CN103207965A - Method and device for License authentication in virtual environment - Google Patents
Method and device for License authentication in virtual environment Download PDFInfo
- Publication number
- CN103207965A CN103207965A CN2013100801240A CN201310080124A CN103207965A CN 103207965 A CN103207965 A CN 103207965A CN 2013100801240 A CN2013100801240 A CN 2013100801240A CN 201310080124 A CN201310080124 A CN 201310080124A CN 103207965 A CN103207965 A CN 103207965A
- Authority
- CN
- China
- Prior art keywords
- license authentication
- license
- application software
- hypervisor
- virtual machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method and a device for License authentication in a virtual environment. When application software on a virtual machine performs License authentication, License authentication messages are transmitted and received by invoking an interface of a Hypervisor, and a License request message or a response message is forwarded to a License authentication center or returned to the virtual machine when virtualization management software receives the License request message or the response message, so that authentication from the application software on the virtual machine to the License authentication center is finished.
Description
Technical field
The present invention relates to data communication field, relate in particular to the method and apparatus of License authentication under a kind of virtual environment.
Background technology
Intel Virtualization Technology can improve the utilization factor of enterprise's hardware resource, the dirigibility that increases application deployment, reduction O﹠M cost, thereby has attracted more and more enterprises that business is moved to the virtualization architecture from conventional I T framework.The Hypervisor(of Intel Virtualization Technology by bottom operates in " unit " operating system between underlying hardware facility layer and the upper strata operating system, be used for coordinating upper strata operating system to the visit of bottom hardware resource, alleviate software to the dependence of hardware device and driving, simultaneously to the hardware compatibility in the virtual running environment, high reliability, high availability, extensibility, problems such as performance optimization are carried out consolidation process), hardware resource is carried out logical abstraction, thereby be integrated into unified resource pool, virtual management software (finishing the management to Hypervisor) allows the user to create a plurality of virtual machines at same main frame, each virtual machine is equivalent to a traditional physical server, installing operating system and disposing application program are isolated between the different virtual machine mutually thereon, be independent of each other.
Yet under virtual environment, the control method of traditional application software License can not satisfy its managerial demand.As shown in Figure 1, for realize the networking synoptic diagram of application software License authentication under traditional deployed environment by License authentication center.Under traditional deployed environment, the License authentication of all application software is all finished by License authentication center: application software is behind the registration License of License authentication center, each startup is used and is all needed to authenticate to License authentication center, if License center authentification failure thinks then that this License lost efficacy and refusing user's is used the application software of this License correspondence.
In virtualized environment, because License authentication center and virtual management running software are at the management network segment, the virtual machine at application software place then operates in the professional network segment, therefore, virtual machine can't with the direct communication of license authentication center, as adopt authentication mode under above-mentioned traditional deployed environment, then can't finish application software to the authentication of License authentication center.
Summary of the invention
In view of this, the invention provides the method and apparatus of License authentication under a kind of virtualized environment, to solve above-mentioned the deficiencies in the prior art.
The present invention is achieved through the following technical solutions:
The method of License authentication under a kind of virtual environment is applied to the License authentication of application software on the virtual machine, and wherein said method comprises the steps:
Step 1, when on the virtual machine during application software initiated use, send the License authentication request packet of this application software to License authentication center by the interface that calls Hypervisor;
Step 2, receive License authentication center about the response message of authentication result, and determine whether can use application software on the virtual machine according to authentication result.
Further, when the network between described Hypervisor and the license authentication center is unreachable, between Hypervisor and license authentication center, also virtual management software need be set, after Hypervisor receives the License authentication request packet that application software sends, the License authentication request information of application software is transmitted to virtual management software.
Further, after virtual management software receives the License authentication request information of Hypervisor transmission, again this License authentication request information is transmitted to License authentication center, and behind the response message that receives from License authentication center, this response message is sent to application software on the virtual machine by Hypervisor.
Further, described virtual management software and described authentication center both can integrate, and also can be separated from each other to arrange separately.
Further, application software is further periodically called and is sent the keep-alive message interface after virtual machine is finished the License authentication, sends the keep-alive message to license authentication center.
The present invention also provides the device of License authentication under a kind of virtual environment simultaneously, is applied to the License authentication of application software on the virtual machine, and wherein said device comprises:
Hypervisor interface interchange unit is used for when on the virtual machine during application software initiated uses, and the interface that calls correspondence on the Hypervisor sends the License message identifying of this application software to License authentication center;
License authentication result confirmation unit be used for to receive License authentication center about the response message of authentication result, and confirms whether can use application software on the virtual machine according to authentication result.
Further, when the network between described Hypervisor and the license authentication center is unreachable, between Hypervisor and license authentication center, also the virtual management software unit need be set, after Hypervisor receives the License authentication request packet that application software sends, by proprietary protocol the License authentication request information of application software is transmitted to the virtual management software unit.
Further, after the virtual management software unit receives the License authentication request information of Hypervisor transmission, this License authentication request information is transmitted to License authentication center, and behind the response message that receives from License authentication center, this response message is sent to application software on the virtual machine by Hypervisor.
Further, described virtual management software unit and described authentication center both can integrate, and also can be separated from each other to arrange separately.
Further, application software further periodically sends the keep-alive message interface by Hypervisor interface interchange cell call after virtual machine is finished the License authentication, send the keep-alive message to license authentication center.
Compared with prior art, the present invention realizes authentication and the control problem of application software License under the virtualized environment by the License identifying procedure under existing traditional deployed environment is made amendment.
Description of drawings
Fig. 1 is for realizing the networking synoptic diagram of application software authentication by License authentication center under existing traditional deployed environment.
Fig. 2 is the method flow synoptic diagram of License authentication under the virtual environment of the present invention.
Fig. 3 is the apparatus structure synoptic diagram of License authentication under the virtual environment of the present invention.
Embodiment
For making those skilled in the art clear more and clear, below in conjunction with drawings and Examples of the present invention, describe the present invention in detail and realize details.
As stated in the Background Art, under virtual environment, application software on the virtual machine can't be communicated by letter with License authentication center, but the Hypervisor at virtual machine place can with the virtual management software communication, and virtual management software can be communicated by letter with License authentication center.Therefore, in the present invention, the core concept that adopts is: when application software on the virtual machine is carried out the License authentication, finish transmission and the reception of License message identifying by the interface that directly calls Hypervisor, virtual management software is when receiving License authentication request or response message, this License request message or response message are transmitted to License authentication center or return to virtual machine, and then finish the authentication that application software arrives License authentication center on the virtual machine.
Because in the present invention, application software is when carrying out the License authentication on the virtual machine, and application software is not to call the operating system of virtual machine, but the interface that directly calls Hypervisor is finished transmission and the reception of license message identifying.Therefore, in order to realize the object of the invention, in this patent, need be at Hypervisor definition one group interface, for the use of communicating by letter between the application software on the virtual machine and the virtual management software.Wherein, to define several interface examples as follows for Hypervisor:
Software startup request interface: launchAppReq;
Software startup response interface: launchAppRsp;
Send keep-alive message interface: sendKeepAliveMsg;
The keep-alive message is replied interface: sendKeepAliveRspMsg;
Obtain current available License quantity interface: getAvailableLienceCount;
Use the License interface of certain application software: registerLicense.
Need to prove, more than only be several examples of describing Hypervisor definition of the present invention, implement should only not be confined to these interfaces in the process of the present invention in reality.
As shown in Figure 2, defined the interface that in the License verification process, calls for the application software on the virtual machine at Hypervisor after, it is as follows to adopt method of the present invention to finish the process of License authentication under the virtual environment:
Step 1, when application software initiated on the virtual machine, the software startup request interface that calls Hypervisor sends the License authentication request to license authentication center.
Wherein, may comprise relevant informations such as virtual machine, virtual machine place physical server, user and application software in this License authentication request.
Step 2, Hypervisor are transmitted to virtual management software with described information after receiving the License authentication request information of application software transmission;
Step 3, virtual management software further are transmitted to License authentication center with this information after receiving the License authentication request information of Hypervisor transmission;
Because in virtualized environment, License authentication center and virtual management software all operate in the management network segment, therefore, between the two can direct communication, virtual management software directly is transmitted to it License authentication center after receiving the License authentication request information that Hypervisor sends over.
After step 4, License authentication center receive the License authentication information, use this application software to authenticate the user at virtual machine, and authentication result is sent to virtual management software by response message;
Receive the License authentication information of application software when License authentication center after, at first therefrom parse the License authentication information of this application software, relatively whether the License authentication information of this application software of License authentication center record conforms to the License authentication information that current parsing obtains then, and then determines this application software License authentication success or License authentification failure.
If the usage quantity of this application software is restricted, when License authentication center passes through a License in every authentication, then in its License statistic record, add 1.When the application software License quantity of accumulative total surpasses the quantity of setting, then refuse this application software and continue authentication.
Further, License authentication center also needs the information of the authentication result (comprising: whether the License quantity of License authentication success, License authentification failure or application software authentication surpasses the quantity of licensing) of application software is fed back to the user by response message.
After step 5, virtual management software receive the response message message that License authentication center returns, it is sent to corresponding Hypervisor;
Step 6, Hypervisor send to application software by corresponding interface with this response message message;
The response message message of step 7, application software analysis License authentication center, and handle accordingly according to the authentication result of carrying in the response message message.
Particularly, the action that application software is handled according to the License authentication result comprises: normally start software, maybe can not start software and display reminding information etc.
After the License authentication of finishing application software on the above-mentioned virtual machine, can in time reclaim License in order to guarantee License authentication center, preferably, in the present invention, also comprise the steps:
Step 8, application software are further periodically called and are sent the keep-alive message interface to license authentication center transmission keep-alive message after virtual machine is finished the License authentication and started;
Step 9, license authentication center provide in the given time and reply after receiving the keep-alive message that application software sends on the self virtualizing machine.
If do not receive the keep-alive message that application software sends within a certain period of time, license authentication center is recoverable to the license right to use of application software;
If do not receive the keep-alive response message of license authentication center within a certain period of time, application software will be done some abnormality processing, as prompting user or log, close software license then.
Need to prove that under some application scenarios, License authentication center also can be integrated in the virtual management software among the present invention, in this case, License identifying procedure and above-mentioned identifying procedure are identical, are not described in detail at this.
In addition, under some specific application scenarios, if the network between Hypervisor and the license authentication center can reach, application software on the virtual machine also can by " application software<-Hypervisor<-License authentication center " mode finish application software on the virtual machine to the verification process of License authentication center, its principle of work is the same, repeats no more too at this.
The present invention also provides a kind of device of License authentication control simultaneously, is applied to the License of application software authentication on the virtual machine under the virtual environment, and this device comprises:
Hypervisor interface interchange unit is used for when on the virtual machine during application software initiated uses, and the interface that calls correspondence on the Hypervisor sends the License message identifying of this application software to License authentication center;
License authentication result confirmation unit be used for to receive License authentication center about the response message of authentication result, and confirms whether can use application software on the virtual machine according to authentication result.
Wherein, the interface example of described Hyerevisor is as follows:
Software startup request interface: launchAppReq;
Software startup response interface: launchAppRsp;
Send keep-alive message interface: sendKeepAliveMsg;
The keep-alive message is replied interface: sendKeepAliveRspMsg;
Obtain current available License quantity interface: getAvailableLienceCount;
Use the License interface of certain application software: registerLicense.
Further, when the network between described Hypervisor and the license authentication center is unreachable, between Hypervisor and license authentication center, also the virtual management software unit need be set, after Hypervisor receives the License authentication request packet that application software sends, the License authentication request information of application software is transmitted to the virtual management software unit.Wherein, described virtual management software unit and described authentication center namely can integrate, and also can be separated from each other to arrange separately.
After the virtual management software unit receives the License authentication request information of Hypervisor transmission, this License authentication request information is transmitted to License authentication center, and behind the response message that receives from License authentication center, this response message is sent to application software on the virtual machine by Hypervisor.
Application software further periodically sends the keep-alive message interface by Hypervisor interface interchange cell call and sends the keep-alive message to license authentication center after virtual machine is finished the License authentication.
Compared with prior art, the present invention is carrying out License when authentication when application software on the virtual machine, finishes on the virtual machine communicating by letter of message between application software and License authentication center by the interface that directly calls Hypervisor.Therefore, License authentication center can carry out unified control and management to the software license that operates on each virtual machine, when virtual machine (vm) migration, the License of application software can move along with the migration of virtual machine, and when this License is not used in the application on the virtual machine, License authentication center can in time reclaim this License, uses for other virtual machines.The present invention that combines with prior art has also solved the problem of piracy of software under the virtualized environment, and it can guarantee that the usage quantity of application software is no more than licensed quantity.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (10)
1. the method for License authentication under the virtual environment is applied to the License authentication of application software on the virtual machine, it is characterized in that described method comprises the steps:
Step 1, when on the virtual machine during application software initiated use, send the License authentication request packet of this application software to License authentication center by the interface that calls Hypervisor;
Step 2, receive License authentication center about the response message of authentication result, and determine whether can use application software on the virtual machine according to authentication result.
2. the method for claim 1, it is characterized in that, when the network between described Hypervisor and the license authentication center is unreachable, between Hypervisor and license authentication center, also virtual management software need be set, after Hypervisor receives the License authentication request packet that application software sends, the License authentication request information of application software is transmitted to virtual management software.
3. method as claimed in claim 2, it is characterized in that, after virtual management software receives the License authentication request information of Hypervisor transmission, again this License authentication request information is transmitted to License authentication center, and behind the response message that receives from License authentication center, this response message is sent to application software on the virtual machine by Hypervisor.
4. as claim 1 or 3 described methods, it is characterized in that described virtual management software and described authentication center both can integrate, also can be separated from each other arranges separately.
5. method as claimed in claim 4 is characterized in that, application software is further periodically called and sent the keep-alive message interface after virtual machine is finished the License authentication, sends the keep-alive message to license authentication center.
6. the device of License authentication under the virtual environment is applied to the License authentication of application software on the virtual machine, it is characterized in that described device comprises:
Hypervisor interface interchange unit is used for when on the virtual machine during application software initiated uses, and the interface that calls correspondence on the Hypervisor sends the License message identifying of this application software to License authentication center;
License authentication result confirmation unit be used for to receive License authentication center about the response message of authentication result, and confirms whether can use application software on the virtual machine according to authentication result.
7. device as claimed in claim 6, it is characterized in that, when the network between described Hypervisor and the license authentication center is unreachable, between Hypervisor and license authentication center, also the virtual management software unit need be set, after Hypervisor receives the License authentication request packet that application software sends, by proprietary protocol the License authentication request information of application software is transmitted to the virtual management software unit.
8. device as claimed in claim 7, it is characterized in that, after the virtual management software unit receives the License authentication request information of Hypervisor transmission, this License authentication request information is transmitted to License authentication center, and behind the response message that receives from License authentication center, this response message is sent to application software on the virtual machine by Hypervisor.
9. as claim 6 or 8 described devices, it is characterized in that described virtual management software unit and described authentication center both can integrate, also can be separated from each other arranges separately.
10. device as claimed in claim 9; it is characterized in that; application software further periodically sends the keep-alive message interface by Hypervisor interface interchange cell call after virtual machine is finished the License authentication, send the keep-alive message to license authentication center.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100801240A CN103207965A (en) | 2013-03-13 | 2013-03-13 | Method and device for License authentication in virtual environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100801240A CN103207965A (en) | 2013-03-13 | 2013-03-13 | Method and device for License authentication in virtual environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103207965A true CN103207965A (en) | 2013-07-17 |
Family
ID=48755182
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100801240A Pending CN103207965A (en) | 2013-03-13 | 2013-03-13 | Method and device for License authentication in virtual environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103207965A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016062115A1 (en) * | 2014-10-24 | 2016-04-28 | 中兴通讯股份有限公司 | Certificate management method and device in virtual |
| CN110337652A (en) * | 2018-01-29 | 2019-10-15 | 深圳市汇顶科技股份有限公司 | Access method, safety control module, chip and the commissioning device of chip |
| CN110798466A (en) * | 2019-10-29 | 2020-02-14 | 西安雷风电子科技有限公司 | Verification method and system for software license in virtual machine scene |
| CN110968861A (en) * | 2019-12-02 | 2020-04-07 | 紫光云技术有限公司 | Security monitoring method based on license authentication of cluster virtual machine |
| CN111104665A (en) * | 2019-12-04 | 2020-05-05 | 紫光云(南京)数字技术有限公司 | Security monitoring method based on license authentication of cluster virtual machine |
| CN112751832A (en) * | 2020-12-18 | 2021-05-04 | 湖南麒麟信安科技股份有限公司 | Online authorization authentication method, equipment and storage medium for virtual machine operating system |
| CN112925604A (en) * | 2019-11-20 | 2021-06-08 | 北京华耀科技有限公司 | Virtualization management platform and implementation method |
| CN113282376A (en) * | 2021-07-22 | 2021-08-20 | 北京关键科技股份有限公司 | UKey virtual machine penetration method applied to cloud platform architecture |
| CN114448986A (en) * | 2022-01-04 | 2022-05-06 | 上海弘积信息科技有限公司 | License control method based on MC centralized management system |
| CN115022065A (en) * | 2022-06-15 | 2022-09-06 | 聚好看科技股份有限公司 | License authentication method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101008903A (en) * | 2006-01-23 | 2007-08-01 | 联想(北京)有限公司 | Virtual machine system and device access method thereof |
| US20080098465A1 (en) * | 2006-10-19 | 2008-04-24 | Sun Microsystems, Inc. | Method and system for managing execution of an application module |
-
2013
- 2013-03-13 CN CN2013100801240A patent/CN103207965A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101008903A (en) * | 2006-01-23 | 2007-08-01 | 联想(北京)有限公司 | Virtual machine system and device access method thereof |
| US20080098465A1 (en) * | 2006-10-19 | 2008-04-24 | Sun Microsystems, Inc. | Method and system for managing execution of an application module |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016062115A1 (en) * | 2014-10-24 | 2016-04-28 | 中兴通讯股份有限公司 | Certificate management method and device in virtual |
| CN105577381A (en) * | 2014-10-24 | 2016-05-11 | 中兴通讯股份有限公司 | License management method and device under virtualization |
| CN105577381B (en) * | 2014-10-24 | 2020-03-31 | 中兴通讯股份有限公司 | Certificate management method and device under virtualization |
| CN110337652A (en) * | 2018-01-29 | 2019-10-15 | 深圳市汇顶科技股份有限公司 | Access method, safety control module, chip and the commissioning device of chip |
| CN110337652B (en) * | 2018-01-29 | 2023-03-17 | 深圳市汇顶科技股份有限公司 | Chip access method, security control module, chip and debugging equipment |
| CN110798466A (en) * | 2019-10-29 | 2020-02-14 | 西安雷风电子科技有限公司 | Verification method and system for software license in virtual machine scene |
| CN110798466B (en) * | 2019-10-29 | 2021-11-19 | 西安雷风电子科技有限公司 | Verification method and system for software license in virtual machine scene |
| CN112925604A (en) * | 2019-11-20 | 2021-06-08 | 北京华耀科技有限公司 | Virtualization management platform and implementation method |
| CN112925604B (en) * | 2019-11-20 | 2024-04-19 | 北京华耀科技有限公司 | Virtualization management platform and implementation method |
| CN110968861A (en) * | 2019-12-02 | 2020-04-07 | 紫光云技术有限公司 | Security monitoring method based on license authentication of cluster virtual machine |
| CN111104665A (en) * | 2019-12-04 | 2020-05-05 | 紫光云(南京)数字技术有限公司 | Security monitoring method based on license authentication of cluster virtual machine |
| CN112751832A (en) * | 2020-12-18 | 2021-05-04 | 湖南麒麟信安科技股份有限公司 | Online authorization authentication method, equipment and storage medium for virtual machine operating system |
| CN113282376A (en) * | 2021-07-22 | 2021-08-20 | 北京关键科技股份有限公司 | UKey virtual machine penetration method applied to cloud platform architecture |
| CN114448986A (en) * | 2022-01-04 | 2022-05-06 | 上海弘积信息科技有限公司 | License control method based on MC centralized management system |
| CN114448986B (en) * | 2022-01-04 | 2024-03-01 | 上海弘积信息科技有限公司 | License control method based on MC centralized management system |
| CN115022065A (en) * | 2022-06-15 | 2022-09-06 | 聚好看科技股份有限公司 | License authentication method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103207965A (en) | Method and device for License authentication in virtual environment | |
| US10735329B2 (en) | Container communication method and system for parallel applications | |
| CN109104467B (en) | Development environment construction method and device, platform system and storage medium | |
| CN107493310B (en) | Cloud resource processing method and cloud management platform | |
| WO2019184164A1 (en) | Method for automatically deploying kubernetes worker node, device, terminal apparatus, and readable storage medium | |
| CN102932408B (en) | A kind of management method of server cluster and platform | |
| CN107707622B (en) | Method and device for accessing desktop cloud virtual machine and desktop cloud controller | |
| US20160205541A1 (en) | Apparatus For End-User Transparent Utilization of Computational, Storage, and Network Capacity of Mobile Devices, and Associated Methods | |
| WO2018113514A1 (en) | Cdn management system, method and apparatus | |
| EP3343364A1 (en) | Accelerator virtualization method and apparatus, and centralized resource manager | |
| CN105979009A (en) | Method for automatically balancing increased load of cloud application container | |
| CN111212116A (en) | High-performance computing cluster creating method and system based on container cloud | |
| CN103986786A (en) | Remote cloud desktop operation system | |
| CN103703724A (en) | Resource payment method | |
| CN103677858A (en) | Method, system and device for managing virtual machine software in cloud environment | |
| CN109358967B (en) | ME platform APP instantiation migration method and server | |
| CN112637304B (en) | Cross-cloud resource processing system and resource management method | |
| CN112905305A (en) | VPP-based cluster type virtualized data forwarding method, device and system | |
| CN104283970A (en) | Cloud computing service device and system and cloud computing method | |
| CN112099913A (en) | Method for realizing safety isolation of virtual machine based on OpenStack | |
| WO2017181829A1 (en) | Virtualization platform operation method and virtualization platform | |
| CN107479984A (en) | Message based distributed space data processing system | |
| CN103618758B (en) | Web server and system resource access control method thereof | |
| CN108540408B (en) | Openstack-based distributed virtual switch management method and system | |
| CN105072193A (en) | Cloud sea OS (Operating System) deployment method under multi-data centre |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130717 |
|
| RJ01 | Rejection of invention patent application after publication |