CN105763532A - Method and device for logging in to virtual desktop - Google Patents
Method and device for logging in to virtual desktop Download PDFInfo
- Publication number
- CN105763532A CN105763532A CN201610010174.5A CN201610010174A CN105763532A CN 105763532 A CN105763532 A CN 105763532A CN 201610010174 A CN201610010174 A CN 201610010174A CN 105763532 A CN105763532 A CN 105763532A
- Authority
- CN
- China
- Prior art keywords
- virtual desktop
- authority
- terminal
- client
- mandate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a device for logging in to virtual desktop. The method comprises steps: when a virtual desktop management module receives a login authorization request sent by a virtual desktop client, feature information of a terminal where the virtual desktop client is carried by the login authorization request is acquired; according to the feature information, whether the terminal is a preset virtual desktop bound terminal is judged; if the terminal is the preset virtual desktop bound terminal, the virtual desktop management module generates an authorization credential, and the authorization credential is sent to a proxy module corresponding to the virtual desktop; a completion notification sent by the proxy module corresponding to the virtual desktop when the authorization credential completes credential building is received, the authorization credential is issued to the virtual desktop client, and thus, the virtual desktop client logs in to the virtual desktop according to the authorization credential. A terminal using scene can be limited, and the flexibility and the safety of a virtual desktop architecture are enhanced.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of method logging in virtual desktop and device.
Background technology
VDI (VirtualDesktopInfrastructure, virtual desktop framework) replaces legacy hosts by virtual desktop, thus scattered main frame is focused on data center, to reach the purpose of centralized management.The access of virtual desktop is generally initiated by virtual desktop client, managed the unified checking of module by virtual desktop to authorize, after end-user verification is passed through, virtual desktop is licensed to active user, make active user can pass through to verify the virtual desktop of authority single-sign-on mandate.
But under this licensing mode, when user authorize by after can at any terminal access virtual desktop, it is impossible to effectively control the use scene of terminal, thus can bring safety problem.
Summary of the invention
In view of this, the present invention provides a kind of method logging in virtual desktop and device to solve cannot effectively control the problem that terminal uses scene.
Specifically, the present invention is achieved through the following technical solutions:
The present invention provides a kind of method logging in virtual desktop, and described method includes:
When virtual desktop manages the login authorization requests that module receives virtual desktop client transmission, obtain the characteristic information of the described virtual desktop client place terminal that described login authorization requests is carried;
According to described characteristic information, virtual desktop management module judges that whether described terminal is default virtual desktop binding terminal;
If described terminal is default virtual desktop binding terminal, then virtual desktop management module generates and authorizes authority, and described mandate authority is sent to the proxy module that described virtual desktop is corresponding;
Described virtual desktop management module receives proxy module corresponding to described virtual desktop at the completion notice completing to send when authority creates according to described mandate authority, and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.
Further, the characteristic information of described virtual desktop client place terminal, including:
The MAC Address of the hard disk ID of described virtual desktop client place terminal and/or the network interface card of described terminal unit.
Further, described generation authorizes authority, including:
Generating for described virtual desktop client and uniquely authorize authority in preset time period, described mandate authority includes username and password.
Further, described method also includes:
If described terminal is non-default virtual desktop binding terminal, then return error message to described virtual desktop client, so that described virtual desktop client terminates logging request.
The present invention also provides for a kind of method logging in virtual desktop, and described method includes:
The proxy module that virtual desktop is corresponding receives the mandate authority that virtual desktop management module sends, and described mandate authority is that the characteristic information that described virtual desktop management module sends according to virtual desktop client generates for described virtual desktop binding terminal;
The proxy module that described virtual desktop is corresponding carries out authority establishment according to described mandate authority, and be sent completely notice when authority has created to described virtual desktop management module, so that described mandate authority is issued to described virtual desktop client by virtual desktop management module.
Further, the proxy module that described virtual desktop is corresponding carries out authority establishment according to described mandate authority, including:
Whether the user name that the proxy module that described virtual desktop is corresponding judges in described mandate authority creates in this locality;If so, then by the password update in described mandate authority to local corresponding user name;If it is not, then add described username and password in this locality.
Based on identical design, the present invention also provides for a kind of device logging in virtual desktop, and described device includes:
Information acquisition unit, for when virtual desktop manages the login authorization requests that module receives virtual desktop client transmission, obtaining the characteristic information of the described virtual desktop client place terminal that described login authorization requests is carried;
According to described characteristic information, information judging unit, for judging that whether described terminal is default virtual desktop binding terminal;
Authority generates unit, for when described terminal is default virtual desktop binding terminal, generating and authorize authority, and described mandate authority is sent to the proxy module that described virtual desktop is corresponding;
Authority issues unit, for receiving proxy module corresponding to described virtual desktop at the completion notice completing to send when authority creates according to described mandate authority, and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.
Further, the characteristic information of described virtual desktop client place terminal, including:
The MAC Address of the hard disk ID of described virtual desktop client place terminal and/or the network interface card of described terminal unit.
Further, described authority generates unit, uniquely authorizes authority specifically for generating for described virtual desktop client in preset time period, and described mandate authority includes username and password.
Further, described device also includes:
Message returns unit, for when the non-default virtual desktop binding terminal of described terminal, returning error message to described virtual desktop client, so that described virtual desktop client terminates logging request.
The present invention also provides for a kind of device logging in virtual desktop, and described device includes:
Authority receives unit, and for receiving the mandate authority that virtual desktop management module sends, described mandate authority is that the characteristic information that described virtual desktop management module sends according to virtual desktop client generates for described virtual desktop binding terminal;
Authority creating unit, for carrying out authority establishment according to described mandate authority, and is sent completely notice when authority has created to described virtual desktop management module, so that described mandate authority is issued to described virtual desktop client by virtual desktop management module.
Further, described authority creating unit, specifically for judging whether the user name in described mandate authority creates in this locality;If so, then by the password update in described mandate authority to local corresponding user name;If it is not, then add described username and password in this locality.
As can be seen here, the present invention can virtual desktop manage module receive the login authorization requests that virtual desktop client sends time, judge that whether this terminal is default virtual desktop binding terminal according to logging in the characteristic information of virtual desktop client place terminal that authorization requests carries;If, then generate and authorize authority, and authority will be authorized to be sent to the proxy module that virtual desktop is corresponding, authority establishment is carried out according to described mandate authority by this proxy module, and when authority has created, managed module by virtual desktop and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.Therefore by terminal and virtual desktop binding, thus the use scene of terminal is limited, motility and the safety of virtual desktop framework can be enhanced.
Accompanying drawing explanation
Fig. 1 is a kind of process chart logging in virtual desktop in a kind of illustrative embodiments of the present invention;
Fig. 2 is the process chart that the another kind in a kind of illustrative embodiments of the present invention logs in virtual desktop;
Fig. 3 is networking schematic diagram in one illustrative embodiments of the present invention;
The hardware structure diagram of the equipment at the device place logging in virtual desktop in a kind of illustrative embodiments of Fig. 4 a present invention;
The building-block of logic of a kind of device logging in virtual desktop in a kind of illustrative embodiments of Fig. 4 b present invention;
The hardware structure diagram of the proxy module at the device place logging in virtual desktop in a kind of illustrative embodiments of Fig. 5 a present invention;
Another kind in a kind of illustrative embodiments of Fig. 5 b present invention logs in the building-block of logic of the device of virtual desktop.
Detailed description of the invention
In order to solve prior art Problems existing, the present invention provides a kind of method logging in virtual desktop and device, can virtual desktop manage module receive the login authorization requests that virtual desktop client sends time, judge that whether this terminal is default virtual desktop binding terminal according to logging in the characteristic information of virtual desktop client place terminal that authorization requests carries;If, then generate and authorize authority, and authority will be authorized to be sent to the proxy module that virtual desktop is corresponding, authority establishment is carried out according to described mandate authority by this proxy module, and when authority has created, managed module by virtual desktop and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.Therefore by terminal and virtual desktop binding, thus the use scene of terminal is limited, motility and the safety of virtual desktop framework can be enhanced.
Refer to Fig. 1, be a kind of process chart logging in virtual desktop in a kind of illustrative embodiments of the present invention, described method includes:
Step 101, when virtual desktop manage module receive virtual desktop client send login authorization requests time, obtain the characteristic information of the described virtual desktop client place terminal that described login authorization requests is carried;
In the present embodiment, when user needs to log in virtual desktop, manage module by virtual desktop client to virtual desktop and send login authorization requests, wherein carry the characteristic information of this terminal.When virtual desktop management module receives this login authorization requests, it is possible to obtain the characteristic information of this virtual desktop client place terminal carried in this login authorization requests.So-called characteristic information generally can select the information identifying this terminal uniqueness.In optional embodiment of the present invention, this virtual desktop client can using the hard disk ID of its place terminal, the MAC Address of network interface card or both combinations as the characteristic information of this terminal.Owing to above-mentioned characteristic information all has a uniqueness, and counterfeit comparatively difficulty, therefore can accurate correspondence authorization terminal, it is to avoid the problem of counterfeit terminal.
According to described characteristic information, step 102, virtual desktop management module judges that whether described terminal is default virtual desktop binding terminal;
In the present embodiment, virtual desktop can be bound by the manager of virtual desktop in advance with the terminal specified, such as the mark of the virtual desktop specified and the characteristic information of terminal are bound, so that user is when the terminal using binding logs in, then can sign in the virtual desktop with this terminal binding.Therefore according to the characteristic information of terminal obtained, virtual desktop management module can judge that whether this terminal is and virtual desktop binding terminal.Concrete, virtual desktop management module can compare whether the characteristic information logged in authorization requests mates with the characteristic information of binding terminal, if coupling, then it is believed that this terminal is virtual desktop binding terminal, if not mating, then it is believed that this terminal non-virtual desktop binding terminal.If the non-default virtual desktop binding terminal of described terminal, then virtual desktop management module can return error message to described virtual desktop client, to terminate the logging request of described virtual desktop client.
If the described terminal of step 103 is default virtual desktop binding terminal, then virtual desktop management module generates and authorizes authority, and described mandate authority is sent to the proxy module that described virtual desktop is corresponding;
When virtual desktop management module determines that this terminal is default virtual desktop binding terminal, then can generate mandate authority.Further, this virtual desktop management module can be described virtual desktop client generate in preset time period binding terminal log in virtual desktop uniquely authorize authority, wherein said mandate authority includes username and password.Concrete, virtual desktop management module can fix certain user name of use such as " BindUser ", or uses the user name that the characteristic information (such as MAC Address) of terminal generates;Regeneration logs in the password corresponding to user name of virtual desktop, and this password can stochastic generation, it is possible to use the characteristic information of terminal and out of Memory (such as request reception time, random digit etc.) combination producing password.Afterwards, the authority that authorizes generated is sent to proxy module corresponding to described virtual desktop and carries out authority establishment by virtual desktop management module again.Described proxy module is the program module being applied in virtual machine, described virtual machine is used for providing virtual desktop, owing to described virtual desktop and terminal are bound in advance, therefore described mandate authority can be sent to the proxy module of virtual machine corresponding to virtual desktop by virtual desktop management module according to the characteristic information of terminal, so that this proxy module carries out authority establishment.
It should be noted that, due in prior art, when user uses virtual desktop, authority can be authorized to bind with corresponding virtual desktop according to user name, password etc., therefore the mandate authority that each user can be corresponding different, thus can cause that proxy module produces bigger workload when creating for user and safeguard and authorize authority, user needs to be manually entered the mandate authoritys such as the user name of binding, password in virtual desktop client in addition, also can increase the operational ton of user.And virtual desktop in the present invention and terminal binding, whichever user can log in virtual desktop in the terminal of binding, therefore user log in time without input user name, password etc. authorize authority, but managed module by virtual desktop and actively generate mandate authority after confirming the terminal that terminal is virtual desktop binding, and carried out authority establishment by the proxy module that this virtual desktop is corresponding, so that user can log in virtual desktop on the terminal when authority has created, thus reducing user's manual input operation.Additionally, owing to virtual desktop is only bound with terminal, therefore different from the virtual desktop that can pass through the binding of this terminal registration terminal per family, the mandate authority that therefore proxy module Maintenance free is too much, only need to create and safeguard currently used in mandate authority corresponding to terminal;When authority is expired or terminal rolls off the production line, proxy module can delete the mandate authority that this terminal is corresponding, thus effectively reducing the work load of proxy module.Thus the present invention can reduce the workload of proxy module establishment and maintenance to authorizing authority, reduce user operation amount, improve Consumer's Experience.
Additionally, due to traditional virtual desktop is usual and the mandate authority of user, for instance user name, password etc. are bound, and therefore user can use this mandate authority to log in the virtual desktop of binding in any terminal, thus the application scenarios of terminal cannot be limited.For example, in school user generally can use authority username and password by the computer of the computer of library or the computer in classroom or even individual sign in authorize authority binding virtual desktop, therefore which computer uncontrollable user uses log in.And the characteristic information of virtual desktop Yu terminal can be bound by the present invention, say, that the terminal only specified just can log in the virtual desktop specified.Such as, the virtual desktop of the computer of library Yu library is bound, therefore user can only log in the virtual desktop of library on the computer of library, and owing to the computer in classroom is not bound with the virtual desktop of library, therefore user cannot log in the virtual desktop of library on the computer in classroom, therefore can realize the restriction to terminal applies scene.
Step 104, described virtual desktop management module receives proxy module corresponding to described virtual desktop at the completion notice completing to send when authority creates according to described mandate authority, and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.
In the present embodiment, the proxy module that described virtual desktop is corresponding according to authorizing authority to carry out authority establishment, and when authority has created, can manage module to described virtual desktop and be sent completely notice.When virtual desktop manages the completion notice that module receives the transmission of this proxy module, it is possible to described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.
As can be seen here, the present invention can manage module by virtual desktop and judges that whether this terminal is default virtual desktop binding terminal according to logging in the characteristic information of virtual desktop client place terminal that authorization requests carries;If, then generate and authorize authority, and authority will be authorized to be sent to the proxy module that described virtual desktop is corresponding, authority establishment is carried out according to described mandate authority by this proxy module, and when authority has created, managed module by virtual desktop again and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client is according to authorizing authority to log in virtual desktop.Therefore by terminal and virtual desktop binding, thus the use scene of terminal is limited, motility and the safety of virtual desktop framework can be enhanced.
Refer to Fig. 2, be another kind in a kind of illustrative embodiments of the present invention process chart that logs in virtual desktop, described method includes:
The proxy module that step 201, virtual desktop are corresponding receives the mandate authority that virtual desktop management module sends, and described mandate authority is that the characteristic information that described virtual desktop management module sends according to virtual desktop client generates for described virtual desktop binding terminal;
The proxy module that step 202, described virtual desktop are corresponding carries out authority establishment according to described mandate authority, and be sent completely notice when authority has created to described virtual desktop management module, so that described mandate authority is issued to described virtual desktop client by virtual desktop management module logs in virtual desktop.
When the proxy module that described virtual desktop is corresponding receives this mandate authority, it is possible to carry out authority establishment.Concrete, the proxy module that described virtual desktop is corresponding can obtain the username and password authorized in authority.Whether the user name that first this proxy module can determine whether in this mandate authority creates in this locality;If so, then illustrate that this terminal once carried out authority and creates, therefore can by the password update in described mandate authority to local corresponding user name, and user name is constant;If it is not, then illustrate that this terminal did not create authority, therefore described username and password can be added in local user's group.When authority creates after successfully, this proxy module can manage module to described virtual desktop and be sent completely notice.It should be noted that in authority establishment process, if there is creating failed situation, it is necessary to notice virtual desktop management module creation failure, and managed the logging request of end-of-module virtual desktop client by virtual desktop.
As can be seen here, the present invention can manage module by virtual desktop and judges that whether this terminal is default virtual desktop binding terminal according to logging in the characteristic information of virtual desktop client place terminal that authorization requests carries;If, then generate and authorize authority, and authority will be authorized to be sent to the proxy module that described virtual desktop is corresponding, authority establishment is carried out according to described mandate authority by this proxy module, and when authority has created, managed module by virtual desktop again and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client is according to authorizing authority to log in virtual desktop.Therefore by terminal and virtual desktop binding, thus the use scene of terminal is limited, motility and the safety of virtual desktop framework can be enhanced.
For making the purpose of the present invention, technical scheme and advantage clearly understand, below the program of the present invention is described in further detail.
Refer to Fig. 3, it it is the networking schematic diagram in a kind of illustrative embodiments of the present invention, described networking includes VDI framework, described VID framework includes virtual desktop management module, CVM (CloudVirtualizationManager, virtual management system) and CVK (CloudVirtualizationKernel, virtual kernel platform), wherein said CVK includes multiple VM (VirtualManufacturing, virtual machine), each VM configures an Agent with proxy module function;CVM is for managing VM and the Agent information in CVK;Described virtual desktop management module can comprise the first submodule and the second submodule further, wherein the first submodule is for obtaining VM and the Agent information of management in CVM, and the collocation strategy according to manager, the binding relationship of record VM and terminal, for instance the id information of record VM and the binding relationship of the MAC Address of terminal;Second submodule is for receiving the login authorization requests that virtual desktop client sends, and the binding relationship according to the VM in the first submodule Yu terminal, whether the terminal judging virtual desktop client place is and VDI virtual desktop binding terminal, if, then can generate for this terminal and authorize authority, and transfer to the Agent on the VM of this terminal binding to carry out authority establishment, after Agent completes authority establishment, user completion notice can be returned, thus can log in the VDI virtual desktop of correspondence on the terminal to the second submodule.It should be noted that the first submodule and the second submodule in above-mentioned virtual desktop management module can be deployed in together, it is also possible to separately disposing, virtual desktop management module can also be deployed on CVM, is merely illustrative, is not especially limited herein.
When user asks to log in VDI virtual desktop respectively through virtual desktop client A corresponding with terminal B for terminal A and virtual desktop client B, assume that manager arranges terminal A and VM binding on the first submodule, terminal B does not bind with VM, the then method according to login virtual desktop provided by the invention, above-mentioned terminal is as follows with the interaction flow of VDI system.
When the VDI virtual desktop that user logs on VM by the virtual desktop client A request installed on terminal A, virtual desktop client A can send to the second submodule and log in authorization requests A, including the characteristic information of terminal A, i.e. and MAC1.When the second submodule receives login authorization requests A, obtain the characteristic information MAC1 of terminal A, then pass through in the characteristic information of the binding terminal corresponding for VM obtained in the first submodule and search whether to include MAC1.Owing to terminal A is the binding terminal of VM, therefore can finding MAC1 in the characteristic information of binding terminal, therefore the second submodule may determine that the binding terminal that terminal A is VM.Afterwards, the second submodule is that this terminal A generates mandate authority, i.e. user " BindUser " by name, password is " MAC1X ", and sends this mandate authority to Agent.After Agent receives mandate authority, searching the user whether including user " BindUser " by name in local user's group, if including, being then " MAC1X " by its password update;If not including, then creating user " BindUser " by name in user's group, password is the user of " MAC1X ", and after completing authority establishment, Agent returns completion notice to the second submodule.When the second submodule receives described completion notice, it is possible to described mandate authority is issued to virtual desktop client A, so that described virtual desktop client A logs in VDI virtual desktop according to described mandate authority.
When the VDI virtual desktop that user logs on VM by the virtual desktop client B request installed on terminal B, virtual desktop client B can send to the second submodule and log in authorization requests B, including the characteristic information of terminal B, i.e. and MAC2.When the second submodule receives login authorization requests B, obtain the characteristic information MAC2 of terminal B, then search whether to include MAC2 in the characteristic information of binding terminal.Owing to terminal B does not bind with VM, therefore cannot finding MAC2 in the characteristic information of binding terminal corresponding for VM, therefore the second submodule may determine that terminal B is unbundling terminal.Afterwards, the second submodule returns error message to virtual desktop client B, to terminate the logging request of virtual desktop client B.
Therefore can pass through, by terminal and the binding of VDI virtual desktop, the use scene of VDI virtual desktop to be limited, enhances motility and the safety of VDI framework.
Based on identical design, the present invention also provides for a kind of device logging in virtual desktop, and this device can be realized by software, it is also possible to realized by the mode of hardware or software and hardware combining.Implemented in software for example, the device logging in virtual desktop of the present invention, as the device on a logical meaning, is run after computer program instructions corresponding in memorizer is read by the CPU by its place equipment to form.
Refer to Fig. 4 a and Fig. 4 b, be a kind of device 400 logging in virtual desktop in a kind of illustrative embodiments of the present invention, the basic running environment of this device includes CPU, memorizer and other hardware, and from logic level, this device 400 includes:
Information acquisition unit 401, for when virtual desktop manages the login authorization requests that module receives virtual desktop client transmission, obtaining the characteristic information of the described virtual desktop client place terminal that described login authorization requests is carried;
According to described characteristic information, information judging unit 402, for judging that whether described terminal is default virtual desktop binding terminal;
Authority generates unit 403, for when described terminal is default virtual desktop binding terminal, generating and authorize authority, and described mandate authority is sent to the proxy module that described virtual desktop is corresponding;
Authority issues unit 404, for receiving proxy module corresponding to described virtual desktop at the completion notice completing to send when authority creates according to described mandate authority, and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.
Optionally, the characteristic information of described virtual desktop client place terminal, including:
The MAC Address of the hard disk ID of described virtual desktop client place terminal and/or the network interface card of described terminal unit.
Optionally, described authority generates unit 403, uniquely authorizes authority specifically for generating for described virtual desktop client in preset time period, and described mandate authority includes username and password.
Optionally, described device 400 also includes:
Message returns unit 405, for when the non-default virtual desktop binding terminal of described terminal, returning error message to described virtual desktop client, so that described virtual desktop client terminates logging request.
Refer to Fig. 5 a and Fig. 5 b, it it is another kind in a kind of illustrative embodiments of the present invention device 500 that logs in virtual desktop, this device 500 is used for providing virtual desktop, described device 500 is provided with the program module with proxy module function, owing to described virtual desktop and terminal are bound in advance, therefore described mandate authority can be sent to the proxy module in device corresponding to virtual desktop 500 according to the characteristic information of terminal by virtual desktop management module.The basic running environment of this device includes CPU, memorizer and other hardware, and from logic level, this device 500 includes:
Authority receives unit 501, and for receiving the mandate authority that virtual desktop management module sends, described mandate authority is that the characteristic information that described virtual desktop management module sends according to virtual desktop client generates for described virtual desktop binding terminal;
Authority creating unit 502, for carrying out authority establishment according to described mandate authority, and be sent completely notice when authority has created to described virtual desktop management module, so that described mandate authority is issued to described virtual desktop client by virtual desktop management module.
Optionally, described authority creating unit 502, specifically for judging whether the user name in described mandate authority creates in this locality;If so, then by the password update in described mandate authority to local corresponding user name;If it is not, then add described username and password in this locality.
As can be seen here, the present invention can manage module by virtual desktop and judges that whether this terminal is default virtual desktop binding terminal according to logging in the characteristic information of virtual desktop client place terminal that authorization requests carries;If, then generate and authorize authority, and authority will be authorized to be sent to the proxy module that described virtual desktop is corresponding, authority establishment is carried out according to described mandate authority by this proxy module, and when authority has created, managed module by virtual desktop again and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client is according to authorizing authority to log in virtual desktop.Therefore by terminal and virtual desktop binding, thus the use scene of terminal is limited, motility and the safety of virtual desktop framework can be enhanced.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within the scope of protection of the invention.
Claims (12)
1. the method logging in virtual desktop, it is characterised in that described method includes:
When virtual desktop manages the login authorization requests that module receives virtual desktop client transmission, obtain the characteristic information of the described virtual desktop client place terminal that described login authorization requests is carried;
According to described characteristic information, virtual desktop management module judges that whether described terminal is default virtual desktop binding terminal;
If described terminal is default virtual desktop binding terminal, then virtual desktop management module generates and authorizes authority, and described mandate authority is sent to the proxy module that described virtual desktop is corresponding;
Described virtual desktop management module receives proxy module corresponding to described virtual desktop at the completion notice completing to send when authority creates according to described mandate authority, and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.
2. method according to claim 1, it is characterised in that the characteristic information of described virtual desktop client place terminal, including:
The MAC Address of the hard disk ID of described virtual desktop client place terminal and/or the network interface card of described terminal unit.
3. method according to claim 1, it is characterised in that described generation mandate authority, including:
Generating for described virtual desktop client and uniquely authorize authority in preset time period, described mandate authority includes username and password.
4. method according to claim 1, it is characterised in that described method also includes:
If described terminal is non-default virtual desktop binding terminal, then return error message to described virtual desktop client, so that described virtual desktop client terminates logging request.
5. the method logging in virtual desktop, it is characterised in that described method includes:
The proxy module that virtual desktop is corresponding receives the mandate authority that virtual desktop management module sends, and described mandate authority is that the characteristic information that described virtual desktop management module sends according to virtual desktop client generates for described virtual desktop binding terminal;
The proxy module that described virtual desktop is corresponding carries out authority establishment according to described mandate authority, and be sent completely notice when authority has created to described virtual desktop management module, so that described mandate authority is issued to described virtual desktop client by virtual desktop management module.
6. method according to claim 5, it is characterised in that the proxy module that described virtual desktop is corresponding carries out authority establishment according to described mandate authority, including:
Whether the user name that the proxy module that described virtual desktop is corresponding judges in described mandate authority creates in this locality;If so, then by the password update in described mandate authority to local corresponding user name;If it is not, then add described username and password in this locality.
7. the device logging in virtual desktop, it is characterised in that described device includes:
Information acquisition unit, for when virtual desktop manages the login authorization requests that module receives virtual desktop client transmission, obtaining the characteristic information of the described virtual desktop client place terminal that described login authorization requests is carried;
According to described characteristic information, information judging unit, for judging that whether described terminal is default virtual desktop binding terminal;
Authority generates unit, for when described terminal is default virtual desktop binding terminal, generating and authorize authority, and described mandate authority is sent to the proxy module that described virtual desktop is corresponding;
Authority issues unit, for receiving proxy module corresponding to described virtual desktop at the completion notice completing to send when authority creates according to described mandate authority, and described mandate authority is issued to described virtual desktop client, so that described virtual desktop client logs in virtual desktop according to described mandate authority.
8. device according to claim 7, it is characterised in that the characteristic information of described virtual desktop client place terminal, including:
The MAC Address of the hard disk ID of described virtual desktop client place terminal and/or the network interface card of described terminal unit.
9. device according to claim 7, it is characterised in that
Described authority generates unit, uniquely authorizes authority specifically for generating for described virtual desktop client in preset time period, and described mandate authority includes username and password.
10. device according to claim 6, it is characterised in that described device also includes:
Message returns unit, for when the non-default virtual desktop binding terminal of described terminal, returning error message to described virtual desktop client, so that described virtual desktop client terminates logging request.
11. the device logging in virtual desktop, it is characterised in that described device includes:
Authority receives unit, and for receiving the mandate authority that virtual desktop management module sends, described mandate authority is that the characteristic information that described virtual desktop management module sends according to virtual desktop client generates for described virtual desktop binding terminal;
Authority creating unit, for carrying out authority establishment according to described mandate authority, and is sent completely notice when authority has created to described virtual desktop management module, so that described mandate authority is issued to described virtual desktop client by virtual desktop management module.
12. device according to claim 11, it is characterised in that
Described authority creating unit, specifically for judging whether the user name in described mandate authority creates in this locality;If so, then by the password update in described mandate authority to local corresponding user name;If it is not, then add described username and password in this locality.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610010174.5A CN105763532B (en) | 2016-01-05 | 2016-01-05 | A kind of method and device logging in virtual desktop |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610010174.5A CN105763532B (en) | 2016-01-05 | 2016-01-05 | A kind of method and device logging in virtual desktop |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105763532A true CN105763532A (en) | 2016-07-13 |
| CN105763532B CN105763532B (en) | 2019-05-07 |
Family
ID=56342361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610010174.5A Active CN105763532B (en) | 2016-01-05 | 2016-01-05 | A kind of method and device logging in virtual desktop |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105763532B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109359455A (en) * | 2018-09-19 | 2019-02-19 | 广州杰赛科技股份有限公司 | A kind of cloud desktop login method, apparatus and computer readable storage medium |
| CN110417886A (en) * | 2019-07-29 | 2019-11-05 | 广州竞远安全技术股份有限公司 | A kind of load-balancing method of integrated service, apparatus and system |
| CN114710323A (en) * | 2022-03-16 | 2022-07-05 | 苏州木星科技有限公司 | Cloud desktop device based on block chain and data processing method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100275200A1 (en) * | 2009-04-22 | 2010-10-28 | Dell Products, Lp | Interface for Virtual Machine Administration in Virtual Desktop Infrastructure |
| CN102638475A (en) * | 2011-02-11 | 2012-08-15 | 运软网络科技(上海)有限公司 | Multi-dimensional intelligent service point virtual desktop method and infrastructure |
| CN103248654A (en) * | 2012-02-10 | 2013-08-14 | 中兴通讯股份有限公司 | Negotiation method, device and system for virtual desktop service parameters |
| CN103475726A (en) * | 2013-09-17 | 2013-12-25 | 北京京东尚科信息技术有限公司 | Virtual desktop management method, server and client side |
| CN104158795A (en) * | 2014-07-09 | 2014-11-19 | 中电科华云信息技术有限公司 | Registration system and registration method for full hardware terminal in cloud desktop system |
| CN104717261A (en) * | 2013-12-17 | 2015-06-17 | 华为技术有限公司 | Login method and desktop management device |
-
2016
- 2016-01-05 CN CN201610010174.5A patent/CN105763532B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100275200A1 (en) * | 2009-04-22 | 2010-10-28 | Dell Products, Lp | Interface for Virtual Machine Administration in Virtual Desktop Infrastructure |
| CN102638475A (en) * | 2011-02-11 | 2012-08-15 | 运软网络科技(上海)有限公司 | Multi-dimensional intelligent service point virtual desktop method and infrastructure |
| CN103248654A (en) * | 2012-02-10 | 2013-08-14 | 中兴通讯股份有限公司 | Negotiation method, device and system for virtual desktop service parameters |
| CN103475726A (en) * | 2013-09-17 | 2013-12-25 | 北京京东尚科信息技术有限公司 | Virtual desktop management method, server and client side |
| CN104717261A (en) * | 2013-12-17 | 2015-06-17 | 华为技术有限公司 | Login method and desktop management device |
| CN104158795A (en) * | 2014-07-09 | 2014-11-19 | 中电科华云信息技术有限公司 | Registration system and registration method for full hardware terminal in cloud desktop system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109359455A (en) * | 2018-09-19 | 2019-02-19 | 广州杰赛科技股份有限公司 | A kind of cloud desktop login method, apparatus and computer readable storage medium |
| CN109359455B (en) * | 2018-09-19 | 2021-03-02 | 广州杰赛科技股份有限公司 | Cloud desktop login method and device and computer readable storage medium |
| CN110417886A (en) * | 2019-07-29 | 2019-11-05 | 广州竞远安全技术股份有限公司 | A kind of load-balancing method of integrated service, apparatus and system |
| CN110417886B (en) * | 2019-07-29 | 2020-12-29 | 广州竞远安全技术股份有限公司 | Load balancing method, device and system for integrated service |
| CN114710323A (en) * | 2022-03-16 | 2022-07-05 | 苏州木星科技有限公司 | Cloud desktop device based on block chain and data processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105763532B (en) | 2019-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108108223B (en) | Kubernetes-based container management platform | |
| CN102947797B (en) | The online service using directory feature extending transversely accesses and controls | |
| CN111783067B (en) | Automatic login method and device between multiple network stations | |
| US10484385B2 (en) | Accessing an application through application clients and web browsers | |
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| CN105991734B (en) | A kind of cloud platform management method and system | |
| WO2017024791A1 (en) | Authorization processing method and device | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| WO2012155096A1 (en) | Access control architecture | |
| CN104468550B (en) | A kind of user login method of windows desktop, equipment and system | |
| CN102710640A (en) | Authorization requesting method, device and system | |
| US11245577B2 (en) | Template-based onboarding of internet-connectible devices | |
| CN102571873B (en) | Bidirectional security audit method and device in distributed system | |
| CN111526111B (en) | Control method, device and equipment for logging in light application and computer storage medium | |
| CN112651011A (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
| CN112311783B (en) | Method and system for authenticating reverse proxy | |
| CN115698998A (en) | Secure resource authorization for external identities using remote subject objects | |
| CN110798310A (en) | Component delegation to an IoT hub using granted blockchains | |
| CN104580081A (en) | Integrated SSO (single sign on) system | |
| CN105262780A (en) | Authority control method and system | |
| CN105763532A (en) | Method and device for logging in to virtual desktop | |
| CN116170234B (en) | Single sign-on method and system based on virtual account authentication | |
| CN112600744A (en) | Authority control method and device, storage medium and electronic device | |
| CN105120010B (en) | A kind of virtual machine Anti-theft method under cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |