WO2013091196A1 - Method, device, and system for setting user's right to access virtual machine - Google Patents

Abstract

The present invention provides a method, device, and system for setting a user's right to access a virtual machine. An authentication device sends to a cloud management device a request message carrying information about a user's right to access a virtual machine, and the cloud management device sets, according to the carried information about the right, the user's right to access the virtual machine. By means of the interaction between an authentication device and a cloud management device, the use of a virtual machine by a user is effectively managed.

Description

 How to set user access to virtual machines, devices, and systems

Technical field

 The present invention relates to the field of information technology, and in particular, to a method, device, and system for setting a user access to a virtual machine. Background technique

 Cloud computing is the emergence of information technology and network communication technology based on the significant enhancement of computing power and transmission capacity. It is a new generation of information service provision mode based on the rapid development of Internet and communication networks. Users can access cloud servers through access. The terminal device (for example, a cloud terminal, such as a thin client Thin Cl ient, a conventional personal computer, a mobile device, or the like) is connected to the virtual machine based on the desktop connection protocol.

 The desktop cloud is a server-centric computing model that virtualizes servers in the data center into multiple virtual machines (Vi r tua l Machine ) by running desktop operating systems in virtual machines, desktop images, video and Audio is transmitted remotely to the user terminal over the network, providing the user with the same experience as a traditional desktop. Currently, virtual machines are used in two ways. One is that users have exclusive virtual machines, that is, users have long-term ownership of a virtual machine's username and password, and the virtual machine is exclusive to the user; the other is multi-user sharing. The virtual machine, that is, if the user needs to temporarily use the virtual machine, the user's information is notified to the administrator, the administrator allocates the virtual machine to the user, and informs the user of the virtual machine's username and password, and the user logs in to the virtual machine using the username and password. After the user has finished using the virtual machine, the virtual machine is recycled.

In the prior art, during the process of the user accessing the virtual machine, there is no mechanism for identifying the user, and thus the virtual machine cannot be effectively managed by the user. Summary of the invention

 The embodiments of the present invention provide a method, a device, and a system for setting a user to access a virtual machine, which are used to solve the problem that the user does not recognize the user in the prior art, and thus cannot effectively manage the user using the virtual machine.

 An embodiment of the present invention provides a method for setting a user access authority of a virtual machine, including: an authentication device receiving an authentication request sent by a user, and acquiring permission information of the user accessing the virtual machine; the authentication device to the cloud management device And sending the request message, where the request message carries the permission information of the user accessing the virtual machine, so that the cloud management device sets the permission of the user to access the virtual machine according to the permission information of the user accessing the virtual machine.

 The embodiment of the present invention further provides a method for setting a user to access a virtual machine, the method comprising: the cloud management device receiving a request message sent by the authentication device, where the request message carries the permission information of the user accessing the virtual machine, where the user accesses The permission information of the virtual machine is obtained by the authentication device according to the authentication request sent by the user; the cloud management device sets the permission of the user to access the virtual machine according to the permission information of the user accessing the virtual machine, The user is caused to access the virtual machine within the set permissions.

 The embodiment of the present invention further provides an authentication device, including: an authentication module, configured to receive an authentication request sent by a user, and obtain permission information of the user to access the virtual machine; and a sending module, configured to send a request to the cloud management device The message, the request message carries the permission information of the user accessing the virtual machine, so that the cloud management device sets the permission of the user to access the virtual machine according to the permission information of the user accessing the virtual machine.

The embodiment of the present invention further provides a cloud management device, including: a receiving module, configured to receive a request message sent by an authentication device, where the request message carries permission information of a user accessing a virtual machine, and the user accesses the virtual machine The information is obtained by the authentication device according to the authentication request sent by the user; the permission setting module is configured to set the permission of the user to access the virtual machine according to the permission information of the user accessing the virtual machine, so that - The user is allowed to access the virtual machine within the set permissions.

 The embodiment of the present invention further provides a system for setting a user access authority of a virtual machine, including: an authentication device and a cloud management device; the authentication device is configured to receive an authentication request sent by the user, and obtain the user access virtual The permission information of the machine, and sending a request message to the cloud management device, where the request message carries the permission information of the user accessing the virtual machine; the cloud management device is configured to receive the request message, according to the request message The carried user accesses the permission information of the virtual machine, and sets the permission of the user to access the virtual machine, so that the user accesses the virtual machine within the set authority.

 In the embodiment of the present invention, the request message of the user accessing the virtual machine authority information is sent to the cloud management device by the authentication device, so that the cloud management device sets the permission of the user to access the virtual machine according to the permission information carried in the request message. The interaction between the right device and the cloud management device enables efficient management of the user using the virtual machine. DRAWINGS

Figure 1 is the hair

Schematic diagram of the process

 Figure 2 is the hair

Schematic diagram of the embodiment;

 Figure 3 is the hair

Schematic diagram of the embodiment;

 Figure 4 is the hair

Schematic diagram of the embodiment;

 Figure 5 is the hair

Schematic diagram of the embodiment; _ _ The schematic diagram of the process of the embodiment;

 7 is a schematic structural diagram of an authentication device according to an embodiment of the present invention;

 FIG. 8 is a schematic structural diagram of an embodiment of a cloud management device according to an embodiment of the present invention; FIG. 9 is a schematic structural diagram of another embodiment of a cloud management device according to an embodiment of the present invention; FIG. 10 is a schematic diagram of setting a user to access a virtual machine according to an embodiment of the present invention; Schematic diagram of an embodiment of a system of permissions;

 FIG. 11 is a schematic structural diagram of another embodiment of a system for setting a user access to a virtual machine according to an embodiment of the present invention. detailed description

 The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

 First, the overall technical solution of the method embodiment of the present invention will be described.

 Method Embodiment 1 is a schematic flowchart of an embodiment. As shown in FIG. 1 , the method in the embodiment of the present invention includes:

 Step 100: The authentication device receives an authentication request sent by the user, and obtains the permission information of the user accessing the virtual machine.

In the embodiment of the present invention, the rights information may be location rights information or operation rights information. The location permission information may be an identifier of the location location, for example, the A floor or the B conference room, and the location permission information may also be a specific location identifier, for example, a worksite number or a workout. The operation authority information may be an identifier for identifying a user operation authority, and different identifiers indicate that the user has different rights to use the virtual machine.

 It should be noted that, in the embodiment of the present invention, the manner in which the user sends the authentication request may include multiple manners, for example, the user sends the authentication to the authentication device by using an authentication card, for example, an ID (Identity) card. The right request, the ID card carries the user information; the user can also initiate an authentication request to the authentication device by inputting the authentication password on the authentication device; the user can also authenticate the device through the combination of the ID card and the authentication password. The authentication request is initiated; of course, the user information may be pre-stored in the authentication device, and the user may initiate an authentication request to the authentication device by using a biometric such as a voice, a fingerprint, or a face.

 In addition, it should be noted that, in the embodiment of the present invention, the authentication device may be a device for identifying a user, for example, an access device or an attendance device. The access control device may include an information recognizer, an access controller, and a communication hub. The communication hub may be used to communicate with a computer or exchange information with other communication capable devices or devices. The attendance device may also include an information recognizer and attendance. Controller and communication hub. In an actual application, the information identifier, the access controller, and the communication hub of the access control device or the attendance device may be integrated or deployed separately, and the specific deployment situation is determined by a specific application scenario.

 The above examples are for illustrative purposes only and are not limiting.

 Step 102: The authentication device sends a request message to the cloud management device, where the request message carries the permission information of the user accessing the virtual machine, so that the cloud management device sets the permission information of the virtual machine according to the user. The permission of the user to access the virtual machine.

In the embodiment of the present invention, the cloud management device may allocate a virtual machine to the user according to the request of the terminal device, or may allocate a virtual machine to the user in advance, where the virtual machine refers to a virtual server simulated by the virtual software, that is, the physical resource. Abstraction into logical resources, turning a server into several or even hundreds of isolated virtual servers. In the embodiment of the present invention, the authentication device sends a request message to the cloud management device, and the cloud management device receives the request message sent by the authentication device, parses the request message, and obtains the permission information carried in the request message, and the cloud management device According to the permission information, setting the user access virtual to include one of the following ways:

 The first method is to set the cloud terminal that the user specifies by using the location permission information to access the virtual machine;

 In the embodiment of the present invention, the cloud management device may obtain a MAC (Medium/Media Acces s Cont rol) address or an IP (Internet Protocol) address of the cloud terminal specified by the location authority information. Establishing a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a username and a password of the virtual machine, where the correspondence is used to authenticate a login request sent by the cloud terminal.

 For example, the cloud management device may obtain the MAC address or IP address of the cloud terminal specified by the location authority information according to the location authority information, and allocate the MAC address or IP address of the cloud terminal to the cloud management device for the user. At least one of the user name and the password of the virtual machine is bound, so that the user can log in to the virtual machine only by using the cloud terminal bound to the username or password of the virtual machine, thereby limiting the scope of the user using the cloud terminal, thereby implementing Management of the use of cloud terminal permissions for users.

 It should be noted that, in the embodiment of the present invention, the correspondence between the MAC address or the IP address of the cloud terminal and the at least one of the username and the password of the virtual machine is established, and the corresponding relationship may be formed by:

 Mode, 1 MAC address and username binding;

 Method 1, MAC address and password binding;

 Method 3, IP address and user name binding;

Mode 4, IP address and password binding; Mode 5, MAC address and username binding and password binding;

 Method 6, the IP address and MAC address are bound to the username;

 Method 7, the IP address and MAC address are bound to the username;

 Mode 8, IP address and MAC address and password binding;

 Mode 9, IP address and MAC address and password and username are bound.

 It should be noted that the above examples are for illustrative purposes only and are not limiting.

 Manner 2: The cloud management device selects a virtual machine resource pool corresponding to the operation authority information according to the operation authority information, and selects a virtual machine from the virtual machine resource pool to allocate to the user;

 For example, the cloud management device may pre-create different virtual machine resource pools with different operation authority rights, and different virtual machine resource pools configure different application programs, and the cloud management device selects a virtual machine resource pool corresponding to the user operation authority according to the operation authority information of the user. The virtual machine is selected from the virtual machine resource pool and allocated to the user, thereby limiting the authority of the user when using the virtual machine, and managing the virtual machine resource for the user.

 In addition, it should be noted that, in the embodiment of the present invention, the cloud management device is used to manage access of the cloud terminal.

 The embodiment of the present invention may further include: the authentication device receives the response message returned by the cloud management device, where the response message carries the login information, where the login information is used by the user to access the specified permission virtual machine.

 In the embodiment of the present invention, the authentication device sends a request message for the user to access the virtual machine rights information to the cloud management device, so that the cloud management device sets the user access rights to the virtual machine according to the carried permission information, and the authentication device and the authentication device The interaction of the cloud management device realizes the identification of the user, and then effectively manages the user using the virtual machine.

Method Embodiment 2: _ _ The flow diagram of the embodiment, as shown in FIG. 2, the method of the embodiment of the present invention includes:

 Step 200: The cloud management device receives a request message sent by the authentication device, where the request message carries the permission information of the user accessing the virtual machine, and the permission information of the user accessing the virtual machine is sent by the authentication device according to the user. Acquired by the authentication request;

 In the embodiment of the present invention, the authority information may be location authority information or operation authority information. The location permission information may be an identifier of the location location, for example, the A floor or the B conference room, and the location permission information may also be an identifier of the specific location, for example, a worksite number or a console; the operation permission information may be used to identify the user. The identification of the operation authority. Different identifiers indicate that the user has different permissions for using the virtual machine.

 In the embodiment of the present invention, the manner in which the user sends the authentication request may include multiple manners, and the manner is described in the first embodiment of the method, and is not repeated in this embodiment.

 In the embodiment of the present invention, the cloud management device is used to manage access of the cloud terminal. In addition, it should be noted that, in the embodiment of the present invention, the authentication device may be a device for identifying a user, for example, an access device or an attendance device. The access control device may include an information recognizer, an access controller, and a communication hub. The communication hub may be used to communicate with a computer or exchange information with other communication capable devices or devices. The attendance device may also include an information recognizer and attendance. Controller and communication hub. In an actual application, the information identifier, the access controller, and the communication hub of the access control device or the attendance device may be integrated or deployed separately, and the specific deployment situation is determined by a specific application scenario.

 The above examples are for illustrative purposes only and are not limiting. The user's access to the virtual machine is set such that the user accesses the virtual machine within the set permissions.

In the embodiment of the present invention, the cloud management device may be a user according to the request of the terminal device. _ _ Allocating virtual machines, you can also assign virtual machines to users in advance. The virtual machines refer to a virtual server simulated by virtual software, which abstracts physical resources into logical resources, and turns one server into several or even hundreds. A virtual server that is isolated from each other.

 In the embodiment of the present invention, the cloud management device sets the permission of the user to access the virtual machine according to the permission information. The cloud access management method for setting the permission of the user to access the virtual machine may include one of the following methods:

 The first method is to set the cloud terminal that the user specifies by using the location permission information to access the virtual machine;

 In the embodiment of the present invention, the cloud management device may acquire the MAC address or the IP address of the cloud terminal specified by the location authority information, establish a MAC address or an IP address of the cloud terminal, and at least the username and password of the virtual machine. Corresponding relationship of the one, the correspondence is used to authenticate the login request sent by the cloud terminal.

 For example, the cloud management device may obtain the MAC address or IP address of the cloud terminal specified by the location authority information according to the location authority information, and allocate the MAC address or IP address of the cloud terminal to the cloud management device for the user. At least one of the user name and the password of the virtual machine is bound, so that the user can log in to the virtual machine only by using the cloud terminal bound to the username or password of the virtual machine, thereby limiting the scope of the user using the cloud terminal, thereby implementing Management of the use of cloud terminal permissions for users.

 It should be noted that, in the embodiment of the present invention, the correspondence between the MAC address or the IP address of the cloud terminal and the at least one of the username and the password of the virtual machine is established, and the manner in which the corresponding relationship is formed is in the method embodiment. The description has been made in one, and the present embodiment will not be repeated.

 It should be noted that the above examples are for illustrative purposes only and are not limiting.

The second mode, the cloud management device selects a virtual machine resource pool corresponding to the operation authority information according to the operation authority information, and selects a virtual machine from the virtual machine resource pool to be allocated to the virtual machine resource pool. - - User;

 For example, the cloud management device may pre-create different virtual machine resource pools with different operation authority rights, and different virtual machine resource pools configure different application programs, and the cloud management device selects a virtual machine resource pool corresponding to the user operation authority according to the operation authority information of the user. The virtual machine is selected from the virtual machine resource pool and allocated to the user, thereby limiting the authority of the user when using the virtual machine, and managing the virtual machine resource for the user.

 The above examples are for illustrative purposes only and are not limiting.

 The embodiment of the present invention may further include: the cloud management device returns a response message to the authentication device, where the response message carries login information, where the login information is used by the user to access the specified authority. Describe the virtual machine.

 In the embodiment of the present invention, the cloud management device receives the request message that the user accesses the virtual machine authority information sent by the authentication device, and the cloud management device sets the user access authority to the virtual machine according to the permission information, and passes the authentication device and the cloud. Manage the interaction of devices, realize the identification of users, and then effectively manage users using virtual machines.

 Method embodiment three:

The technical solutions provided in the first embodiment and the second embodiment of the method can be applied to different scenarios. For the convenience of the technical solution of the present invention, the following is a description of the conference room scenario. The following is a schematic diagram of the process of the embodiment. The following is an example in which an employee needs to temporarily use a virtual machine. For example, in a conference room, an employee who does not have the permission of the virtual machine to the conference room needs to temporarily use the virtual machine, or temporarily travels to the local employee. In a conference room, you need to use a virtual machine to temporarily work remotely. In this scenario, you need to implement virtual machines with different operation rights for employees based on different permissions of employees. In the embodiment of the present invention, the authentication device is specifically an access control device. As shown in FIG. 3, the method in the embodiment of the present invention includes: — Step 300: The access control device receives an authentication request sent by the employee through the ID card. It should be noted that the access control device can support the authentication of different ID cards, and the employee information is pre-written in the ID card. The ID card may be an employee's work card or other ID card that the access control device can recognize.

 Step 302: The access control device authenticates the ID card, and if the authentication passes, determines the operation authority information of the employee;

 In the embodiment of the present invention, the employee information and the operation authority correspondence table are pre-stored in the access control device. For example, the employee information and the operation authority correspondence table may be as shown in Table 1: Table 1

 In addition, the employee information in Table 1 can also be information such as the employee ID number.

 The access control device authenticates the ID card. If the authentication is passed, the employee's operation authority information is determined according to the employee information carried in the ID card. For example, the employee Zhang XX authenticates the access control device in the conference room by the ID card, and the access control device reads the information of Zhang XX stored in the ID card, and the access control device queries the operation authority of Zhang XX through the above Table 1 as none. The right to use the mail function.

 It should be noted that the access device authenticates the ID card, and after the authentication is passed, the method further includes: verifying the status of the ID card, and determining the operation authority of the employee if the status of the ID card is not in use (for example, idle). Information, and set the status of the ID card to busy; if the state of the ID card is in the use state (for example, busy), the access control device does not determine the employee's operation authority information, and prompts the employee that the ID card is in use.

 By verifying the status of the ID card, the employee can be prevented from being repeatedly authenticated, and the access control device assigns multiple operation authority information to one employee.

Step 304: The access control device sends a request message for allocating a virtual machine to the cloud management device. – the request message carries the operation authority information of the employee;

 Step 306: The cloud management device selects a corresponding virtual machine resource pool according to the operation authority information.

 Step 308: The cloud management device selects a virtual machine from the virtual machine resource pool and allocates the virtual machine to the employee. In the foregoing steps 306 and 308, the cloud management device may pre-create different virtual machine resource pools and the number of virtual machine resource pools. It can be set according to requirements. At least one virtual machine exists in the virtual machine resource pool. The cloud management device configures different applications for each virtual machine resource pool, and the cloud management device can add or delete applications configured by the virtual machine resource pool according to specific requirements.

 For example, the cloud management device can set up three virtual machine resource pools, the virtual machine resource pool 1 is not configured with the mail application, the virtual machine resource pool 2 is not configured with the network phone application, and the virtual machine resource pool 3 is not configured to browse the web application, corresponding to All virtual machines in virtual machine resource pool 1 are not authorized to provide mail service. All virtual machines in virtual machine resource pool 2 are not authorized to provide network telephony services. All virtual machines in virtual machine resource pool 3 are not authorized to provide web browsing. service.

 The cloud management device may also pre-store the correspondence between the operation authority and the virtual machine resource pool. For example, the correspondence between the operation authority and the virtual machine resource pool may be as shown in Table 2:

 Table 2

The cloud management device can select the corresponding virtual object from the above table 2 according to the operation authority information. - A virtual machine pool from which virtual machines are assigned to employees.

 Step 310: The cloud management device returns a response message to the access control device.

 In the embodiment of the present invention, the response message carries the login information, and the login information is used by the user to access the virtual machine within the set authority, and the login information may be a user and a password of the virtual machine.

 Step 312: The access control device provides the login information to the employee.

 Step 314: The cloud management device receives, by the cloud terminal, a login request message sent by the cloud terminal.

 Specifically, the employee can input the virtual machine user name and password on the cloud terminal, and send a login request message to the cloud management device through the cloud terminal, where the login request message carries the virtual machine user name and password input by the user.

 Step 316: The cloud management device provides the cloud terminal with a virtual machine connection corresponding to the employee operation authority.

 Specifically, the cloud management device provides the virtual machine for checking the virtual machine user name and password provided by the cloud terminal to the employee for use.

In the embodiment of the present invention, the access control device identifies the user, determines the permission information of the user to access the virtual machine, and sends a request message carrying the operation authority information to the cloud management device, and the cloud management device selects according to the operation authority information carried in the request message. A virtual machine resource pool that is consistent with the operation authority information, and selects a virtual machine from the virtual machine resource pool to be assigned to the employee, and realizes identification of the user through interaction between the access control device and the cloud management device, and further can implement the method embodiment 4 The schematic diagram of the process of the embodiment, in the embodiment of the present invention, the authentication device is specifically an attendance device, — —

In the relationship, the login request sent by the cloud terminal used by the employee is authenticated, and the employee is allowed to use the cloud terminal at the specified workstation number. As shown in FIG. 4, the method in the embodiment of the present invention includes:

 Step 400: The attendance device receives the authentication request sent by the employee through the ID card. Step 402: The attendance device authenticates the ID card, and if the authentication passes, assigns the workstation number to the employee;

 In the embodiment of the present invention, the information sheet of all the stations may be pre-stored in the attendance device, the station number of all the stations is recorded in the information table, and the attendance device authenticates the ID card, and after the authentication is passed, according to the employee The permission information is assigned to the employee by selecting the station number from the information table. For example, only one station number can be assigned to the employee with limited authority.

 It should be noted that after the attendance device authenticates the ID card, the method further includes: further verifying the status of the ID card, and if the status of the ID card is not in use (for example, idle), assigning a work number to the employee, and The status of the ID card is set to busy; if the status of the ID card is in the use state (for example, busy), the attendance device does not assign a work number to the employee, and prompts the employee that the ID card is in use.

 By verifying the status of the ID card, the employee can be prevented from repeating the authentication, and the attendance device assigns multiple workstation numbers to one employee.

 Step 404: The attendance device sends a request message for allocating a virtual machine to the cloud management device, where the request message carries the station number assigned by the attendance device to the employee;

 Step 406: The cloud management device binds the MAC address of the cloud terminal specified by the station number to the username of the virtual machine according to the station number carried in the request message.

In the embodiment of the present invention, the cloud management device receives the request message sent by the attendance device, and selects the virtual machine from the virtual machine resource pool to be assigned to the employee, and the cloud management device further pre-configures the correspondence between the workstation number and the MAC address of the cloud terminal. table. - For example, the mapping table between the pre-configured workstation number of the cloud management device and the MAC address of the cloud terminal can be as shown in Table 3:

 table 3

 The cloud management device receives the request message sent by the attendance device, parses the request message, and obtains the station number carried in the request message, and the cloud management device writes the user name of the virtual machine to the station number according to the station number. The correspondence table of the MAC address of the cloud terminal forms an authentication table, and the authentication table is used for authentication when the cloud terminal initiates a login request to the cloud management device.

 For example, the authentication table can be as shown in Table 4:

步骤 408、 云管理设备向考勤设备返回响应消息， 所述响应消息 中携带登录信息，所述登录信息用于员工在设定的权限内登录虚拟机, 登录信息可以是虚拟机的用户名和密码。

Step 408: The cloud management device returns a response message to the attendance device, where the response message carries the login information, where the login information is used by the employee to log in to the virtual machine within the set authority. The login information may be the username and password of the virtual machine.

 Step 410: The attendance device provides the workstation number and the login information to the employee;

Step 412: The cloud management device receives the login request sent by the employee through the cloud terminal. Specifically, the employee can find the cloud terminal specified by the workstation number by using the workstation number, and input the virtual machine username and password on the cloud terminal, and the cloud terminal sends the cloud terminal to the cloud. The management device sends a login request, — — The login request carries the virtual machine username and password entered by the user and the MAC address of the cloud terminal.

 Step 414: The cloud management device authenticates the login request, and if the authentication passes, provides a virtual machine connection for the cloud terminal.

 In the embodiment of the present invention, after receiving the login request, the cloud management device parses the login request message, and obtains the MAC address of the cloud terminal and the username of the virtual machine carried in the login request, and the cloud management device sets the cloud terminal The MAC address, the username of the virtual machine are compared with the authentication table stored in the cloud management device, if the MAC address of the cloud terminal and the username of the virtual machine, and the MAC address of the corresponding cloud terminal in the cloud management device authentication table If the user name of the VM is the same, the cloud terminal is allowed to establish a connection with the VM. If the VM is inconsistent, the cloud terminal is not allowed to establish a connection with the VM, and the cloud terminal is displayed as "Please sit at the specified workstation."

 The embodiment of the present invention may further include: setting a timeout value of the virtual machine, and after the virtual machine establishes a connection with the cloud terminal, if the virtual machine does not receive any operation request within the set timeout value, the cloud management device automatically recovers the virtual machine. Avoid virtual machine resources being idle to improve the utilization of virtual machine resources.

 In the embodiment of the present invention, after the attendance device determines the location number of the user to access the virtual machine, the attendance device sends a request message carrying the station number to the cloud management device, and the cloud management device sends the station number according to the station number carried in the request message. The MAC address of the corresponding cloud terminal is associated with the user name binding of the virtual machine, and the login request sent by the cloud terminal used by the employee is authenticated by the corresponding relationship, so that the employee uses the cloud terminal at the designated workstation number. Effective management of users using virtual machines based on user rights.

Method Embodiment 5: In the embodiment of the present invention, a virtual machine is exclusively used by an employee, and the employee has a user name and password of the virtual machine for a long time, for example, the employee needs In the embodiment of the present invention, the authentication device is specifically an access control device, and the cloud management device is configured by binding the IP address of the cloud terminal to the username of the virtual machine. The employee is allowed to use the cloud terminal at the specified workstation number. As shown in FIG. 5, the method in the embodiment of the present invention includes:

 Step 500: The access control device receives an authentication request sent by the employee through the ID card. In the embodiment of the present invention, the employee information and the user name of the virtual machine may be pre-stored in the ID card.

 Step 502: The access control device authenticates the ID card, and if the authentication passes, assigns a work station number to the employee;

 In the embodiment of the present invention, the information table of all the stations may be pre-stored in the access control device, the station number of all the stations is recorded in the information table, and the access device authenticates the ID card, and after the authentication is passed, according to the The employee permission information is assigned to the employee by selecting the work number from the information table.

 Step 504: The access control device sends a request message to the cloud management device, where the request message carries the workstation number assigned by the access control device to the employee and the username of the virtual machine.

 Step 506: The cloud management device binds the IP address of the cloud terminal specified by the station number to the username of the virtual machine according to the station number carried in the request message.

 In the embodiment of the present invention, the cloud management device pre-configures a correspondence table between the station number and the IP address of the cloud terminal.

For example, the mapping table between the pre-configured workstation number of the cloud management device and the IP address of the cloud terminal can be as shown in Table 5: - -

 Specifically, the cloud management device receives the request message sent by the access control device, parses the request message, and obtains the station number and the user name of the virtual machine carried in the request message, and the cloud management device uses the virtual machine according to the station number. The correspondence table between the user name and the MAC address of the cloud terminal forms an authentication table, and the authentication table is used for authentication when the cloud terminal initiates a login request to the cloud management device.

 For example, the authentication table can be as shown in Table 6:

步骤 508、 云管理设备向门禁设备返回响应消息；

Step 508: The cloud management device returns a response message to the access control device.

 Step 510: The access control device provides the workstation number to the employee;

 Step 512: The cloud management device receives the login request sent by the employee through the cloud terminal. Specifically, the employee can find the cloud terminal specified by the workstation number by using the workstation number, and input the virtual machine username and password on the cloud terminal, and the cloud terminal sends the cloud terminal to the cloud. The management device sends a login request, where the login request carries the virtual machine username and password input by the user and the IP address of the cloud terminal.

Step 514: The cloud management device authenticates the login request, and if the authentication passes, the cloud is — — The terminal provides a virtual machine connection.

 In the embodiment of the present invention, after receiving the login request message, the cloud management device parses the login request message, and obtains the IP address of the cloud terminal and the user name of the virtual machine carried in the login request message, and the cloud management device will The IP address of the terminal, the username of the virtual machine, and the authentication table stored in the cloud management device, if the IP address of the cloud terminal and the username of the virtual machine, and the IP address of the corresponding cloud terminal in the cloud management device authentication table If the address is the same as the username of the VM, the cloud terminal is allowed to establish a connection with the VM. If the IP address is inconsistent, the cloud terminal is not allowed to establish a connection with the VM, and the cloud terminal is displayed as "Please sit at the specified workstation."

 The embodiment of the present invention may further include: setting a timeout value of the virtual machine, and after the virtual machine establishes a connection with the cloud terminal, if the virtual machine does not receive any operation request within the set timeout value, the cloud management device automatically recovers the virtual machine. Avoid virtual machine resources being idle and improve the utilization of virtual machine resources.

 In the embodiment of the present invention, the access control device sends a request message carrying the station number to the cloud management device, and the cloud management device adds the IP address of the cloud terminal corresponding to the station number and the virtual machine according to the station number carried in the request message. The user name binding forms a correspondence relationship, and the login request sent by the cloud terminal used by the employee is authenticated by the corresponding relationship, and the employee is managed at the designated work.

 Method Embodiment 6: A schematic flowchart of an embodiment. In the embodiment of the present invention, an employee is required to use a virtual machine corresponding to the operation authority at a fixed station.

Step 600: The access control device receives an authentication request sent by the employee through the ID card. Step 602: The access control device authenticates the ID card, and determines the operation permission information and the location permission information of the employee. In the embodiment of the present invention, the correspondence relationship table of the operation authority information and the location authority information corresponding to the employee information is pre-stored in the access control device, and the correspondence relationship table may be as shown in Table 7:

 Table 7

 The access control device authenticates the I D card, and assigns the operation authority information and the station number to the employee according to the employee information carried in the I D card.

 It should be noted that the access device authenticates the ID card, and after the authentication is passed, the method further includes: verifying the status of the ID card, and assigning the operation authority to the employee if the status of the ID card is not in use (for example, idle). Information, and set the status of the ID card to busy; if the state of the ID card is in the use state (for example, busy), the access control device does not assign the operation authority information to the employee, and prompts the employee that the ID card is in use.

 By verifying the status of the ID card, the employee can be prevented from being repeatedly authenticated, and the access control device assigns multiple operation authority information to one employee.

 Step 604: The access control device sends a request message to the cloud management device, where the request message carries the operation authority information and the station number of the employee;

 Step 606: The cloud management device selects a corresponding virtual machine resource pool according to the operation authority information.

The mapping between the operation authority and the virtual machine resource pool may be pre-stored in the cloud management device. The correspondence between the operation authority and the virtual machine resource pool may be as shown in Table 8: - -

 Step 608: The cloud management device selects a virtual machine from the virtual machine resource pool and allocates it to the employee. Step 610: The cloud management device sends the MAC address of the cloud terminal and the cloud management specified by the station number according to the station number carried in the request message. User name binding of the virtual machine assigned to the user by the device;

 Step 612: The cloud management device sends a response message to the access control device, where the response message carries the login information, where the login information is used by the employee to log in to the virtual machine within the set authority, and the login information may be the username of the virtual machine. password.

 Step 614: The access control device provides the workstation number and the login information to the employee;

 Step 616: The cloud management device receives the login request sent by the employee through the cloud terminal. Specifically, the employee can find the cloud terminal specified by the workstation number by using the workstation number, and input the virtual machine username and password on the cloud terminal, and the cloud terminal sends the cloud terminal to the cloud. The management device sends a login request, and the login request carries the virtual machine username and password input by the user and the MAC address of the cloud terminal.

 Step 618: The cloud management device authenticates the login request, and if the authentication passes, provides a virtual machine connection for the cloud terminal.

In the embodiment of the present invention, after receiving the login request, the cloud management device parses the login request message, and obtains the MAC address of the cloud terminal and the username of the virtual machine carried in the login request, and the cloud management device sets the cloud terminal The MAC address, the username of the virtual machine are compared with the authentication table stored in the cloud management device, if the MAC address of the cloud terminal and the username of the virtual machine, and the MAC address of the corresponding cloud terminal in the cloud management device authentication table Virtual machine user - - The name is the same, the cloud terminal is allowed to establish a connection with the virtual machine; if it is inconsistent, the cloud terminal is not allowed to establish a connection with the virtual machine, and the cloud terminal is displayed "Please sit at the designated workstation".

 The embodiment of the present invention may further include: setting a timeout value of the virtual machine, and after the virtual machine establishes a connection with the cloud terminal, if the virtual machine does not receive any operation request within the set timeout value, the cloud management device automatically recovers the virtual machine. Avoid virtual machine resources being idle to improve the utilization of virtual machine resources.

In the embodiment of the present invention, the access control device determines the operation permission and the location permission of the user to access the virtual machine, and sends a request message carrying the operation authority and the station number to the cloud management device, and the cloud management device selects according to the operation authority carried in the request message. The virtual machine resource pool corresponding to the user operation authority is selected from the virtual machine resource pool, and the virtual machine is assigned to the user, and the user name of the virtual machine is associated with the MAC address of the cloud terminal corresponding to the station number according to the station number. Relationship, the login request sent by the cloud terminal used by the employee is authenticated by the corresponding relationship, so that the user uses the virtual machine corresponding to the authority information in the fixed station.

 Equipment embodiment 1:

 FIG. 7 is a schematic structural diagram of an authentication device according to an embodiment of the present invention. As shown in FIG. 7, the authentication device 70 includes an authentication module 701 and a sending module 702.

 The authentication module 701 is configured to receive an authentication request sent by the user, and obtain the permission information of the user accessing the virtual machine.

 The sending module 702 is connected to the authentication module 701, and the sending module 702 is configured to send a request message to the cloud management device, where the request message carries the right of the user to access the virtual machine to set the user's access to the virtual machine.

In the embodiment of the present invention, the authentication device sends the user access by sending the cloud management device - The request message of the virtual machine authority information enables the cloud management device to set the user's access rights to the virtual machine according to the carried permission information, and realizes the identification of the user through the interaction between the authentication device and the cloud management device, and then uses the user The virtual machine is effectively managed.

 It should be noted that, in the embodiment of the present invention, the rights information includes location rights information, where the authentication module is specifically configured to receive an authentication request sent by the user, and obtain location permission information of the user accessing the virtual machine; The sending module is specifically configured to send a request message to the cloud management device, where the request message carries location permission information of the user accessing the virtual machine, so that the cloud management device sets the location authority information of the virtual machine according to the location of the user accessing the virtual machine. The user accesses the virtual machine by using the cloud terminal specified by the location authority information.

 The authorization information includes operation authority information, and the authentication module is specifically configured to receive an authentication request sent by the user, and obtain operation permission information of the user accessing the virtual machine; the sending module is specifically configured to send a request to the cloud management device. a message, the request message carries the operation authority information of the user accessing the virtual machine, so that the cloud management device selects the virtual machine resource pool corresponding to the operation authority information according to the operation authority information of the user accessing the virtual machine, A virtual machine is selected from the virtual machine resource pool and allocated to the user.

 In addition, the permission information includes the operation authority information, and may further include location permission information. When the rights information includes the operation authority information and the location authority information, the authentication module is further configured to receive an authentication request that carries the location authority information; The sending module is further configured to send, to the cloud management device, a request message that carries the location rights information, so that the cloud management device acquires the cloud terminal specified by the location rights information according to the location rights information.

a MAC address or an IP address, a correspondence between a MAC address or an IP address of the cloud terminal, and at least one of a username and a password of a virtual machine allocated to the user, where the correspondence is used for the cloud terminal The login request sent is authenticated.

It should be noted that the authentication module 701 is further configured to receive a response message returned by the cloud management device, where the response message carries login information, where the login information is used. - - The user accesses the virtual machine within the set rights.

 Equipment Embodiment 2:

 FIG. 8 is a schematic structural diagram of an embodiment of a cloud management device according to an embodiment of the present invention. As shown in FIG. 8, the cloud management device 80 may include a receiving module 801 and a rights setting module 802.

 The receiving module 801 is configured to receive a request message sent by the authentication device, where the request message carries the permission information of the user accessing the virtual machine, and the permission information of the user accessing the virtual machine is the authentication sent by the authentication device according to the user. Claim for access;

 The privilege setting module 802 is connected to the receiving module 801, and the privilege setting module 802 is configured to set the user to access the virtual according to the privilege information of the user accessing the virtual machine. In the embodiment of the present invention, the cloud management device receives the authentication. The request message carrying the user accessing the virtual machine permission information sent by the device, the cloud management device sets the permission of the user to access the virtual machine according to the permission information, and realizes the identification of the user through the interaction between the authentication device and the cloud management device, and further Users use virtual machines for effective management.

 It should be noted that, in the embodiment of the present invention, the rights information includes location rights information, and the rights setting module 802 is specifically configured to: according to the location rights information of the user accessing the virtual machine, set the user to pass the The cloud terminal accessing the virtual authority information specified by the location authority information includes the operation authority information, and the authority setting module 802 is specifically configured to select the virtual machine corresponding to the operation authority information according to the operation authority information of the user accessing the virtual machine. A resource pool is selected from the virtual machine resource pool and allocated to the user, so that the user accesses the virtual machine within the set authority.

When the rights information includes the operation rights information and the location rights information, the rights setting module is specifically configured to acquire the location rights information according to the location rights information. - the MAC address or IP address of the specified cloud terminal, the correspondence between the MAC address or IP address of the cloud terminal and at least one of the user name and password of the virtual machine assigned to the user, the corresponding relationship And configured to authenticate a login request sent by the cloud terminal.

 It should be noted that, in the embodiment of the present invention, the receiving module 801 is further configured to: return a response message to the authentication device, where the response message carries login information, where the login device may include an access control device. Or attendance equipment.

 Equipment Embodiment 3:

 FIG. 9 is a schematic structural diagram of another embodiment of a cloud management device according to an embodiment of the present invention. As shown in FIG. 9, the rights setting module 802 may include a first setting unit 8021 and a second setting unit 8022.

 The first setting unit 8021 is configured to obtain, according to the location permission information of the user accessing the virtual machine, a MAC address or an IP address of the cloud terminal specified by the location authority information;

 The second setting unit 8022 is configured to establish a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a username and a password of the virtual machine, where the correspondence is used for a login request sent by the cloud terminal. Authentication is performed such that the user accesses the virtual machine within the set rights.

 In the embodiment of the present invention, by establishing a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a username and a password of the virtual machine, the login request sent by the cloud terminal is authenticated by using the corresponding relationship. Enables users to access virtual machines in a fixed location and effectively manage users using virtual machines.

 The system embodiment of the present invention will now be described.

 System embodiment one:

FIG. 10 is a schematic structural diagram of an embodiment of a system for setting a user to access a virtual machine according to an embodiment of the present invention. As shown in FIG. 10, the system for accessing a virtual machine may include — ~ Authentication device 70 and cloud management device 80.

 The authentication device 70 is configured to receive an authentication request sent by the user, obtain the permission information of the user to access the virtual machine, and send a request message to the cloud management device 80, where the request message carries the user accessing the virtual machine. Permission information

 The cloud management device 80 is configured to receive the request message, and set the right of the user to access the virtual machine according to the permission information of the user accessing the virtual machine carried in the request message. In the embodiment of the present invention, the authentication device passes the Sending a request message carrying the user access rights information of the virtual machine to the cloud management device, the cloud management device sets the permission of the user to access the virtual machine according to the carried permission information, and realizes the identification of the user through the interaction between the authentication device and the cloud management device. , in turn, effectively manage users using virtual machines.

 It should be noted that, in the embodiment of the present invention, the authentication device 70 may be an access control device or an attendance device.

 System Embodiment 2:

 FIG. 11 is a schematic structural diagram of another embodiment of a system for setting a user to access a virtual machine according to an embodiment of the present invention. As shown in FIG. 11, the system for accessing a virtual machine further includes a cloud terminal 90, and the cloud terminal 90 and the cloud The management device 80 is connected, and the cloud terminal 90 is used by the user to use the virtual machine within the set authority.

Those skilled in the art will appreciate that the modules, units and steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware, computer software or a combination of both, in order to clearly illustrate hardware and software. Interchangeability, the composition and steps of the various examples have been generally described in terms of function in the above description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention. A person skilled in the art can clearly understand that for the convenience and cleanness of the description, the specific working processes of the systems, devices, modules and units described above can be referred to the corresponding processes in the foregoing method embodiments, and Let me repeat.

 In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the device embodiments described above are only schematic. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or modules may be used. Combined or can be integrated into another system, or some features can be ignored, or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be a core-coupled or communicative connection through some interface, device, module or unit, or may be an electrical, mechanical or other form of connection. .

 The modules or units described as separate components may or may not be physically separated, and the components displayed as modules or units may or may not be physical modules or units, that is, may be located in one place, or may be distributed to On multiple network modules or units. Some or all of the modules or units may be selected according to actual needs to achieve the objectives of the embodiments of the present invention.

 In addition, each functional module or unit in each embodiment of the present invention may be integrated into one processing module or unit, or each module or unit may exist physically separately, or two or more modules or units may be integrated in In a module or unit. The above integrated modules or units can be implemented either in the form of hardware or in the form of software functional units.

The integrated modules or units, if implemented in the form of software functional modules or units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention is essential or the part contributing to the prior art, or all or part of the technical solution may be a software product. Formally embodied, the computer software product is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods of various embodiments of the present invention. All or part of the steps. The foregoing storage medium includes: a USB flash drive, a removable hard disk, a read-only memory (ROM), a random access memory (RAM, Random Acces s Memory), a magnetic disk or an optical disk, and the like, which can store program codes. Medium.

 The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any equivalent person can be easily conceived within the technical scope of the present invention. Modifications or substitutions are intended to be included within the scope of the invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

Claim  A method for setting a user permission to access a virtual machine, the method comprising: the authentication device receiving an authentication request sent by a user, and acquiring the permission information of the user accessing the virtual machine;  The authentication device sends a request message to the cloud management device, where the request message carries the permission information of the user accessing the virtual machine, so that the cloud management device sets the content according to the permission information of the user accessing the virtual machine. User access to the virtual machine.  The method according to claim 1, wherein the rights information includes location rights information, and the setting the rights of the user to access the virtual machine includes:  And setting the cloud terminal accessed by the user through the location permission information to access the virtual machine.  The method of claim 2, wherein the setting the cloud terminal to be accessed by the cloud terminal specified by the user includes:  Obtaining a MAC address or an IP address of the cloud terminal specified by the location authority information; establishing a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a username and a password of the virtual machine, where the correspondence is used for The login request sent by the cloud terminal is authenticated.  The method according to claim 1, wherein the rights information includes operation authority information, and the setting the rights of the user to access the virtual machine includes:  Select a virtual machine resource pool corresponding to the operation authority information;  A virtual machine is selected from the virtual machine resource pool and allocated to the user.  The method according to claim 4, wherein the rights information further includes location rights information, the method further comprising:  Obtaining, according to the location authority information, a MAC address or an IP address of the cloud terminal specified by the location authority information; Establishing a MAC address or an IP address of the cloud terminal, and a virtual number assigned to the user Corresponding relationship between at least one of a user name and a password of the machine, the correspondence being used for authenticating a login request sent by the cloud terminal.  6. The method of claim 3 or 5, wherein the method further comprises:  Receiving, by the cloud management device, a login request sent by the cloud terminal, where the login request carries a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a username and a password of the virtual machine;  Determining, by the cloud management device, whether the correspondence relationship carried by the cloud terminal is consistent with the established correspondence relationship;  If they are consistent, the cloud management device establishes a virtual machine connection for the cloud terminal.  The method according to any one of claims 1 to 6, wherein the method further comprises:  The authentication device receives a response message returned by the cloud management device, where the response message carries login information, and the login information is used by the user to access the virtual machine within the set authority.  The method according to any one of claims 1 to 7, wherein the authentication device comprises: an access device or an attendance device.  A method for setting a user permission to access a virtual machine, the method comprising: the cloud management device receiving a request message sent by the authentication device, where the request message carries the permission information of the user accessing the virtual machine, where the user accesses The permission information of the virtual machine is obtained by the authentication device according to the authentication request sent by the user; the user accesses the virtual machine, so that the user accesses the virtual machine within the set authority. The method according to claim 9, wherein the rights information includes location rights information, and the setting the rights of the user to access the virtual machine includes: And setting the cloud terminal accessed by the user through the location permission information to access the virtual machine. The method of claim 10, wherein the setting the user to access the virtual machine by the cloud terminal specified by the location authority information comprises:  Obtaining a MAC address or an IP address of the cloud terminal specified by the location permission information; establishing a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a username and a password of the virtual machine, where the correspondence is used for The login request sent by the cloud terminal is authenticated.  The method according to claim 9, wherein the rights information includes operation authority information, and the setting the rights of the user to access the virtual machine includes:  Select a virtual machine resource pool corresponding to the operation authority information;  A virtual machine is selected from the virtual machine resource pool and allocated to the user.  The method according to claim 12, wherein the rights information further includes location rights information, the method further comprising:  Obtaining, according to the location authority information, a MAC address or an IP address of the cloud terminal specified by the location authority information;  Establishing a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a user name and a password of the virtual machine allocated to the user, where the correspondence is used to check a login request sent by the cloud terminal right.  The method according to claim 11 or 13, wherein the method further comprises:  Receiving, by the cloud management device, a login request sent by the cloud terminal, where the login request carries a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a username and a password of the virtual machine; Determining, by the cloud management device, whether the correspondence between the cloud terminal and the established correspondence is consistent; If they are consistent, the cloud management device establishes a virtual machine connection for the cloud terminal. The method according to any one of claims 9 to 14, wherein the method further comprises:  The cloud management device returns a response message to the authentication device, where the response message carries login information, and the login information is used by the user to access the virtual machine within the set authority.  The method according to any one of claims 9 to 15, wherein the authentication device comprises: an access device or an attendance device.  17. An authentication device, comprising:  An authentication module, configured to receive an authentication request sent by a user, and obtain permission information of the user accessing the virtual machine;  a sending module, configured to send a request message to the cloud management device, where the request message carries the permission information of the user accessing the virtual machine, so that the cloud management device sets the content according to the permission information of the user accessing the virtual machine. User access to the virtual machine.  The authentication device according to claim 17, wherein the rights information includes location rights information, and the authentication module is specifically configured to receive an authentication request sent by the user, and obtain the user accessing the virtual machine. Location permission information; the sending module is specifically configured to send a request message to the cloud management device, where the request message carries location permission information of the user accessing the virtual machine, so that the cloud management device accesses the virtual machine according to the user The location authority information is configured to access the virtual machine by the cloud terminal specified by the user through the location permission information. The authentication device according to claim 17, wherein the rights information includes operation authority information, and the authentication module is specifically configured to receive an authentication request sent by the user, and obtain the user accessing the virtual machine. The operation permission information is sent to the cloud management device, where the request message carries the user access The operation authority information of the virtual machine is such that the cloud management device selects a virtual machine resource pool corresponding to the operation authority information according to the operation authority information of the user accessing the virtual machine, and selects a virtual machine allocation from the virtual machine resource pool. To the user.  The authentication device according to claim 19, wherein the rights information further includes location rights information, and the authentication module is further configured to receive an authentication request that carries the location rights information; the sending module further And sending, by the cloud management device, a request message that carries the location permission information, so that the cloud management device acquires a MAC address or an IP address of the cloud terminal specified by the location permission information according to the location authority information, and establishes the cloud terminal. A correspondence between a MAC address or an IP address and at least one of a username and a password of a virtual machine allocated to the user, the correspondence being used to authenticate a login request sent by the cloud terminal.  The authentication device according to any one of claims 17 to 20, wherein the authentication module is further configured to receive a response message returned by the cloud management device, where the response message carries login information, where The login information is used by the user to access the virtual machine within the set permissions.  22. A cloud management device, comprising:  a receiving module, configured to receive a request message sent by the authentication device, where the request message carries the permission information of the user accessing the virtual machine, and the permission information of the user accessing the virtual machine is the authentication sent by the authentication device according to the user Claim for access;  The permission setting module is configured to set the permission of the user to access the virtual machine according to the permission information of the user accessing the virtual machine, so that the user accesses the virtual machine within the set authority. The cloud management device according to claim 22, wherein the rights information includes location rights information, and the rights setting module is specifically configured to set the location according to location permission information of the user accessing the virtual machine. The user refers to the location permission information The fixed cloud terminal accesses the virtual machine, so that the user accesses the virtual machine within the set authority.  The cloud management device according to claim 23, wherein the permission setting module comprises:  a first setting unit, configured to acquire, according to location permission information of the user accessing the virtual machine, a MAC address or an IP address of the cloud terminal specified by the location authority information;  a second setting unit, configured to establish a correspondence between a MAC address or an IP address of the cloud terminal and at least one of a username and a password of the virtual machine, where the correspondence is used for a login request sent by the cloud terminal Authentication is performed such that the user accesses the virtual machine within the set rights.  The cloud management device according to claim 22, wherein the rights information includes operation authority information, and the rights setting module is specifically configured to select the operation authority information according to the user accessing the virtual machine. The virtual machine resource pool corresponding to the operation authority information is selected from the virtual machine resource pool, and the virtual machine is allocated to the user, so that the user accesses the virtual machine within the set authority.  The cloud management device according to claim 25, wherein the rights information further includes location rights information, and the rights setting module is configured to acquire the location rights information specified according to the location rights information. a MAC address or an IP address of the cloud terminal, establishing a correspondence between a MAC address or an IP address of the cloud terminal, and at least one of a username and a password of the virtual machine allocated to the user, where the correspondence is used for The login request sent by the cloud terminal is authenticated. The cloud management device according to any one of claims 11 to 26, wherein the receiving module is further configured to return a response message to the authentication device, where the response message carries login information, and the login The information is used by the user to access the virtual machine within the set permissions. The cloud management device according to any one of claims 11 to 27, wherein the authentication device comprises: an access device or an attendance device.  29. A system for setting a user access to a virtual machine, wherein the system comprises an authentication device and a cloud management device;  The authentication device is configured to receive an authentication request sent by the user, obtain the permission information of the user accessing the virtual machine, and send a request message to the cloud management device, where the request message carries the permission of the user to access the virtual machine Information  The cloud management device is configured to receive the request message, and set the permission of the user to access the virtual machine according to the permission information of the user accessing the virtual machine carried in the request message, 30. The system of claim 29, wherein the system is in a computer.  The system according to claim 29 or 30, wherein the authentication device comprises: an access device or an attendance device.