud asset information of the cloud computing platform and the cloud asset information of the cloud bastion machine are managed and maintained in a unified manner on the cloud computing platform; at the same time, a cloud bastion machine verification module is established on the connected cloud computing platform to ensure that In a multi-cloud heterogeneous environment, to verify and ensure the accuracy of the cloud asset information in the cloud computing platform synchronized between the cloud computing platform and the cloud bastion machine, to ensure that the automatic encryption plan can be executed normally;
  • the fault-tolerant mechanism response module is used to automatically respond to the rules of the fault-tolerant mechanism, and is used to increase the password differentiation between different systems and improve the stability of automatic password change; wherein, the fault-tolerant mechanism is to establish a cloud bastion machine verification module on the cloud computing platform , the added automatic password change fault-tolerant mechanism;
  • the real-time synchronization cloud asset information response module in the cloud computing platform is used to automatically respond to the real-time synchronization rules of the cloud asset information in the cloud computing platform under business scenarios such as dynamic delivery of cloud asset information in the cloud computing platform and elastic scaling, and realize the above-mentioned Real-time automatic synchronization of the cloud asset information on the cloud computing platform between the cloud bastion machine and the cloud computing platform;
  • an encryption policy module used to acquire the planned tasks customized by the cloud computing platform for automatic encryption, and determine the encryption strategy according to the planned tasks
  • Execute the automatic encryption module which is used to automatically call the cloud computing platform and the cloud bastion machine that are deployed and integrated with the open source bastion machine module in the cloud computing platform after obtaining the automatic encryption policy, and complete the cloud assets in the cloud computing platform
  • module of obtaining and changing the encryption policy also includes:
  • the display sub-module is used to display the interface of the module in the cloud computing platform that is specially used for the automatic encryption task of the cloud host, and can provide user-defined timing tasks that need to enable automatic encryption;
  • Custom encryption policy sub-module cloud tenants can directly configure the cloud resource encryption plan through the cloud computing platform, and get a customized automatic encryption policy after the configuration is completed.
  • the present invention also includes an electronic device, which is characterized in that the device includes a memory and a processor, and the memory is stored with a cloud host and cloud bastion machine implementation that can run on the processor according to the present invention.
  • the configuration program of the device of automatic encryption technology when the configuration program is executed by the processor, it can realize the automatic encryption method with fault-tolerant mechanism for cloud host and cloud bastion machine according to the present invention.
  • the present invention also includes a computer-readable storage medium, which is characterized in that the computer-readable storage medium stores the configuration of a device for implementing automatic encryption technology for cloud hosts and cloud bastion machines according to the present invention program, and the configuration program can be executed by one or more processors, so as to realize a method for automatically changing encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion machines according to the present invention.
  • the present invention has the advantages of:
  • the present invention develops a method for realizing automatic encryption technology for cloud hosts and cloud bastion machines.
  • the automatic synchronization of cloud resources and cloud asset information in the cloud computing platform of the bastion machine can be completed.
  • the password policy can be issued through the cloud computing platform to realize the automatic encryption of cloud asset information in the cloud computing platform; under the unified management of the cloud platform, the random encryption of cloud asset information in all cloud computing platforms can be completed and at the same time the information can be encrypted. Synchronize with the cloud bastion host, and realize that after automatic encryption, cloud tenants can directly log in to the cloud bastion host through the cloud platform.
  • the cloud asset information in the cloud computing platform will be synchronized with the cloud bastion machine in real time, and the cloud computing platform will verify the template through the cloud bastion machine to ensure the accuracy of cloud asset information synchronization in the cloud computing platform , for a multi-cloud heterogeneous environment, it is only necessary to maintain a set of cloud asset information in the cloud computing platform on the cloud computing platform to ensure that the automatic encryption plan can be executed normally.
  • the linkage between the cloud computing platform and the cloud fortress machine can solve the isolation problem, and the automatic encryption technology can be released and developed as a cloud service of the cloud computing platform to all parties.
  • Cloud tenants only need to use the cloud computing platform to complete the arrangement of the cloud resource automatic encryption plan, and the cloud bastion machine can strategically perform batch encryption regularly.
  • the cloud computing platform Through the connection between the cloud computing platform and the cloud bastion machine, it can meet the dynamic delivery of cloud resources and elastic expansion and other business scenarios to realize the synchronization timeliness of cloud asset information in the cloud computing platform and cloud bastion machine information, without manual maintenance of bastion machine information, reducing labor costs.
  • the unified management of passwords can be carried out through the cloud computing platform to meet the needs of different tenants to change passwords and improve the stability of automatic password changes.
  • Figure 1 The steps of a method for implementing automatic encryption with fault-tolerant mechanisms for cloud hosts and cloud bastion hosts provided by the present invention.
  • FIG. 2 A block diagram of a configuration program for implementing automatic encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion hosts provided by the present invention.
  • FIG. 3 A program module diagram of the obtaining and reciphering policy module in another automatic reciphering configuration program with fault-tolerant mechanism for cloud hosts and cloud bastion machines provided by the present invention.
  • Fig. 4 is a specific flow chart of another method for implementing automatic encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion hosts provided by the present invention.
  • Fig. 1 shows the steps of a method for implementing automatic encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion hosts provided by the present invention.
  • a method for automatically changing encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion machines specifically includes the following steps:
  • Step S1 deploys and integrates the Jumpserver open-source bastion host, constructs a cloud bastion host suitable for cloud business scenarios on the cloud computing platform through the open API interface of the open-source bastion host, realizes the connection between the cloud computing platform and the cloud bastion host, and realizes all
  • the cloud asset information of the cloud computing platform and the cloud asset information of the cloud bastion machine are managed and maintained in a unified manner on the cloud computing platform; at the same time, a cloud bastion machine verification module is established on the connected cloud computing platform to ensure that In a multi-cloud heterogeneous environment, to verify and ensure the accuracy of the cloud asset information in the cloud computing platform that is synchronized between the cloud computing platform and the cloud bastion machine, to ensure that the automatic encryption plan can be executed normally.
  • the open source bastion host is not limited to the Jumpserver open source bastion host already used in this embodiment.
  • the cloud bastion machine adopts a distributed architecture, supports cross-regional deployment of multiple computer rooms, supports horizontal expansion, and has no cloud asset information quantity and concurrency restrictions in the cloud computing platform.
  • the cloud hosts involved in this embodiment include various operating systems and versions (such as windows, linux) on various types of cloud basic resources (Vware, openstack, bare metal, etc.), and the users involved are cloud computing service platforms. All cloud tenants, application scenarios: industry-wide production, development, UAT, testing and other business systems, general-purpose. It should be noted that in practical applications, the solutions provided by the present invention are not limited to the users or application fields described in the above-mentioned embodiments, but include commonly used devices understood by those skilled in the art.
  • the cloud bastion machine verification module is used for the cloud computing platform to automatically or/and cloud tenants to manually complete the verification function on a regular basis, and to complete the verification of the relevant cloud host cloud assets in the cloud computing platform through automation technology Information verification, verify its correctness through automatic remote login, and at the same time verify with the cloud bastion machine to ensure that the cloud asset information in the cloud platform is consistent with that in the cloud bastion, and initiate verification when the verification results are consistent.
  • the cloud asset information includes cloud host ip, cloud host operating system, cloud host remote login port, account, password, etc.
