CN104038444B - A kind of method of resource allocation, equipment and system - Google Patents
A kind of method of resource allocation, equipment and system Download PDFInfo
- Publication number
- CN104038444B CN104038444B CN201310069870.XA CN201310069870A CN104038444B CN 104038444 B CN104038444 B CN 104038444B CN 201310069870 A CN201310069870 A CN 201310069870A CN 104038444 B CN104038444 B CN 104038444B
- Authority
- CN
- China
- Prior art keywords
- resource
- security domain
- virtual
- domain
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of method of resource allocation, for each security domain distributes private resource group in resource pool, after receiving the resource allocation request of security domain transmission, it is the security domain distribution resource in the private resource group of the security domain when determining that the private resource group of the security domain meets the resource of the safe domain request;When the private resource group of the security domain is unsatisfactory for the resource of the safe domain request, in the resource pool it is the safe domain scheduling and distributes the resource of the safe domain request.The present invention further simultaneously discloses a kind of resource allocation apparatus and system, using the solution of the present invention, can solve the problems, such as the resource-sharing across security domain, can improve the utilization rate of resource, and the safety standard requirements of security domain can be met again.
Description
Technical field
The present invention relates to system for cloud computing safe practice, more particularly to a kind of method of resource allocation, equipment and system.
Background technology
At present, in the network environment of multiple security domains, using Intel Virtualization Technology carry out Internet technology (IT,
Internet Technology) architecture resource consolidation, it is desirable in the case where number of servers is greatly decreased, improve
The flexible of computing resource is shared, and maintains original security domain environment to meet the network security code requirement of enterprise as much as possible.
Conventional thinking is to dispose more host servers, or for host server adds network interface card as much as possible, to meet multiple
The access of security domain needs.But, blade server environment is implemented under cloud computing and virtualized environment, computing environment more,
Blade server has a highdensity computing resource, and its network interface card extended capability is than relatively limited, therefore, have at present two kinds it is common
Method for designing:
1st, the application system higher for security requirement, considers emphatically security requirement, respectively corresponding security domain
The independent resource pool of planning, in the way of independent resource pond, i.e., one resource pool one mode of security domain of correspondence, preferably for
The security of computing resource and applied environment provides safeguard.But, the method cannot realize that the resource between different security domains is total to
Enjoy, resource utilization is than relatively low.
2nd, the application system general for security requirement, considers that emphatically the flexibly shared of computing resource requires, can be by original
The multiple security domains having are integrated into a big security domain, while planning a big resource pool, i.e., the large resource pond pair of
A big security domain is answered, the flexibly shared and dynamic migration of computing resource is better achieved.Although the method can realize money
All resources in the pond of source are flexibly shared, but all applications are deployed in a big security domain, the security of application system compared with
Will be decreased before integration.
The content of the invention
In view of this, it is a primary object of the present invention to provide a kind of method of resource allocation, equipment and system, can solve
Across the resource-sharing problem of security domain, while the safety standard requirements of security domain can be met.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of method of resource allocation, for each security domain distributes private resource group in resource pool, methods described includes:
After receiving the resource allocation request of security domain transmission, determine that the private resource group of the security domain meets the peace
It is the security domain distribution resource in the private resource group of the security domain during resource of universe request;The security domain
When private resource group is unsatisfactory for the resource of the safe domain request, in the resource pool it is the safe domain scheduling and distributes institute
State the resource of safe domain request.
Preferably, the private resource group includes more than one blade server, one blade service above
Device provides virtual machine as the resource in private resource group.
Preferably, the method also includes:
For each security domain sets special virtual group;
For the blade server sets virtual switch, virtual network interface card;Wherein, the virtual machine is by virtual
Virtual port on interchanger is connected with the virtual switch;The blade server by virtual network interface card with it is virtual
Group is connected;
It is described to be the safe domain scheduling in the resource pool and distribute the resource of the safe domain request, including:
It is the safe domain scheduling idling-resource in the resource pool, according to the virtual terminal on virtual machine and virtual switch
Dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, void between mouthful
Intend the dynamic logic mapping status between NIC and virtual group, the scheduled corresponding dynamic logic of idling-resource of association is reflected
Penetrate.
Preferably, methods described also includes:
After receiving the resource release request of the security domain, cancel corresponding with the Current resource of the security domain each dynamic
The association of state logical mappings.
A kind of cloud computing management platform, the cloud computing management platform includes receiving unit, determining unit and resource allocation
Unit;Wherein,
The receiving unit, the resource allocation request for receiving security domain transmission;
Whether the determining unit, the private resource group for determining the security domain meets the money of the safe domain request
Source, and will determine that result notifies resource allocation unit;
The resource allocation unit, for meeting the peace in the private resource group that the determination result is the security domain
It is the security domain distribution resource in the private resource group of the security domain during resource of universe request;Determine knot described
It is the peace in the resource pool when being really unsatisfactory for the resource of the safe domain request for the private resource group of the security domain
Universe is dispatched and distributes the resource of the safe domain request.
Preferably, the cloud computing management platform also includes:
Dispensing unit, for being each security domain distribution private resource group in resource pool;Wherein, the private resource group
Including more than one blade server, one blade server above provides virtual machine as in private resource group
Resource;And, it is that each security domain sets special virtual group;And, it is that the blade server more than one sets empty
Intend interchanger, virtual network interface card;Wherein, the virtual machine is by the virtual port on virtual switch and the virtual friendship
Change planes connected;The blade server is connected by virtual network interface card with virtual group.
Preferably, the resource allocation unit, is additionally operable to according between the virtual port on virtual machine and virtual switch
Dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, virtual network
Dynamic logic mapping status between interface card and virtual group, is associated as the corresponding dynamic of idling-resource that security domain distributed and patrols
Collect mapping.
Preferably, the receiving unit, is additionally operable to receive the resource release request that security domain sends;
Corresponding, the resource allocation unit is additionally operable to cancel each dynamic corresponding with the Current resource of the security domain
The association of logical mappings.
A kind of resource allocation system, the system includes cloud computing management platform, resource pool and security domain;Wherein,
The cloud computing management platform, for after the resource allocation request for receiving security domain transmission, determining the safety
It is the safety in the private resource group of the security domain when private resource group in domain meets the resource of the safe domain request
Resource is distributed in domain;When the private resource group of the security domain is unsatisfactory for the resource of the safe domain request, in the resource pool
For the safe domain scheduling and distribute the resource of the safe domain request;
The resource pool, for providing resource for security domain;
The security domain, for sending resource allocation request to cloud computing management platform;It is additionally operable to flat to cloud computing management
Platform sends resource release request.
Preferably, the cloud computing management platform is the cloud computing management platform described in any one of claim 5 to 8.
The method of resource allocation, equipment and system that the present invention is provided, for each security domain distributes special in resource pool
Resource group, after receiving the resource allocation request of security domain transmission, determines that the private resource group of the security domain meets the peace
It is the security domain distribution resource in the private resource group of the security domain during resource of universe request;The security domain
When private resource group is unsatisfactory for the resource of the safe domain request, in the resource pool it is the safe domain scheduling and distributes institute
State the resource of safe domain request.The present invention using cloud computing management platform the resource in resource pool is carried out performance collection analysis with
Dynamic resource scheduling such that it is able to neatly realize the resource-sharing between different security domains, disclosure satisfy that multiple security domains
Access demand;Meanwhile, using data link layer network technology end to end in resource pool, realize patrolling for different security domain resources
Security isolation is collected, so that it is guaranteed that the secure border of existing security domain keeps constant.The technical scheme provided by the present invention, can solve
Certainly across the resource-sharing problem of security domain, the utilization rate of resource can be improved, the safety standard requirements of security domain can be met again.
Brief description of the drawings
Fig. 1 is that resource allocation methods of the present invention realize schematic flow sheet;
Fig. 2 is the composition structural representation of cloud computing management platform of the present invention;
Fig. 3 is the composition structural representation of resource allocation system of the present invention;
Fig. 4 is the composition structural representation of the logical architecture of embodiment of the present invention resource pool;
Fig. 5 realizes schematic flow sheet for embodiment of the present invention resource dynamic dispatching;
Fig. 6 is a kind of schematic diagram of the logical architecture of resource allocation system of the embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is further described in more detail.
