[go: up one dir, main page]

CN104636678B - The method and system of management and control is carried out under a kind of cloud computing environment to terminal device - Google Patents

The method and system of management and control is carried out under a kind of cloud computing environment to terminal device Download PDF

Info

Publication number
CN104636678B
CN104636678B CN201310573998.XA CN201310573998A CN104636678B CN 104636678 B CN104636678 B CN 104636678B CN 201310573998 A CN201310573998 A CN 201310573998A CN 104636678 B CN104636678 B CN 104636678B
Authority
CN
China
Prior art keywords
terminal
server
information
hardware
cloud computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310573998.XA
Other languages
Chinese (zh)
Other versions
CN104636678A (en
Inventor
谢朝阳
高原
郑少斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Cloud Technology Co Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201310573998.XA priority Critical patent/CN104636678B/en
Publication of CN104636678A publication Critical patent/CN104636678A/en
Application granted granted Critical
Publication of CN104636678B publication Critical patent/CN104636678B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了一种云计算环境下对终端设备进行管控的方法和系统。该方法包括:终端捕获到启动中断信号后,从服务器下载XEN内核到本地内存中执行,进而启动并运行XEN虚拟机监控器;终端将用户登陆信息发送给服务器;当通过服务器的验证后,接收到服务器返回的操作系统和应用程序列表,终端进行选择后,将选择的操作系统和应用程序发给服务器;成功登陆后,终端将采集的硬件信息和/或软件信息发给服务器。本发明满足监管功能并保证安全性。

The invention discloses a method and a system for managing and controlling terminal equipment in a cloud computing environment. The method includes: after the terminal captures the startup interrupt signal, downloading the XEN kernel from the server to the local memory for execution, and then starting and running the XEN virtual machine monitor; the terminal sends the user login information to the server; after passing the verification of the server, receiving After receiving the operating system and application program list returned by the server, the terminal will send the selected operating system and application program to the server after making a selection; after successful login, the terminal will send the collected hardware information and/or software information to the server. The invention satisfies the supervisory function and guarantees safety.

Description

一种云计算环境下对终端设备进行管控的方法和系统Method and system for managing and controlling terminal equipment in a cloud computing environment

技术领域technical field

本发明涉及计算机领域,特别是涉及一种云计算环境下对终端设备进行管控的方法和系统。The present invention relates to the field of computers, in particular to a method and system for managing and controlling terminal equipment in a cloud computing environment.

背景技术Background technique

随着信息科学技术的飞速发展,网络和计算机已经深入人们的日常生活,无论是企业、政府机关还是学校都在越来越多的部署和使用计算机。面对这些越来越多的IT资产,一个企业需要能够有效的对这些计算机的硬件资产(机器的台数和配置)和软件资产(安装的软件的种类和数量)进行管理。同时,由于希望用户能够安全有效的使用这些设备,在必要的时候需要对系统运行状态和用户活动进行监督和控制。因此,如何能够有效的进行IT资产监控和管理是一个重要的问题。With the rapid development of information science and technology, networks and computers have penetrated into people's daily life, whether enterprises, government agencies or schools are deploying and using more and more computers. Faced with these increasing IT assets, an enterprise needs to be able to effectively manage the hardware assets (number and configuration of machines) and software assets (type and quantity of installed software) of these computers. At the same time, since users are expected to use these devices safely and effectively, it is necessary to monitor and control the system operating status and user activities when necessary. Therefore, how to effectively monitor and manage IT assets is an important issue.

传统的监管方法存在两个问题:There are two problems with the traditional regulatory approach:

第一,管理代理程序工作在操作系统内部,很容易受到用户有意识和无意识的破坏,也很容易受到病毒、蠕虫等恶意病毒软件的攻击。First, the management agent program works inside the operating system, and is easily damaged by users consciously or unconsciously, and is also easily attacked by malicious virus software such as viruses and worms.

第二,不能提供跨设备、跨平台的监管功能,即无法对使用不同的操作系统的计算设备进行监管。Second, cross-device and cross-platform supervision functions cannot be provided, that is, computing devices using different operating systems cannot be supervised.

发明内容Contents of the invention

本发明涉及的缩略语Abbreviations involved in the present invention

EFI:Extensible Firmware Interface,可扩展固件接口;EFI: Extensible Firmware Interface, extensible firmware interface;

PXE:Pre-boot Execution Environment,预启动运行环境;PXE: Pre-boot Execution Environment, pre-boot operating environment;

VMM:Virtual Machine Monitor,虚拟机监控器;VMM: Virtual Machine Monitor, virtual machine monitor;

iSCSI:Internet Small Computer System Interface,互联网小型计算机接口;iSCSI: Internet Small Computer System Interface, Internet small computer interface;

UDP:User Datagram Protocol,用户数据报协议。UDP: User Datagram Protocol, User Datagram Protocol.

鉴于以上,本发明提出一种云计算环境下对终端设备进行管控的方法和系统。In view of the above, the present invention proposes a method and system for managing and controlling terminal equipment in a cloud computing environment.

根据本发明一方面,提出一种云计算环境下对终端设备进行管控的系统,包括终端,该终端包括硬件层、固件层、VMM层和用户操作系统层,其中:According to one aspect of the present invention, a system for managing and controlling terminal equipment in a cloud computing environment is proposed, including a terminal, and the terminal includes a hardware layer, a firmware layer, a VMM layer, and a user operating system layer, wherein:

固件层,捕获到启动中断信号后,从服务器下载XEN内核到本地内存中执行,进而启动并运行XEN虚拟机监控器;The firmware layer, after capturing the startup interrupt signal, downloads the XEN kernel from the server to the local memory for execution, and then starts and runs the XEN virtual machine monitor;

VMM层,将用户登陆信息发送给服务器,接收服务器返回的操作系统和应用程序列表,将选择的操作系统和应用程序发给服务器,以及将采集的硬件信息和/或软件信息发给服务器。The VMM layer sends user login information to the server, receives the operating system and application program list returned by the server, sends the selected operating system and application program to the server, and sends the collected hardware information and/or software information to the server.

进一步,VMM层设置资源管理代理,该资源管理代理包括临时状态库、第一通信接口、用户登录服务和代理服务,其中:Further, the VMM layer sets a resource management agent, which includes a temporary state storehouse, a first communication interface, a user login service, and a proxy service, wherein:

临时状态库,保存当前终端的各种软硬件信息;Temporary state library, which saves various software and hardware information of the current terminal;

第一通信接口,将硬件信息收集模块获取的硬件信息和/或用户视图重构模块获取的软件信息发送给服务器,以及将用户登录信息发送给服务器;The first communication interface sends the hardware information obtained by the hardware information collection module and/or the software information obtained by the user view reconstruction module to the server, and sends the user login information to the server;

用户登录服务,将用户登陆信息发送给服务器,接收服务器返回的操作系统和应用程序列表,并将选择的操作系统和应用程序列表发给服务器;User login service, send user login information to the server, receive the operating system and application program list returned by the server, and send the selected operating system and application program list to the server;

代理服务包括硬件信息收集模块和用户视图重构模块,其中:Agent service includes hardware information collection module and user view reconstruction module, among which:

硬件信息收集模块,采集硬件信息;The hardware information collection module collects hardware information;

用户视图重构模块,采集软件信息。The user view reconstruction module collects software information.

进一步,VMM层的XEN虚拟机监视器创建域0,资源管理代理运行在XEN域0中。Further, the XEN virtual machine monitor of the VMM layer creates domain 0, and the resource management agent runs in XEN domain 0.

进一步,固件层采用EFI固件接口,通过该EFI接口捕获启动中断信号。Further, the firmware layer adopts the EFI firmware interface, and captures the startup interrupt signal through the EFI interface.

进一步,代理服务还包括配置执行模块,接收到服务器发送的硬件和/或软件配置信息,调用对应的程序根据该配置信息执行配置操作。Further, the proxy service also includes a configuration execution module, which receives hardware and/or software configuration information sent by the server, and invokes a corresponding program to perform configuration operations according to the configuration information.

根据本发明另一方面,还提出一种云计算环境下对终端设备进行管控的系统,包括服务器,该服务器包括启动模块、web管理工具和资源管理中心,其中:According to another aspect of the present invention, a system for managing and controlling terminal devices in a cloud computing environment is also proposed, including a server, the server including a startup module, a web management tool, and a resource management center, wherein:

启动模块,终端启动时,与终端进行交互并提供XEN内核下载;The startup module, when the terminal starts, interacts with the terminal and provides XEN kernel download;

web管理工具,终端启动后,调用资源管理中心;Web management tool, after the terminal is started, call the resource management center;

资源管理中心,接收终端发送的用户登陆信息,在验证通过后,向终端返回操作系统和应用程序列表,接收到终端选择的操作系统和应用程序,以及接收终端采集的硬件信息和/或软件信息。The resource management center receives the user login information sent by the terminal, returns the operating system and application program list to the terminal after the verification is passed, receives the operating system and application program selected by the terminal, and receives the hardware information and/or software information collected by the terminal .

进一步,资源管理中心包括可视化代理、管理资源库、用户认证服务、管理服务和第二通信接口,其中:Further, the resource management center includes a visual agent, a management resource library, a user authentication service, a management service and a second communication interface, wherein:

可视化代理,为Web管理工具提供可视化的管理信息和配置命令;Visual agent, providing visual management information and configuration commands for web management tools;

第二通信接口,接收终端发送的硬件信息和/或软件信息;The second communication interface is used to receive hardware information and/or software information sent by the terminal;

管理资源库,将收集到的各种数据信息进行归类存储和维护;Manage the resource library, classify, store and maintain various collected data information;

用户认证服务,通过第二通信接口接收来自终端的用户登录信息,查询管理资源库认证该用户是否具备登陆权限,如通过认证,查询并返回该用户可使用的操作系统和应用程序列表,否则,返回登录失败;User authentication service, receiving user login information from the terminal through the second communication interface, querying the management resource library to verify whether the user has login authority, if the authentication is passed, querying and returning the list of operating systems and application programs that the user can use, otherwise, Return login failed;

管理服务包括权限控制模块、信息收集模块和性能监控模块,其中:Management services include authority control module, information collection module and performance monitoring module, among which:

权限控制模块,授予不同的监管范围和权限级别;Authority control module, granting different supervision scope and authority level;

性能监控模块,经过权限控制模块授权后,通过第二通信接口发送各种类别的软硬件信息查询请求;The performance monitoring module, after being authorized by the authority control module, sends various types of software and hardware information query requests through the second communication interface;

信息收集模块,将终端发送的硬件信息和/或软件信息交由管理资源库维护。The information collection module is used to hand over the hardware information and/or software information sent by the terminal to the management resource library for maintenance.

进一步,管理服务还包括配置模块,为可视化代理提供统一的调用接口来处理其他组件对终端配置信息的操作请求,经过权限控制模块授权后,通过第二通信接口向终端发送硬件和/或软件配置信息,以使终端根据该配置信息执行相应的操作。Further, the management service also includes a configuration module, which provides a unified call interface for the visualization agent to process other components’ operation requests for terminal configuration information, and after being authorized by the authority control module, sends the hardware and/or software configuration to the terminal through the second communication interface information, so that the terminal performs corresponding operations according to the configuration information.

根据本发明另一方面,还提出一种云计算环境下对终端设备进行管控的系统,包括上述任一所述终端以及上述任一所述服务器。According to another aspect of the present invention, a system for managing and controlling terminal devices in a cloud computing environment is also proposed, including any of the above-mentioned terminals and any of the above-mentioned servers.

进一步,终端和服务器通过交换资源管理协议报文进行通讯,该协议报文通过UDP协议传输,每个报文单独封装在UDP数据包中。Further, the terminal and the server communicate by exchanging resource management protocol messages, the protocol messages are transmitted through the UDP protocol, and each message is individually encapsulated in a UDP data packet.

根据本发明另一方面,还提出一种云计算环境下对终端设备进行管控的方法,其中:According to another aspect of the present invention, a method for managing and controlling terminal equipment in a cloud computing environment is also proposed, wherein:

终端捕获到启动中断信号后,从服务器下载XEN内核到本地内存中执行,进而启动并运行XEN虚拟机监控器;After capturing the startup interrupt signal, the terminal downloads the XEN kernel from the server to the local memory for execution, and then starts and runs the XEN virtual machine monitor;

终端将用户登陆信息发送给服务器;The terminal sends the user login information to the server;

当通过服务器的验证后,接收到服务器返回的操作系统和应用程序列表,终端进行选择后,将选择的操作系统和应用程序发给服务器;After passing the verification of the server, the terminal receives the operating system and application program list returned by the server, and after the terminal makes a selection, it sends the selected operating system and application program to the server;

成功登陆后,终端将采集的硬件信息和/或软件信息发给服务器。After successful login, the terminal sends the collected hardware information and/or software information to the server.

进一步,当终端接收到服务器发送的硬件和/或软件配置信息时,调用对应的程序根据该配置信息执行配置操作。Further, when the terminal receives the hardware and/or software configuration information sent by the server, it invokes a corresponding program to perform a configuration operation according to the configuration information.

进一步,终端和服务器通过交换资源管理协议报文进行通讯,该协议报文通过UDP协议传输,每个报文单独封装在UDP数据包中。Further, the terminal and the server communicate by exchanging resource management protocol messages, the protocol messages are transmitted through the UDP protocol, and each message is individually encapsulated in a UDP data packet.

根据本发明另一方面,还提出一种云计算环境下对终端设备进行管控的方法,其中:According to another aspect of the present invention, a method for managing and controlling terminal equipment in a cloud computing environment is also proposed, wherein:

在终端启动时,服务器与终端进行交互并提供XEN内核下载;When the terminal starts, the server interacts with the terminal and provides XEN kernel download;

在终端启动后,服务器接收终端发送的用户登陆信息,在验证通过后,向终端返回操作系统和应用程序列表;After the terminal is started, the server receives the user login information sent by the terminal, and returns the list of operating systems and applications to the terminal after the verification is passed;

当终端选择后,接收到终端已选择的操作系统和应用程序;After the terminal is selected, the operating system and application program selected by the terminal are received;

接收终端采集的硬件信息和/或软件信息。The hardware information and/or software information collected by the terminal is received.

进一步,服务器向终端发送硬件和/或软件配置信息,以使终端根据该配置信息执行相应的操作。Further, the server sends hardware and/or software configuration information to the terminal, so that the terminal performs corresponding operations according to the configuration information.

本发明基于虚拟机技术完成云计算环境下终端设备的软硬件资源管理,满足监管功能并保证安全性。The invention completes the software and hardware resource management of the terminal equipment in the cloud computing environment based on the virtual machine technology, satisfies the supervisory function and guarantees the safety.

附图说明Description of drawings

此处所说明的附图用来提供对本发明的进一步理解,构成本发明的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings described here are used to provide a further understanding of the present invention, and constitute a part of the present invention. The schematic embodiments of the present invention and their descriptions are used to explain the present invention, and do not constitute improper limitations to the present invention. In the attached picture:

图1所示为本发明一实施例中的云计算环境下对终端设备进行管控的系统的结构示意图。FIG. 1 is a schematic structural diagram of a system for managing and controlling terminal devices in a cloud computing environment in an embodiment of the present invention.

图2所示为本发明另一实施例中的系统结构示意图。Fig. 2 is a schematic diagram of the system structure in another embodiment of the present invention.

图3所示为本发明中资源管理协议数据包格式。Fig. 3 shows the resource management protocol packet format in the present invention.

图4所示为本发明中资源管理协议的交互流程示意图。FIG. 4 is a schematic diagram of the interaction flow of the resource management protocol in the present invention.

图5所示为本发明一实施例中的一种云计算环境下对终端设备进行管控的方法流程示意图。FIG. 5 is a schematic flowchart of a method for managing and controlling a terminal device in a cloud computing environment in an embodiment of the present invention.

图6所示为本发明另一实施例中的一种云计算环境下对终端设备进行管控的方法流程示意图。FIG. 6 is a schematic flowchart of a method for managing and controlling a terminal device in a cloud computing environment in another embodiment of the present invention.

具体实施方式detailed description

现在将参照附图来详细描述本发明的各种示例性实施例。应注意到:除非另外具体说明,否则在这些实施例中阐述的部件和步骤的相对布置和数值不限制本发明的范围。Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that the relative arrangements and numerical values of components and steps set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.

