The content of the invention
Based on this, it is necessary to can not realize for traditional unified management mode and ask what mixed cloud was managed collectivelyTopic, provides a kind of mixed cloud Explore of Unified Management Ideas, device and system, realizes the unified management to user in mixed cloud, beneficial to mixedClose the extension of cloud platform.
A kind of mixed cloud Explore of Unified Management Ideas, including:
Authentication Client receives the access request that user is initiated by application program, whether to detect the access requestIt is verified, if the access request is not verified, the access request is sent to certificate server;
The certificate server receives the access request, and detects and bill letter whether is carried in the access requestIf breath without billing information, sends authenticating user identification to the application program and invites, and receive the application program and obtainedThe authentication information taken verifies the authentication information, and billing information is generated after being verified, and the billing information is sentTo the Authentication Client;
The Authentication Client receives the billing information, the access request and the billing information is sent to describedCertificate server;
Certification is decrypted to the billing information in the certificate server, if certification will be by that will send the accessThe user identifier of request is sent to the Authentication Client;
The Authentication Client receives user identifier of the certification after, and the access request is sent to corresponding mixThe operation system of cloud is closed, response message of the operation system to the access request is received, the response message is sent toThe application program.
A kind of mixed cloud Explore of Unified Management Ideas, including:
Receive the access request that user is initiated by application program;
Detect whether the access request has been verified;
If the access request is not verified, the access request is sent to certificate server;
The billing information that the certificate server returns is received, the billing information is detected by the certificate serverAfter not carrying billing information in the access request, send authenticating user identification to the application program and invite, and answer describedWhat the authentication information obtained with program generated after being verified;
The access request and the billing information are sent to the certificate server;
It receives the certificate server and the billing information of the reception is decrypted transmission institute of the certification by rear returnState the user identifier of access request;
According to the certification by user identifier the access request is sent to the operation system of corresponding mixed cloud,Response message of the operation system to the access request is received, the response message is sent to the application program.
A kind of mixed cloud Explore of Unified Management Ideas, including:
Receive the not authenticated access request that the application program acquired in Authentication Client is sent;
Detect whether the access request carries billing information;
If the access request does not carry billing information, send authenticating user identification to the application program and invite;
The authentication information acquired in the application program is received, the authentication information is verified;
Billing information is generated after being verified;
The billing information of the generation is sent to the Authentication Client;
Receive the access request and the corresponding billing information that the Authentication Client is sent, to the billing information intoRow decrypted authentication;
If certification by the user identifier for sending the access request by being sent to the Authentication Client, so that instituteThe operation system that the access request is sent to corresponding mixed cloud by Authentication Client is stated, receives the operation system to describedThe response message is sent to the application program by the response message of access request.
A kind of mixed cloud system for unified management, including Authentication Client and certificate server;
The Authentication Client detects the access request for receiving the access request that user is initiated by application programWhether it has been verified, if the access request is not verified, the access request is sent to certificate server;
The certificate server detects in the access request whether carry bill for receiving the access requestIf information without billing information, sends authenticating user identification to the application program and invites, and receive the application program instituteThe authentication information of acquisition verifies the authentication information, and billing information is generated after being verified, and the billing information is sent outGive the Authentication Client;
The Authentication Client is additionally operable to receive the billing information, and the access request and the billing information are sentTo the certificate server;
The certificate server is additionally operable to that certification is decrypted to the billing information, if certification will be by that will send instituteThe user identifier for stating access request is sent to the Authentication Client;
The Authentication Client is additionally operable to receive user identifier of the certification after, and the access request is sent to correspondenceMixed cloud operation system, receive response message of the operation system to the access request, the response message sent outGive the application program.
A kind of mixed cloud is managed collectively device, including:
Request receiving module, for receiving the access request that user is initiated by application program;
Detection module, for detecting whether the access request has been verified;
The access request if not being verified for the access request, is sent to certification by the first sending moduleServer-side;
Ticket recipient module, for receiving the billing information that the certificate server returns, the billing information is by instituteIt states after certificate server detects and do not carry billing information in the access request, sends user identity to the application program and recognizeCard is invited, and generated after being verified to the authentication information of application program acquisition;
Second sending module, for the access request and the billing information to be sent to the certificate server;
User identifier receiving module is recognized for receiving the certificate server and the billing information of the reception being decryptedThe user identifier for the transmission access request that card returns after passing through;
Response message sending module, for according to the certification by user identifier the access request is sent to pairThe operation system for the mixed cloud answered receives response message of the operation system to the access request, by the response messageIt is sent to the application program.
A kind of mixed cloud is managed collectively device, including:
Request receiving module, please for receiving the not authenticated access that the application program acquired in Authentication Client is sentIt asks;
Judgment module, for detecting whether the access request carries billing information;
Sending module is invited in verification, if not carrying billing information for the access request, is sent out to the application programAuthenticating user identification is sent to invite;
Authentication module for receiving the authentication information acquired in the application program, carries out the authentication informationVerification;
Generation module, for generating billing information after being verified;
Bill sending module, for the billing information of the generation to be sent to the Authentication Client;
Bill identification module, for receiving the access request and the corresponding bill letter that the Authentication Client is sentBreath, certification is decrypted to the billing information;
User identifier sending module, if for certification by the way that the user identifier for sending the access request is sent toThe Authentication Client, so that the access request is sent to the operation system of corresponding mixed cloud by the Authentication Client,Response message of the operation system to the access request is received, the response message is sent to the application program.
Mixed cloud Explore of Unified Management Ideas, device and system in the present embodiment carry out access request by Authentication ClientDetection, if access request is not authenticated, certificate server is sent to by access request, the access is detected by certificate serverWhether billing information is carried in request, if not having, receive the authentication information of application program acquisition, authentication information verified logicalLater, billing information is generated, billing information is sent to Authentication Client, then access request and correspondence are sent by Authentication ClientBilling information to certificate server, billing information is decrypted certification in certificate server, and certification is after by user identifierAuthentication Client is sent to, access request is sent to the operation system of mixed cloud by Authentication Client, is received operation system and is returnedResponse message, response message is sent to application program, the unified certification management of the user of mixed cloud is realized, realizes oneSecondary login, the strategy of multiple operation system intercommunications, dramatically saves user time, without carrying out multiple login authentication and safetyPublish operation.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is rightThe present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, andIt is not used in the restriction present invention.
It is appreciated that term " first " used in the present invention, " second " etc. can be used to describe various elements herein,But these elements should not be limited by these terms.These terms are only used to distinguish first element and another element.
Fig. 1 is the application environment schematic diagram of mixed cloud Explore of Unified Management Ideas in one embodiment.As shown in Figure 1, the applicationEnvironment includes terminal 110 and server 120.Application program and Authentication Client are deployed in terminal 110.120 top of serverThere is certificate server in administration.Application program can be browser or application App etc..Terminal 110 communicates with server 120.TerminalAuthentication Client on 110 can receive the access request that user initiates resource in mixed cloud by application program, test accessWhether request has been verified, if not being verified, which is sent to the certificate server of server 120, byCertificate server carries out authentication to the user of the access request, after being verified, billing information is generated, by billing informationAuthentication Client is sent to, then receives the access request and billing information of Authentication Client transmission, billing information is carried outDecrypted authentication, certification are sent to Authentication Client by rear, by the user identifier for sending the access request.Authentication Client rootCorresponding response message is received according to user identifier, and response message is returned into application program.
Fig. 2A is the internal structure schematic diagram of terminal in one embodiment.As shown in Figure 2 A, which includes passing through systemProcessor, non-volatile memory medium, built-in storage and the network interface of bus connection.Wherein, the non-volatile memories of terminalMedia storage has operating system, further includes a kind of mixed cloud unified management device, and mixed cloud unified management device is used to implementA kind of mixed cloud Explore of Unified Management Ideas.The processor supports the operation of entire terminal for providing calculating and control ability.TerminalIn built-in storage in non-volatile memory medium mixed cloud be managed collectively device operation environment is provided, the built-in storageIn can store computer-readable instruction, when which is performed by the processor, may be such that the processorPerform a kind of mixed cloud Explore of Unified Management Ideas.Network interface is used to carry out network communication with server, such as sends access request extremelyServer receives server return and the identity of the promoter of access request is verified etc..The terminal can be mobile phone, tabletComputer or personal digital assistant or Wearable etc..It will be understood by those skilled in the art that the structure shown in Fig. 2A, onlyOnly it is the block diagram with the relevant part-structure of application scheme, does not form the terminal that is applied thereon to application schemeIt limits, specific terminal can include either combining some components or with not than more or fewer components shown in figureSame component arrangement.
Fig. 2 B are the internal structure schematic diagram of server in one embodiment.As shown in Figure 2 B, which includes passing throughProcessor, non-volatile memory medium, built-in storage and the network interface of system bus connection.Wherein, the server is non-easyThe property lost storage medium is stored with operating system, database and mixed cloud unified management device, and billing information is stored in database,Mixed cloud unified management device is used to implement a kind of mixed cloud Explore of Unified Management Ideas suitable for server.The place of the serverDevice is managed for providing calculating and control ability, supports the operation of entire server.The built-in storage of the server is non-volatileThe operation of mixed cloud unified management device in storage medium provides environment, and computer-readable finger can be stored in the built-in storageOrder when the computer-readable instruction is performed by the processor, may be such that the processor performs a kind of mixed cloud unified managementMethod.Terminal of the network interface of the server for according to this with outside is communicated by network connection, for example is received in terminalAccess request that Authentication Client is sent and the effective billing information returned to terminal or user identifier etc..Server can be usedThe server clusters of the either multiple servers compositions of independent server is realized.It will be understood by those skilled in the art that figureThe structure shown in 2B only with the block diagram of the relevant part-structure of application scheme, is not formed to application scheme instituteThe restriction for the server being applied thereon, specific server can include than more or fewer components shown in figure orIt combines some components or is arranged with different components.
Fig. 3 is the schematic diagram of each component of mixed cloud system for unified management in one embodiment.As shown in figure 3,The mixed cloud system for unified management includes mixed cloud internal correlation subsystem, unified login and Verification System, custom system.MixingCloud internal correlation subsystem includes four basic cloud platform, self-service platform, monitor supervision platform and management backstage subsystems.Basic cloud is put downPlatform is cloud computing management platform;Self-service platform is the management platform for providing the user with self-service cloud service;Monitor supervision platform is that monitoring is wholeThe health status of a cloud platform;The management platform that management backstage is available to administrator, operation maintenance personnel uses.Custom system is pairUser is managed collectively.The real time data synchronization of custom system to basic cloud platform, the basic each internal services of cloud platformUser identity is consistent with custom system, so as to fulfill the unification of the user identity of entire mixed cloud.Unified login and certificationSystem can be used for providing unified certification and authentication service, realizes and self-service, monitoring, the unified of management backstage user identity are managedReason.Unified login and Verification System introducing possess the single-node login system of security mechanism, and unification is carried out to each subsystem of mixed cloudAuthentication process once logs in, it is possible to access the resource for being linked into all subsystems under unified login platform.In addition, mixed cloudThe interface of co-operation platform is also provided, co-operation platform can be big data platform, operation platform etc., enrich the functional of mixed cloud,Support in terms of offer big data external member and operation management, unified login and Subscriber Management System have strong scalability, carryThe interface of confession ensures that external system can be accessed smoothly.
It should be noted that mixed cloud unified management is realized using single-sign-on and logged in.Single-sign-on (Single Sign-On, abbreviation SSO) it is a kind of solution for serving business event integration.There are mainly three types of role's forms for general SSO systems:User (multiple), Web application (multiple), SSO authentication centers (1).All certification logins be all SSO authentication centers intoRow, SSO authentication centers can inform web using active user whether be by the user of certification, all web applications all credit inSSO authentication centers.Its main realization method has:Shared cookies (browser rs cache), Broker-based are (based on managerPeople, there are one the servers of Collective qualification and user account management), (based on agent, there are one be Agent-basedThe Agent of different application authentication user identity), Token-based (be based on bill), based on gateway, based on SAML(Security Assertion Markup Language, security assertion markup language) etc..
Fig. 4 is the flow diagram of mixed cloud Explore of Unified Management Ideas in one embodiment.As shown in figure 4, a kind of mixed cloudExplore of Unified Management Ideas, including step 402 to step 410.
Step 402, Authentication Client receives the access request that user is initiated by application program, detects the access requestWhether it has been verified, if the access request is not verified, the access request is sent to certificate server.
In the present embodiment, user's unification under mixed cloud first is applied to the register account number and password of each subsystem.
Authentication Client and application program can be deployed in same terminal.Application program can be browser or application App etc..Application program is shielded application program, that is, the application program being authenticated.
If application program is browser, user inputs the network address of the operation system of mixed cloud by browser, toThe operation system of mixed cloud initiates access request.Authentication Client receives the access request, and whether detects the access requestIt has been verified.It has been verified to be and has referred to certificate server in decryption billing information and the meeting after is authenticated to billing informationThe bill of the solution mark of session-level is stamped in local browser, if showing in access request is initiated comprising the markIt had been verified.If the mark is not detected, shows that the access request is not verified, which is sent to and is recognizedDemonstrate,prove server-side.If detect the mark, then it represents that it has been verified, access request will be sent to the operation system of mixed cloud, andOperation system is received to the response message of the access request, response message is sent to application program.
If application program is the application client using App, i.e. mixed cloud, then user is logged in by this using AppAccess request is initiated to the operation system of mixed cloud.Authentication Client receives the access request, and detects the access request and beIt is no to be verified.If the mark is not detected, shows that the access request is not verified, which is sent to and is recognizedDemonstrate,prove server-side.If detect the mark, then it represents that it has been verified, access request will be sent to the operation system of mixed cloud, andOperation system is received to the response message of the access request, response message is sent to application program.
The Authentication Client passes through secure encrypted protocol (such as Secure Sockets with the certificate serverLayer, abbreviation SSL, Secure Socket Layer) carry out communications.Secure encrypted protocol can ensure that the security of access.
Step 404, whether the certificate server receives the access request, and detect in the access request and carryIf billing information without billing information, sends authenticating user identification to the application program and invites, and receives described using journeyAuthentication information acquired in sequence verifies the authentication information, and billing information is generated after being verified, and the bill is believedBreath is sent to the Authentication Client.
In the present embodiment, after certificate server receives access request, detect in the access request whether carry ticketIt is believed that breath.Billing information is for unique mark access request.The corresponding billing information of access request each time is different.IfThere is no billing information, then certificate server sends authenticating user identification to the application program and invites, and shows and recognizes in application programDemonstrate,prove interface.The authentication interface of application program obtains authentication information input by user, and authentication information is sent to certificate server.Certificate server verifies the authentication information of reception, the certification stored on the authentication information and certificate server that will be receivedInformation is compared, if identical, certification is by if it is different, then authentification failure.Authentication information may include user identifier and closeCode.User identifier is for uniquely representing user identity.User identifier can be the user account registered on mixed cloud or i.e.When communications account or E-mail address account or ID card No. or mobile communication mark etc..Certificate server verifies authentication informationBy rear, the billing information of the generation is sent to Authentication Client by generation billing information corresponding with the access request.
Step 406, the Authentication Client receives the billing information, and the access request and the billing information are sent outGive the certificate server.
In the present embodiment, after Authentication Client receives billing information, the access request and the billing information are resetTo being sent to certificate server.
Step 408, certification is decrypted to the billing information in the certificate server, if certification will be by that will sendThe user identifier of the access request is sent to the Authentication Client.
In the present embodiment, certification is decrypted to the corresponding billing information of the access request in certificate server, judges to solveWhether close billing information billing information corresponding with the access request recorded on certificate server is identical, if identical,Certification by the user identifier for sending the access request by being then sent to Authentication Client.If it is different, then authentification failure, it willThe result of authentification failure is sent to Authentication Client, and regenerates random billing information, which is sent to and is recognizedClient is demonstrate,proved, the access request and corresponding billing information are sent to certificate server, certification by Authentication Client againCertification is decrypted to billing information again in server-side.
Step 410, the Authentication Client receives user identifier of the certification after, and the access request is sent toThe operation system of corresponding mixed cloud receives response message of the operation system to the access request, and the response is believedBreath is sent to the application program.
In the present embodiment, user identifier of the certification after represents that the user's mark is the validated user mark of mixed cloud.
Mixed cloud Explore of Unified Management Ideas in the present embodiment is detected access request by Authentication Client, if accessingAsk not authenticated, then access request be sent to certificate server, by certificate server detect in the access request whetherBilling information is carried, if not having, receives the authentication information of application program acquisition, after being verified to authentication information, generationBilling information is sent to Authentication Client, then sends access request and corresponding bill letter by Authentication Client by billing informationCertificate server is ceased, billing information is decrypted certification in certificate server, and user identifier is sent to by certification after recognizesClient is demonstrate,proved, access request is sent to the operation system of mixed cloud by Authentication Client, receives the response letter that operation system returnsBreath, is sent to application program by response message, realizes the unified certification management of the user of mixed cloud, realize and once log in,The strategy of multiple operation system intercommunications, dramatically saves user time, and behaviour is published without carrying out multiple login authentication and safetyMake.Billing information decryption can prevent user's bill to be stolen, and have disabled user to carry the bill letter stolen in access requestIt ceases to pretend the user of mixed cloud, carries out the unauthorized access of resource.
In one embodiment, above-mentioned mixed cloud Explore of Unified Management Ideas further includes:If the access request has been verified,Then the access request is sent to the operation system of corresponding mixed cloud by the Authentication Client, receives the operation system pairThe response message of the access request, and the response message is sent to the application program.By detecting access requestIt has been be verified that, then access request is directly sent to the operation system of corresponding mixed cloud by Authentication Client, realizes resourceIt accesses.
In one embodiment, above-mentioned mixed cloud Explore of Unified Management Ideas further includes:The certificate server detects describedBilling information is carried in access request, then certification is decrypted to the billing information, if certification is by described in sendingThe user identifier of access request is sent to the Authentication Client, if authentification failure, user's body is sent to the application programPart certification is invited, and receives the authentication information acquired in the application program, and the authentication information is verified, is verifiedAfter generate billing information, the billing information is sent to the Authentication Client.
Fig. 5 is the unified login management process based on CAS Server certification in one embodiment.As shown in figure 5, wherein,CAS (Central Authentication Service) be Yale universities initiate a project enterprise-level, increasing income, purportMethod (belonging to Web SSO) is solved providing a kind of reliable single-sign-on for Web application systems.It is unified based on CAS ServerLogging in the process of management includes:
(501) browser obtains access request input by user, please to the operation system of mixed cloud according to the access requestResource is sought, and the access request is sent to Authentication Client.
(502) if Authentication Client detects that access request is not authenticated, the access request is redirected to certificationServer-side, if detecting, access request has been verified, and is jumped directly to (508).
(503) certificate server detects in the access request whether carry billing information, if not having, to browserTransmission requires authenticating user identification.
(504) browser obtains username and password input by user, and username and password is sent to certificate server.
(505) certificate server verifies username and password, after being verified, generation and the access request pairThe billing information of generation is sent to Authentication Client by the billing information answered.
(506) billing information is added to the access request by Authentication Client, and the access request is carried bill letterBreath is sent to certificate server.
(507) certification is decrypted to the billing information in the access request in certificate server, and certification will be sent out by rearThe user name of the access request is sent to be sent to Authentication Client.
(508) Authentication Client receives the user name being proved to be successful, and the access request that the user's name is initiated is sent toThe operation system of mixed cloud receives the resource that operation system returns, resource is returned to browser.
In one embodiment, the Authentication Client receives user identifier of the certification after, is led to according to the certificationLater user identifier obtains the corresponding role of the user identifier and permission, reception and institute to user role Rights Management SystemThe corresponding response message of the corresponding permission of user identifier is stated, the response message is sent to the application program.
In the present embodiment, user role Rights Management System assigns different roles for different users, while to correspondingRole assign corresponding permission, that is, establish the correspondence between user and role, pair between role and permissionIt should be related to.RBAC (Role-Based Access Control, the peace of based role can be used in user role Rights Management SystemFull access control), it is different from forced symmetric centralization and freely selectes access control directly assigning user's permission, but generalPermission and role association, user are obtained the permission of corresponding role by the member of appropriate role, greatly simplify permissionManagement, make access control more flexible.Union user management system based on RBAC, can be at management platform user, angleOn the basis of color, the neatly permission of role of manager, so as to fulfill the unified access control of target platform.Using based roleAccess control system, user do not associate directly with operating right, but are carried out by way of assigning role, towards differentInstitutional framework user gives different Role Identities, makes user's management work more efficient.
Fig. 6 is the structure diagram of RBAC user management modules.As shown in fig. 6, it is multi-to-multi between user and roleRelation, a user can have multiple roles:Such as system manager, resource administrators, ordinary user.Each role can alsoCorresponding multiple users.The permission that role is endowed is fixed, and the role specified has the operating right specified.Operating right bagIt includes and checks, adds, deleting, changing.
User management and unified login authentication mechanism under mixed cloud are divided into internal subsystems and external system access twoKind different modes, the user between internal each platform have unified use after synchronous and platform issues operation by dataFamily registration module and role bindings mechanism, the user data between subsystem are alignment.When external system will be docked to mixingWhen the unification authentication platform of cloud is authenticated operation, since the user data of no external system is, it is necessary to carry out additional operation.
In one embodiment, above-mentioned mixed cloud Explore of Unified Management Ideas further includes:External system is linked into mixed cloud, andBy the user data synchronization in external system to mixed cloud;System is managed to the synchronous number of users by user's role-securityAccording to the corresponding role of configuration and permission.
In the present embodiment, external system is docked to the unification authentication platform of mixed cloud, by the user data in external systemUnification authentication platform is synchronized to, manage system by user's role-security is respectively configured corresponding role to synchronous user dataAnd permission.By the user data synchronization in external system to unification authentication platform, may be employed batch lead-in mode imported into it is mixedClose the unification authentication platform of cloud.External system refers to the other systems outside mixed cloud.The user of external system can be in mixed cloudRegistration.Furthermore role's distribution can be carried out by group to the user in external system, i.e., multiple users are divided into one group, united to the groupOne point is certain role or multiple roles.
Further, in mixed cloud, abstract package is carried out to data-interface, internal subsystems are provided and are stablized notThe interface of change, then the account system by unification authentication platform docking external system.
Fig. 7 is the flow chart of mixed cloud Explore of Unified Management Ideas in one embodiment.As shown in fig. 7, a kind of mixed cloud is unifiedManagement method is run in the terminal in Fig. 1 and Fig. 2A, is described with Authentication Client angle, including:
Step 702, the access request that user is initiated by application program is received.
In the present embodiment, application program can be browser or application App etc..
Step 704, detect whether the access request has been verified.
In the present embodiment, it has been verified to be and has referred to certificate server in decryption billing information and billing information is authenticatedThe bill of the solution mark of session-level can be stamped in local browser after, if including the mark in access request is initiatedNote, then show to be verified.If the mark is not detected, show that the access request is not verified, it please by the accessIt asks and is sent to certificate server.If detect the mark, then it represents that be verified, visited being sent to the operation system of mixed cloudIt asks request, and receives response message of the operation system to the access request, response message is sent to application program.
Step 706, if the access request is not verified, the access request is sent to certificate server.
Step 708, the billing information that the certificate server returns is received, the billing information is by the authentication serviceAfter end detects and do not carry billing information in the access request, send authenticating user identification to the application program and invite, andIt is generated after being verified to the authentication information that the application program obtains.
In the present embodiment, billing information is for unique mark access request.Authentication information may include user identifier andPassword.User identifier can be the user account or instant messaging account or E-mail address account or identity card registered on mixed cloudNumber or mobile communication mark etc..
Step 710, the access request and the billing information are sent to the certificate server.
Step 712, receive the certificate server certification is decrypted to the billing information of the reception and pass through rear returnThe transmission access request user identifier.
Step 714, according to the certification by user identifier the access request is sent to corresponding mixed cloudOperation system receives response message of the operation system to the access request, and the response message is sent to described answerUse program.
Mixed cloud Explore of Unified Management Ideas in the present embodiment is detected access request by Authentication Client, if accessingAsk not authenticated, then access request be sent to certificate server, by certificate server detect in the access request whetherBilling information is carried, if not having, receives the authentication information of application program acquisition, after being verified to authentication information, generationBilling information is sent to Authentication Client, then sends access request and corresponding bill letter by Authentication Client by billing informationCertificate server is ceased, billing information is decrypted certification in certificate server, and user identifier is sent to by certification after recognizesClient is demonstrate,proved, access request is sent to the operation system of mixed cloud by Authentication Client, receives the response letter that operation system returnsBreath, is sent to application program by response message, realizes the unified certification management of the user of mixed cloud, realize and once log in,The strategy of multiple operation system intercommunications, dramatically saves user time, and behaviour is published without carrying out multiple login authentication and safetyMake.
In one embodiment, above-mentioned mixed cloud Explore of Unified Management Ideas further includes:If the access request has been verified,The access request is then sent to the operation system of corresponding mixed cloud, receives the operation system to the access requestResponse message, and the response message is sent to the application program.
In one embodiment, above-mentioned mixed cloud Explore of Unified Management Ideas further includes:The certificate server is received to detectBilling information, and the use for the access request that rear transmission is passed through to the billing information certification are carried in the access requestFamily identifies and is sent to the access request operation system of corresponding mixed cloud, receives the operation system to describedThe response message is sent to the application program by the response message of access request.
In one embodiment, above-mentioned mixed cloud Explore of Unified Management Ideas further includes:According to user of the certification afterIt identifies to user role Rights Management System and obtains the corresponding role of the user identifier and permission;It receives and the user identifierThe corresponding response message of corresponding permission, the application program is sent to by the response message.
Fig. 8 is the flow chart of mixed cloud Explore of Unified Management Ideas in another embodiment.As shown in figure 8, a kind of mixed cloud systemOne management method is run on the server in Fig. 1 and Fig. 2 B, is described with certificate server angle, including:
Step 802, the not authenticated access request that the application program acquired in Authentication Client is sent is received.
Step 804, detect whether the access request carries billing information.
Step 806, if the access request does not carry billing information, authenticating user identification is sent to the application programIt invites.
Step 808, the authentication information acquired in the application program is received, the authentication information is verified.
Step 810, billing information is generated after being verified.
Step 812, the billing information of the generation is sent to the Authentication Client.
Step 814, the access request and the corresponding billing information that the Authentication Client is sent are received, to the ticketIt is believed that certification is decrypted in breath.
Step 816, if certification by the user identifier for sending the access request by being sent to the certification clientEnd, so that the access request is sent to the operation system of corresponding mixed cloud by the Authentication Client, receives the businessThe response message is sent to the application program by system to the response message of the access request.
Mixed cloud Explore of Unified Management Ideas in the present embodiment is detected access request by Authentication Client, if accessingAsk not authenticated, then access request be sent to certificate server, by certificate server detect in the access request whetherBilling information is carried, if not having, receives the authentication information of application program acquisition, after being verified to authentication information, generationBilling information is sent to Authentication Client, then sends access request and corresponding bill letter by Authentication Client by billing informationCertificate server is ceased, billing information is decrypted certification in certificate server, and user identifier is sent to by certification after recognizesClient is demonstrate,proved, access request is sent to the operation system of mixed cloud by Authentication Client, receives the response letter that operation system returnsBreath, is sent to application program by response message, realizes the unified certification management of the user of mixed cloud, realize and once log in,The strategy of multiple operation system intercommunications, dramatically saves user time, and behaviour is published without carrying out multiple login authentication and safetyMake.
In one embodiment, above-mentioned mixed cloud Explore of Unified Management Ideas further includes:It is taken if detecting in the access requestWith billing information, certification is decrypted to the billing information, if certification is by will send the user of the access requestMark is sent to the Authentication Client, if authentification failure, sends authenticating user identification to the application program and invites, and connectThe authentication information acquired in the application program is received, the authentication information is verified, billing information is generated after being verified,The billing information is sent to the Authentication Client.
Fig. 9 is the structure diagram of mixed cloud system for unified management in one embodiment.As shown in figure 9, a kind of mixed cloud systemOne management system, including Authentication Client 902 and certificate server 904.
The Authentication Client 902 detects the access for receiving the access request that user is initiated by application programWhether request has been verified, if the access request is not verified, the access request is sent to certificate server904。
Whether the certificate server 904 detects in the access request and carries for receiving the access requestIf billing information without billing information, sends authenticating user identification to the application program and invites, and receives described using journeyAuthentication information acquired in sequence verifies the authentication information, and billing information is generated after being verified, and the bill is believedBreath is sent to the Authentication Client 902.
The Authentication Client 902 is additionally operable to receive the billing information, by the access request and the billing informationIt is sent to the certificate server 904.
The certificate server 904 is additionally operable to that certification is decrypted to the billing information, if certification will be by that will sendThe user identifier of the access request is sent to the Authentication Client 902.
The Authentication Client 902 is additionally operable to receive user identifier of the certification after, and the access request is sent toThe operation system of corresponding mixed cloud receives response message of the operation system to the access request, and the response is believedBreath is sent to the application program.
Mixed cloud system for unified management in the present embodiment is detected access request by Authentication Client, if accessingAsk not authenticated, then access request be sent to certificate server, by certificate server detect in the access request whetherBilling information is carried, if not having, receives the authentication information of application program acquisition, after being verified to authentication information, generationBilling information is sent to Authentication Client, then sends access request and corresponding bill letter by Authentication Client by billing informationCertificate server is ceased, billing information is decrypted certification in certificate server, and user identifier is sent to by certification after recognizesClient is demonstrate,proved, access request is sent to the operation system of mixed cloud by Authentication Client, receives the response letter that operation system returnsBreath, is sent to application program by response message, realizes the unified certification management of the user of mixed cloud, realize and once log in,The strategy of multiple operation system intercommunications, dramatically saves user time, and behaviour is published without carrying out multiple login authentication and safetyMake.
In one embodiment, the Authentication Client 902 is additionally operable to receive user identifier of the certification after, according to instituteIt states user identifier of the certification after and obtains the corresponding role of the user identifier and permission to user role Rights Management System,The corresponding response message of reception permission corresponding with the user identifier, the application program is sent to by the response message.
In one embodiment, if the access request has been verified, the Authentication Client 902 is by the accessRequest is sent to the operation system of corresponding mixed cloud, receives response message of the operation system to the access request, andThe response message is sent to the application program.
In one embodiment, the certificate server 904, which is additionally operable to detect in the access request, carries billThen certification is decrypted to the billing information in information, if certification is by the way that the user identifier for sending the access request is sent outThe Authentication Client 902 is given, if authentification failure, authenticating user identification is sent to the application program and invites, and receiveAuthentication information acquired in the application program verifies the authentication information, and billing information is generated after being verified, willThe billing information is sent to the Authentication Client.
The Authentication Client 902 carries out communications with the certificate server 904 by secure encrypted protocol.
In one embodiment, above-mentioned mixed cloud system for unified management further includes user role Rights Management System;It will be outerPortion's system access mixed cloud, and by the user data synchronization in external system to the mixed cloud;The user role permission pipeReason system configures corresponding role and permission to the synchronous user data.
Figure 10 is the structure diagram that mixed cloud is managed collectively device in one embodiment.Such as Figure 10, a kind of mixed cloud unificationManaging device 1000, including request receiving module 1002, detection module 1004, the first sending module 1006, ticket recipient module1008th, the second sending module 1010, user identifier receiving module 1012, response message sending module 1014.Wherein:
Request receiving module 1002 is used to receive the access request that user is initiated by application program;
Detection module 1004 is used to detect whether the access request has been verified;
If the first sending module 1006 is not verified for the access request, the access request is sent to and is recognizedDemonstrate,prove server-side;
Ticket recipient module 1008 is used to receiving the billing information that the certificate server returns, the billing information be byThe certificate server detects do not carry billing information in the access request after, to the application program send user identityCertification is invited, and generated after being verified to the authentication information of application program acquisition;
Second sending module 1010 is used to the access request and the billing information being sent to the certificate server;
User identifier receiving module 1012 solves the billing information of the reception for receiving the certificate serverThe user identifier for the transmission access request that close certification passes through rear return;
Response message sending module 1014 be used for according to the certification by user identifier the access request is sentTo the operation system of corresponding mixed cloud, response message of the operation system to the access request is received, by the responseInformation is sent to the application program.
Mixed cloud is managed collectively device in the present embodiment, and access request is detected by Authentication Client, if accessingAsk not authenticated, then access request be sent to certificate server, by certificate server detect in the access request whetherBilling information is carried, if not having, receives the authentication information of application program acquisition, after being verified to authentication information, generationBilling information is sent to Authentication Client, then sends access request and corresponding bill letter by Authentication Client by billing informationCertificate server is ceased, billing information is decrypted certification in certificate server, and user identifier is sent to by certification after recognizesClient is demonstrate,proved, access request is sent to the operation system of mixed cloud by Authentication Client, receives the response letter that operation system returnsBreath, is sent to application program by response message, realizes the unified certification management of the user of mixed cloud, realize and once log in,The strategy of multiple operation system intercommunications, dramatically saves user time, and behaviour is published without carrying out multiple login authentication and safetyMake.
In one embodiment, above-mentioned mixed cloud unified management device further includes authority acquiring module.Authority acquiring moduleIt is corresponding to the user role Rights Management System acquisition user identifier for the user identifier according to the certification afterRole and permission.
Response message sending module 1014 is additionally operable to the corresponding response message of reception permission corresponding with the user identifier,The response message is sent to the application program.
In one embodiment, if response message sending module 1014 is additionally operable to the access request and has been verified,The access request is sent to the operation system of corresponding mixed cloud, receives sound of the operation system to the access requestInformation is answered, and the response message is sent to the application program.
In one embodiment, user identifier receiving module 1012 be additionally operable to receive the certificate server detect it is describedBilling information, and the user's mark for the access request that rear transmission is passed through to the billing information certification are carried in access requestKnow.Response message sending module 1014 is additionally operable to the access request being sent to the operation system of corresponding mixed cloud, receivesThe response message is sent to the application program by the operation system to the response message of the access request.
Figure 11 is the structure diagram that mixed cloud is managed collectively device in another embodiment.As shown in figure 11, a kind of mixingCloud is managed collectively device, including request receiving module 1102, judgment module 1104, verification sending module 1106, identity is invited to testDemonstrate,prove module 1108, generation module 1110, bill sending module 1112, bill identification module 1114 and user identifier sending module1116.Wherein:
Request receiving module 1102 is used to receive the not authenticated visit that the application program acquired in Authentication Client is sentAsk request.
Judgment module 1104 is used to detect whether the access request carries billing information.
If verification invites sending module 1106 not carry billing information for the access request, to the application programAuthenticating user identification is sent to invite.
Authentication module 1106 is used to receive authentication information acquired in the application program, to the authentication information intoRow verification.
Generation module 1108 is used to generate billing information after being verified.
Bill sending module 1110 is used to the billing information of the generation being sent to the Authentication Client.
Bill identification module 1112 is used to receive the access request and the corresponding bill that the Authentication Client is sentCertification is decrypted to the billing information in information.
If user identifier sending module 1114 is for certification by the way that the user identifier for sending the access request is sentTo the Authentication Client, so that the access request is sent to the business system of corresponding mixed cloud by the Authentication ClientSystem, receives response message of the operation system to the access request, the response message is sent to the application program.
Mixed cloud is managed collectively device in the present embodiment, and access request is detected by Authentication Client, if accessingAsk not authenticated, then access request be sent to certificate server, by certificate server detect in the access request whetherBilling information is carried, if not having, receives the authentication information of application program acquisition, after being verified to authentication information, generationBilling information is sent to Authentication Client, then sends access request and corresponding bill letter by Authentication Client by billing informationCertificate server is ceased, billing information is decrypted certification in certificate server, and user identifier is sent to by certification after recognizesClient is demonstrate,proved, access request is sent to the operation system of mixed cloud by Authentication Client, receives the response letter that operation system returnsBreath, is sent to application program by response message, realizes the unified certification management of the user of mixed cloud, realize and once log in,The strategy of multiple operation system intercommunications, dramatically saves user time, and behaviour is published without carrying out multiple login authentication and safetyMake.
If bill identification module 1112, which is additionally operable to detect in the access request, carries billing information, to the billCertification is decrypted in information, if certification is by the way that user identifier sending module 1114 is used to send the use of the access requestFamily mark is sent to the Authentication Client, if authentification failure, verifies and sending module 1106 is invited to be additionally operable to the applicationProgram sends authenticating user identification and invites;Authentication module 1106 receives the authentication information acquired in the application program, rightThe authentication information is verified;Generation module 1108 is additionally operable to generate billing information after being verified, by the billing informationIt is sent to the Authentication Client.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be withRelevant hardware is instructed to complete by computer program, the program can be stored in a non-volatile computer and can be readIn storage medium, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, the storage is situated betweenMatter can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) etc..
Embodiment described above only expresses the several embodiments of the present invention, and description is more specific and detailed, but simultaneouslyCannot the limitation to the scope of the claims of the present invention therefore be interpreted as.It should be pointed out that for those of ordinary skill in the artFor, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present inventionProtect scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.