CN103607449A - Method, device and system for enterprise internal network physical machine to visit cloud storage virtual machine - Google Patents
Method, device and system for enterprise internal network physical machine to visit cloud storage virtual machine Download PDFInfo
- Publication number
- CN103607449A CN103607449A CN201310581295.1A CN201310581295A CN103607449A CN 103607449 A CN103607449 A CN 103607449A CN 201310581295 A CN201310581295 A CN 201310581295A CN 103607449 A CN103607449 A CN 103607449A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- message
- identification information
- physical machine
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a device and a system for an enterprise internal network physical machine to visit a cloud storage virtual machine. A gateway arranged in an enterprise internal network receives a message sent by a first physical machine. Locally pre-stored secret key management information is inquired according to first identification information, a corresponding first secret key of a user type to which a user is attributed is acquired, and the message is encrypted by applying the first secret key. Routing information is inquired according to second identification information, and the encrypted message is sent to a second physical machine in which the target virtual machine is located in cloud storage via a public network. The second physical machine inquires the locally stored information of the virtual machine user according to second identification information. The encrypted message is sent to a corresponding virtual network card of the target virtual machine. The message is decrypted by the virtual network card by applying the first secret key which is allocated by a built-in virtual machine managing device in advance. Therefore, reliability of transmission of the communication message is ensured, tedious steps in updating and improving all physical machine terminals in the enterprise internal network are avoided and communication efficiency is enhanced.
Description
Technical field
The embodiment of the present invention relates to communication technical field, relates in particular to a kind of method, apparatus and system of corporate intranet physical machine access cloud storage virtual machine.
Background technology
Along with the fast development of virtual machine technology and cloud treatment technology, in each physical machine in cloud storage, can dispose many virtual machines, each enterprise can rent as required in cloud storage and be deployed in the virtual machine in different physical machine.
When the physical machine access of enterprise customer by corporate intranet corresponding with user type under user, while being deployed in the target virtual machine of cloud in storing, the process that communication message is transferred to public network from corporate intranet is safe, but when the physical machine at target virtual machine place is transmitted storage from public network to cloud, increased the divulging a secret property of information.Therefore, in order to improve the reliability of communication message transmission, when in prior art, enterprise customer accesses relevant target virtual machine by the physical machine of corporate intranet, can increase the encryption processing module of communication message so that communication message is encrypted in physical machine terminal, thereby need to carry out upgrading to each physical machine terminal of initiating to access in corporate intranet, process is more loaded down with trivial details, and efficiency is lower.
Summary of the invention
For the above-mentioned defect of prior art, the embodiment of the present invention provides a kind of method, apparatus and system of corporate intranet physical machine access cloud storage virtual machine.
One aspect of the present invention provides a kind of method of corporate intranet physical machine access cloud storage virtual machine, comprising:
The gateway that is positioned at corporate intranet receives the message of the first physical machine transmission that is positioned at corporate intranet, and the heading of described message comprises the first identification information of user and the second identification information of target virtual machine;
Described gateway obtains according to the local key management information prestoring of described the first identification information inquiry the first key corresponding to user type belonging to described user, and applies described the first key the loading section of described message is encrypted;
Described gateway sends to second physical machine at target virtual machine place described in cloud storage according to the routing iinformation of described the second identification information inquiry pre-stored by encrypting message by public network, the virtual machine user information of storing according to described second identification information inquiry this locality for described the second physical machine, described encryption message is sent on the Microsoft Loopback Adapter corresponding with described target virtual machine so that described Microsoft Loopback Adapter application built-in, pre-assigned described the first key of virtual machine manager sends to described target virtual machine after described encryption message is decrypted to processing.
The present invention provides a kind of gateway that is positioned at corporate intranet on the other hand, comprising:
Receiver module, for receiving the message of the first physical machine transmission that is positioned at corporate intranet, the heading of described message comprises the first identification information of user and the second identification information of target virtual machine;
Encrypting module, for obtaining according to the local key management information prestoring of described the first identification information inquiry the first key corresponding to user type belonging to described user, and applies described the first key the loading section of described message is encrypted
Sending module, for sending to second physical machine at target virtual machine place described in cloud storage according to the routing iinformation of described the second identification information inquiry pre-stored by public network by encrypting message, the virtual machine user information of storing according to described second identification information inquiry this locality for described the second physical machine, described encryption message is sent on the Microsoft Loopback Adapter corresponding with described target virtual machine, so that described Microsoft Loopback Adapter application is built-in, pre-assigned described the first key of virtual machine manager sends to described target virtual machine after described encryption message is decrypted to processing.
Another aspect of the invention provides a kind of system of corporate intranet physical machine access cloud storage virtual machine, comprising: be arranged in the first physical machine of corporate intranet, second physical machine at cloud storage target virtual machine place and the above-mentioned gateway that is positioned at corporate intranet.
The method of the corporate intranet physical machine access cloud storage virtual machine that the embodiment of the present invention provides, equipment and system, owing at corporate intranet, gateway being set, this gateway communicates alternately with each physical machine terminal of corporate intranet on the one hand, communicate alternately with public network on the one hand, when corporate intranet user corresponding by user type under the first physical machine access and this user be deployed in the target virtual machine of cloud in storing time, according to the IP address of the gateway of storing in the first physical machine, communication message is sent to this gateway, this gateway obtains first key corresponding with this user according to the local key management information prestoring of the first identification information inquiry of user in heading, and apply this first key the loading section of this message is encrypted, then according to the routing iinformation of the second identification information inquiry pre-stored of target virtual machine, by encrypting message, by public network, send to second physical machine at target virtual machine place in cloud storage, the second physical machine is according to the virtual machine user information of the local storage of the second identification information inquiry, this encryption message is sent on the Microsoft Loopback Adapter corresponding with target virtual machine, so that Microsoft Loopback Adapter application is built-in, pre-assigned the first key of virtual machine manager sends to target virtual machine after this encryption message is decrypted to processing, thereby when guaranteeing communication message transmission reliability, avoided each physical machine terminal in corporate intranet all to carry out the loaded down with trivial details of upgrading, improved communication efficiency.
Accompanying drawing explanation
The corporate intranet physical machine that Fig. 1 provides for the embodiment of the present invention is accessed the flow chart of the method for cloud storage virtual machine;
The structural representation that is positioned at the gateway of corporate intranet that Fig. 2 provides for the embodiment of the present invention;
The corporate intranet physical machine that Fig. 3 provides for the embodiment of the present invention is accessed the structural representation of the system of cloud storage virtual machine.
Embodiment
The corporate intranet physical machine that Fig. 1 provides for the embodiment of the present invention is accessed the flow chart of the method for cloud storage virtual machine, and as shown in Figure 1, the method comprises:
Step 100, the gateway that is positioned at corporate intranet receives the message of the first physical machine transmission that is positioned at corporate intranet, and the heading of described message comprises the first identification information of user and the second identification information of target virtual machine;
At corporate intranet, gateway is set, this gateway communicates alternately with each physical machine terminal of corporate intranet on the one hand, communicates alternately on the one hand the IP address of storing this gateway in each physical machine terminal of corporate intranet with public network.During target virtual machine corresponding to user type in the user of corporate intranet need to be by the first physical machine access cloud storage under with self, first to the first physical machine, input the first identification information of this user, the first physical machine according to enterprise customer's log-on message of the local storage of this first identification information inquiry obtain the user type that this user belongs to and can conduct interviews for this user type, be deployed in the virtual machine on the physical machine in cloud storage, this user selects to communicate mutual target virtual machine from these virtual machines.After user has determined target virtual machine, according to the IP address of the gateway of storing in the first physical machine, will treat that mutual communication message sends to this gateway, the heading of this communication message comprises the first identification information of this user and the second identification information of target virtual machine.
Step 101, described gateway obtains according to the local key management information prestoring of described the first identification information inquiry the first key corresponding to user type belonging to described user, and applies described the first key the loading section of described message is encrypted;
When this gateway receives after the message of the first physical machine transmission, the heading of this message is resolved and obtained the first identification information of user and the second identification information of target virtual machine, then according to the local key management information prestoring of the first identification information inquiry of this user obtain with this user under the first key corresponding to user type, and apply this first key the loading section of this message be encrypted.
After gateway application the first key corresponding to user type affiliated with this user is encrypted the loading section of message, according to the routing iinformation of the second identification information inquiry pre-stored of target virtual machine, know the second identification information with target virtual machine corresponding be the IP address of the second physical machine, then according to the IP address of the second physical machine, the message after encryption is sent to the second physical machine.The second physical machine receives after the message of gateway transmission, according to the virtual machine user information of the local storage of the second identification information inquiry of target virtual machine in heading, know the identification information of the Microsoft Loopback Adapter corresponding with the second identification information of target virtual machine, then the second physical machine sends to this message on the Microsoft Loopback Adapter corresponding with target virtual machine according to the identification information of Microsoft Loopback Adapter, this Microsoft Loopback Adapter is responsible for the communication interaction between target virtual machine and corporate intranet physical machine, in this Microsoft Loopback Adapter, be built-in with the pre-assigned key corresponding with target virtual machine of virtual machine manager, the corresponding key agreement of user type that the user of this key and access destination virtual machine belongs to i.e. the first key, therefore, when Microsoft Loopback Adapter receives after the message of the encryption that the second physical machine sends, apply the first built-in key this message is decrypted to processing, and the message after decryption processing is sent to target virtual machine.
The method of the corporate intranet physical machine access cloud storage virtual machine that the present embodiment provides, owing at corporate intranet, gateway being set, this gateway communicates alternately with each physical machine terminal of corporate intranet on the one hand, communicate alternately with public network on the one hand, when corporate intranet user corresponding by user type under the first physical machine access and this user be deployed in the target virtual machine of cloud in storing time, according to the IP address of the gateway of storing in the first physical machine, communication message is sent to this gateway, this gateway obtains first key corresponding with this user according to the local key management information prestoring of the first identification information inquiry of user in heading, and apply this first key the loading section of this message is encrypted, then according to the routing iinformation of the second identification information inquiry pre-stored of target virtual machine, by encrypting message, by public network, send to second physical machine at target virtual machine place in cloud storage, the second physical machine is according to the virtual machine user information of the local storage of the second identification information inquiry, this encryption message is sent on the Microsoft Loopback Adapter corresponding with target virtual machine, so that Microsoft Loopback Adapter application is built-in, pre-assigned the first key of virtual machine manager sends to target virtual machine after this encryption message is decrypted to processing, thereby when guaranteeing communication message transmission reliability, avoided each physical machine terminal in corporate intranet all to carry out the loaded down with trivial details of upgrading, improved communication efficiency.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can complete by the relevant hardware of program command, aforesaid program can be stored in a computer read/write memory medium, this program, when carrying out, is carried out the step that comprises said method embodiment; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.
The structural representation that is positioned at the gateway of corporate intranet that Fig. 2 provides for the embodiment of the present invention, as shown in Figure 2, this gateway comprises: receiver module 11, encrypting module 12 and sending module 13, wherein, receiver module 11 is for receiving the message of the first physical machine transmission that is positioned at corporate intranet, and the heading of described message comprises the first identification information of user and the second identification information of target virtual machine, encrypting module 12 is for obtaining according to the local key management information prestoring of described the first identification information inquiry the first key corresponding to user type belonging to described user, and applies described the first key the loading section of described message is encrypted, sending module 13 is for sending to second physical machine at target virtual machine place described in cloud storage according to the routing iinformation of described the second identification information inquiry pre-stored by encrypting message by public network, the virtual machine user information of storing according to described second identification information inquiry this locality for described the second physical machine, described encryption message is sent on the Microsoft Loopback Adapter corresponding with described target virtual machine, so that described Microsoft Loopback Adapter application is built-in, pre-assigned described the first key of virtual machine manager sends to described target virtual machine after described encryption message is decrypted to processing.
Function and the handling process of each module of gateway that is arranged in corporate intranet that the present embodiment provides, can be referring to the embodiment of the method shown in above-mentioned Fig. 1, and it realizes principle and technique effect is similar, repeats no more herein.
The corporate intranet physical machine that Fig. 3 provides for the embodiment of the present invention is accessed the structural representation of the system of cloud storage virtual machine, as shown in Figure 3, this system comprises: the first physical machine 1 that is positioned at corporate intranet, second physical machine 3 at target virtual machine 2 places in cloud storage, and the gateway 4 that is positioned at corporate intranet, wherein, the gateway that is positioned at corporate intranet that the gateway 4 of corporate intranet can adopt the above embodiment of the present invention to provide is provided, be positioned at the first physical machine 1 of corporate intranet, target virtual machine 2 and the second physical machine 3 can adopt the first physical machine relating in the above embodiment of the present invention, target virtual machine and the second physical machine.
Function and the handling process of each module in the system of the corporate intranet physical machine access cloud storage virtual machine that the present embodiment provides, can be referring to the embodiment of the method shown in above-mentioned Fig. 1, and it realizes principle and technique effect is similar, repeats no more herein.
Finally it should be noted that: above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (3)
1. a method for corporate intranet physical machine access cloud storage virtual machine, is characterized in that, comprising:
The gateway that is positioned at corporate intranet receives the message of the first physical machine transmission that is positioned at corporate intranet, and the heading of described message comprises the first identification information of user and the second identification information of target virtual machine;
Described gateway obtains according to the local key management information prestoring of described the first identification information inquiry the first key corresponding to user type belonging to described user, and applies described the first key the loading section of described message is encrypted;
Described gateway sends to second physical machine at target virtual machine place described in cloud storage according to the routing iinformation of described the second identification information inquiry pre-stored by encrypting message by public network, the virtual machine user information of storing according to described second identification information inquiry this locality for described the second physical machine, described encryption message is sent on the Microsoft Loopback Adapter corresponding with described target virtual machine so that described Microsoft Loopback Adapter application built-in, pre-assigned described the first key of virtual machine manager sends to described target virtual machine after described encryption message is decrypted to processing.
2. a gateway that is positioned at corporate intranet, is characterized in that, comprising:
Receiver module, for receiving the message of the first physical machine transmission that is positioned at corporate intranet, the heading of described message comprises the first identification information of user and the second identification information of target virtual machine;
Encrypting module, for obtaining according to the local key management information prestoring of described the first identification information inquiry the first key corresponding to user type belonging to described user, and applies described the first key the loading section of described message is encrypted;
Sending module, for sending to second physical machine at target virtual machine place described in cloud storage according to the routing iinformation of described the second identification information inquiry pre-stored by public network by encrypting message, the virtual machine user information of storing according to described second identification information inquiry this locality for described the second physical machine, described encryption message is sent on the Microsoft Loopback Adapter corresponding with described target virtual machine, so that described Microsoft Loopback Adapter application is built-in, pre-assigned described the first key of virtual machine manager sends to described target virtual machine after described encryption message is decrypted to processing.
3. the system of corporate intranet physical machine access cloud storage virtual machine, it is characterized in that, comprising: be arranged in the first physical machine of corporate intranet, the second physical machine and the gateway that is positioned at corporate intranet as claimed in claim 2 at cloud storage target virtual machine place.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310581295.1A CN103607449A (en) | 2013-11-18 | 2013-11-18 | Method, device and system for enterprise internal network physical machine to visit cloud storage virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310581295.1A CN103607449A (en) | 2013-11-18 | 2013-11-18 | Method, device and system for enterprise internal network physical machine to visit cloud storage virtual machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103607449A true CN103607449A (en) | 2014-02-26 |
Family
ID=50125649
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310581295.1A Pending CN103607449A (en) | 2013-11-18 | 2013-11-18 | Method, device and system for enterprise internal network physical machine to visit cloud storage virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103607449A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106612266A (en) * | 2015-10-27 | 2017-05-03 | 阿里巴巴集团控股有限公司 | Network forwarding method and device |
| CN107465506A (en) * | 2017-09-19 | 2017-12-12 | 北京知道创宇信息技术有限公司 | For the client of encrypted transmission data, server, network system and method |
| CN108076090A (en) * | 2016-11-11 | 2018-05-25 | 华为技术有限公司 | Data processing method and storage management system |
| CN112804202A (en) * | 2020-12-30 | 2021-05-14 | 平安证券股份有限公司 | Multi-internetwork data security interaction method and device, server and storage medium |
| CN114726518A (en) * | 2022-03-31 | 2022-07-08 | 阿里云计算有限公司 | Communication method, device and system for cloud network system and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120096271A1 (en) * | 2010-10-15 | 2012-04-19 | Microsoft Corporation | Remote Access to Hosted Virtual Machines By Enterprise Users |
| CN102577270A (en) * | 2009-09-30 | 2012-07-11 | 阿尔卡特朗讯公司 | Scalable architecture for enterprise extension in a cloud topology |
| CN102739534A (en) * | 2005-09-21 | 2012-10-17 | 英特尔公司 | Method, apparatus and system for maintaining mobility resistant ip tunnels using mobile router |
| CN103368807A (en) * | 2012-04-05 | 2013-10-23 | 思科技术公司 | System and method for migrating application virtual machines in a network environment |
| US20130290694A1 (en) * | 2012-04-30 | 2013-10-31 | Cisco Technology, Inc. | System and method for secure provisioning of virtualized images in a network environment |
-
2013
- 2013-11-18 CN CN201310581295.1A patent/CN103607449A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739534A (en) * | 2005-09-21 | 2012-10-17 | 英特尔公司 | Method, apparatus and system for maintaining mobility resistant ip tunnels using mobile router |
| CN102577270A (en) * | 2009-09-30 | 2012-07-11 | 阿尔卡特朗讯公司 | Scalable architecture for enterprise extension in a cloud topology |
| US20120096271A1 (en) * | 2010-10-15 | 2012-04-19 | Microsoft Corporation | Remote Access to Hosted Virtual Machines By Enterprise Users |
| CN103368807A (en) * | 2012-04-05 | 2013-10-23 | 思科技术公司 | System and method for migrating application virtual machines in a network environment |
| US20130290694A1 (en) * | 2012-04-30 | 2013-10-31 | Cisco Technology, Inc. | System and method for secure provisioning of virtualized images in a network environment |
Non-Patent Citations (2)
| Title |
|---|
| 李小伟: "跨域虚拟机加密通信技术方案设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 跨域虚拟机加密通信技术方案设计与实现;李小伟;《中国优秀硕士学位论文全文数据库 信息科技辑》;20131115;第3章至第4章 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106612266A (en) * | 2015-10-27 | 2017-05-03 | 阿里巴巴集团控股有限公司 | Network forwarding method and device |
| CN106612266B (en) * | 2015-10-27 | 2020-05-08 | 阿里巴巴集团控股有限公司 | Network forwarding method and equipment |
| CN108076090A (en) * | 2016-11-11 | 2018-05-25 | 华为技术有限公司 | Data processing method and storage management system |
| CN107465506A (en) * | 2017-09-19 | 2017-12-12 | 北京知道创宇信息技术有限公司 | For the client of encrypted transmission data, server, network system and method |
| CN112804202A (en) * | 2020-12-30 | 2021-05-14 | 平安证券股份有限公司 | Multi-internetwork data security interaction method and device, server and storage medium |
| CN112804202B (en) * | 2020-12-30 | 2023-04-11 | 平安证券股份有限公司 | Multi-internetwork data security interaction method and device, server and storage medium |
| CN114726518A (en) * | 2022-03-31 | 2022-07-08 | 阿里云计算有限公司 | Communication method, device and system for cloud network system and storage medium |
| CN114726518B (en) * | 2022-03-31 | 2023-05-26 | 阿里云计算有限公司 | Communication method, device and system for cloud network system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7434342B2 (en) | Container builder for personalized network services | |
| EP3337219B1 (en) | Carrier configuration processing method, device and system, and computer storage medium | |
| CN103384237A (en) | Method for sharing IaaS cloud account, shared platform and network device | |
| CN103607449A (en) | Method, device and system for enterprise internal network physical machine to visit cloud storage virtual machine | |
| CN105007577A (en) | Virtual SIM card parameter management method, mobile terminal and server | |
| CN103441997A (en) | Content sharing method, device and system | |
| CN104125558B (en) | A kind of client-based method for processing business, equipment and system | |
| CN103595790A (en) | Remote accessing method for device, thin client side and virtual machine | |
| CN102710412B (en) | Method and device for compatible management of encryption algorithm | |
| EP2869232A1 (en) | Security key device for secure cloud services, and system and method of providing security cloud services | |
| CN106550037A (en) | A kind of method and device of server data sharing | |
| CN105101183A (en) | Method and system for protecting private contents at mobile terminal | |
| CN107733882A (en) | SSL certificate automatically dispose method and apparatus | |
| WO2012107924A2 (en) | System and method for managing usage rights of software applications | |
| CN113766034A (en) | Service processing method and device based on block chain | |
| CN111259364B (en) | Method, device, equipment and storage medium for using national secret encryption card | |
| CN102801686B (en) | Apparatus control method, main equipment, from equipment and master-slave equipment group | |
| CN111066014A (en) | Apparatus, method and program for remotely managing devices | |
| CN108111528A (en) | A kind of anti-phishing method and system based on block chain | |
| CN108737338A (en) | A kind of authentication method and system | |
| CN110321678A (en) | A kind of control method of virtual system, device, equipment and medium | |
| CN103560948A (en) | Communication method, device and system between virtual machines | |
| CN107077633A (en) | Information processor, information processing method and program | |
| CN103530169A (en) | Method for protecting virtual machine files and user terminal | |
| CN104158817A (en) | Data packet forwarding method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140226 |