  • the cloud asset information in the cloud computing platform includes: basic information such as ip and port of the cloud host, operation authority information of the cloud tenant, user names and password information of administrator users/non-administrator users in the cloud host resources, and other accounts. Cloud resource account information.
  • one cloud asset corresponds to multiple cloud resource account information.
  • the cloud bastion host is provided to cloud tenants as one of the services provided by the cloud computing platform, and the cloud tenants can directly jump to use the cloud bastion host through the cloud computing platform.
  • Step S2 establishes a fault-tolerant mechanism response rule, and establishes a fault-tolerant mechanism response rule added in the cloud computing platform, which is used to increase the password differentiation between different systems and improve the stability of automatic password change; wherein, the fault-tolerant mechanism is in the cloud computing platform
  • the automatic code change fault-tolerant mechanism includes: when the automatic code change task is executed, the password verification function is performed synchronously one by one, after the password modification is automatically completed , will record the previous password, and then record the newly modified password; then try to automatically verify the new password of the cloud host. If the verification fails, this cloud host task will be rolled back to ensure that the old password can be logged in; all The automatic password change task is terminated and manual intervention is required. Choose to skip or continue; if the verification is correct, continue to the next task.
  • Step S3 establishes a response rule for synchronizing cloud asset information in the cloud computing platform in real time, establishes a real-time response rule for cloud asset information in the cloud computing platform under business scenarios such as dynamic delivery of cloud asset information in the cloud computing platform and elastic scaling, and realizes the above
  • the business scenarios such as dynamic delivery and elastic scaling include: through the dynamic scaling of cloud host resources, the newly expanded cloud host will have an independent Account and password, the independent account and password will be synchronized with the cloud bastion host to ensure the operability of the new cloud host resources.
  • Step S4 obtains the encryption policy, obtains the planned task customized by the cloud computing platform for automatic encryption, and determines the encryption strategy according to the planned task; the planned task customized by the cloud computing platform for automatic encryption includes: start time , the list of cloud hosts involved, the users of cloud hosts, etc.
  • Step S5 executes the automatic encryption change.
  • the cloud computing platform and the cloud bastion machine docked in step S1 are automatically invoked in the cloud computing platform to complete the automatic encryption strategy of the cloud asset information in the cloud computing platform.
  • the result of automatic execution is synchronized by the cloud bastion host to the cloud computing platform, and takes effect in the corresponding cloud host.
  • Fig. 2 is a module diagram of a configuration program for implementing automatic encryption with fault-tolerant mechanism for cloud hosts and cloud bastion hosts provided by the present invention.
  • the present invention provides a kind of device that realizes the automatic reciphering that contains fault-tolerant mechanism for cloud host and cloud bastion machine, wherein, comprises:
  • the open source bastion host module 101 which is used to build a cloud bastion host suitable for cloud business scenarios on the cloud computing platform through the open api interface of the Jumpserver open source bastion host, so as to realize the connection between the cloud computing platform and the cloud bastion host, and Realize that the cloud asset information of the cloud computing platform and the cloud asset information of the cloud bastion machine are managed and maintained in a unified manner on the cloud computing platform; at the same time, a cloud bastion machine verification module is established on the connected cloud computing platform for Ensure that in a multi-cloud heterogeneous environment, to verify and ensure the accuracy of the cloud asset information that is synchronized between the cloud computing platform and the cloud bastion machine, and ensure that the automatic encryption plan can be executed normally;
  • the fault-tolerant mechanism response module 102 is used to automatically respond to the rules of the fault-tolerant mechanism, to increase the password differentiation between different systems, and to improve the stability of automatic encryption; wherein, the fault-tolerant mechanism is to establish a cloud bastion machine verification on the cloud computing platform When the module is installed, the automatic password change fault-tolerant mechanism is added;
  • the real-time synchronization cloud asset information response module 103 in the cloud computing platform is used to automatically respond to the real-time synchronization rules of the cloud asset information in the cloud computing platform under business scenarios such as dynamic delivery of cloud asset information and elastic scaling in the cloud computing platform, and realize all Real-time automatic synchronization of cloud asset information on the cloud computing platform between the cloud bastion machine and the cloud computing platform;
  • Obtaining an encryption policy module 104 configured to acquire a planned task customized by the cloud computing platform for automatic encryption, and determine an encryption policy according to the planned task;
  • Execute the automatic encryption module 105 for after obtaining the automatic encryption strategy, automatically call the cloud computing platform and the cloud bastion machine that are deployed and merged with the open source bastion machine module in the cloud computing platform, and complete the cloud computing platform in the cloud computing platform.
  • the present invention also provides another method for automatically changing encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion machines, wherein the obtained encryption strategy also includes cloud tenant-defined Change encryption policy.
  • Fig. 3 is a program module diagram of another automatic re-encryption device implementing a fault-tolerant mechanism for cloud hosts and cloud bastion machines provided by the present invention.
  • the present invention provides another program module diagram of the acquisition and modification policy module in an automatic modification device with fault-tolerant mechanism for cloud hosts and cloud bastion machines.
  • obtaining the modification strategy module 104 also includes:
  • the display sub-module 1041 is used to display the interface of the module that is specially used for the automatic encryption task of the cloud host in the cloud computing platform, and can provide the timed task that user-defined needs to enable automatic encryption;
  • the sub-module 1042 of self-defining encryption policy is used for cloud tenants to directly configure the cloud resource encryption plan through the cloud computing platform, and obtain a customized automatic encryption policy after the configuration is completed.
  • the cloud computing platform can be opened to any authorized user through the authority control of the cloud platform itself.
  • the interface of the module specially used for the automatic encryption task of the cloud host in the cloud computing platform is displayed on the user terminal interface, which can provide the timing task that the user needs to enable automatic encryption; and through the customization
  • the encryption policy sub-module 1042 enables the cloud tenant to directly configure the cloud resource encryption plan through the cloud computing platform, and obtain a self-defined automatic encryption policy after the configuration is completed.
  • Fig. 4 is a specific flow chart of another method for implementing automatic encryption with fault-tolerant mechanism for cloud hosts and cloud bastion hosts provided by the present invention.
  • the cloud computing platform automatically obtains the planned tasks for automatic encryption customization of the cloud computing platform by obtaining the encryption policy module 104, determines the encryption strategy according to the planned tasks, and automatically performs cloud host encryption by executing the automatic encryption module 105 ; Run the remote login verification according to the asset information of the cloud computing platform and the bastion machine, and enter the verification module of the cloud bastion machine.
  • the self-defined reclassification plan also includes the automatic reclassification policy of the cloud tenant's custom configuration: during the cloud tenant's custom configuration process, the self-defined automatic reclassification is realized by editing the reclassification plan Policy configuration includes: configuration of basic settings on the display interface, including configuration of basic content, such as name, remarks, account type, and encryption execution time. It also includes the setting of resources on the display interface. The interface is set with a visual click window component and a search window component, and there are candidate options, which are the main and commonly used basic settings in the existing encryption configuration. It is used for cloud tenants to directly select without Search; if users have specific needs or queries, they can directly search for keywords in the search window and then click to confirm.
  • the custom configured plan can carry out basic maintenance, modification and debugging, including sharing, recreation, etc.
  • the cloud bastion machine verification module completes the verification of the relevant cloud asset information of the cloud host through automated technology, including the cloud host ip, cloud host operating system, cloud host remote login port, account, password, etc., and verifies it through automatic remote login. At the same time, it is verified with the cloud bastion machine to ensure that the cloud asset information in the cloud platform is consistent with that in the cloud bastion.