同时,应当明白,为了便于描述,附图中所示出的各个部分的尺寸并不是按照实际的比例关系绘制的。At the same time, it should be understood that, for the convenience of description, the sizes of the various parts shown in the drawings are not drawn according to the actual proportional relationship.

以下对至少一个示例性实施例的描述实际上仅仅是说明性的,决不作为对本发明及其应用或使用的任何限制。The following description of at least one exemplary embodiment is merely illustrative in nature and in no way taken as limiting the invention, its application or uses.

对于相关领域普通技术人员已知的技术、方法和设备可能不作详细讨论,但在适当情况下,所述技术、方法和设备应当被视为授权说明书的一部分。Techniques, methods and devices known to those of ordinary skill in the relevant art may not be discussed in detail, but where appropriate, such techniques, methods and devices should be considered part of the Authorized Specification.

在这里示出和讨论的所有示例中,任何具体值应被解释为仅仅是示例性的,而不是作为限制。因此,示例性实施例的其它示例可以具有不同的值。In all examples shown and discussed herein, any specific values should be construed as illustrative only, and not as limiting. Therefore, other examples of the exemplary embodiment may have different values.

应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步讨论。It should be noted that like numerals and letters denote like items in the following figures, therefore, once an item is defined in one figure, it does not require further discussion in subsequent figures.

云计算是一种为用户提供服务的计算,其目标是在系统为用户提供服务时,让用户不用知道计算过程和服务细节,只需关心系统能否提供所需服务和服务质量。云计算作为服务共享的计算模式,在系统部署、管理维护和安全性等方面,具有传统计算模式无法比拟的优势。Cloud computing is a kind of computing that provides services to users. Its goal is to let users not need to know the calculation process and service details when the system provides services to users, but only care about whether the system can provide the required services and service quality. As a computing model of service sharing, cloud computing has incomparable advantages over traditional computing models in terms of system deployment, management and maintenance, and security.

本发明提出了一种云计算环境下对终端设备进行管控的方法和系统,是基于虚拟机技术实现远程资源管理。为使本发明的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本发明进一步详细说明。The present invention proposes a method and system for managing and controlling terminal equipment in a cloud computing environment, and realizes remote resource management based on virtual machine technology. In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

图1所示为本发明一实施例中的云计算环境下对终端设备进行管控的系统的结构示意图。该系统包括终端和服务器。FIG. 1 is a schematic structural diagram of a system for managing and controlling terminal devices in a cloud computing environment in an embodiment of the present invention. The system includes terminals and servers.

终端捕获到启动中断信号后,从服务器下载XEN内核到本地内存中执行,进而启动并运行XEN虚拟机监控器。终端将用户登陆信息发送给服务器,由服务器进行验证,当验证通过后,例如,根据用户名和密码进行验证,服务器向终端返回操作系统和应用程序列表。终端进行选择,并将选择的操作系统和应用程序列表发给服务器。其中,操作系统和应用程序始终在服务器,客户端可以通过iSCSI协议使用位于服务器上的网络存储。此时可以由服务器为终端提供数据访问服务。终端采集硬件信息和/或软件信息并发给服务器,由服务器对终端的信息进行管控。After capturing the startup interrupt signal, the terminal downloads the XEN kernel from the server to the local memory for execution, and then starts and runs the XEN virtual machine monitor. The terminal sends the user login information to the server, and the server performs verification. After the verification is passed, for example, according to the user name and password, the server returns the list of operating systems and application programs to the terminal. The terminal makes a selection, and sends the selected operating system and application program list to the server. Among them, the operating system and application programs are always on the server, and the client can use the network storage located on the server through the iSCSI protocol. At this time, the server may provide the data access service for the terminal. The terminal collects hardware information and/or software information and sends it to the server, and the server controls the information of the terminal.

终端的结构示意图还如图1所示。终端没有操作系统及其上的支持工具和应用程序,不需要硬盘等二级存储器,只负责运算和输入输出。终端使用的操作系统和应用程序存储在分布式网络的服务器中,以由服务器进行统一的管理和维护,即,客户端的操作系统和应用程序资源始终位于服务器,所以服务器知道终端使用的资源,并可以方便的获取资源信息。终端的功能层次结构自下而上分为硬件层、固件层、虚拟机监控器(VMM)层和用户操作系统层。A schematic structural diagram of the terminal is also shown in FIG. 1 . The terminal has no operating system and supporting tools and applications on it, and does not need secondary storage such as hard disks, and is only responsible for calculation and input and output. The operating system and application program used by the terminal are stored in the server of the distributed network for unified management and maintenance by the server, that is, the operating system and application program resources of the client are always located on the server, so the server knows the resources used by the terminal and Resource information can be easily obtained. The functional hierarchy of the terminal is divided into hardware layer, firmware layer, virtual machine monitor (VMM) layer and user operating system layer from bottom to top.

终端启动时,固件层中提前固化在EFI中的PXE协议捕获到启动中断信号后,下载XEN内核到本地内存中动态调度执行。固件层利用EFI技术能够有效的屏蔽硬件平台的差异性,为上层操作系统提供开放的接口标准。通过调用EFI提供的主板和操作系统接口可以进行硬件控制。When the terminal starts, after the PXE protocol solidified in EFI in the firmware layer captures the startup interrupt signal, it downloads the XEN kernel to the local memory for dynamic scheduling and execution. The firmware layer uses EFI technology to effectively shield the differences of the hardware platform and provide an open interface standard for the upper operating system. Hardware control can be carried out by calling the motherboard and operating system interfaces provided by EFI.

VMM层的XEN VMM(XEN是开放源代码虚拟机监视器)创建的域0能够管理和调度其他用户操作系统并对软硬件资源进行管理和配置。此时,运行在XEN域0中的资源管理代理开始运行,将用户登陆信息发送给服务器,接收服务器返回的操作系统和应用程序列表,并将选择的操作系统和应用程序列表发给服务器。此后,域0将截获操作系统所有对本地磁盘的I/O访问请求,通过iSCSI协议将I/O请求转发至服务器,即通过iSCSI协议访问服务器上的网络存储设备。资源管理代理采集硬件信息和/或软件信息并发给服务器。The domain 0 created by the XEN VMM (XEN is an open source virtual machine monitor) of the VMM layer can manage and schedule other user operating systems and manage and configure software and hardware resources. At this point, the resource management agent running in XEN domain 0 starts to run, sends user login information to the server, receives the operating system and application program list returned by the server, and sends the selected operating system and application program list to the server. After that, domain 0 will intercept all I/O access requests of the operating system to the local disk, and forward the I/O requests to the server through the iSCSI protocol, that is, access the network storage device on the server through the iSCSI protocol. The resource management agent collects hardware information and/or software information and sends them to the server.

本发明中,采集信息的操作发生在域0中,而不是用户域的操作系统之内。此外,终端采用EFI固件接口,相对于传统的BIOS接口具有更加强大的功能,能够获取更多的硬件状态。In the present invention, the operation of collecting information occurs in domain 0, rather than within the operating system of the user domain. In addition, the terminal adopts the EFI firmware interface, which has more powerful functions than the traditional BIOS interface, and can obtain more hardware status.

服务器的结构示意图还如图1所示。服务器包括启动模块、web管理工具和资源管理中心。A schematic structural diagram of the server is also shown in FIG. 1 . The server includes a startup module, a web management tool and a resource management center.

服务器是整个信息处理和任务调度中心,负责终端和服务器两部分的监控和管理。终端启动时,服务器通过启动模块与终端进行交互并提供XEN内核下载。启动后,通过Web管理工具调用资源管理中心组件对终端的软硬件运行情况进行监控和系统配置。服务器为存储资源提供者进行程序和数据等资源的存储和管理,负责响应来自终端的数据请求,并把终端需要的系统、工具和应用程序动态的交换传输至终端的内存中执行,而不负责用户请求的计算工作。The server is the entire information processing and task scheduling center, responsible for the monitoring and management of the terminal and the server. When the terminal starts, the server interacts with the terminal through the startup module and provides XEN kernel download. After startup, the resource management center component is invoked through the web management tool to monitor and configure the software and hardware of the terminal. The server stores and manages resources such as programs and data for the storage resource provider, is responsible for responding to data requests from the terminal, and dynamically transfers the systems, tools and applications required by the terminal to the terminal's memory for execution, and is not responsible for Computational work requested by the user.

本发明通过将软硬件资源管理工具(即资源管理代理)运行在终端设备的操作系统之下的VMM中而并不运行在用户操作系统空间中,从而能够进行跨平台跨设备的监管,而且不会像传统的管理代理软件一样被用户误删除或者是被病毒、木马等破坏和控制。The present invention runs the software and hardware resource management tool (that is, the resource management agent) in the VMM under the operating system of the terminal device instead of running in the user operating system space, thereby enabling cross-platform and cross-device supervision without Like traditional management agent software, it will be accidentally deleted by users or destroyed and controlled by viruses, Trojan horses, etc.

图2所示为本发明另一实施例中的系统结构示意图。该系统通过工作在终端上的资源管理代理和工作在服务器上的资源管理中心一起配合完成资源管控的功能。Fig. 2 is a schematic diagram of the system structure in another embodiment of the present invention. The system cooperates with the resource management agent working on the terminal and the resource management center working on the server to complete the function of resource management and control.

如图2所示,终端的VMM层设置资源管理代理,该资源管理代理包括临时状态库、第一通信接口、用户登录服务和代理服务。As shown in FIG. 2 , the VMM layer of the terminal sets a resource management agent, and the resource management agent includes a temporary state store, a first communication interface, a user login service and a proxy service.

临时状态库用来保存当前终端的各种软硬件信息。The temporary state store is used to save various software and hardware information of the current terminal.

第一通信接口通过资源管理协议与服务器进行交互,发送用户登录信息和软硬件信息,并接收来自服务器的配置命令。The first communication interface interacts with the server through the resource management protocol, sends user login information and software and hardware information, and receives configuration commands from the server.

用户登录服务将用户登陆信息发送给服务器,接收服务器返回的操作系统和应用程序列表,并将选择的操作系统和应用程序列表发给服务器。此后,域0将截获操作系统所有对本地磁盘的I/O访问请求,通过iSCSI协议将I/O请求转发至服务器。The user login service sends the user login information to the server, receives the operating system and application program list returned by the server, and sends the selected operating system and application program list to the server. Thereafter, domain 0 will intercept all I/O access requests of the operating system to the local disk, and forward the I/O requests to the server through the iSCSI protocol.

代理服务是资源管理代理的核心组件,包括硬件信息收集模块、The agent service is the core component of the resource management agent, including the hardware information collection module,

用户视图重构模块、报告处理模块和配置执行模块。其中:User view reconstruction module, report processing module and configuration execution module. in:

硬件信息收集模块负责硬件信息的获取,调用EFI提供的相关接口服务,可以获得当前计算设备实时的硬件配置和运行情况,如CPU、内存、电压、温度和转速等。The hardware information collection module is responsible for the acquisition of hardware information, calls the relevant interface services provided by EFI, and can obtain the real-time hardware configuration and operation status of the current computing device, such as CPU, memory, voltage, temperature and speed, etc.

用户视图重构模块采用基于用户视图重构的方法重构出用户文件系统视图。由于虚拟机监控器能够获取用户虚拟设备的数据块级的内容,因此用户视图重构模块可以通过读取用户虚拟设备中存储的内容来重构整个用户文件系统。用户视图重构模块能够访问用户所使用的内存内容,在上述已经重构好的用户文件系统的辅助下,用户视图重构模块能够重构用户操作系统内存的视图。通过对视图中的进程控制块的分析,可以得到用户当前正在运行的进程情况,即获取软件信息。The user view reconstruction module reconstructs the user file system view based on the user view reconstruction method. Since the virtual machine monitor can obtain the block-level content of the user virtual device, the user view reconstruction module can reconstruct the entire user file system by reading the content stored in the user virtual device. The user view reconstruction module can access the memory content used by the user. With the assistance of the above-mentioned reconstructed user file system, the user view reconstruction module can reconstruct the view of the memory of the user operating system. By analyzing the process control block in the view, you can get the status of the process currently running by the user, that is, obtain software information.

报告处理模块将收集到的软硬件信息进行分类和整理后,交由第一通信接口发送给服务器。报告处理模块可以定时发送硬件和/或软件信息。报告处理模块可根据收集到的软硬件信息判断是否存在异常事件,如果有,则向服务器发送异常报告。服务器收到异常报告,有两类处理方式:1、自动发送配置指令至客户端,由客户端的配置执行模块调用相关功能组件重新完成配置。2、服务器不执行任何操作,而向管理员提示存在异常,等待管理员解决。After the report processing module classifies and organizes the collected software and hardware information, it sends it to the server through the first communication interface. The report processing module can periodically send hardware and/or software information. The report processing module can judge whether there is an abnormal event according to the collected software and hardware information, and if so, send an abnormal report to the server. When the server receives the exception report, there are two types of processing methods: 1. Automatically send configuration instructions to the client, and the configuration execution module of the client calls the relevant functional components to complete the configuration again. 2. The server does not perform any operation, but prompts the administrator that there is an exception, and waits for the administrator to solve it.

配置执行模块是配置某一具体参数的独立程序,可以存在多个配置执行组件。接收到服务器发送的硬件和/或软件配置信息,配置执行模块调用对应的程序根据该配置信息执行配置操作。The configuration execution module is an independent program for configuring a specific parameter, and there may be multiple configuration execution components. After receiving the hardware and/or software configuration information sent by the server, the configuration execution module invokes a corresponding program to perform configuration operations according to the configuration information.

如图2所示,服务器上的资源管理中心包括可视化代理、管理资源库、第二通信接口、用户认证服务和管理服务。As shown in Figure 2, the resource management center on the server includes a visual agent, a management resource library, a second communication interface, user authentication service and management service.

可视化代理由一系列用户API组成,为Web管理工具提供可视化的管理信息和配置命令。The visual proxy consists of a series of user APIs, providing visual management information and configuration commands for web management tools.

第二通信接口接收终端发送的硬件信息和/或软件信息,并发送配置命令。The second communication interface receives hardware information and/or software information sent by the terminal, and sends configuration commands.

管理资源库是管理信息的数据中心,它将收集到的各种数据信息进行归类存储和维护,并根据各个功能组件的需要,为其提供所需的信息资源。管理资源库包括三类:(i)用户信息,包括用户名、用户密码、用户所属组、用户可使用的操作系统列表、用户的服务优先级、用户当前运行状态、以及各种用户属性信息。(ii)设备硬件信息,包括CPU类型、主频、温度、内存大小、内存可用值、硬盘总量、硬盘空闲值、网络流量、电源电压等。(iii)系统软件信息,包括当前使用的操作系统类型、安装的应用程序以及运行时的系统进程等。The management resource library is the data center of management information, which classifies, stores and maintains various data information collected, and provides the required information resources according to the needs of each functional component. The management resource library includes three categories: (i) user information, including user name, user password, user group, user operating system list, user service priority, user current operating status, and various user attribute information. (ii) Device hardware information, including CPU type, main frequency, temperature, memory size, available memory value, total amount of hard disk, idle value of hard disk, network traffic, power supply voltage, etc. (iii) System software information, including the type of operating system currently in use, installed applications, and system processes at runtime, etc.

用户认证服务通过第二通信接口接收来自终端的用户登录信息,查询管理资源库认证该用户是否具备登陆权限。如通过认证,查询并返回该用户可使用的操作系统和应用程序列表,否则,返回登录失败。The user authentication service receives user login information from the terminal through the second communication interface, and queries the management resource library to verify whether the user has login authority. If the authentication is passed, query and return the list of operating systems and applications that the user can use, otherwise, return login failure.

管理服务作为资源管理中心的核心组件,负责多种管理任务,包括权限控制模块、信息收集模块、性能监控模块、配置模块和协调模块。其中,性能监控模块经过权限控制模块授权后,可以通过第二通信接口向终端的第一通信接口发送查询请求;当服务器要对终端进行配置时,配置模块经过权限控制模块授权后,可以通过第二通信接口向终端的第一通信接口发送配置信息。下面将对各个模块进行具体说明。As the core component of the resource management center, the management service is responsible for various management tasks, including authority control module, information collection module, performance monitoring module, configuration module and coordination module. Wherein, after being authorized by the authority control module, the performance monitoring module can send a query request to the first communication interface of the terminal through the second communication interface; The second communication interface sends configuration information to the first communication interface of the terminal. Each module will be described in detail below.

权限控制模块授予不同的监管范围和权限级别。权限控制包括查询资源状态和远程配置两个方面。客户端资源状态在服务器保存,权限控制模块负责检查管理员的请求是否具有权限;远程配置则是经过权限控制模块检查和授权之后才能够发送至客户端执行。即,当一个新的监管请求发生时,在该命令发送至网络前需要经过权限控制模块的检查和授权。The authority control module grants different supervisory scopes and authority levels. Authority control includes two aspects of querying resource status and remote configuration. The resource status of the client is saved on the server, and the permission control module is responsible for checking whether the administrator's request has permission; the remote configuration can only be sent to the client for execution after being checked and authorized by the permission control module. That is, when a new supervision request occurs, the command needs to be checked and authorized by the authority control module before being sent to the network.

性能监控模块负责定期发送各种类别的软硬件信息查询请求。The performance monitoring module is responsible for regularly sending various types of software and hardware information query requests.

信息收集模块接收终端发送的监控报告进行分析,包括硬件信息和/或软件信息,将解析出的数据交由管理资源库维护。The information collection module receives and analyzes the monitoring report sent by the terminal, including hardware information and/or software information, and submits the parsed data to the management resource library for maintenance.

配置模块管理终端的配置信息,所有配置信息的读写操作都需要通过配置模块完成,它为可视化代理提供了统一的调用接口来处理其他组件对终端配置信息的操作请求,经过权限控制模块授权后,通过第二通信接口向终端发送硬件和/或软件配置信息,以使终端根据该配置信息执行相应的操作。The configuration module manages the configuration information of the terminal. All read and write operations of configuration information need to be completed through the configuration module. It provides a unified call interface for the visual agent to process other components’ operation requests for terminal configuration information. After authorization by the authority control module , sending hardware and/or software configuration information to the terminal through the second communication interface, so that the terminal performs corresponding operations according to the configuration information.

协调模块是资源管理中心的调度器,用来协调各个模块的处理过程,保证各个模块按规定流程共同配合完成对终端的监控和管理,保证用户系统和设备的安全使用。The coordination module is the scheduler of the resource management center, which is used to coordinate the processing process of each module to ensure that each module cooperates to complete the monitoring and management of the terminal according to the prescribed process, and to ensure the safe use of user systems and equipment.

本发明的一个实施例中,资源管理代理和资源管理中心通过交换资源管理协议报文进行通讯。为了降低协议复杂性并提高效率,协议报文通过UDP协议传输,每个报文单独封装在UDP数据包中,图3所示为本发明中资源管理协议数据包格式。In an embodiment of the present invention, the resource management agent and the resource management center communicate by exchanging resource management protocol messages. In order to reduce the complexity of the protocol and improve the efficiency, the protocol message is transmitted through the UDP protocol, and each message is individually encapsulated in a UDP data packet. FIG. 3 shows the format of the resource management protocol data packet in the present invention.

报文头是资源管理协议数据单元的统一头结构,包括报文的发送者、接收者、报文类型、报文长度等。The message header is the unified header structure of the resource management protocol data unit, including the sender, receiver, message type, and message length of the message.

报文主体包括硬件信息、软件信息两部分,用于描述协议中传输的管理对象的信息,包括该管理对象的类型、数量、数据长度、数据内容等。为了提高协议的可扩展性,没有规定参数的具体类型,用户可以结合实际应用自定义参数类型。The body of the message includes hardware information and software information, which are used to describe the information of the management object transmitted in the protocol, including the type, quantity, data length, and data content of the management object. In order to improve the scalability of the protocol, the specific types of parameters are not specified, and users can customize parameter types in combination with actual applications.

该协议支持Search、Ready、Register、Update、Set、Response、Trap七种报文格式。其中,Search报文用于资源管理代理向资源管理中心发送用户名和密码,请求连接并获取操作系统和应用程序列表;Ready报文用于资源管理中心向资源管理代理回复用户可用的操作系统和应用程序列表;Register报文用于资源管理代理对获得的操作系统和应用程序列表进行选择确认;Update报文用于资源管理代理向资源管理中心更新当前实时的软硬件状态信息;Set报文用于资源管理中心对终端的状态进行设置;Response报文用于资源管理代理和资源管理中心对收到的报文进行响应;Trap报文用于资源管理代理进行异常报告。The protocol supports seven message formats: Search, Ready, Register, Update, Set, Response, and Trap. Among them, the Search message is used by the resource management agent to send the user name and password to the resource management center, requesting to connect and obtain the list of operating systems and applications; the Ready message is used by the resource management center to reply to the resource management agent about the operating systems and applications available to the user program list; the Register message is used by the resource management agent to select and confirm the obtained operating system and application program list; the Update message is used by the resource management agent to update the current real-time software and hardware status information to the resource management center; the Set message is used for The resource management center sets the status of the terminal; the Response message is used for the resource management agent and the resource management center to respond to the received message; the Trap message is used for the resource management agent to report abnormalities.

图4所示为本发明中资源管理协议的交互流程示意图。包括以下交互流程:FIG. 4 is a schematic diagram of the interaction flow of the resource management protocol in the present invention. Including the following interaction process:

请求连接。终端加电启动后,提前驻存在EFI中的PXE协议将捕获终端的启动中断信号,并下载XEN域0到本地内存中运行。用户输入登录信息后,域0中的资源管理代理将用户登陆信息和终端设备信息进行加密后封装成Search报文,发送给资源管理中心进行登陆验证。Request to connect. After the terminal is powered on and started, the PXE protocol pre-resident in the EFI will capture the terminal's startup interrupt signal, and download the XEN domain 0 to the local memory to run. After the user enters the login information, the resource management agent in domain 0 encrypts the user login information and terminal device information, encapsulates it into a Search message, and sends it to the resource management center for login verification.

验证。资源管理中心收到用户连接请求后,对接收到的登陆信息进行验证。验证通过,资源管理中心将用户对应的操作系统和应用程序列表封装在Ready报文中发送回终端。否则,发送验证失败。verify. After receiving the user connection request, the resource management center verifies the received login information. After the verification is passed, the resource management center encapsulates the list of operating systems and application programs corresponding to the user in a Ready message and sends it back to the terminal. Otherwise, sending verification fails.

确认。资源管理代理收到Ready报文,检查报文内容。如果通过认证,资源管理代理将选择的操作系统和应用程序列表通过Register报文发送给资源管理中心,资源管理中心使用iSCSI协议为该终端提供块级数据访问服务。如果未通过认证,需根据提示重新登陆。confirm. The resource management agent receives the Ready message and checks the content of the message. If the authentication is passed, the resource management agent sends the selected operating system and application program list to the resource management center through the Register message, and the resource management center uses the iSCSI protocol to provide block-level data access services for the terminal. If you have not passed the authentication, you need to log in again according to the prompts.

更新。用户成功登陆后,运行在域0中的资源管理代理通过EFI提供的服务接口定时的采集当前终端的硬件信息,并利用用户视图重构模块获得系统进程表,并定期向资源管理中心发送Update报文,更新终端的设备信息和系统信息,即软硬件信息。renew. After the user successfully logs in, the resource management agent running in domain 0 regularly collects the hardware information of the current terminal through the service interface provided by EFI, and uses the user view reconstruction module to obtain the system process table, and periodically sends Update reports to the resource management center. file to update the device information and system information of the terminal, that is, software and hardware information.

设置。资源管理中心需要对终端的软硬件配置进行设置时会向终端发送Set报文。当终端接收后,首先检查报文中所有的设置操作是否都能全部完成。如果可以,终端执行相应的操作并发送Response报文;如果不能,则终端不进行任何操作,仅发送Response报文给资源管理中心。set up. When the resource management center needs to set the software and hardware configuration of the terminal, it will send a Set message to the terminal. After the terminal receives it, it first checks whether all the setting operations in the message can be completed. If yes, the terminal performs a corresponding operation and sends a Response message; if not, the terminal does not perform any operation, but only sends a Response message to the resource management center.

报告异常。当资源管理代理检测到有异常事件发生时,向资源管理中心发送Trap报文进行报告。Report an exception. When the resource management agent detects that an abnormal event occurs, it sends a Trap message to the resource management center for reporting.

本发明适用于基于XEN虚拟机和EFI固件的终端,当然也可以适用于基于其他类型的虚拟机的终端。本领域技术人员应该可以理解,这里只是用于举例,不应理解为对本发明的限制。The present invention is applicable to terminals based on XEN virtual machines and EFI firmware, and of course also applicable to terminals based on other types of virtual machines. It should be understood by those skilled in the art that this is only for example and should not be construed as a limitation of the present invention.

本发明中的资源管理代理运行在操作系统之下的VMM中而并不运行在用户操作系统空间中,因此能够进行跨平台跨设备的监管,而且不会像传统的管理代理软件一样被用户误删除或者是被病毒、木马等破坏和控制。The resource management agent in the present invention runs in the VMM under the operating system and does not run in the user operating system space, so it can perform cross-platform and cross-device supervision, and will not be mistaken by users like traditional management agent software. Deleted or destroyed and controlled by viruses, Trojan horses, etc.

本发明运行在虚拟机中的资源管理代理调用EFI提供的相关接口服务,获得当前计算设备实时的硬件配置和运行状态,通过采用基于用户视图重构的方法重构出用户文件系统视图和当前系统进程。In the present invention, the resource management agent running in the virtual machine invokes the relevant interface services provided by EFI to obtain the real-time hardware configuration and operating status of the current computing device, and reconstructs the user file system view and the current system by adopting a method based on user view reconstruction process.

本发明通过资源管理协议完成资源管理代理和资源管理中心间的数据通讯,支持用户验证、系统状态的更新和设置。The invention completes the data communication between the resource management agent and the resource management center through the resource management protocol, and supports user authentication, system status update and setting.

图5所示为本发明一实施例中的一种云计算环境下对终端设备进行管控的方法流程示意图。该方法包括以下步骤:FIG. 5 is a schematic flowchart of a method for managing and controlling a terminal device in a cloud computing environment in an embodiment of the present invention. The method includes the following steps:

步骤51,终端捕获到启动中断信号后,从服务器下载XEN内核到本地内存中执行,进而启动并运行XEN虚拟机监控器。Step 51 , after capturing the startup interrupt signal, the terminal downloads the XEN kernel from the server to the local memory for execution, and then starts and runs the XEN virtual machine monitor.

步骤52,终端将用户登陆信息发送给服务器,由服务器进行验证。Step 52, the terminal sends the user login information to the server for verification.

步骤53,当通过服务器的验证后,接收到服务器返回的操作系统和应用程序列表,终端进行选择后,将选择的操作系统和应用程序发给服务器。Step 53: After passing the verification by the server, the terminal receives the list of operating systems and application programs returned by the server, and after the terminal makes a selection, sends the selected operating system and application programs to the server.

步骤54,成功登陆后,终端将采集的硬件信息和/或软件信息发给服务器,以由服务器对终端的信息进行管控。Step 54, after successfully logging in, the terminal sends the collected hardware information and/or software information to the server, so that the server can manage and control the information of the terminal.

其中,当终端接收到服务器发送的硬件和/或软件配置信息时,调用对应的程序根据该配置信息执行配置操作。Wherein, when the terminal receives the hardware and/or software configuration information sent by the server, it invokes the corresponding program to perform the configuration operation according to the configuration information.

图6所示为本发明另一实施例中的一种云计算环境下对终端设备进行管控的方法流程示意图。该方法包括以下步骤:FIG. 6 is a schematic flowchart of a method for managing and controlling a terminal device in a cloud computing environment in another embodiment of the present invention. The method includes the following steps:

步骤61,在终端启动时,服务器与终端进行交互并提供XEN内核下载。Step 61, when the terminal starts, the server interacts with the terminal and provides XEN kernel download.

步骤62,在终端启动后,服务器接收终端发送的用户登陆信息,在验证通过后,向终端返回操作系统和应用程序列表。Step 62, after the terminal is started, the server receives the user login information sent by the terminal, and returns the list of operating systems and application programs to the terminal after the verification is passed.

步骤63,当终端选择后,接收终端已选择的操作系统和应用程序。Step 63, when the terminal is selected, receive the operating system and application program selected by the terminal.

步骤64,接收终端发送的硬件信息和/或软件信息,以对终端的信息进行管控。Step 64, receiving hardware information and/or software information sent by the terminal, so as to manage and control the information of the terminal.

其中,服务器向终端发送硬件和/或软件配置信息,以使终端根据该配置信息执行相应的操作。Wherein, the server sends hardware and/or software configuration information to the terminal, so that the terminal performs corresponding operations according to the configuration information.

本发明将软硬件资源管理工具运行在终端设备操作系统之下的虚拟机监控器中而并不运行在用户操作系统空间中,完成对终端设备的软硬件资源的监控和管理。能够提供跨设备、跨平台的监管功能,即能够对使用不同的操作系统的计算设备进行监管。不会受到病毒、蠕虫等恶意病毒软件的攻击,以及用户有意识和无意识的破坏。The invention runs the software and hardware resource management tool in the virtual machine monitor under the terminal equipment operating system instead of running in the user operating system space, and completes the monitoring and management of the software and hardware resources of the terminal equipment. It can provide cross-device and cross-platform supervision functions, that is, it can supervise computing devices using different operating systems. It will not be attacked by malicious virus software such as viruses and worms, as well as users' conscious and unconscious damage.

至此,已经详细描述了本发明。为了避免遮蔽本发明的构思,没有描述本领域所公知的一些细节。本领域技术人员根据上面的描述,完全可以明白如何实施这里公开的技术方案。So far, the present invention has been described in detail. Certain details well known in the art have not been described in order to avoid obscuring the inventive concept. Based on the above description, those skilled in the art can fully understand how to implement the technical solutions disclosed herein.

可能以许多方式来实现本发明的方法以及装置。例如,可通过软件、硬件、固件或者软件、硬件、固件的任何组合来实现本发明的方法以及装置。用于所述方法的步骤的上述顺序仅是为了进行说明,本发明的方法的步骤不限于以上具体描述的顺序,除非以其它方式特别说明。此外,在一些实施例中,还可将本发明实施为记录在记录介质中的程序,这些程序包括用于实现根据本发明的方法的机器可读指令。因而,本发明还覆盖存储用于执行根据本发明的方法的程序的记录介质。The method and apparatus of the invention may be implemented in many ways. For example, the method and device of the present invention can be realized by software, hardware, firmware or any combination of software, hardware, and firmware. The above sequence of steps used in the method is for illustration only, and the steps of the method of the present invention are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present invention can also be implemented as programs recorded in recording media including machine-readable instructions for realizing the method according to the present invention. Thus, the present invention also covers a recording medium storing a program for executing the method according to the present invention.

虽然已经通过示例对本发明的一些特定实施例进行了详细说明,但是本领域的技术人员应该理解,以上示例仅是为了进行说明,而不是为了限制本发明的范围。本领域的技术人员应该理解,可在不脱离本发明的范围和精神的情况下,对以上实施例进行修改。本发明的范围由所附权利要求来限定。Although some specific embodiments of the present invention have been described in detail through examples, those skilled in the art should understand that the above examples are for illustration only, rather than limiting the scope of the present invention. Those skilled in the art will appreciate that modifications can be made to the above embodiments without departing from the scope and spirit of the invention. The scope of the invention is defined by the appended claims.

Claims (15)

1.一种云计算环境下对终端设备进行管控的系统,包括终端,该终端包括硬件层、固件层、虚拟机监控器(VMM)层和用户操作系统层,其特征在于:1. A system for managing and controlling terminal equipment under a cloud computing environment, comprising a terminal, the terminal comprising a hardware layer, a firmware layer, a virtual machine monitor (VMM) layer and a user operating system layer, characterized in that: 固件层,捕获到启动中断信号后,从服务器下载XEN内核到本地内存中执行,进而启动并运行XEN虚拟机监控器;The firmware layer, after capturing the startup interrupt signal, downloads the XEN kernel from the server to the local memory for execution, and then starts and runs the XEN virtual machine monitor; VMM层,将用户登陆信息发送给服务器,接收服务器返回的操作系统和应用程序列表,将选择的操作系统和应用程序发给服务器,以及将采集的硬件信息和/或软件信息发给服务器。The VMM layer sends user login information to the server, receives the operating system and application program list returned by the server, sends the selected operating system and application program to the server, and sends the collected hardware information and/or software information to the server. 2.根据权利要求1所述云计算环境下对终端设备进行管控的系统,其特征在于:2. according to the system that terminal equipment is managed and controlled under the cloud computing environment described in claim 1, it is characterized in that: VMM层设置资源管理代理,该资源管理代理包括临时状态库、第一通信接口、用户登录服务和代理服务,其中:The VMM layer sets a resource management agent, which includes a temporary state storehouse, a first communication interface, a user login service, and a proxy service, wherein: 临时状态库,保存当前终端的各种软硬件信息;Temporary state library, which saves various software and hardware information of the current terminal; 第一通信接口,将硬件信息收集模块获取的硬件信息和/或用户视图重构模块获取的软件信息发送给服务器,以及将用户登录信息发送给服务器;The first communication interface sends the hardware information obtained by the hardware information collection module and/or the software information obtained by the user view reconstruction module to the server, and sends the user login information to the server; 用户登录服务,将用户登陆信息发送给服务器,接收服务器返回的操作系统和应用程序列表,并将选择的操作系统和应用程序列表发给服务器;User login service, send user login information to the server, receive the operating system and application program list returned by the server, and send the selected operating system and application program list to the server; 代理服务包括硬件信息收集模块和用户视图重构模块,其中:Agent service includes hardware information collection module and user view reconstruction module, among which: 硬件信息收集模块,采集硬件信息;The hardware information collection module collects hardware information; 用户视图重构模块,采集软件信息。The user view reconstruction module collects software information. 3.根据权利要求2所述云计算环境下对终端设备进行管控的系统,其特征在于:3. according to the system that terminal equipment is managed and controlled under the cloud computing environment described in claim 2, it is characterized in that: VMM层的XEN虚拟机监视器创建域0,资源管理代理运行在XEN域0中。The XEN virtual machine monitor of the VMM layer creates domain 0, and the resource management agent runs in XEN domain 0. 4.根据权利要求1所述云计算环境下对终端设备进行管控的系统,其特征在于:4. according to the system that terminal equipment is managed and controlled under the cloud computing environment described in claim 1, it is characterized in that: 固件层采用EFI固件接口,通过该EFI固件接口捕获启动中断信号。The firmware layer adopts the EFI firmware interface, and captures the startup interrupt signal through the EFI firmware interface. 5.根据权利要求2所述云计算环境下对终端设备进行管控的系统,其特征在于:5. according to the system that terminal equipment is managed and controlled under the cloud computing environment described in claim 2, it is characterized in that: 代理服务还包括配置执行模块,接收到服务器发送的硬件和/或软件配置信息,调用对应的程序根据该配置信息执行配置操作。The proxy service also includes a configuration execution module, which receives the hardware and/or software configuration information sent by the server, and invokes the corresponding program to perform configuration operations according to the configuration information. 6.一种云计算环境下对终端设备进行管控的系统,包括服务器,该服务器包括启动模块、web管理工具和资源管理中心,其特征在于:6. A system for managing and controlling terminal equipment in a cloud computing environment, comprising a server, the server comprising a startup module, a web management tool and a resource management center, characterized in that: 启动模块,终端启动时,与终端进行交互并提供XEN内核下载;The startup module, when the terminal starts, interacts with the terminal and provides XEN kernel download; web管理工具,终端启动后,调用资源管理中心;Web management tool, after the terminal is started, call the resource management center; 资源管理中心,接收终端发送的用户登陆信息,在验证通过后,向终端返回操作系统和应用程序列表,接收到终端选择的操作系统和应用程序,以及接收终端采集的硬件信息和/或软件信息。The resource management center receives the user login information sent by the terminal, returns the operating system and application program list to the terminal after the verification is passed, receives the operating system and application program selected by the terminal, and receives the hardware information and/or software information collected by the terminal . 7.根据权利要求6所述云计算环境下对终端设备进行管控的系统,其特征在于:7. according to the system that terminal equipment is managed and controlled under the cloud computing environment described in claim 6, it is characterized in that: 资源管理中心包括可视化代理、管理资源库、用户认证服务、管理服务和第二通信接口,其中:The resource management center includes a visual agent, a management resource library, a user authentication service, a management service and a second communication interface, wherein: 可视化代理,为Web管理工具提供可视化的管理信息和配置命令;Visual agent, providing visual management information and configuration commands for web management tools; 第二通信接口,接收终端发送的硬件信息和/或软件信息;The second communication interface is used to receive hardware information and/or software information sent by the terminal; 管理资源库,将收集到的各种数据信息进行归类存储和维护;Manage the resource library, classify, store and maintain various collected data information; 用户认证服务,通过第二通信接口接收来自终端的用户登录信息,查询管理资源库认证该用户是否具备登陆权限,如通过认证,查询并返回该用户可使用的操作系统和应用程序列表,否则,返回登录失败;User authentication service, receiving user login information from the terminal through the second communication interface, querying the management resource library to verify whether the user has login authority, if the authentication is passed, querying and returning the list of operating systems and application programs that the user can use, otherwise, Return login failed; 管理服务包括权限控制模块、信息收集模块和性能监控模块,其中:Management services include authority control module, information collection module and performance monitoring module, among which: 权限控制模块,授予不同的监管范围和权限级别;Authority control module, granting different supervision scope and authority level; 性能监控模块,经过权限控制模块授权后,通过第二通信接口发送各种类别的软硬件信息查询请求;The performance monitoring module, after being authorized by the authority control module, sends various types of software and hardware information query requests through the second communication interface; 信息收集模块,将终端发送的硬件信息和/或软件信息交由管理资源库维护。The information collection module is used to hand over the hardware information and/or software information sent by the terminal to the management resource library for maintenance. 8.根据权利要求7所述云计算环境下对终端设备进行管控的系统,其特征在于:8. The system for managing and controlling the terminal equipment under the cloud computing environment according to claim 7, characterized in that: 管理服务还包括配置模块,为可视化代理提供统一的调用接口来处理其他组件对终端配置信息的操作请求,经过权限控制模块授权后,通过第二通信接口向终端发送硬件和/或软件配置信息,以使终端根据该配置信息执行相应的操作。The management service also includes a configuration module, which provides a unified call interface for the visual agent to process other components' operation requests for terminal configuration information. After being authorized by the authority control module, it sends hardware and/or software configuration information to the terminal through the second communication interface. so that the terminal performs corresponding operations according to the configuration information. 9.一种云计算环境下对终端设备进行管控的系统,其特征在于:包括如权利要求1至5任一所述终端以及如权利要求6至8任一所述服务器。9. A system for managing and controlling terminal equipment in a cloud computing environment, characterized in that it includes the terminal according to any one of claims 1 to 5 and the server according to any one of claims 6 to 8. 10.根据权利要求9所述云计算环境下对终端设备进行管控的系统,其特征在于:10. The system for managing and controlling the terminal equipment under the cloud computing environment according to claim 9, characterized in that: 终端和服务器通过交换资源管理协议报文进行通讯,该协议报文通过UDP协议传输,每个报文单独封装在UDP数据包中。The terminal and the server communicate by exchanging resource management protocol messages, the protocol messages are transmitted through the UDP protocol, and each message is individually encapsulated in a UDP data packet. 11.一种云计算环境下对终端设备进行管控的方法,其特征在于:11. A method for controlling terminal equipment in a cloud computing environment, characterized in that: 终端捕获到启动中断信号后,从服务器下载XEN内核到本地内存中执行,进而启动并运行XEN虚拟机监控器;After capturing the startup interrupt signal, the terminal downloads the XEN kernel from the server to the local memory for execution, and then starts and runs the XEN virtual machine monitor; 终端将用户登陆信息发送给服务器;The terminal sends the user login information to the server; 当通过服务器的验证后,接收到服务器返回的操作系统和应用程序列表,终端进行选择后,将选择的操作系统和应用程序发给服务器;After passing the verification of the server, the terminal receives the operating system and application program list returned by the server, and after the terminal makes a selection, it sends the selected operating system and application program to the server; 成功登陆后,终端将采集的硬件信息和/或软件信息发给服务器。After successful login, the terminal sends the collected hardware information and/or software information to the server. 12.根据权利要求11所述云计算环境下对终端设备进行管控的方法,其特征在于:12. The method for managing and controlling terminal equipment in a cloud computing environment according to claim 11, characterized in that: 当终端接收到服务器发送的硬件和/或软件配置信息时,调用对应的程序根据该配置信息执行配置操作。When the terminal receives the hardware and/or software configuration information sent by the server, it invokes a corresponding program to perform configuration operations according to the configuration information. 13.根据权利要求11或12所述云计算环境下对终端设备进行管控的方法,其特征在于:13. The method for managing and controlling terminal equipment in a cloud computing environment according to claim 11 or 12, characterized in that: 终端和服务器通过交换资源管理协议报文进行通讯,该协议报文通过UDP协议传输,每个报文单独封装在UDP数据包中。The terminal and the server communicate by exchanging resource management protocol messages, the protocol messages are transmitted through the UDP protocol, and each message is individually encapsulated in a UDP data packet. 14.一种云计算环境下对终端设备进行管控的方法,其特征在于:14. A method for controlling terminal equipment in a cloud computing environment, characterized in that: 在终端启动时,服务器与终端进行交互并提供XEN内核下载;When the terminal starts, the server interacts with the terminal and provides XEN kernel download; 在终端启动后,服务器接收终端发送的用户登陆信息,在验证通过后,向终端返回操作系统和应用程序列表;After the terminal is started, the server receives the user login information sent by the terminal, and returns the list of operating systems and applications to the terminal after the verification is passed; 当终端选择后,接收到终端已选择的操作系统和应用程序;After the terminal is selected, the operating system and application program selected by the terminal are received; 接收终端采集的硬件信息和/或软件信息。The hardware information and/or software information collected by the terminal is received. 15.根据权利要求14所述云计算环境下对终端设备进行管控的方法,其特征在于:15. The method for managing and controlling terminal equipment in a cloud computing environment according to claim 14, characterized in that: 服务器向终端发送硬件和/或软件配置信息,以使终端根据该配置信息执行相应的操作。The server sends hardware and/or software configuration information to the terminal, so that the terminal performs corresponding operations according to the configuration information.
CN201310573998.XA 2013-11-15 2013-11-15 The method and system of management and control is carried out under a kind of cloud computing environment to terminal device Active CN104636678B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310573998.XA CN104636678B (en) 2013-11-15 2013-11-15 The method and system of management and control is carried out under a kind of cloud computing environment to terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310573998.XA CN104636678B (en) 2013-11-15 2013-11-15 The method and system of management and control is carried out under a kind of cloud computing environment to terminal device

Publications (2)

Publication Number Publication Date
CN104636678A CN104636678A (en) 2015-05-20
CN104636678B true CN104636678B (en) 2017-11-10

Family

ID=53215414

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310573998.XA Active CN104636678B (en) 2013-11-15 2013-11-15 The method and system of management and control is carried out under a kind of cloud computing environment to terminal device

Country Status (1)

Country Link
CN (1) CN104636678B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105119732A (en) * 2015-06-30 2015-12-02 中标软件有限公司 Device and method for distributing hosts in cluster environment
CN106716956B (en) 2015-12-31 2020-04-28 华为技术有限公司 A method, related equipment and system for sharing a cloud operation interface
CN105955798A (en) * 2016-04-29 2016-09-21 北京奇虎科技有限公司 Method, device and system for detecting abnormal state of virtual machine in cloud platform
CN107247615A (en) * 2016-09-30 2017-10-13 郑州云海信息技术有限公司 A kind of virtualized host storage system
CN106775929B (en) * 2016-11-25 2019-11-26 中国科学院信息工程研究所 A kind of virtual platform safety monitoring method and system
CN107360165B (en) * 2017-07-13 2021-02-12 北京元心科技有限公司 Terminal device, cloud server and method and device for managing and controlling operating system
ES2896480T3 (en) * 2017-09-20 2022-02-24 Hoffmann La Roche Procedure to validate a medical application, end user device and medical system
CN109995676B (en) * 2017-12-29 2021-10-22 宁波方太厨具有限公司 Intelligent Qos method based on equipment communication protocol
CN111078305A (en) * 2019-12-11 2020-04-28 秒针信息技术有限公司 Information acquisition method and device, server and information management system
CN112969172B (en) * 2021-02-01 2022-03-15 福建多多云科技有限公司 Communication flow control method based on cloud mobile phone

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102081554A (en) * 2011-01-30 2011-06-01 浪潮(北京)电子信息产业有限公司 Cloud computing operating system as well as kernel control system and method thereof
CN102148841A (en) * 2010-02-05 2011-08-10 中国长城计算机深圳股份有限公司 Method for remotely monitoring multiple operating systems
WO2012112095A1 (en) * 2011-02-18 2012-08-23 Telefonaktiebolaget Lm Ericsson (Publ) Virtual machine supervision

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102148841A (en) * 2010-02-05 2011-08-10 中国长城计算机深圳股份有限公司 Method for remotely monitoring multiple operating systems
CN102081554A (en) * 2011-01-30 2011-06-01 浪潮(北京)电子信息产业有限公司 Cloud computing operating system as well as kernel control system and method thereof
WO2012112095A1 (en) * 2011-02-18 2012-08-23 Telefonaktiebolaget Lm Ericsson (Publ) Virtual machine supervision

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SR-IOV虚拟化技术的研究与优化;李超;《中国优秀硕士学位论文全文数据库》;20110531;全文 *
XEN虚拟机分析;薛海峰等;《系统仿真学报》;20071205;第19卷(第23期);第5556-5558页 *
基于共享内存的Xen虚拟机间通信的研究;朱团结等;《计算机技术与发展》;20111007;第21卷(第7期);第5-8页 *

Also Published As

Publication number Publication date
CN104636678A (en) 2015-05-20

Similar Documents

Publication Publication Date Title
CN104636678B (en) The method and system of management and control is carried out under a kind of cloud computing environment to terminal device
US20240054234A1 (en) Methods and systems for hardware and firmware security monitoring
KR102264288B1 (en) Systems and methods for monitoring cloud-based operating system events and data access
US10326769B2 (en) Extensible multi-tenant cloud-management system and methods for extending functionalities and services provided by multi-tenant cloud-management system
CN104580349B (en) Secure cloud administration agent
US11792280B2 (en) Provenance audit trails for microservices architectures
US20130007265A1 (en) Monitoring resources in a cloud-computing environment
US8661456B2 (en) Extendable event processing through services
CN106919485B (en) System based on hardware testing tool configured on server
EP2862119B1 (en) Network based management of protected data sets
CN118484267B (en) Cloud computing-based online service computing power optimization method and system
CN114338687B (en) Middleware management method and server
CN110377324B (en) An information platform monitoring system and construction method
US8667509B1 (en) Providing context information for events to an event handling component
CN103309722A (en) Cloud computation system and application access method thereof
CN103870748B (en) The security processing and device of virtual machine
CN117632644A (en) Service abnormality monitoring method, device, electronic equipment and readable storage medium
US11900127B2 (en) Automated recovery of far edge computing infrastructure in a 5G network
CN109086122A (en) A kind of monitoring method of virtual machine, device and storage medium
US20250193252A1 (en) Efficient representation of multiple cloud computing environments through unified identity mapping
US20230376632A1 (en) Protecting confidential information in online applications
WO2013009300A1 (en) Tracing operations in a cloud system
US20230325478A1 (en) Instrumenting applications to prevent abuse by privileged users
US20250053434A1 (en) Agent state management for virtual computing instances
CN114691284A (en) Task execution method, device, equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220127

Address after: 100007 room 205-32, floor 2, building 2, No. 1 and No. 3, qinglonghutong a, Dongcheng District, Beijing

Patentee after: Tianyiyun Technology Co.,Ltd.

Address before: No.31, Financial Street, Xicheng District, Beijing, 100033

Patentee before: CHINA TELECOM Corp.,Ltd.

TR01 Transfer of patent right