Fig. 1 is that resource allocation methods of the present invention realize schematic flow sheet, as shown in figure 1, the method is comprised the following steps:
Step 101:Receive the resource allocation request that security domain sends;
Step 102:When determining that the private resource group of the security domain meets the resource of the safe domain request, in the peace
It is the security domain distribution resource in the private resource group of universe;The private resource group of the security domain is unsatisfactory for the security domain
During the resource of request, in the resource pool it is the safe domain scheduling and distributes the resource of the safe domain request.
Specifically, for each security domain distributes private resource group in resource pool;Wherein, the private resource group includes one
Blade server more than individual, one blade server above provides virtual machine as the resource in private resource group.
Specifically, the method also includes:
For each security domain sets special virtual group;
For the blade server sets virtual switch, virtual network interface card;Wherein, the virtual machine is by virtual
Virtual port on interchanger is connected with the virtual switch;The blade server by virtual network interface card with it is virtual
Group is connected.
It is the safe domain scheduling in the resource pool and distributes the resource of the safe domain request specifically, described,
Including:
It is the safe domain scheduling idling-resource in the resource pool, according to the virtual terminal on virtual machine and virtual switch
Dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, void between mouthful
Intend the dynamic logic mapping status between NIC and virtual group, the scheduled corresponding dynamic logic of idling-resource of association is reflected
Penetrate.
Such as, certain security domain sends resource allocation request to cloud computing management platform, and cloud computing management platform is to resource pool
Resource information be acquired, when the private resource group of the security domain is unsatisfactory for the resource of the safe domain request, described
It is the safe domain scheduling in resource pool and distributes idling-resource, and pair virtual network interface card corresponding with the security domain
Logical mappings between virtual group, and, the logical mappings between virtual switch and virtual network interface card, and cloud meter
The dynamic logic mapping calculated between the virtual machine and virtual port that management platform is the security domain distribution is associated, so that on
The state for stating dynamic logic mapping is in connected state, then, can be the security domain distribution by cloud computing management platform
Virtual machine accesses the security domain.
Specifically, methods described also includes:
After receiving the resource release request of the security domain, cancel corresponding with the Current resource of the security domain each dynamic
The association of state logical mappings.
Fig. 2 is a kind of composition structural representation of cloud computing management platform of the invention, as shown in Fig. 2 the cloud computing pipe
Platform includes receiving unit 22, determining unit 23 and resource allocation unit 24;Wherein,
The receiving unit 22, the resource allocation request for receiving security domain transmission;
Whether the determining unit 23, the private resource group for determining the security domain meets the safe domain request
Resource, and will determine that result notifies resource allocation unit 24;
The resource allocation unit 24, for meeting described in the private resource group that the determination result is the security domain
It is the security domain distribution resource in the private resource group of the security domain during resource of safe domain request;In the determination
It is described in the resource pool when result is that the private resource group of the security domain is unsatisfactory for the resource of the safe domain request
Safe domain scheduling simultaneously distributes the resource of the safe domain request.
Specifically, the cloud computing management platform also includes:
Dispensing unit 21, for being each security domain distribution private resource group in resource pool;Wherein, the private resource
Group includes more than one blade server, and one blade server above provides virtual machine as in private resource group
Resource;And, it is that each security domain sets special virtual group;And, it is that the blade server more than one is set
Virtual switch, virtual network interface card;Wherein, the virtual machine is virtual with described by the virtual port on virtual switch
Interchanger is connected;The blade server is connected by virtual network interface card with virtual group.
Specifically, the resource allocation unit 23, be additionally operable to according to the virtual port on virtual machine and virtual switch it
Between dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, virtual net
Dynamic logic mapping status between network interface card and virtual group, is associated as the corresponding dynamic of idling-resource that security domain is distributed
Logical mappings.
Specifically, the receiving unit 22, is additionally operable to receive the resource release request that security domain sends;
Corresponding, the resource allocation unit 23 is additionally operable to cancel corresponding with the Current resource of the security domain each dynamic
The association of state logical mappings.
Fig. 3 is the composition structural representation of resource allocation system of the present invention, as shown in figure 3, the system includes cloud computing
Management platform 31, resource pool 32 and security domain 33;Wherein,
The cloud computing management platform 31, for after the resource allocation request for receiving the transmission of security domain 33, it is determined that described
When the private resource group of security domain 33 meets the resource of the safe domain request, it is in the private resource group of the security domain 33
The security domain 33 distributes resource;When the private resource group of the security domain 33 is unsatisfactory for the resource of the request of the security domain 33,
It is that the resource that the security domain 33 is asked is dispatched and distributed to the security domain 33 in the resource pool 32;
The resource pool 32, for providing resource for security domain 33;
The security domain 33, for sending resource allocation request to cloud computing management platform 31;It is additionally operable to cloud computing pipe
Platform 31 sends resource release request.
Here, the composition structure of the cloud computing management platform 31 is composition structural representation as shown in Figure 2.
Fig. 4 is the composition structural representation of the logical architecture of embodiment of the present invention resource pool, as shown in figure 4, resource pool master
Switching Module 42 that will be by blade server 41 and on blade server case 40 is constituted;Wherein,
Blade server 41, for providing resource for security domain 44;
Switching Module 42, the resource for blade server to be provided accesses security domain.
Specifically, the blade server 41 includes:Virtual machine (VM, Virtual Machine) 410, virtual switch
(VS, Virtual Switch) 413, virtual network interface card (VNIC, Virtual Network Interface
Controller)415;Wherein,
Virtual machine 410, for providing resource for each security domain 44;
Virtual switch 413, for being attached with Switching Module 42 by virtual network interface card 415;
Virtual network interface card 415, for connecting virtual switch 413 and Switching Module 42.
Here, the virtual port (Portgroup) 412 of virtual switch, by VLAN (VLAN, Virtual
Local Area Network) sequence number (ID, IDentity) by virtual machine 410 be divided into corresponding security domain 44 difference son
The network segment;
Virtual network interface card 415 is that the physical port on blade server 41 fictionalizes the subport come, wherein, each
Physical port can support multiple virtual network interface cards 415, meet the use needs of the multiple network interfaces of blade server 41 pairs.
Specifically, the Switching Module 42 includes:Virtual group (VG, Virtual Group) 427;Wherein,
The virtual group 427, for Switching Module 42 to be divided into the different network segments;It is additionally operable to by virtual network interface card
415 are connected with virtual switch 413, and, be additionally operable to by Switching Module 42 outreach physical port (EXT) 428 realize with
The connection of outside physical network, meets the access needs of different security domains 44.
Here, the physical network of the outside is security domain (Secure Zone) 44;
It is described to outreach physical port 428, the access with each security domain 44 is realized by optical patchcord.
Specifically, the logical mappings 411 between the virtual port 412 of virtual machine 410 and virtual switch 413, for reality
Virtual machine 410 is now accessed the different sub-network section of corresponding security domain 44;Virtual switch 413 and virtual network interface card 415 it
Between logical mappings 414, the interconnection and interflow of virtual switch 413 and security domain 44 can be realized by virtual group 427;Virtual network
Logical mappings 426 between interface card 415 and virtual group 427, realize blade server 41 with different segment on Switching Module 42
The interconnection and interflow of group.
Here, there are clear and definite network security border and peace in the network security domain that security domain 44 is drawn for the production network planning of enterprise
Full code requirement, network interconnection intercommunication is realized in the core exchange area between different security domains by enterprise.
Be divided into for resource pool by the present embodiment:Pre-configured fixed resource and dynamic resource two parts of schedulable.
1) pre-configured fixed resource
Pre-configured fixed resource refers to be planned according to system architecture, part resource that can be pre-configured, ordinary circumstance
Under, no longer it is modified after the completion of fixed resource configuration, to ensure stabilization, reliability and the security of whole system framework.Gu
Determining resource mainly includes virtual machine 410, virtual port 412, virtual switch 413, virtual network interface card 415, virtual group
427th, physical port 428 and security domain 44 etc. are outreached, its deployment way is as follows:
Virtual machine 410, using pre-configured virtual machine image, can quickly realize that virtual machine 410 is disposed, and lead to
The scheduling for crossing dynamic resource easily accesses corresponding security domain 44;
Virtual port 412 and virtual switch 413, plan and configure in advance;Virtual switch 413 and security domain 44 it
Between also realize corresponding deployment, i.e. virtual port 412 that then different application according to corresponding security domain 44 needs the VLAN for accessing
The network segment is configured;
Virtual network interface card 415, due to the subport limited amount that physical port on blade server 41 can be virtualized,
Needing to be accessed according to actual security domain needs dynamic to be scheduled;
Physical port 428 and virtual group 427, the part of security domain 44 are outreached, according to the security domain 44 that resource pool needs to access
Plan and configure in advance, i.e., virtual group 427, outreach between physical port 428 and security domain 44 realize correspond deployment, jump
Line and configuration are substantially stationary, and then can neatly meet the access needs of dynamic resource allocation.
2) dynamic resource of schedulable
The dynamic resource of schedulable refers to need the resource that dynamic is scheduled according to actual needs.By dynamic money
The scheduling in source, can easily and flexibly realize the shared across security domain of resource, improve resource utilization.Dynamic resource mainly includes:
Dynamic logic mapping 411 between virtual machine 410 and virtual port 412, can realize not Tongan City by VLAN tag
Data link layer network security isolation between universe resource;
Dynamic logic mapping 414 between virtual switch 413 and virtual network interface card 415, can be by virtual group
427, realize the connection between virtual switch 413 and corresponding security domain 44;
Dynamic logic mapping 426 between virtual network interface card 415 and virtual group 427, is capable of achieving virtual network interface
Associating and data link layer network security isolation between card 415 and each security domain 44.
The present invention realizes across the security domain spirit of resource by the planning and configuration and flexible dispatching to each component in logical architecture
The security boundary of shared and security domain living.
Fig. 5 realizes schematic flow sheet for embodiment of the present invention resource dynamic dispatching, as shown in figure 5, the flow include with
Lower step:
Step 501:Security domain sends resource allocation request to cloud computing management platform, then performs step 502;
Step 502:Cloud computing management platform is carried out according to the resource allocation request of security domain, the resource information to resource pool
Collection, checks whether the interior blade server corresponding with the security domain of the resource pool meets the resource Shen of the security domain
Please, if be unsatisfactory for, step 503 is performed;Otherwise, step 504 is performed;
Step 503:Cloud computing management platform carries out scheduling of resource;Then, step 504 is performed;
Here, if the blade server corresponding with the security domain cannot meet the Shen of the security domain in resource pool
Please resource requirement, then cloud computing management platform carry out scheduling of resource, i.e., from the blade server of other available free resources extend
Resource.
Step 504:Cloud computing management platform is that security domain distributes resource, creates virtual machine, then performs step 505;
Here, cloud computing management platform is corresponding with the security domain in resource pool, have enough computing resources and net
Resource allocation and virtual machine creating are carried out on the blade server of network resource.
Step 505:Cloud computing management platform disposes virtual machine environment, and checks network configuration, then performs step 506;
Step 506:Cloud computing management platform is checked whether and meets security domain access conditions, if be unsatisfactory for, performs step
507;Otherwise, step 509 is performed;
Here, if the virtual network interface card corresponding with the security domain and virtual group, virtual switch and virtual net
Network interface card has interconnected, then meet the access conditions requirement of corresponding security domain.
Step 507:Cloud computing management platform scheduling association virtual network interface card and virtual group, make and the security domain phase
The virtual network interface card of matching is connected with virtual group;Then step 508 is performed;
Step 508:Cloud computing management platform scheduling association virtual switch and virtual network interface card, make and the safety
The virtual switch that domain matches is connected with virtual network interface card;Then step 509 is performed;
Step 509:Cloud computing management platform associated virtual machine and respective virtual port, realize that virtual machine accesses corresponding peace
Universe;Then step 510 is performed;
Step 510:Cloud computing management platform updates the resource information in resource pool.
The present invention carries out information gathering, resource by cloud computing management platform to the dynamic resource of fixed resource and schedulable
The operations such as distribution, security domain access conditions are checked, scheduling of resource association, realize the rapid deployment and dynamic point across security domain resource
Match somebody with somebody, meet the resource bid demand of each security domain;Meanwhile, can be by cancelling the dynamic resource of corresponding security domain to idle resource
Association, carries out resource release and reclaims, and really realizes the flexibility of resource pool and scalability under cloud computing environment.
Under cloud computing environment, controlled by the Automatic dispatching of the above-mentioned dynamic resource to schedulable, it is ensured that in resource pool
Resource easily meet the distribution of each security domain and use needs, fully realize the flexibly shared and high usage of resource.
Fig. 6 is a kind of schematic diagram of the logical architecture of resource allocation system of the embodiment of the present invention, as shown in fig. 6, the system
It is related to ten resource-sharing requirements of security domain, because the physical port of each blade server can only at most support four virtually
NIC, i.e. each blade server can only at most meet four accesses of security domain simultaneously, and the present embodiment is used by platform
Blade server staggers the mode of security domain, such as:Blade server 1 supports the access of security domain 1,2,3,4, blade server 2
Access of security domain 2,3,4,5 etc. is supported, so as to farthest realize the flexibly shared of resource.
Wherein, pre-configured fixed resource includes virtual machine, virtual port, virtual switch, virtual network interface card, void
Plan group, outreach the parts such as physical port and security domain.Virtual group n, physics outreach port n and security domain n and correspond fixed company
Connect, therefore, the dynamic dispatching of resource pool internal resource does not influence the connection of security domain.Virtual switch is handed over using distributed virtual
Change planes, and be the pre-configured good corresponding virtual switch of each security domain, meet the access needs of each security domain VLAN.
The dynamic resource of schedulable includes:Between virtual machine and virtual port dynamic logic mapping, virtual switch with
Dynamic logic mapping between virtual network interface card, the dynamic logic mapping between virtual network interface card and virtual group.
Here, the scheduling of dynamic resource, is carried out by cloud computing management platform according to the resource allocation request of each security domain
Automation association, so as to each blade server realized in resource pool can neatly access different security domains, and then meets
Across the resource-sharing of security domain.Meanwhile, the network technology of the end-to-end use data link layer in resource pool inside is realized across security domain
The security isolation of resource, the network architecture of existing security domain is not influenceed, meets safety standard requirements.
The above, only presently preferred embodiments of the present invention is not intended to limit the scope of the present invention.
Claims (5)
1. a kind of method of resource allocation, it is characterised in that described for each security domain distributes private resource group in resource pool
Method includes:
After receiving the resource allocation request of security domain transmission, determine that the private resource group of the security domain meets the security domain
It is the security domain distribution resource in the private resource group of the security domain during resource of request;The security domain it is special
When resource group is unsatisfactory for the resource of the safe domain request, in the resource pool it is the safe domain scheduling and distributes the peace
The resource of universe request;
The private resource group includes more than one blade server, and one blade server above provides virtual machine
As the resource in private resource group;
For each security domain sets special virtual group;
For the blade server sets virtual switch, virtual network interface card;Wherein, the virtual machine passes through virtual switch
Virtual port on machine is connected with the virtual switch;The blade server passes through virtual network interface card and virtual group phase
Even;
It is described to be the safe domain scheduling in the resource pool and distribute the resource of the safe domain request, including:
Be the safe domain scheduling idling-resource in the resource pool, according to the virtual port on virtual machine and virtual switch it
Between dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, virtual net
Dynamic logic mapping status between network interface card and virtual group, the corresponding dynamic logic mapping of the scheduled idling-resource of association.
2. method according to claim 1, it is characterised in that methods described also includes:
After receiving the resource release request of the security domain, cancel each dynamic corresponding with the Current resource of the security domain and patrol
Collect the association of mapping.
3. a kind of cloud computing management platform, it is characterised in that the cloud computing management platform include receiving unit, determining unit,
Dispensing unit and resource allocation unit;Wherein,
The receiving unit, the resource allocation request for receiving security domain transmission;
Whether the determining unit, the private resource group for determining the security domain meets the resource of the safe domain request,
And will determine that result notifies resource allocation unit;
The dispensing unit, for being each security domain distribution private resource group in resource pool;Wherein, the private resource group
Including more than one blade server, one blade server above provides virtual machine as in private resource group
Resource;And, it is that each security domain sets special virtual group;And, it is that the blade server more than one sets empty
Intend interchanger, virtual network interface card;Wherein, the virtual machine is by the virtual port on virtual switch and the virtual friendship
Change planes connected;The blade server is connected by virtual network interface card with virtual group;
The resource allocation unit, for meeting the security domain in the private resource group that the determination result is the security domain
It is the security domain distribution resource in the private resource group of the security domain during resource of request;It is in the determination result
It is the security domain in the resource pool when private resource group of the security domain is unsatisfactory for the resource of the safe domain request
Dispatch and distribute the resource of the safe domain request;
And, according to dynamic logic mapping status, virtual switch between the virtual port on virtual machine and virtual switch
Reflected with the dynamic logic mapping status between virtual network interface card, the dynamic logic between virtual network interface card and virtual group
State is penetrated, the corresponding dynamic logic mapping of idling-resource that security domain is distributed is associated as.
4. cloud computing management platform according to claim 3, it is characterised in that
The receiving unit, is additionally operable to receive the resource release request that security domain sends;
Corresponding, the resource allocation unit is additionally operable to cancel each dynamic logic corresponding with the Current resource of the security domain
The association of mapping.
5. a kind of resource allocation system, it is characterised in that the system is included described in resource pool, security domain, claim 3 or 4
Cloud computing management platform;Wherein,
The cloud computing management platform, for after the resource allocation request for receiving security domain transmission, determining the security domain
It is the security domain point in the private resource group of the security domain when private resource group meets the resource of the safe domain request
With resource;It is institute in the resource pool when private resource group of the security domain is unsatisfactory for the resource of the safe domain request
State safe domain scheduling and distribute the resource of the safe domain request;
The resource pool, for providing resource for security domain;
The security domain, for sending resource allocation request to cloud computing management platform;It is additionally operable to be sent out to cloud computing management platform
Send resource release request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310069870.XA CN104038444B (en) | 2013-03-05 | 2013-03-05 | A kind of method of resource allocation, equipment and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310069870.XA CN104038444B (en) | 2013-03-05 | 2013-03-05 | A kind of method of resource allocation, equipment and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104038444A CN104038444A (en) | 2014-09-10 |
CN104038444B true CN104038444B (en) | 2017-05-31 |
Family
ID=51469036
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310069870.XA Active CN104038444B (en) | 2013-03-05 | 2013-03-05 | A kind of method of resource allocation, equipment and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104038444B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105743821B (en) * | 2014-12-12 | 2019-12-17 | 中兴通讯股份有限公司 | Method and system for preventing conflict of resources occupied by logic switch |
CN105991738B (en) * | 2015-02-27 | 2019-05-14 | ***通信集团四川有限公司 | Method and system across security domain resource-sharing in a kind of cloud resource pond |
CN109120555B (en) * | 2017-06-26 | 2022-10-14 | 中兴通讯股份有限公司 | Resource allocation method and system |
CN109190420B (en) * | 2018-09-11 | 2020-08-25 | 网御安全技术(深圳)有限公司 | Server encryption and decryption blade, system and encryption and decryption method |
CN111083088B (en) * | 2018-10-19 | 2022-03-04 | 中电太极(集团)有限公司 | Cloud platform hierarchical management method and device based on multiple security domains |
CN109525581B (en) * | 2018-11-19 | 2021-01-26 | ***通信集团广东有限公司 | Cloud resource security management and control method and system |
CN109617720B (en) * | 2018-12-11 | 2022-02-25 | 郑州云海信息技术有限公司 | Method and device for distributing network resources |
CN110933147B (en) * | 2019-11-15 | 2020-07-17 | 链睿信息服务(南通)有限公司 | Information technology analysis system based on cloud computing |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101163133A (en) * | 2006-10-10 | 2008-04-16 | 中国科学院计算技术研究所 | Communication system and method of implementing resource sharing under multi-machine virtual environment |
CN102103518A (en) * | 2011-02-23 | 2011-06-22 | 运软网络科技(上海)有限公司 | System for managing resources in virtual environment and implementation method thereof |
CN102317914A (en) * | 2011-08-01 | 2012-01-11 | 华为技术有限公司 | Methods, system and devices for managing virtual resources |
CN102761469A (en) * | 2011-04-27 | 2012-10-31 | 阿里巴巴集团控股有限公司 | Allocation method and device for resource pool |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7257815B2 (en) * | 2001-09-05 | 2007-08-14 | Microsoft Corporation | Methods and system of managing concurrent access to multiple resources |
US8767535B2 (en) * | 2007-07-11 | 2014-07-01 | Hewlett-Packard Development Company, L.P. | Dynamic feedback control of resources in computing environments |
-
2013
- 2013-03-05 CN CN201310069870.XA patent/CN104038444B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101163133A (en) * | 2006-10-10 | 2008-04-16 | 中国科学院计算技术研究所 | Communication system and method of implementing resource sharing under multi-machine virtual environment |
CN102103518A (en) * | 2011-02-23 | 2011-06-22 | 运软网络科技(上海)有限公司 | System for managing resources in virtual environment and implementation method thereof |
CN102761469A (en) * | 2011-04-27 | 2012-10-31 | 阿里巴巴集团控股有限公司 | Allocation method and device for resource pool |
CN102317914A (en) * | 2011-08-01 | 2012-01-11 | 华为技术有限公司 | Methods, system and devices for managing virtual resources |
Also Published As
Publication number | Publication date |
---|---|
CN104038444A (en) | 2014-09-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104038444B (en) | A kind of method of resource allocation, equipment and system | |
CN107278362B (en) | The method of Message processing, host and system in cloud computing system | |
CN103369027B (en) | Location aware Virtual Service in mixing cloud environment is equipped with | |
CN103827825B (en) | Virtual resource object component | |
CN105207798B (en) | Service arrangement method and device in software defined network | |
CN109067827B (en) | Kubernetes and OpenStack container cloud platform-based multi-tenant construction method, medium and equipment | |
CN106385329B (en) | Processing method, device and the equipment of resource pool | |
CN102571698B (en) | Access authority control method, system and device for virtual machine | |
CN105991738B (en) | Method and system across security domain resource-sharing in a kind of cloud resource pond | |
CN107580083A (en) | A kind of method and system of container IP address distribution | |
CN110088732A (en) | A kind of data package processing method, host and system | |
CN106506620A (en) | Cloud desktop intelligent terminal management system | |
CN103685608B (en) | A kind of method and device for automatically configuring secure virtual machine IP address | |
EP2892181A1 (en) | Method, device and physical host for managing physical network card | |
CN104468574B (en) | A kind of method, system and device of virtual machine dynamic access IP address | |
CN105684357A (en) | Management of addresses in virtual machines | |
CN106055381A (en) | Method and apparatus for creating virtual machine | |
KR20170000568A (en) | Apparatus and method for virtual desktop service based on in-memory | |
CN106941516A (en) | Isomery field apparatus Control management system based on industry internet operating system | |
CN109343929A (en) | A kind of multi-screen interaction method and system based on the shared video memory of virtualization | |
CN108370328A (en) | A kind of management method and device of NFV MANO policy depictions symbol | |
CN106293934A (en) | A kind of cluster system management optimization method and platform | |
CN112600903B (en) | Elastic virtual network card migration method | |
CN109218086A (en) | A kind of switching network construction method and system | |
CN109343974A (en) | The inter-process communication methods and device of virtual desktop based on container |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |