CN104038444B - A kind of method of resource allocation, equipment and system - Google Patents

A kind of method of resource allocation, equipment and system Download PDF

Info

Publication number
CN104038444B
CN104038444B CN201310069870.XA CN201310069870A CN104038444B CN 104038444 B CN104038444 B CN 104038444B CN 201310069870 A CN201310069870 A CN 201310069870A CN 104038444 B CN104038444 B CN 104038444B
Authority
CN
China
Prior art keywords
resource
security domain
virtual
domain
group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310069870.XA
Other languages
Chinese (zh)
Other versions
CN104038444A (en
Inventor
卢山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Shanxi Co Ltd
Original Assignee
China Mobile Group Shanxi Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Shanxi Co Ltd filed Critical China Mobile Group Shanxi Co Ltd
Priority to CN201310069870.XA priority Critical patent/CN104038444B/en
Publication of CN104038444A publication Critical patent/CN104038444A/en
Application granted granted Critical
Publication of CN104038444B publication Critical patent/CN104038444B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of method of resource allocation, for each security domain distributes private resource group in resource pool, after receiving the resource allocation request of security domain transmission, it is the security domain distribution resource in the private resource group of the security domain when determining that the private resource group of the security domain meets the resource of the safe domain request;When the private resource group of the security domain is unsatisfactory for the resource of the safe domain request, in the resource pool it is the safe domain scheduling and distributes the resource of the safe domain request.The present invention further simultaneously discloses a kind of resource allocation apparatus and system, using the solution of the present invention, can solve the problems, such as the resource-sharing across security domain, can improve the utilization rate of resource, and the safety standard requirements of security domain can be met again.

Description

A kind of method of resource allocation, equipment and system
Technical field
The present invention relates to system for cloud computing safe practice, more particularly to a kind of method of resource allocation, equipment and system.
Background technology
At present, in the network environment of multiple security domains, using Intel Virtualization Technology carry out Internet technology (IT, Internet Technology) architecture resource consolidation, it is desirable in the case where number of servers is greatly decreased, improve The flexible of computing resource is shared, and maintains original security domain environment to meet the network security code requirement of enterprise as much as possible. Conventional thinking is to dispose more host servers, or for host server adds network interface card as much as possible, to meet multiple The access of security domain needs.But, blade server environment is implemented under cloud computing and virtualized environment, computing environment more, Blade server has a highdensity computing resource, and its network interface card extended capability is than relatively limited, therefore, have at present two kinds it is common Method for designing:
1st, the application system higher for security requirement, considers emphatically security requirement, respectively corresponding security domain The independent resource pool of planning, in the way of independent resource pond, i.e., one resource pool one mode of security domain of correspondence, preferably for The security of computing resource and applied environment provides safeguard.But, the method cannot realize that the resource between different security domains is total to Enjoy, resource utilization is than relatively low.
2nd, the application system general for security requirement, considers that emphatically the flexibly shared of computing resource requires, can be by original The multiple security domains having are integrated into a big security domain, while planning a big resource pool, i.e., the large resource pond pair of A big security domain is answered, the flexibly shared and dynamic migration of computing resource is better achieved.Although the method can realize money All resources in the pond of source are flexibly shared, but all applications are deployed in a big security domain, the security of application system compared with Will be decreased before integration.
The content of the invention
In view of this, it is a primary object of the present invention to provide a kind of method of resource allocation, equipment and system, can solve Across the resource-sharing problem of security domain, while the safety standard requirements of security domain can be met.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of method of resource allocation, for each security domain distributes private resource group in resource pool, methods described includes:
After receiving the resource allocation request of security domain transmission, determine that the private resource group of the security domain meets the peace It is the security domain distribution resource in the private resource group of the security domain during resource of universe request;The security domain When private resource group is unsatisfactory for the resource of the safe domain request, in the resource pool it is the safe domain scheduling and distributes institute State the resource of safe domain request.
Preferably, the private resource group includes more than one blade server, one blade service above Device provides virtual machine as the resource in private resource group.
Preferably, the method also includes:
For each security domain sets special virtual group;
For the blade server sets virtual switch, virtual network interface card;Wherein, the virtual machine is by virtual Virtual port on interchanger is connected with the virtual switch;The blade server by virtual network interface card with it is virtual Group is connected;
It is described to be the safe domain scheduling in the resource pool and distribute the resource of the safe domain request, including:
It is the safe domain scheduling idling-resource in the resource pool, according to the virtual terminal on virtual machine and virtual switch Dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, void between mouthful Intend the dynamic logic mapping status between NIC and virtual group, the scheduled corresponding dynamic logic of idling-resource of association is reflected Penetrate.
Preferably, methods described also includes:
After receiving the resource release request of the security domain, cancel corresponding with the Current resource of the security domain each dynamic The association of state logical mappings.
A kind of cloud computing management platform, the cloud computing management platform includes receiving unit, determining unit and resource allocation Unit;Wherein,
The receiving unit, the resource allocation request for receiving security domain transmission;
Whether the determining unit, the private resource group for determining the security domain meets the money of the safe domain request Source, and will determine that result notifies resource allocation unit;
The resource allocation unit, for meeting the peace in the private resource group that the determination result is the security domain It is the security domain distribution resource in the private resource group of the security domain during resource of universe request;Determine knot described It is the peace in the resource pool when being really unsatisfactory for the resource of the safe domain request for the private resource group of the security domain Universe is dispatched and distributes the resource of the safe domain request.
Preferably, the cloud computing management platform also includes:
Dispensing unit, for being each security domain distribution private resource group in resource pool;Wherein, the private resource group Including more than one blade server, one blade server above provides virtual machine as in private resource group Resource;And, it is that each security domain sets special virtual group;And, it is that the blade server more than one sets empty Intend interchanger, virtual network interface card;Wherein, the virtual machine is by the virtual port on virtual switch and the virtual friendship Change planes connected;The blade server is connected by virtual network interface card with virtual group.
Preferably, the resource allocation unit, is additionally operable to according between the virtual port on virtual machine and virtual switch Dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, virtual network Dynamic logic mapping status between interface card and virtual group, is associated as the corresponding dynamic of idling-resource that security domain distributed and patrols Collect mapping.
Preferably, the receiving unit, is additionally operable to receive the resource release request that security domain sends;
Corresponding, the resource allocation unit is additionally operable to cancel each dynamic corresponding with the Current resource of the security domain The association of logical mappings.
A kind of resource allocation system, the system includes cloud computing management platform, resource pool and security domain;Wherein,
The cloud computing management platform, for after the resource allocation request for receiving security domain transmission, determining the safety It is the safety in the private resource group of the security domain when private resource group in domain meets the resource of the safe domain request Resource is distributed in domain;When the private resource group of the security domain is unsatisfactory for the resource of the safe domain request, in the resource pool For the safe domain scheduling and distribute the resource of the safe domain request;
The resource pool, for providing resource for security domain;
The security domain, for sending resource allocation request to cloud computing management platform;It is additionally operable to flat to cloud computing management Platform sends resource release request.
Preferably, the cloud computing management platform is the cloud computing management platform described in any one of claim 5 to 8.
The method of resource allocation, equipment and system that the present invention is provided, for each security domain distributes special in resource pool Resource group, after receiving the resource allocation request of security domain transmission, determines that the private resource group of the security domain meets the peace It is the security domain distribution resource in the private resource group of the security domain during resource of universe request;The security domain When private resource group is unsatisfactory for the resource of the safe domain request, in the resource pool it is the safe domain scheduling and distributes institute State the resource of safe domain request.The present invention using cloud computing management platform the resource in resource pool is carried out performance collection analysis with Dynamic resource scheduling such that it is able to neatly realize the resource-sharing between different security domains, disclosure satisfy that multiple security domains Access demand;Meanwhile, using data link layer network technology end to end in resource pool, realize patrolling for different security domain resources Security isolation is collected, so that it is guaranteed that the secure border of existing security domain keeps constant.The technical scheme provided by the present invention, can solve Certainly across the resource-sharing problem of security domain, the utilization rate of resource can be improved, the safety standard requirements of security domain can be met again.
Brief description of the drawings
Fig. 1 is that resource allocation methods of the present invention realize schematic flow sheet;
Fig. 2 is the composition structural representation of cloud computing management platform of the present invention;
Fig. 3 is the composition structural representation of resource allocation system of the present invention;
Fig. 4 is the composition structural representation of the logical architecture of embodiment of the present invention resource pool;
Fig. 5 realizes schematic flow sheet for embodiment of the present invention resource dynamic dispatching;
Fig. 6 is a kind of schematic diagram of the logical architecture of resource allocation system of the embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is further described in more detail.
Fig. 1 is that resource allocation methods of the present invention realize schematic flow sheet, as shown in figure 1, the method is comprised the following steps:
Step 101:Receive the resource allocation request that security domain sends;
Step 102:When determining that the private resource group of the security domain meets the resource of the safe domain request, in the peace It is the security domain distribution resource in the private resource group of universe;The private resource group of the security domain is unsatisfactory for the security domain During the resource of request, in the resource pool it is the safe domain scheduling and distributes the resource of the safe domain request.
Specifically, for each security domain distributes private resource group in resource pool;Wherein, the private resource group includes one Blade server more than individual, one blade server above provides virtual machine as the resource in private resource group.
Specifically, the method also includes:
For each security domain sets special virtual group;
For the blade server sets virtual switch, virtual network interface card;Wherein, the virtual machine is by virtual Virtual port on interchanger is connected with the virtual switch;The blade server by virtual network interface card with it is virtual Group is connected.
It is the safe domain scheduling in the resource pool and distributes the resource of the safe domain request specifically, described, Including:
It is the safe domain scheduling idling-resource in the resource pool, according to the virtual terminal on virtual machine and virtual switch Dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, void between mouthful Intend the dynamic logic mapping status between NIC and virtual group, the scheduled corresponding dynamic logic of idling-resource of association is reflected Penetrate.
Such as, certain security domain sends resource allocation request to cloud computing management platform, and cloud computing management platform is to resource pool Resource information be acquired, when the private resource group of the security domain is unsatisfactory for the resource of the safe domain request, described It is the safe domain scheduling in resource pool and distributes idling-resource, and pair virtual network interface card corresponding with the security domain Logical mappings between virtual group, and, the logical mappings between virtual switch and virtual network interface card, and cloud meter The dynamic logic mapping calculated between the virtual machine and virtual port that management platform is the security domain distribution is associated, so that on The state for stating dynamic logic mapping is in connected state, then, can be the security domain distribution by cloud computing management platform Virtual machine accesses the security domain.
Specifically, methods described also includes:
After receiving the resource release request of the security domain, cancel corresponding with the Current resource of the security domain each dynamic The association of state logical mappings.
Fig. 2 is a kind of composition structural representation of cloud computing management platform of the invention, as shown in Fig. 2 the cloud computing pipe Platform includes receiving unit 22, determining unit 23 and resource allocation unit 24;Wherein,
The receiving unit 22, the resource allocation request for receiving security domain transmission;
Whether the determining unit 23, the private resource group for determining the security domain meets the safe domain request Resource, and will determine that result notifies resource allocation unit 24;
The resource allocation unit 24, for meeting described in the private resource group that the determination result is the security domain It is the security domain distribution resource in the private resource group of the security domain during resource of safe domain request;In the determination It is described in the resource pool when result is that the private resource group of the security domain is unsatisfactory for the resource of the safe domain request Safe domain scheduling simultaneously distributes the resource of the safe domain request.
Specifically, the cloud computing management platform also includes:
Dispensing unit 21, for being each security domain distribution private resource group in resource pool;Wherein, the private resource Group includes more than one blade server, and one blade server above provides virtual machine as in private resource group Resource;And, it is that each security domain sets special virtual group;And, it is that the blade server more than one is set Virtual switch, virtual network interface card;Wherein, the virtual machine is virtual with described by the virtual port on virtual switch Interchanger is connected;The blade server is connected by virtual network interface card with virtual group.
Specifically, the resource allocation unit 23, be additionally operable to according to the virtual port on virtual machine and virtual switch it Between dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, virtual net Dynamic logic mapping status between network interface card and virtual group, is associated as the corresponding dynamic of idling-resource that security domain is distributed Logical mappings.
Specifically, the receiving unit 22, is additionally operable to receive the resource release request that security domain sends;
Corresponding, the resource allocation unit 23 is additionally operable to cancel corresponding with the Current resource of the security domain each dynamic The association of state logical mappings.
Fig. 3 is the composition structural representation of resource allocation system of the present invention, as shown in figure 3, the system includes cloud computing Management platform 31, resource pool 32 and security domain 33;Wherein,
The cloud computing management platform 31, for after the resource allocation request for receiving the transmission of security domain 33, it is determined that described When the private resource group of security domain 33 meets the resource of the safe domain request, it is in the private resource group of the security domain 33 The security domain 33 distributes resource;When the private resource group of the security domain 33 is unsatisfactory for the resource of the request of the security domain 33, It is that the resource that the security domain 33 is asked is dispatched and distributed to the security domain 33 in the resource pool 32;
The resource pool 32, for providing resource for security domain 33;
The security domain 33, for sending resource allocation request to cloud computing management platform 31;It is additionally operable to cloud computing pipe Platform 31 sends resource release request.
Here, the composition structure of the cloud computing management platform 31 is composition structural representation as shown in Figure 2.
Fig. 4 is the composition structural representation of the logical architecture of embodiment of the present invention resource pool, as shown in figure 4, resource pool master Switching Module 42 that will be by blade server 41 and on blade server case 40 is constituted;Wherein,
Blade server 41, for providing resource for security domain 44;
Switching Module 42, the resource for blade server to be provided accesses security domain.
Specifically, the blade server 41 includes:Virtual machine (VM, Virtual Machine) 410, virtual switch (VS, Virtual Switch) 413, virtual network interface card (VNIC, Virtual Network Interface Controller)415;Wherein,
Virtual machine 410, for providing resource for each security domain 44;
Virtual switch 413, for being attached with Switching Module 42 by virtual network interface card 415;
Virtual network interface card 415, for connecting virtual switch 413 and Switching Module 42.
Here, the virtual port (Portgroup) 412 of virtual switch, by VLAN (VLAN, Virtual Local Area Network) sequence number (ID, IDentity) by virtual machine 410 be divided into corresponding security domain 44 difference son The network segment;
Virtual network interface card 415 is that the physical port on blade server 41 fictionalizes the subport come, wherein, each Physical port can support multiple virtual network interface cards 415, meet the use needs of the multiple network interfaces of blade server 41 pairs.
Specifically, the Switching Module 42 includes:Virtual group (VG, Virtual Group) 427;Wherein,
The virtual group 427, for Switching Module 42 to be divided into the different network segments;It is additionally operable to by virtual network interface card 415 are connected with virtual switch 413, and, be additionally operable to by Switching Module 42 outreach physical port (EXT) 428 realize with The connection of outside physical network, meets the access needs of different security domains 44.
Here, the physical network of the outside is security domain (Secure Zone) 44;
It is described to outreach physical port 428, the access with each security domain 44 is realized by optical patchcord.
Specifically, the logical mappings 411 between the virtual port 412 of virtual machine 410 and virtual switch 413, for reality Virtual machine 410 is now accessed the different sub-network section of corresponding security domain 44;Virtual switch 413 and virtual network interface card 415 it Between logical mappings 414, the interconnection and interflow of virtual switch 413 and security domain 44 can be realized by virtual group 427;Virtual network Logical mappings 426 between interface card 415 and virtual group 427, realize blade server 41 with different segment on Switching Module 42 The interconnection and interflow of group.
Here, there are clear and definite network security border and peace in the network security domain that security domain 44 is drawn for the production network planning of enterprise Full code requirement, network interconnection intercommunication is realized in the core exchange area between different security domains by enterprise.
Be divided into for resource pool by the present embodiment:Pre-configured fixed resource and dynamic resource two parts of schedulable.
1) pre-configured fixed resource
Pre-configured fixed resource refers to be planned according to system architecture, part resource that can be pre-configured, ordinary circumstance Under, no longer it is modified after the completion of fixed resource configuration, to ensure stabilization, reliability and the security of whole system framework.Gu Determining resource mainly includes virtual machine 410, virtual port 412, virtual switch 413, virtual network interface card 415, virtual group 427th, physical port 428 and security domain 44 etc. are outreached, its deployment way is as follows:
Virtual machine 410, using pre-configured virtual machine image, can quickly realize that virtual machine 410 is disposed, and lead to The scheduling for crossing dynamic resource easily accesses corresponding security domain 44;
Virtual port 412 and virtual switch 413, plan and configure in advance;Virtual switch 413 and security domain 44 it Between also realize corresponding deployment, i.e. virtual port 412 that then different application according to corresponding security domain 44 needs the VLAN for accessing The network segment is configured;
Virtual network interface card 415, due to the subport limited amount that physical port on blade server 41 can be virtualized, Needing to be accessed according to actual security domain needs dynamic to be scheduled;
Physical port 428 and virtual group 427, the part of security domain 44 are outreached, according to the security domain 44 that resource pool needs to access Plan and configure in advance, i.e., virtual group 427, outreach between physical port 428 and security domain 44 realize correspond deployment, jump Line and configuration are substantially stationary, and then can neatly meet the access needs of dynamic resource allocation.
2) dynamic resource of schedulable
The dynamic resource of schedulable refers to need the resource that dynamic is scheduled according to actual needs.By dynamic money The scheduling in source, can easily and flexibly realize the shared across security domain of resource, improve resource utilization.Dynamic resource mainly includes:
Dynamic logic mapping 411 between virtual machine 410 and virtual port 412, can realize not Tongan City by VLAN tag Data link layer network security isolation between universe resource;
Dynamic logic mapping 414 between virtual switch 413 and virtual network interface card 415, can be by virtual group 427, realize the connection between virtual switch 413 and corresponding security domain 44;
Dynamic logic mapping 426 between virtual network interface card 415 and virtual group 427, is capable of achieving virtual network interface Associating and data link layer network security isolation between card 415 and each security domain 44.
The present invention realizes across the security domain spirit of resource by the planning and configuration and flexible dispatching to each component in logical architecture The security boundary of shared and security domain living.
Fig. 5 realizes schematic flow sheet for embodiment of the present invention resource dynamic dispatching, as shown in figure 5, the flow include with Lower step:
Step 501:Security domain sends resource allocation request to cloud computing management platform, then performs step 502;
Step 502:Cloud computing management platform is carried out according to the resource allocation request of security domain, the resource information to resource pool Collection, checks whether the interior blade server corresponding with the security domain of the resource pool meets the resource Shen of the security domain Please, if be unsatisfactory for, step 503 is performed;Otherwise, step 504 is performed;
Step 503:Cloud computing management platform carries out scheduling of resource;Then, step 504 is performed;
Here, if the blade server corresponding with the security domain cannot meet the Shen of the security domain in resource pool Please resource requirement, then cloud computing management platform carry out scheduling of resource, i.e., from the blade server of other available free resources extend Resource.
Step 504:Cloud computing management platform is that security domain distributes resource, creates virtual machine, then performs step 505;
Here, cloud computing management platform is corresponding with the security domain in resource pool, have enough computing resources and net Resource allocation and virtual machine creating are carried out on the blade server of network resource.
Step 505:Cloud computing management platform disposes virtual machine environment, and checks network configuration, then performs step 506;
Step 506:Cloud computing management platform is checked whether and meets security domain access conditions, if be unsatisfactory for, performs step 507;Otherwise, step 509 is performed;
Here, if the virtual network interface card corresponding with the security domain and virtual group, virtual switch and virtual net Network interface card has interconnected, then meet the access conditions requirement of corresponding security domain.
Step 507:Cloud computing management platform scheduling association virtual network interface card and virtual group, make and the security domain phase The virtual network interface card of matching is connected with virtual group;Then step 508 is performed;
Step 508:Cloud computing management platform scheduling association virtual switch and virtual network interface card, make and the safety The virtual switch that domain matches is connected with virtual network interface card;Then step 509 is performed;
Step 509:Cloud computing management platform associated virtual machine and respective virtual port, realize that virtual machine accesses corresponding peace Universe;Then step 510 is performed;
Step 510:Cloud computing management platform updates the resource information in resource pool.
The present invention carries out information gathering, resource by cloud computing management platform to the dynamic resource of fixed resource and schedulable The operations such as distribution, security domain access conditions are checked, scheduling of resource association, realize the rapid deployment and dynamic point across security domain resource Match somebody with somebody, meet the resource bid demand of each security domain;Meanwhile, can be by cancelling the dynamic resource of corresponding security domain to idle resource Association, carries out resource release and reclaims, and really realizes the flexibility of resource pool and scalability under cloud computing environment.
Under cloud computing environment, controlled by the Automatic dispatching of the above-mentioned dynamic resource to schedulable, it is ensured that in resource pool Resource easily meet the distribution of each security domain and use needs, fully realize the flexibly shared and high usage of resource.
Fig. 6 is a kind of schematic diagram of the logical architecture of resource allocation system of the embodiment of the present invention, as shown in fig. 6, the system It is related to ten resource-sharing requirements of security domain, because the physical port of each blade server can only at most support four virtually NIC, i.e. each blade server can only at most meet four accesses of security domain simultaneously, and the present embodiment is used by platform Blade server staggers the mode of security domain, such as:Blade server 1 supports the access of security domain 1,2,3,4, blade server 2 Access of security domain 2,3,4,5 etc. is supported, so as to farthest realize the flexibly shared of resource.
Wherein, pre-configured fixed resource includes virtual machine, virtual port, virtual switch, virtual network interface card, void Plan group, outreach the parts such as physical port and security domain.Virtual group n, physics outreach port n and security domain n and correspond fixed company Connect, therefore, the dynamic dispatching of resource pool internal resource does not influence the connection of security domain.Virtual switch is handed over using distributed virtual Change planes, and be the pre-configured good corresponding virtual switch of each security domain, meet the access needs of each security domain VLAN.
The dynamic resource of schedulable includes:Between virtual machine and virtual port dynamic logic mapping, virtual switch with Dynamic logic mapping between virtual network interface card, the dynamic logic mapping between virtual network interface card and virtual group.
Here, the scheduling of dynamic resource, is carried out by cloud computing management platform according to the resource allocation request of each security domain Automation association, so as to each blade server realized in resource pool can neatly access different security domains, and then meets Across the resource-sharing of security domain.Meanwhile, the network technology of the end-to-end use data link layer in resource pool inside is realized across security domain The security isolation of resource, the network architecture of existing security domain is not influenceed, meets safety standard requirements.
The above, only presently preferred embodiments of the present invention is not intended to limit the scope of the present invention.

Claims (5)

1. a kind of method of resource allocation, it is characterised in that described for each security domain distributes private resource group in resource pool Method includes:
After receiving the resource allocation request of security domain transmission, determine that the private resource group of the security domain meets the security domain It is the security domain distribution resource in the private resource group of the security domain during resource of request;The security domain it is special When resource group is unsatisfactory for the resource of the safe domain request, in the resource pool it is the safe domain scheduling and distributes the peace The resource of universe request;
The private resource group includes more than one blade server, and one blade server above provides virtual machine As the resource in private resource group;
For each security domain sets special virtual group;
For the blade server sets virtual switch, virtual network interface card;Wherein, the virtual machine passes through virtual switch Virtual port on machine is connected with the virtual switch;The blade server passes through virtual network interface card and virtual group phase Even;
It is described to be the safe domain scheduling in the resource pool and distribute the resource of the safe domain request, including:
Be the safe domain scheduling idling-resource in the resource pool, according to the virtual port on virtual machine and virtual switch it Between dynamic logic mapping status, the dynamic logic mapping status between virtual switch and virtual network interface card, virtual net Dynamic logic mapping status between network interface card and virtual group, the corresponding dynamic logic mapping of the scheduled idling-resource of association.
2. method according to claim 1, it is characterised in that methods described also includes:
After receiving the resource release request of the security domain, cancel each dynamic corresponding with the Current resource of the security domain and patrol Collect the association of mapping.
3. a kind of cloud computing management platform, it is characterised in that the cloud computing management platform include receiving unit, determining unit, Dispensing unit and resource allocation unit;Wherein,
The receiving unit, the resource allocation request for receiving security domain transmission;
Whether the determining unit, the private resource group for determining the security domain meets the resource of the safe domain request, And will determine that result notifies resource allocation unit;
The dispensing unit, for being each security domain distribution private resource group in resource pool;Wherein, the private resource group Including more than one blade server, one blade server above provides virtual machine as in private resource group Resource;And, it is that each security domain sets special virtual group;And, it is that the blade server more than one sets empty Intend interchanger, virtual network interface card;Wherein, the virtual machine is by the virtual port on virtual switch and the virtual friendship Change planes connected;The blade server is connected by virtual network interface card with virtual group;
The resource allocation unit, for meeting the security domain in the private resource group that the determination result is the security domain It is the security domain distribution resource in the private resource group of the security domain during resource of request;It is in the determination result It is the security domain in the resource pool when private resource group of the security domain is unsatisfactory for the resource of the safe domain request Dispatch and distribute the resource of the safe domain request;
And, according to dynamic logic mapping status, virtual switch between the virtual port on virtual machine and virtual switch Reflected with the dynamic logic mapping status between virtual network interface card, the dynamic logic between virtual network interface card and virtual group State is penetrated, the corresponding dynamic logic mapping of idling-resource that security domain is distributed is associated as.
4. cloud computing management platform according to claim 3, it is characterised in that
The receiving unit, is additionally operable to receive the resource release request that security domain sends;
Corresponding, the resource allocation unit is additionally operable to cancel each dynamic logic corresponding with the Current resource of the security domain The association of mapping.
5. a kind of resource allocation system, it is characterised in that the system is included described in resource pool, security domain, claim 3 or 4 Cloud computing management platform;Wherein,
The cloud computing management platform, for after the resource allocation request for receiving security domain transmission, determining the security domain It is the security domain point in the private resource group of the security domain when private resource group meets the resource of the safe domain request With resource;It is institute in the resource pool when private resource group of the security domain is unsatisfactory for the resource of the safe domain request State safe domain scheduling and distribute the resource of the safe domain request;
The resource pool, for providing resource for security domain;
The security domain, for sending resource allocation request to cloud computing management platform;It is additionally operable to be sent out to cloud computing management platform Send resource release request.
CN201310069870.XA 2013-03-05 2013-03-05 A kind of method of resource allocation, equipment and system Active CN104038444B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310069870.XA CN104038444B (en) 2013-03-05 2013-03-05 A kind of method of resource allocation, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310069870.XA CN104038444B (en) 2013-03-05 2013-03-05 A kind of method of resource allocation, equipment and system

Publications (2)

Publication Number Publication Date
CN104038444A CN104038444A (en) 2014-09-10
CN104038444B true CN104038444B (en) 2017-05-31

Family

ID=51469036

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310069870.XA Active CN104038444B (en) 2013-03-05 2013-03-05 A kind of method of resource allocation, equipment and system

Country Status (1)

Country Link
CN (1) CN104038444B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743821B (en) * 2014-12-12 2019-12-17 中兴通讯股份有限公司 Method and system for preventing conflict of resources occupied by logic switch
CN105991738B (en) * 2015-02-27 2019-05-14 ***通信集团四川有限公司 Method and system across security domain resource-sharing in a kind of cloud resource pond
CN109120555B (en) * 2017-06-26 2022-10-14 中兴通讯股份有限公司 Resource allocation method and system
CN109190420B (en) * 2018-09-11 2020-08-25 网御安全技术(深圳)有限公司 Server encryption and decryption blade, system and encryption and decryption method
CN111083088B (en) * 2018-10-19 2022-03-04 中电太极(集团)有限公司 Cloud platform hierarchical management method and device based on multiple security domains
CN109525581B (en) * 2018-11-19 2021-01-26 ***通信集团广东有限公司 Cloud resource security management and control method and system
CN109617720B (en) * 2018-12-11 2022-02-25 郑州云海信息技术有限公司 Method and device for distributing network resources
CN110933147B (en) * 2019-11-15 2020-07-17 链睿信息服务(南通)有限公司 Information technology analysis system based on cloud computing

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163133A (en) * 2006-10-10 2008-04-16 中国科学院计算技术研究所 Communication system and method of implementing resource sharing under multi-machine virtual environment
CN102103518A (en) * 2011-02-23 2011-06-22 运软网络科技(上海)有限公司 System for managing resources in virtual environment and implementation method thereof
CN102317914A (en) * 2011-08-01 2012-01-11 华为技术有限公司 Methods, system and devices for managing virtual resources
CN102761469A (en) * 2011-04-27 2012-10-31 阿里巴巴集团控股有限公司 Allocation method and device for resource pool

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7257815B2 (en) * 2001-09-05 2007-08-14 Microsoft Corporation Methods and system of managing concurrent access to multiple resources
US8767535B2 (en) * 2007-07-11 2014-07-01 Hewlett-Packard Development Company, L.P. Dynamic feedback control of resources in computing environments

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163133A (en) * 2006-10-10 2008-04-16 中国科学院计算技术研究所 Communication system and method of implementing resource sharing under multi-machine virtual environment
CN102103518A (en) * 2011-02-23 2011-06-22 运软网络科技(上海)有限公司 System for managing resources in virtual environment and implementation method thereof
CN102761469A (en) * 2011-04-27 2012-10-31 阿里巴巴集团控股有限公司 Allocation method and device for resource pool
CN102317914A (en) * 2011-08-01 2012-01-11 华为技术有限公司 Methods, system and devices for managing virtual resources

Also Published As

Publication number Publication date
CN104038444A (en) 2014-09-10

Similar Documents

Publication Publication Date Title
CN104038444B (en) A kind of method of resource allocation, equipment and system
CN107278362B (en) The method of Message processing, host and system in cloud computing system
CN103369027B (en) Location aware Virtual Service in mixing cloud environment is equipped with
CN103827825B (en) Virtual resource object component
CN105207798B (en) Service arrangement method and device in software defined network
CN109067827B (en) Kubernetes and OpenStack container cloud platform-based multi-tenant construction method, medium and equipment
CN106385329B (en) Processing method, device and the equipment of resource pool
CN102571698B (en) Access authority control method, system and device for virtual machine
CN105991738B (en) Method and system across security domain resource-sharing in a kind of cloud resource pond
CN107580083A (en) A kind of method and system of container IP address distribution
CN110088732A (en) A kind of data package processing method, host and system
CN106506620A (en) Cloud desktop intelligent terminal management system
CN103685608B (en) A kind of method and device for automatically configuring secure virtual machine IP address
EP2892181A1 (en) Method, device and physical host for managing physical network card
CN104468574B (en) A kind of method, system and device of virtual machine dynamic access IP address
CN105684357A (en) Management of addresses in virtual machines
CN106055381A (en) Method and apparatus for creating virtual machine
KR20170000568A (en) Apparatus and method for virtual desktop service based on in-memory
CN106941516A (en) Isomery field apparatus Control management system based on industry internet operating system
CN109343929A (en) A kind of multi-screen interaction method and system based on the shared video memory of virtualization
CN108370328A (en) A kind of management method and device of NFV MANO policy depictions symbol
CN106293934A (en) A kind of cluster system management optimization method and platform
CN112600903B (en) Elastic virtual network card migration method
CN109218086A (en) A kind of switching network construction method and system
CN109343974A (en) The inter-process communication methods and device of virtual desktop based on container

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant