CN102685115B - Resource access method, resource management device and system - Google Patents
Resource access method, resource management device and system Download PDFInfo
- Publication number
- CN102685115B CN102685115B CN201210123383.2A CN201210123383A CN102685115B CN 102685115 B CN102685115 B CN 102685115B CN 201210123383 A CN201210123383 A CN 201210123383A CN 102685115 B CN102685115 B CN 102685115B
- Authority
- CN
- China
- Prior art keywords
- management device
- password
- resource
- equipment management
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a resource access method, a resource management device and a resource management system. The resource access method comprises the steps as follows: a resource applying request message sent by a terminal is received; an applied resource is distributed to the terminal, and a first password is generated for the resource that is applied according to the request message; then a password changing message is sent to an equipment manager, so as to indicate the equipment manager to change a preset password in the equipment manager into the first password; the first password is carried in the password changing message; if the preset password in the equipment manager is changed successfully, an external network IP (Internet Protocol) address of the applied resource is obtained; the external network IP address and the first password are returned to the terminal, so that the terminal can access the applied resource according to the external network IP address and the first password, and the security of the resource can be improved; and the resource access method is safe and reliable.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of access method of resource, asset management device and system.
Background technology
In cloud computing, resource management system needs to manage a large amount of resources, the zones of different of these resource distributions in physical machine or virtual machine, can be used for installing different operating system.Resource is carried out managing information such as can obtaining the CPU of each resource, internal memory, disk size and assignment record.Terminal needs access path by obtaining from resource to resource management system application resource, and user can visit resource according to access path and access code, thus can carry out installing in physical machine or virtual machine, the operation such as deployment software.Carrying out management to resource can stop unwarranted program or user to conduct interviews to resource.
Wherein, in order to ensure the fail safe of resource, resource management system needs to carry out resource management and resource distribution, resource distribution is distributed at resource, arrange to related resource the outer net IP address that terminal can access, terminal needs by account and access code, and the resource on remote access physical machine or virtual machine is carried out in this IP address, wherein, terminal carrys out remote access resource by Telnet or SSH agreement.
Wherein, Telnet and SSH is standard agreement and the mode of the Internet remote access service.Telnet adopts the authentication mode of account and access code; SSH supports two kinds of authentication modes: a kind of is the authentication mode adopting account and access code, and another kind is the authentication mode adopting double secret key.
Mainly according to the type of operating system agreement account and corresponding default access password in prior art, and obtain pre-configured outer net IP address and visit resource.Such as, the account of Unix system is about decided to be: root, about can be decided to be: 123456, configure corresponding outer net IP address when resource distribution respectively to the resource in resource management system by unified for initial access password.During terminal to apply resource, resource management system can return to user according to strategy information such as the outer net IP address of the resource of application, account and access code, and terminal can access resources thus.
The present inventor finds in the research and practice process of prior art, access code of the prior art gives tacit consent to agreement according to account, as long as terminal obtains the outer net IP address of the resource of application, terminal is easy to guess according to acquired outer net IP address the resource other and be not assigned with, or distributed but the outer net IP address of the unmodified resource of access code, with this illegal gain access, threaten distribution and the access rights of resource.
Summary of the invention
Embodiments provide a kind of access method of resource, asset management device and system, for improving the fail safe of resource.
An access method for resource, comprising:
The request message of the application resource that asset management device receiving terminal sends;
For the resource of described terminal distribution application, and it is the resource generation first password of described application;
Send password amendment message to equipment management device, to indicate described equipment management device that the access code preset in described equipment management device is revised as first password, described password amendment message carries described first password;
If the access code preset in described equipment management device is successfully revised, then obtain the outer net IP address of the resource of application;
Outer net IP address and first password are returned to terminal, with the resource making terminal apply for according to outer net IP address and first password access.
Optionally, the second password is also carried in described password amendment message, so that the access code preset in described second password and described equipment management device compares by described equipment management device, described second password is the access code preset stored in described asset management device; When described second password is equal with the access code preset in described equipment management device, then receive the successful message access code preset in described equipment management device being revised as first password that described equipment management device returns, and obtain the outer net IP address of the resource of described application, described outer net IP address and first password are returned to terminal; When the access code preset in described second password and described equipment management device is unequal, then receives the application resource failure that described equipment management device returns, and described application resource failure is returned to terminal.
Optionally, before the request message of the application resource that described asset management device receiving terminal sends, also comprise: be the preset outer net IP address of each resource, described terminal is by described outer net IP address access resources.
Optionally, after the outer net IP address of the resource of the described application of described acquisition, also comprise: send binding message to described equipment management device, to indicate described equipment management device the resource of described outer net IP address and described application to be bound, described binding message carries described outer net IP address.
An access method for resource, comprising:
Equipment management device receives the password amendment message that asset management device sends, and described password amendment message carries first password;
The access code preset in described equipment management device is revised as first password, obtains the outer net IP address of the resource of application to indicate described asset management device and described outer net IP address and first password are returned to terminal.
Optionally, the second password is also carried in described password amendment message, described second password is the access code preset stored in described asset management device, after then described equipment management device receives the password amendment message of asset management device transmission, also comprise: the access code preset in described second password and described equipment management device is compared; When described second password is equal with the access code preset in described equipment management device, then the access code preset in described equipment management device is revised as first password, and sends the message access code preset in described equipment management device being successfully revised as first password to asset management device; When the access code preset in described second password and described equipment management device is unequal, then returns application resource failure to asset management device, make described asset management device that affiliated application resource failure is returned to terminal.
Optionally, described by described equipment management device preset access code be revised as first password after, also comprise: receive asset management device send binding message, described binding message carries described outer net IP address; The resource of described outer net IP address and application is bound.
Optionally, described processing unit, also for sending binding message to described equipment management device, to indicate described equipment management device the resource of described outer net IP address and described application to be bound, described binding message carries described outer net IP address.
Optionally, the password amendment message that described amendment unit sends also carries the second password, and described amendment unit also indicates described equipment management device the access code preset in described second password and described equipment management device to be compared by described second password; Then described processing unit, specifically for when described second password is equal with the access code preset in described equipment management device, receive the successful message access code preset in described equipment management device being revised as first password that described equipment management device returns, and obtain the outer net IP address of the resource of described application; When the access code preset in described second password and described equipment management device is unequal, receives the application resource failure that described equipment management device returns, and described application resource failure is returned to terminal.
A kind of resource management system, comprising: any one asset management device above-mentioned and equipment management device;
Wherein, the password amendment message that described equipment management device sends for receiving asset management device, and the access code preset in described equipment management device is revised as first password, to indicate described asset management device obtain the outer net IP address of the resource of application and described outer net IP address and first password are returned to terminal, described password amendment message carries first password.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:
The request message of the application resource adopting the first receiving terminal of asset management device to send in the embodiment of the present invention, then be the resource of described terminal distribution application, and be applied for resource generation first password, then password amendment message is sent to equipment management device, with indicating equipment management devices, the access code preset in described equipment management device is revised as first password, password amendment message carries first password, if the successful amendment preset in equipment management device, then obtain the outer net IP address of the resource of application, and outer net IP address and first password are returned to terminal, with the resource making terminal apply for according to outer net IP address and first password access.Due in the present embodiment due to terminal apply for resource time can obtain first password, and the access code preset in equipment management device can be revised as first password, make terminal can visit resource by first password and the outer net IP address of the resource of the application got, make terminal can not obtain the access rights of resource according to the outer net IP address of conjecture, can improve the fail safe of resource, be a kind of access method of safe and reliable resource.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those skilled in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the embodiment of the present invention one;
Fig. 2 is the flow chart of the embodiment of the present invention two;
Fig. 3 is the flow chart of the embodiment of the present invention three;
Fig. 4 is the flow chart of the embodiment of the present invention four;
Fig. 5 is a structure chart of the embodiment of the present invention five;
Fig. 6 is another structure chart of the embodiment of the present invention five;
Fig. 7 is a structure chart of the embodiment of the present invention six;
Fig. 8 is another structure chart of the embodiment of the present invention six;
Fig. 9 is a structure chart of the embodiment of the present invention seven.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those skilled in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Embodiments provide a kind of can the access method of safe and reliable resource, can improve the fail safe of resource, the embodiment of the present invention also provides corresponding asset management device, equipment management device, and related system.Below describe in detail respectively.Please from consulting Fig. 1 to Fig. 9:
Embodiment one
Present embodiments provide a kind of access method of resource, the angle from asset management device is described by the present embodiment.It should be noted that, specifically this asset management device is not limited.Wherein, this asset management device can complete the mutual of terminal and equipment management device, so that the resource in terminal access resource management system.Wherein, the terminal in the present embodiment is user side, such as, can be PC.
An access method for resource, comprising:
The request message of the application resource that the first receiving terminal of asset management device sends, then be the resource of terminal distribution application, and the resource generation first password for applying for, then password amendment message is sent to equipment management device, with indicating equipment management devices, the access code preset in equipment management device is revised as first password, password amendment message carries first password; If the access code preset in equipment management device is successfully revised, then obtain the outer net IP address of the resource of application, and outer net IP address and first password are returned to terminal, with the resource making terminal apply for according to outer net IP address and first password access.
As shown in Figure 1, idiographic flow can be as follows:
101, the request message of the application resource of receiving terminal transmission;
Should be understood that, resource management system manages a large amount of resources, and these resources press the type distributes of resource in physical machine or virtual machine.Wherein, the various equipment that resource can be managed by resource management system, and on these equipment virtual out can accessed and use object.
Should be understood that, before terminal sends the request message of application resource, resource management system can carry out resource distribution in advance.Wherein, comprising: to each resource in resource management system, an outer net IP address and IP address of internal network are set.It should be noted that, terminal can only visit resource by outer net IP address, and IP address of internal network is used for resource management system inside and uses.In addition, also comprise: generate a default access code, and the installation of operating system is carried out to physical machine or virtual machine is created, wherein, for convenience, this access code preset generated is called the second password, wherein, this second password is generally made up of 6 ~ 10 character strings, does not specifically limit.
Optionally, the request message that terminal sends can carry type and the authentication mode of the resource of application.The type of the resource of namely applying for is the resource be distributed in physical machine, or distribution resource on a virtual machine; Authentication mode is telnet authentication or SSH certification.Below be described in detail respectively:
Optionally, if resource distribution is in physical machine, then carry out resource distribution to be specially: terminal can send an installation message for installing operating system to asset management device, a default access code can be generated after asset management device receives this installation message and saved as the second password, and this installation message received is sent to equipment management device, wherein, this installation message carries the second password, installation kit path, language form, time zone, divide the various parameters such as Division, the second password carried in installation message can be stored after equipment management device receives installation message, as the access code preset in equipment management device, then according to the installation of the access code complete operation system preset in equipment management device.It should be noted that, also can obtain this second password by carrying out operating system initialization to the physical machine of installing operating system.In like manner, if resource distribution on a virtual machine, then carry out resource distribution to be specially: terminal can send one for creating the establishment message of virtual machine to asset management device, the access code that after asset management device receives this establishment message, generation one is default is also saved as the second password, and this installation message received is sent to equipment management device, wherein, this establishment message carries the second password, virtual machine image, Intel Virtualization Technology type, CPU size, memory size, storage size, the various parameters such as network interface card quantity, can store creating the second password carried in message after equipment management device receives and creates message, as the access code preset in equipment management device, then according to the establishment of the access code complete operation virtual machine preset in equipment management device.That is, pass through resource distribution, asset management device can generate a default access code, i.e. the second password, and by installation message or establishment message, this second password can be sent to equipment management device, make the access code that the second password received is preset by equipment management device in equipment management device.It should be noted that, under normal circumstances, second password is equal with the access code preset in equipment management device, when terminal have changed the access code preset of equipment management device storage privately or equipment management device is attacked, access code default in the second password and equipment management device can be caused unequal.
Optionally, the authentication mode of the resource of application can be telnet authentication or SSH certification.Wherein, when authentication mode is telnet authentication, namely adopt the certification of user account and user cipher, when authentication mode is SHH certification, namely adopt user account and user cipher, and/or the certification of double secret key, that is, when authentication mode is SHH certification, the certification of user account and user cipher can be adopted, or the certification of double secret key, can also be user account and user cipher, and the certification of double secret key.Wherein, double secret key comprises PKI and private key.Wherein, the certification of double secret key is adopted to be specially: first create double secret key, and write in different files respectively by PKI and private key, the filename of double secret key is specified in order line; Then announce to user by PKI by network or other approach, user just can use public-key to judge whether data file is unlawfully revised in Internet Transmission.
102, be the resource of terminal distribution application, and be the resource generation first password of terminal to apply;
Asset management device is after the request message receiving the application resource that terminal sends, the resource can applied for according to request message is come for terminal distribution resource, and can the new access code of stochastic generation one, this access code can as the access code of terminal access resource, for convenience, in the present embodiment, the access code of this stochastic generation is described as first password.It should be noted that, receive the first password that generates of request message each time different, in order to ensure the fail safe of access code, first password uses ciphertext transmission in transport process.
103, send password amendment message to equipment management device, with indicating equipment management devices, the access code preset in equipment management device is revised as first password, password amendment message carries the first password generated in step 102; Such as, specifically can be as follows:
In order to make terminal can conduct interviews according to the resource of newly-generated first password to application, need the access code preset in equipment management device to be revised as first password.
Preferably, specifically can realize in the following manner the password of accessing in equipment management device is revised as first password: can by equipment management device to the second password and equipment management device in the access code preset compare, to verify whether asset management device has amendment authority.
Such as, specifically can by carrying the second password in password amendment message, equipment management device is allowed the access code preset in the second password and equipment management device to be compared, when the second password is equal with the access code preset in equipment management device, then equipment management device returns to the message that access code has successfully been revised as first password by asset management device, performs step 104, obtains the outer net IP address of the resource of application; When the access code preset in the second password and equipment management device is unequal, then equipment management device returns to asset management device application resource failure, make asset management device that application resource failure is returned to terminal, represent the failure of terminal to apply resource.
If the access code preset in 104 equipment management devices is successfully revised, then obtain the outer net IP address of the resource of application;
Should be understood that, before the request message of the application resource sent at receiving terminal, asset management device has preset an outer net IP address for each resource, and asset management device can the outer net IP address of resource of automatic acquisition application.
Optionally, can send acquisition message by asset management device to IP resource management and obtain outer net IP address, obtain in message and carry the outer net IP type appointed, the outer net IP type that IP resource management is carried according to acquisition message distributes outer net IP address.Wherein, outer net IP type can be self-defined by terminal, such as, can be " PM-External " the outer net IP type definition of the outer net IP address within the scope of 10.71.120.1 ~ 10.71.120.100.
Optionally, after asset management device obtains the outer net IP address of the resource of application, this outer net IP address and the resource of applying for can also be bound, to improve the fail safe of resource.Concrete, binding message can be sent to equipment management device by asset management device, wherein, this binding message carries outer net IP address, and the resource of outer net IP address and application can be bound by indicating equipment management devices by the binding message that asset management device sends to equipment management device.Concrete, equipment management device can by outer net IP address binding on the target network interface card of the resource of application.
105, the first password generated in the outer net IP address got in step 104 and step 102 is returned to terminal.
Terminal can according to existing user account, and the outer net IP address sent by asset management device received and first password visit the resource of application.Such as, when conducting interviews to resource, password of can modifying, newly-built user, or the operations such as various application programs are installed.
As from the foregoing, the request message of the application resource adopting the first receiving terminal of asset management device to send in the embodiment of the present invention, then be the resource of described terminal distribution application, and be applied for resource generation first password, then password amendment message is sent to equipment management device, with indicating equipment management devices, the access code preset in described equipment management device is revised as first password, password amendment message carries first password, if the successful amendment preset in equipment management device, then obtain the outer net IP address of the resource of application, and outer net IP address and first password are returned to terminal, with the resource making terminal apply for according to outer net IP address and first password access.Because terminal can obtain first password when applying for resource in the embodiment of the present invention, and the access code preset in equipment management device can be revised as first password, make terminal can visit resource by first password and the outer net IP address of the resource of the application got, make terminal can not obtain the access rights of resource according to the outer net IP address of conjecture, can improve the fail safe of resource, be a kind of access method of safe and reliable resource.Further, this first password is generated by asset management device, and is preserved voluntarily by terminal, and password can not be caused inconsistent when terminal carries out password amendment, be a kind of access method of safe and reliable resource.
Embodiment two
The access method of resource for a better understanding of the present invention, is described in detail from the angle of equipment management device to the embodiment of the present invention below.It should be noted that, specifically this equipment management device is not limited.Wherein, this equipment management device can be mutual with equipment management device, makes terminal can visit resource by asset management device.Wherein, the terminal in the present embodiment is user side, such as, can be PC.
An access method for resource, comprising:
Equipment management device receives the password amendment message that asset management device sends, password amendment message carries first password, then the access code preset in equipment management device is revised as first password, obtains the outer net IP address of the resource of application with indexed resource management equipment and outer net IP address and first password are returned to terminal.
As shown in Figure 2, idiographic flow can be as follows:
201, receive the password amendment message that asset management device sends, password amendment message carries first password;
After asset management device generates a first password, a password amendment message can be sent to equipment management device, equipment management device receives this password amendment message, according to circumstances the access code preset in equipment management device is revised as first password, wherein, this password amendment message carries first password.
Optionally, also carry the second password in this password amendment message, this second password is the access code preset in asset management device, can carry out authentication by trigger equipment management devices to asset management device.
Preferably, in order to verify whether asset management device has amendment authority, the access code preset can be compared in the second password and equipment management device.When the second password is equal with the access code preset in equipment management device, illustrate that this asset management device has amendment authority, then perform step 202, the access code preset in equipment management device is revised as first close.When the access code preset in the second password and equipment management device is unequal, illustrate that this asset management device does not have amendment authority, then return application resource failure to asset management device, make asset management device that affiliated application resource failure is returned to terminal.
202, the access code preset in equipment management device is revised as first password.
If asset management device has amendment authority, then the access code preset in equipment management device can be revised as first password by equipment management device, after access code is successfully modified, indexed resource management equipment indexed resource management equipment can obtain the outer net IP address of the resource of application and outer net IP address and first password returned to terminal, to proceed the flow process of applying for resource.
In addition, in order to make each outer net IP address and unique resource coordination, after access code is revised as first password, can also bind this outer net IP address, specifically can: receive asset management device send binding message, this binding message carries outer net IP address, then the resource of outer net IP address and application is bound.Wherein, can pass through this outer net IP address binding on the target network interface card of applied for resource.
Optionally, password amendment message also carries type and the authentication mode of the resource of application, and wherein, the type of the resource of application is the resource be distributed in physical machine, or distribution resource on a virtual machine, and authentication mode is telnet authentication or SSH certification.
If the resource of application is the resource be distributed in physical machine, before message revised by the password then sent in step 201, reception asset management device, also comprise: receive the installation message for installing operating system that asset management device sends, installation message carries the various parameters such as the second password, installation kit path, language form, time zone, point Division, and using the access code that the second password of receiving is preset in equipment management device, and according to the installation of the access code complete operation system preset in equipment management device; If the resource of application is the resource distributed on a virtual machine, before message revised by the password then sent in step 201, reception asset management device, also comprise: receive the establishment message that asset management device sends, create message and carry the various parameters such as the second password, virtual machine image, Intel Virtualization Technology type, CPU size, memory size, storage size, network interface card quantity, and using the access code that the second password is preset in equipment management device, and complete the establishment of virtual machine according to the access code preset in equipment management device.
It should be noted that, the concrete enforcement in the present embodiment see embodiment one, can repeat no more herein.
As from the foregoing, in the embodiment of the present invention, equipment management device can receive the password amendment message that asset management device sends, password amendment message carries first password, then the access code preset in equipment management device is revised as first password, obtain the outer net IP address of the resource of application with indexed resource management equipment and outer net IP address and first password are returned to terminal, make terminal can according to first password and outer net IP address access resources, improve the fail safe of resource access, and, equipment management device can by binding the resource of outer net IP address and terminal to apply, make the unique corresponding outer net IP address of a resource, the fail safe of resource can be improved.
Embodiment three
Here is an embody rule example of the present invention, and the present embodiment will in conjunction with terminal, and the angle of asset management device and equipment management device describes the present invention program jointly.Wherein, being stored in physical machine with resource, is that the certification of user account and user cipher is described for example with authentication mode:
Refer to Fig. 3, specifically can be as follows:
301, terminal is sent as the installation message of physical machine installing operating system to asset management device;
302, asset management device stochastic generation second password, and this second password is stored;
Wherein, the second password is the access code preset in asset management device, and this second password is stochastic generation.
303, asset management device sends the installation message of installing operating system to equipment management device; Wherein, this installation message carries the various parameters such as the second password, installation kit path, language form, time zone, point Division.
304, equipment management device receives the installation message of the installing operating system that asset management device sends, and the access code preset in equipment management device by the second password stores, and installs the operating system of physical machine;
After equipment management device receives the installation message of asset management device, the second password carried according to this installation message carries out the installation of operating system.Wherein, mounted operating system has the user account of an acquiescence.Such as, the account of Unix system is about decided to be: root, and the second password that asset management device generates is unified to be about decided to be: 123456.Wherein, when carrying out the installation of operating system, the second password that equipment management device identifiable design installation message is carried stores as the access code preset in equipment management device, then according to the installation of the access code complete operation system preset in equipment management device.
305, terminal sends the request message of application resource to asset management device;
306, the request message of the application resource of asset management device receiving terminal transmission, is the resource of terminal distribution application, and is that terminal generates user cipher;
307, asset management device sends password amendment message to equipment management device, and this password amendment message carries user cipher;
308, after equipment management device receives the password amendment message of money management equipment transmission, the access code preset in second password and equipment management device is compared, if the second password equals the access code preset in equipment management device, then the access code preset in equipment management device is revised as user cipher, this password amendment message carries user cipher and the second password;
Wherein, when the second password is equal with the access code preset in equipment management device, then the access code preset in equipment management device is revised as user cipher by equipment management device, and the message access code preset in equipment management device being successfully revised as user cipher is sent to asset management device, perform step 309; When the access code preset in the second password and equipment management device is unequal, equipment management device returns application resource failure to asset management device, and the failure of terminal to apply resource, terminates the flow process of application resource.
309, asset management device receives the message access code preset in equipment management device being successfully revised as user cipher that equipment management device sends, and obtains the outer net IP address of the resource of applying for;
310, asset management device sends binding message to equipment management device, and this binding message carries outer net IP address;
311, the resource of outer net IP address and application is bound by equipment management device, and the message of binding success is returned to asset management device;
312, the user cipher that the outer net IP address that step 309 got of asset management device and step 306 generate sends to terminal;
313, the outer net IP address that receives according to existing user account of terminal and user cipher visit resource.
It should be noted that, the concrete enforcement of the present embodiment see previous embodiment, can repeat no more herein.
Embodiment four
Here is another embody rule example of the present invention, and the present embodiment will in conjunction with terminal, and the angle of asset management device and equipment management device describes the present invention program jointly.Wherein, being stored in physical machine with resource, take authentication mode as double secret key certification for example is described:
Refer to Fig. 4, specifically can be as follows:
401, terminal is sent as the installation message of physical machine installing operating system to asset management device;
402, asset management device stochastic generation second password, and this second password is stored;
Wherein, the second password is the access code preset in asset management device, and this second password is stochastic generation.
403, asset management device sends the message of installing operating system to equipment management device; Wherein, this installation message carries the various parameters such as the second password, installation kit path, language form, time zone, point Division.
404, equipment management device receives the installation message of the installing operating system that asset management device sends, and the access code preset in equipment management device by the second password stores, and installs the operating system of physical machine;
After equipment management device receives the installation message of asset management device, the second password carried according to this installation message carries out the installation of operating system.Wherein, mounted operating system has the user account of an acquiescence.Such as, the account of Unix system is about decided to be: root, and the second password that asset management device generates is unified to be about decided to be: 123456.Wherein, when carrying out the installation of operating system, the second password that equipment management device identifiable design installation message is carried stores, then according to the installation of the access code complete operation system preset in equipment management device as the access code preset in equipment management device.
405, terminal sends the request message of application resource to asset management device;
406, the request message of the application resource of asset management device receiving terminal transmission, is the resource of terminal distribution application, and is that terminal generates double secret key, and this double secret key comprises PKI and private key;
407, asset management device sends password amendment message to equipment management device, and this password amendment message carries double secret key;
408, after equipment management device receives the password amendment message of money management equipment transmission, the access code preset in second password and equipment management device is compared, if the second password equals the access code preset in equipment management device, then the access code preset in equipment management device is revised as PKI, this password amendment message carries PKI and the second password;
Wherein, when second password is equal with the access code preset in equipment management device, then access code is revised as PKI by equipment management device, and sends the message access code preset in equipment management device being successfully revised as PKI to asset management device, performs step 409; When the access code preset in the second password and equipment management device is unequal, equipment management device returns application resource failure to asset management device, and the failure of terminal to apply resource, terminates the flow process of application resource.
409, asset management device receives the message access code preset in equipment management device being successfully revised as PKI that equipment management device sends, and obtains the outer net IP address of the resource of applying for;
410, asset management device sends binding message to equipment management device, and this binding message carries outer net IP address;
411, the resource of outer net IP address and application is bound by equipment management device, and the message of binding success is returned to asset management device;
412, the private key that the outer net IP address that step 409 got of asset management device and step 406 generate sends to terminal;
413, terminal visits resource according to existing user account and the outer net IP address received and private key.
It should be noted that, the concrete enforcement of the present embodiment see previous embodiment, can repeat no more herein.
Embodiment five
In order to implement above method better, the embodiment of the present invention additionally provides a kind of asset management device, and as shown in Figure 5, this asset management device comprises: receiving element 501, generation unit 502, amendment unit 503, processing unit 504 and transmitting element 505.
Receiving element 501, for the request message of the application resource that receiving terminal sends;
Generation unit 502, for the resource for terminal distribution application, and the resource that the request message received for receiving element 501 is applied for generates first password;
Amendment unit 503, for sending password amendment message to equipment management device, the access code preset in equipment management device is revised as with indicating equipment management devices the first password that generation unit 502 generates, password amendment message carries the first password that generation unit 502 generates;
Processing unit 504, for the access code preset in equipment management device successfully being revised when amendment unit 503 indicating equipment management devices, then obtains the outer net IP address of the resource of application;
Transmitting element 505, the first password that the outer net IP address got by processing unit 504 and generation unit 502 generate returns to terminal, the resource of the outer net IP address got according to processing unit 504 to make terminal and first password access application.
Wherein, in order to make each outer net IP address and unique resource coordination, processing unit 504, also for sending binding message to equipment management device, bind with the resource of indicating equipment management devices by outer net IP address and application, binding message carries outer net IP address.
It should be noted that, the resource stochastic generation first password that the request message received according to receiving element 501 is applied for, when receiving request message each time, the first password that generation unit 502 generates is different, and first password uses ciphertext transmission in transport process.
In addition, the password amendment message that amendment unit 503 sends also carries the second password, and the access code preset in the second password and equipment management device is also compared by the second password indicating equipment management devices by amendment unit 503;
Therefore processing unit 504, specifically may be used for when the second password is equal with the access code preset in equipment management device, the access code preset in equipment management device is revised as the message of first password by the success that receiving equipment management devices returns, and obtaining the outer net IP address of the resource of application, access code being revised as first password is that the access code preset in equipment management device is revised as first password; When the access code preset in the second password and equipment management device is unequal, specifically may be used for the application resource failure that receiving equipment management devices returns, and application resource failure is returned to terminal.
Optionally, refer to Fig. 6, the present embodiment can also comprise: dispensing unit 506.
It should be noted that, the request message of the application resource that receiving element 501 receives also carries type and the authentication mode of the resource of application; The type of the resource of application is the resource be distributed in physical machine, or distribution resource on a virtual machine; Authentication mode is telnet authentication or SSH certification.
When the resource of application is the resource be distributed in physical machine, then dispensing unit 506, for the installation message for installing operating system that receiving terminal sends, generate the access code preset, and default access code is saved as the second password, installation message is sent to equipment management device, installation message carries the second password, receive the second password to make equipment management device and the second password saved as the access code preset in equipment management device, and according to the installation of access code complete operation system preset in equipment management device; When the resource of application is the resource distributed on a virtual machine, then dispensing unit 506, for the establishment message for creating virtual machine that receiving terminal sends, generate the access code preset, and default access code is saved as the second password, send to equipment management device and create message, create message and carry the second password, receive the second password to make equipment management device and the second password saved as the access code preset in equipment management device, and completing the establishment of virtual machine according to the access code preset in equipment management device.
It should be noted that, the concrete enforcement in the present embodiment see embodiment one, can repeat no more herein.
As from the foregoing, the request message of the application resource first sent by receiving element 501 receiving terminal in the present embodiment, then generation unit 502 is the resource of terminal distribution application, and the resource of applying for for request message generates first password, then revise unit 503 and send password amendment message to equipment management device, with indicating equipment management devices, the access code preset in equipment management device is revised as first password, password amendment message carries first password, if the access code preset in equipment management device is successfully revised, then processing unit 504 obtains the outer net IP address of the resource of application, outer net IP address and first password are returned to terminal by transmitting element 505, make the resource that terminal can be applied for according to outer net IP address and first password access, make terminal can not obtain the access rights of resource according to the outer net IP address of conjecture, the fail safe of resource can be improved, improve the reliability of resource access.
Embodiment six
Accordingly, in order to implement above method better, the embodiment of the present invention additionally provides a kind of equipment management device, and as shown in Figure 7, this asset management device comprises: receiving element 601 and amendment unit 602.
Receiving element 601, for receiving the password amendment message that asset management device sends, this password amendment message carries first password;
Amendment unit 602, for receive password amendment message when receiving element 601 after, the access code preset in equipment management device is revised as first password, and indexed resource management equipment obtains the outer net IP address of the resource of application and outer net IP address and first password is returned to terminal.
Optionally, referring to Fig. 8, in order to make each outer net IP address and unique resource coordination revise unit 602, the binding message receiving asset management device transmission can also be used for, binding message carries outer net IP address, and the resource of outer net IP address and application is bound.
Optionally, the password amendment message that receiving element 601 receives also carries the second password, then revise unit 602, specifically for the access code preset in the second password and equipment management device is compared, when the second password is equal with the access code preset in equipment management device, then the access code preset in equipment management device is revised as first password, and sends the message access code preset in equipment management device being successfully revised as first password to asset management device; When the access code preset in the second password and equipment management device is unequal, returns application resource failure to asset management device, make asset management device that affiliated application resource failure is returned to terminal.
Should be understood that, the password amendment message that receiving element 601 receives also carries type and the authentication mode of the resource of application.The type of the resource of application is the resource be distributed in physical machine, or distribution resource on a virtual machine; Authentication mode is telnet authentication or SSH certification.
Optionally, refer to Fig. 8, the present embodiment also comprises: dispensing unit 603.Wherein, if the resource of application is the resource be distributed in physical machine, then dispensing unit 603, for receiving the installation message for installing operating system that asset management device sends, installation message carries the second password; Second password is saved as the access code preset in equipment management device, and according to the installation of access code complete operation system preset in equipment management device; Wherein, if the resource of application is the resource distributed on a virtual machine, then for receiving the establishment message of the establishment virtual machine that asset management device sends, creating message and carrying the second password; Second password is saved as the access code preset in equipment management device, and complete the establishment of virtual machine according to the access code preset in equipment management device.
It should be noted that, the concrete enforcement in the present embodiment see embodiment one, can repeat no more herein.
As from the foregoing, received the password amendment message of asset management device transmission by receiving element 601 in the present embodiment, password amendment message carries first password, after receiving element 601 receives password amendment message, by amendment unit 602, the access code preset in equipment management device is revised as first password again, and indexed resource management equipment obtains the outer net IP address of the resource of application and outer net IP address and first password is returned to terminal, make terminal can according to first password and outer net IP address access resources, and, the resource of outer net IP address and terminal to apply can be bound by equipment management device, make the unique corresponding outer net IP address of a resource, improve the fail safe of resource, improve the reliability of resource access.
Embodiment seven
Accordingly, the embodiment of the present invention additionally provides resource management system, and this resource management system specifically can comprise: asset management device 701 and equipment management device 702.Refer to Fig. 9:
Wherein, this asset management device 701, for the request message of the application resource that receiving terminal sends, and be the resource of terminal distribution application, and the resource generation first password for applying for, and send password amendment message to equipment management device 702, with indicating equipment management devices 702, the access code preset in equipment management device 702 is revised as first password, password amendment message carries first password; If the access code preset in equipment management device 702 is successfully revised, then obtain the outer net IP address of the resource of application, and outer net IP address and first password are returned to terminal, with the resource making terminal apply for according to outer net IP address and first password access.
It should be noted that, the asset management device 701 in the present embodiment can be any one asset management device in embodiment five, and concrete enforcement see embodiment five, can repeat no more herein.
Wherein, equipment management device 702, for receiving the password amendment message that asset management device 701 sends, and the access code preset in equipment management device 702 is revised as first password, obtain the outer net IP address of the resource of application with indexed resource management equipment 701 and outer net IP address and first password are returned to terminal, password amendment message carries first password.
It should be noted that, the equipment management device 702 in the present embodiment can be any one asset management device in embodiment six, specifically can See Examples six, repeats no more herein.
One of ordinary skill in the art will appreciate that all or part of step realized in above-described embodiment method is that the hardware that can carry out instruction relevant by program completes, program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
Above the access method of a kind of resource provided by the present invention, asset management device and system are described in detail, apply specific case herein to set forth principle of the present invention and execution mode, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for those skilled in the art, according to the thought of the embodiment of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (11)
1. an access method for resource, is characterized in that, comprising:
The request message of the application resource that asset management device receiving terminal sends;
For the resource of described terminal distribution application, and it is the resource generation first password of described application;
Send password amendment message to equipment management device, to indicate described equipment management device that the access code preset in described equipment management device is revised as first password, described password amendment message carries described first password;
If the access code preset in described equipment management device is successfully revised, then obtain the outer net IP address of the resource of described application;
Described outer net IP address and first password are returned to terminal, accesses the resource of described application to make described terminal according to described outer net IP address and first password.
2. the access method of resource according to claim 1, is characterized in that,
The second password is also carried in described password amendment message, so that the access code preset in described second password and described equipment management device compares by described equipment management device, described second password is the access code preset stored in described asset management device;
When described second password is equal with the access code preset in described equipment management device, then receive the successful message access code preset in described equipment management device being revised as first password that described equipment management device returns, and obtain the outer net IP address of the resource of described application, described outer net IP address and first password are returned to terminal;
When the access code preset in described second password and described equipment management device is unequal, then receives the application resource failure that described equipment management device returns, and described application resource failure is returned to terminal.
3. the access method of resource according to claim 1, is characterized in that, before the request message of the application resource that described asset management device receiving terminal sends, also comprises:
For the preset outer net IP address of each resource, described terminal is by described outer net IP address access resources.
4., according to the access method of described resource arbitrary in claims 1 to 3, it is characterized in that, after the outer net IP address of the resource of the described application of described acquisition, also comprise:
Send binding message to described equipment management device, to indicate described equipment management device the resource of described outer net IP address and described application to be bound, described binding message carries described outer net IP address.
5. an access method for resource, is characterized in that, comprising:
Equipment management device receives the password amendment message that asset management device sends, and described password amendment message carries first password;
The access code preset in described equipment management device is revised as first password, obtains the outer net IP address of the resource of application to indicate described asset management device and described outer net IP address and first password are returned to terminal.
6. the access method of resource according to claim 5, is characterized in that,
Also carry the second password in described password amendment message, described second password is the access code preset stored in described asset management device, then, after described equipment management device receives the password amendment message of asset management device transmission, also comprise:
The access code preset in described second password and described equipment management device is compared;
When described second password is equal with the access code preset in described equipment management device, then the access code preset in described equipment management device is revised as first password, and sends the message access code preset in described equipment management device being successfully revised as first password to asset management device;
When the access code preset in described second password and described equipment management device is unequal, then returns application resource failure to asset management device, make described asset management device that affiliated application resource failure is returned to terminal.
7. the access method of the resource according to claim 5 or 6, is characterized in that, described by described equipment management device preset access code be revised as first password after, also comprise:
Receive the binding message that asset management device sends, described binding message carries described outer net IP address;
The resource of described outer net IP address and application is bound.
8. an asset management device, is characterized in that, comprising:
Receiving element, for the request message of the application resource that receiving terminal sends;
Generation unit, for the resource for described terminal distribution application, and the resource that the request message received for described receiving element is applied for generates first password;
Amendment unit, for sending password amendment message to equipment management device, to indicate described equipment management device that the access code preset in described equipment management device is revised as the first password of described generation unit generation, described password amendment message carries the first password that described generation unit generates;
Processing unit, for the access code preset in described equipment management device successfully being revised when described amendment unit indicating equipment management devices, then obtains the outer net IP address of the resource of described application;
Transmitting element, the first password that the outer net IP address got by described processing unit and described generation unit generate returns to terminal, and the outer net IP address got according to described processing unit to make described terminal and first password access the resource of described application.
9. asset management device according to claim 8, is characterized in that,
Described processing unit, also for sending binding message to described equipment management device, to indicate described equipment management device the resource of described outer net IP address and described application to be bound, described binding message carries described outer net IP address.
10. asset management device according to claim 8 or claim 9, is characterized in that,
The password amendment message that described amendment unit sends also carries the second password, and described amendment unit also indicates described equipment management device the access code preset in described second password and described equipment management device to be compared by described second password;
Then described processing unit, specifically for when described second password is equal with the access code preset in described equipment management device, receive the successful message access code preset in described equipment management device being revised as first password that described equipment management device returns, and obtain the outer net IP address of the resource of described application; When the access code preset in described second password and described equipment management device is unequal, receives the application resource failure that described equipment management device returns, and described application resource failure is returned to terminal.
11. 1 kinds of resource management systems, is characterized in that, comprise equipment management device and the asset management device according to any one of claim 8 to 10;
The password amendment message that described equipment management device sends for receiving asset management device, and the access code preset in described equipment management device is revised as first password, to indicate described asset management device obtain the outer net IP address of the resource of application and described outer net IP address and first password are returned to terminal, described password amendment message carries first password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210123383.2A CN102685115B (en) | 2012-04-24 | 2012-04-24 | Resource access method, resource management device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210123383.2A CN102685115B (en) | 2012-04-24 | 2012-04-24 | Resource access method, resource management device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102685115A CN102685115A (en) | 2012-09-19 |
| CN102685115B true CN102685115B (en) | 2015-05-27 |
Family
ID=46816478
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210123383.2A Active CN102685115B (en) | 2012-04-24 | 2012-04-24 | Resource access method, resource management device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102685115B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103870748B (en) * | 2012-12-17 | 2017-10-10 | 华为技术有限公司 | The security processing and device of virtual machine |
| CN103731308A (en) * | 2013-12-29 | 2014-04-16 | 国云科技股份有限公司 | Virtual machine public network management method |
| CN107577516B (en) | 2017-07-28 | 2020-08-14 | 华为技术有限公司 | Virtual machine password resetting method, device and system |
| CN111405006B (en) * | 2020-03-06 | 2022-07-12 | 北京奇艺世纪科技有限公司 | Method and device for processing remote login failure and remote login system |
| CN112713999B (en) * | 2020-12-28 | 2021-10-19 | 北京航空航天大学 | Networked automobile safety remote updating method based on bidirectional identity authentication |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102130893A (en) * | 2010-01-18 | 2011-07-20 | 上海启电信息科技有限公司 | Safety protection method and system for network accounts |
-
2012
- 2012-04-24 CN CN201210123383.2A patent/CN102685115B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102130893A (en) * | 2010-01-18 | 2011-07-20 | 上海启电信息科技有限公司 | Safety protection method and system for network accounts |
Non-Patent Citations (1)
| Title |
|---|
| 王平建,荆继武,王琼霄,王展.云存储中的访问控制技术研究.《第26次全国计算机安全学术交流会》.2012,(第09期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102685115A (en) | 2012-09-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105164633B (en) | The configuration and verifying carried out by trusted provider | |
| CN107911421B (en) | Method, apparatus, and computer storage medium for configuring cross-network communications in a blockchain | |
| JP6782307B2 (en) | Dynamic access to hosted applications | |
| JP5522307B2 (en) | System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines | |
| US9867051B2 (en) | System and method of verifying integrity of software | |
| US8254579B1 (en) | Cryptographic key distribution using a trusted computing platform | |
| EP2973147B1 (en) | Policy-based secure web boot | |
| JP6222592B2 (en) | Mobile application identity verification for mobile application management | |
| CN110944330A (en) | MEC platform deployment method and device | |
| US20140245013A1 (en) | Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it | |
| US9270703B1 (en) | Enhanced control-plane security for network-accessible services | |
| CN102685115B (en) | Resource access method, resource management device and system | |
| US10318747B1 (en) | Block chain based authentication | |
| CN103944890A (en) | Virtual interaction system and method based on client/server mode | |
| CN114531945A (en) | Template-based loading of web-enabled devices | |
| CN108462752B (en) | Method and system for accessing shared network, VPC management equipment and readable storage medium | |
| CN103716400A (en) | Method and system for achieving mobile working based on virtual machine | |
| CN111224952A (en) | Network resource acquisition method and device for directional flow and storage medium | |
| CN113039542A (en) | Secure counting in cloud computing networks | |
| CN107396362B (en) | Method and equipment for carrying out wireless connection pre-authorization on user equipment | |
| CN112068929A (en) | Unified management method for accessing multi-architecture cloud platform to third-party web service | |
| US20200099631A1 (en) | Method and device for performing traffic control on user equipment | |
| CN113784354B (en) | Request conversion method and device based on gateway | |
| TW201546626A (en) | Resource restriction | |
| KR101900710B1 (en) | Management method of trusted application download, management server, device and system using it |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200207 Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd. Address before: 210012 HUAWEI Nanjing base, 101 software Avenue, Yuhuatai District, Jiangsu, Nanjing Patentee before: Huawei Technologies Co.,Ltd. |
|
| TR01 | Transfer of patent right |