  • the verification results are consistent, the verification is successful, and the verification is initiated to enter the automatic encryption stage. After triggering [Change Encryption Successfully 1], it will enter N times of verification. If the verification is successful, the encryption will be successfully changed. It will automatically take effect in the cloud host, and at the same time update the cloud asset information and synchronize the asset information of the cloud bastion machine.
  • the cloud bastion machine acts as a cloud computing platform.
  • One of the services provided is provided to cloud tenants, and cloud tenants can use the cloud bastion host directly through the cloud computing platform or through single sign-in.
  • the verification fails in the verification module of the cloud bastion machine or the automatic re-encryption fails, it enters the fault-tolerant module, automatically responds to the fault-tolerant mechanism, and returns to the cloud computing platform; the specific process includes: when the automatic re-encryption task is executed, the background is parallel Perform the password verification function in batches one by one. After the password modification is automatically completed, the previous password will be recorded, and the newly modified password will be recorded together; then try to automatically verify the new password of the cloud host. If the verification fails, Then this cloud host task is rolled back to ensure that the old password can be logged in; all automatic password change tasks are terminated and manual intervention is required, choose to skip or continue; if the verification is correct, continue to the next task.
  • the present invention also includes an electronic device, wherein the device includes a memory and a processor, and the memory stores a configuration program that can run the device as provided in this embodiment on the processor, and the configuration program When executed by the processor, a method for automatically changing encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion hosts as provided in this embodiment can be realized.
  • the present invention also includes a computer-readable storage medium, which is characterized in that the computer-readable storage medium stores a configuration program of the device provided in this embodiment, and the configuration program can be processed by one or more Execution by the server, so as to implement a method for implementing automatic encryption with a fault-tolerant mechanism for cloud hosts and cloud bastion hosts as provided in this embodiment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne le domaine technique de l'informatique en nuage et de la sécurité des informations et, en particulier, un procédé de mise en œuvre d'un changement automatique de mot de passe ayant un mécanisme de tolérance aux défauts pour un hôte en nuage et un hôte bastion en nuage. Dans la présente invention, un hôte bastion à code source ouvert est déployé et intégré au moyen d'une orchestration de service informatique en nuage, une plateforme informatique en nuage est connectée à un hôte bastion en nuage, et la synchronisation automatique d'informations d'actif en nuage de la plateforme informatique en nuage est achevée; par addition d'un mécanisme de tolérance aux défauts et d'une émission de mot de passe par une stratégie de plateforme informatique en nuage, un changement temporisé et automatique de mot de passe pour des informations d'actif en nuage de la plateforme informatique en nuage est mis en œuvre. Un hôte bastion à code source ouvert est déployé et intégré, et un module de vérification d'hôte bastion en nuage est développé; une règle de réponse de mécanisme de tolérance aux défauts est établie; une règle de réponse pour une synchronisation en temps réel d'informations d'actif en nuage dans une plateforme informatique en nuage est établie; une stratégie de changement de mot de passe est obtenue; et un changement automatique de mot de passe est réalisé. Selon la présente invention, un changement automatique de mot de passe pour un hôte en nuage et un hôte bastion en nuage est mis en œuvre, un changement aléatoire de mot de passe pour tous les comptes de ressources en nuage est achevé et une synchronisation avec l'hôte bastion en nuage est également mise en œuvre, et un locataire en nuage se connecte directement à l'hôte bastion en nuage au moyen de la plateforme en nuage après un changement automatique de mot de passe.
PCT/CN2021/121543 2021-09-29 2021-09-29 Procédé de mise en œuvre d'un changement automatique de mot de passe ayant un mécanisme de tolérance aux défauts pour hôte en nuage et hôte bastion en nuage WO2023050110A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/121543 WO2023050110A1 (fr) 2021-09-29 2021-09-29 Procédé de mise en œuvre d'un changement automatique de mot de passe ayant un mécanisme de tolérance aux défauts pour hôte en nuage et hôte bastion en nuage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/121543 WO2023050110A1 (fr) 2021-09-29 2021-09-29 Procédé de mise en œuvre d'un changement automatique de mot de passe ayant un mécanisme de tolérance aux défauts pour hôte en nuage et hôte bastion en nuage

Publications (1)

Publication Number Publication Date
WO2023050110A1 true WO2023050110A1 (fr) 2023-04-06

Family

ID=85781008

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/121543 WO2023050110A1 (fr) 2021-09-29 2021-09-29 Procédé de mise en œuvre d'un changement automatique de mot de passe ayant un mécanisme de tolérance aux défauts pour hôte en nuage et hôte bastion en nuage

Country Status (1)

Country Link
WO (1) WO2023050110A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117729057A (zh) * 2024-02-18 2024-03-19 北京建恒信安科技有限公司 一种基于身份安全的零信任接入系统的方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145587A1 (en) * 2009-12-11 2011-06-16 Samsung Electronics Co. Ltd. Integrated login input apparatus and method in portable terminal
CN106506153A (zh) * 2016-11-28 2017-03-15 浙江齐治科技股份有限公司 一种自动改密方法、装置及堡垒机
CN112347463A (zh) * 2020-11-11 2021-02-09 杭州飞致云信息科技有限公司 一种批量改密码的方法、装置和计算机可读存储介质

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145587A1 (en) * 2009-12-11 2011-06-16 Samsung Electronics Co. Ltd. Integrated login input apparatus and method in portable terminal
CN106506153A (zh) * 2016-11-28 2017-03-15 浙江齐治科技股份有限公司 一种自动改密方法、装置及堡垒机
CN112347463A (zh) * 2020-11-11 2021-02-09 杭州飞致云信息科技有限公司 一种批量改密码的方法、装置和计算机可读存储介质

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王骏翔 (WANG, JUNXIANG): "数据中心自动化运维平台的设计与实现 (Design and Implementation of Data Center Automatic Operation and Maintenance Platform)", 上海船舶运输科学研究所学报 (JOURNAL OF SHANGHAI SHIP AND SHIPPING RESEARCH INSTITUTE), no. 3, 30 September 2016 (2016-09-30) *
陈健锋等 (CHEN, JIANFENG ET AL.): "浅析运维堡垒机的设计和应用前景 (Non-official translation: Analyze Design and Application Prospect of Operation and Maintenance Fortress Aircraft)", 有线电视技术 (CATV TECHNOLOGY), no. 5, 31 May 2015 (2015-05-31) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117729057A (zh) * 2024-02-18 2024-03-19 北京建恒信安科技有限公司 一种基于身份安全的零信任接入系统的方法

Similar Documents

Publication Publication Date Title
CN110622129B (zh) 使用软件容器用于加速数据分析应用程序开发和部署的各方面的方法、系统和门户
US10057113B2 (en) Techniques for workload coordination
US10104053B2 (en) System and method for providing annotated service blueprints in an intelligent workload management system
US7020697B1 (en) Architectures for netcentric computing systems
US9342328B2 (en) Model for simulation within infrastructure management software
CA2388624C (fr) Architectures destinees a des systemes informatiques s'articulant autour d'internet
US11740936B2 (en) Method and system for managing cloud resources
Moravcik et al. Overview of Docker container orchestration tools
WO2016137397A2 (fr) Systèmes et procédés partagés, en nuage, de gestion sécurisée de processus de fabrication de semi-conducteurs, de la conception à la mise en service, et de droits numériques
CN112286985B (zh) 一种基于云计算的临床研究统计分析系统
CN112328390A (zh) 自动化实施云管理平台的方法、装置及存储介质
CA3159291A1 (fr) Visualisation et optimisation d'experience d'espace de travail virtuel
WO2023050110A1 (fr) Procédé de mise en œuvre d'un changement automatique de mot de passe ayant un mécanisme de tolérance aux défauts pour hôte en nuage et hôte bastion en nuage
Awasthi et al. Openstack-paradigm shift to open source cloud computing & its integration
WO2023142087A1 (fr) Procédé de réalisation d'une gestion et d'une commande d'autorisation multi-compte de ressources en nuage pour hôte en nuage et hôte bastion en nuage
CN116319341A (zh) 一种云化共享工控网络安全靶场系统
CN114995941A (zh) 一种任务调度方法、装置及可读存储介质
CN113204460A (zh) U盾测试方法、装置、设备和介质
CN113204459A (zh) U盾测试方法、装置、设备和介质
WO2023142070A1 (fr) Procédé pour réaliser une liaison d'autorisation d'hôtes en nuage pour hôte en nuage et hôte bastion en nuage
CN114374691A (zh) 面向云主机和云堡垒机实现含容错机制的自动改密的方法
Tankariya et al. AWS Certified Developer-Associate Guide: Your one-stop solution to pass the AWS developer's certification
Ong et al. Cyber Range Revolution: Transforming the Future of Cybersecurity Training
Martí Luque Developing and deploying NFV solutions with OpenStack, Kubernetes and Docker
Gardner et al. Towards a NoOps Model for WLCG

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21958703

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE