CN105763545B - A kind of BYOD method and device - Google Patents
A kind of BYOD method and device Download PDFInfo
- Publication number
- CN105763545B CN105763545B CN201610079668.9A CN201610079668A CN105763545B CN 105763545 B CN105763545 B CN 105763545B CN 201610079668 A CN201610079668 A CN 201610079668A CN 105763545 B CN105763545 B CN 105763545B
- Authority
- CN
- China
- Prior art keywords
- container
- access
- terminal device
- mirror info
- scene
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000005540 biological transmission Effects 0.000 claims abstract description 37
- 230000004044 response Effects 0.000 claims description 5
- 108010001267 Protein Subunits Proteins 0.000 claims 1
- 238000009826 distribution Methods 0.000 abstract description 10
- 238000007726 management method Methods 0.000 description 56
- 238000010586 diagram Methods 0.000 description 17
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000008859 change Effects 0.000 description 4
- 238000003860 storage Methods 0.000 description 4
- 238000004321 preservation Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of BYOD method and device, this method comprises: obtaining the running environment requirement of corresponding container Mirror Info and corresponding container according to the access scene of the terminal device when receiving the access request of terminal device transmission;The running environment of the container Mirror Info and corresponding container is required to be sent to container management service device, so that the container management service device generates according to the container Mirror Info and running environment requirement and starts corresponding container instance;The container instance access mode that the container management service device is sent is received, and the container instance access mode is sent to the terminal device, so that the terminal device accesses corresponding container instance according to the container instance access mode.It is customized using the user that working environment may be implemented in the embodiment of the present invention, and then the raising of network-control flexibility in BYOD scene and monopolizing for application distribution may be implemented.
Description
Technical field
The present invention relates to network communication technology field more particularly to a kind of BYOD method and devices.
Background technique
BYOD (Bring Your Own Device carries the equipment office of oneself) technology is according to the user of accessing user
The factors such as permission, the position for accessing network, the time for accessing network, the mode for accessing network, for this access point of the user
The various access authority such as distribution network, application, data, thus working environment needed for making the user obtain office.
However practice discovery, in current BYOD scheme, when according to various scene factors being user's allocation of access rights only
Be be divided into configured VLAN (Virtual Local Area Network, virtual LAN) network, issue
The link of available application program distributes available memory space etc., can only be arranged using existing VLAN network distribution is upper, no
It can be the flexible network-control of the user setting;Application issue simply by issue different application links carry out using weigh
The differentiation of limit, what different user backstage used is still the same application, is not exclusive the distributed application of user.
Summary of the invention
The present invention provides a kind of BYOD method and device, with solve in existing BYOD scheme user network control flexibility compared with
Difference, and application is assigned as the problems such as non-user is exclusive.
According to a first aspect of the embodiments of the present invention, a kind of BYOD method is provided, comprising:
When receiving the access request of terminal device transmission, obtained according to the access scene of the terminal device corresponding
The requirement of the running environment of container Mirror Info and corresponding container;
The running environment of the container Mirror Info and corresponding container is required to be sent to container management service device, so that
The container management service device is required according to the running environment of the container Mirror Info and corresponding container, is generated and is started pair
The container instance answered;
Receive the container instance access mode that the container management service device is sent, and by the container instance access mode
It is sent to the terminal device, so that the terminal device accesses corresponding container reality according to the container instance access mode
Example.
According to a second aspect of the embodiments of the present invention, a kind of BYOD device is provided, comprising:
Receiving unit, the access request sent for receiving terminal apparatus;
Acquiring unit, when for receiving the access request of terminal device transmission when the receiving unit, according to the end
The access scene of end equipment obtains the running environment requirement of corresponding container Mirror Info and corresponding container;
Transmission unit is sent to container tube for requiring the running environment of the container Mirror Info and corresponding container
Server is managed, so that the container management service device is wanted according to the running environment of the container Mirror Info and corresponding container
It asks, generate and starts corresponding container instance;
The receiving unit is also used to receive the container instance access mode that the container management service device is sent;
The transmission unit is also used to the container instance access mode being sent to the terminal device, so that described
Terminal device accesses corresponding container instance according to the container instance access mode.
Using the embodiment of the present invention, when receiving the access request of terminal device, according to the access scene of terminal device
The running environment requirement of corresponding container Mirror Info and corresponding container is obtained, and sends it to container management service device,
To generate and start corresponding container instance;When receiving the container instance access mode of management server transmission, by the appearance
Device example access mode is sent to terminal device, so that terminal device accesses corresponding container instance, by by virtual container skill
Art is merged with BYOD, and the user of difference access scene distributes different container instances, is obtained different working environments, is realized and do
The user of public environment customizes, and then the raising of network-control flexibility in BYOD scene may be implemented and apply the only of distribution
It accounts for.
Detailed description of the invention
Fig. 1 is the network architecture schematic diagram of BYOD provided in an embodiment of the present invention a kind of;
Fig. 2 is a kind of flow diagram of BYOD method provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another kind BYOD method provided in an embodiment of the present invention;
Fig. 4 is a kind of configuration diagram of concrete application scene provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of BYOD device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of another kind BYOD device provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram of another kind BYOD device provided in an embodiment of the present invention;
Fig. 8 is a kind of hardware structure diagram of equipment where BYOD device provided in an embodiment of the present invention.
Specific embodiment
In order to make those skilled in the art more fully understand technical solution provided in an embodiment of the present invention, below first to virtual
Container technique is briefly described bright.
Virtual container technology is the following popular virtualization technology, which is based on operating system nucleus and realizes virtualization skill
Art can be provided without the GuestOS (Guest Operating System, guest operating system) of conventional virtual machine technology
The more virtualization solution of lightweight.Pass through the packing and distribution of the more convenient software application of the technology and its environment.
The preservation of container and distribution form are mirror image forms, i.e., save each bottom needed for the container in image file and answer
With, environment, configuration etc., when creating container, the image file completes each application, environment, configuration are built by parsing, thus
Form the integrated environment of application operation.Image file is actually the definition of container, it determine in container needed for include
Full content exists with the document form of specific syntax description.
Technical solution in the embodiment of the present invention is described in further detail with reference to the accompanying drawing.
Referring to Figure 1, Fig. 1 is a kind of network architecture schematic diagram of BYOD provided in an embodiment of the present invention.As shown in Figure 1,
The network architecture schematic diagram may include certificate server, container management service device, container server cluster and terminal device;
The container server cluster may include multiple servers for supporting container technique.Wherein, it handles official business when premises equipment requests access
When network, access request can be sent to certificate server;When certificate server receives the access request of terminal device transmission,
The running environment requirement of corresponding container Mirror Info and corresponding container can be obtained according to the access scene of terminal device, and
It requires the container Mirror Info and running environment to be sent to container management service device;Container management service device receives certification
It, can be according to from container server cluster after the running environment of container Mirror Info and corresponding container that server is sent requires
Middle selection cell therefor server generates according to the container Mirror Info and running environment requirement and starts corresponding appearance
Device example, and container instance access mode is sent to certificate server;Certificate server receives management server transmission
After container instance access mode, which is sent to terminal device, so that terminal device is according to the container
Example access mode accesses corresponding container instance.
Based on the network architecture shown in FIG. 1, the embodiment of the invention provides a kind of BYOD methods.Fig. 2 is referred to, is this hair
A kind of flow diagram for BYOD method that bright embodiment provides, as shown in Fig. 2, this method may comprise steps of:
It should be noted that step 201~step 203 executing subject can be the certification in the network architecture shown in Fig. 1
Processor in server or certificate server, such as CPU (Center Process Unit, central processing unit), for convenient for
Description is illustrated so that step 201~step 203 executing subject is certificate server as an example below.
Step 201, when receive terminal device transmission access request when, according to the access scene of terminal device obtain pair
The running environment requirement of the container Mirror Info and corresponding container answered.
In the embodiment of the present invention, when terminal device needs to access office network, terminal device can be to certificate server
Send access request;It, can be according to the access of terminal device when certificate server receives the access request of terminal device transmission
Scene obtains the running environment requirement of corresponding container Mirror Info and corresponding container.
In the embodiment of the present invention, the access scene of terminal device can include but is not limited to turn-on time, on-position, connect
Enter one or more of mode and access terminal type etc.;Wherein, the turn-on time of terminal device can be by authentication service
Device is determined according to system time when receiving certification request, or is directly carried in access request;On-position can be by recognizing
Server is demonstrate,proved to be existed according to the determination of source IP (Internet Protocol, Internet protocol) address or directly carrying of certification request
In access request;Access way can include but is not limited to LAN optimization, VPN (Virtual Private Network, void
Quasi- private network) access etc.;Access terminal type can include but is not limited to PC (Personal Computer, personal computer),
Mobile terminal etc..The running environment of container mirror image requires to can include but is not limited in network configuration environment, CPU, memory etc.
One or more, hardware resource requirements when being the operation of container mirror image.
It optionally, can also include access account and password in above-mentioned access request;Certificate server receives terminal and sets
When the access request that preparation is sent, it can first dock and be authenticated into account and password, such as whether verification access account is legal account
Number, access account and password whether match, and after certification passes through, the current corresponding appearance of access scene of acquisition terminal device
Device Mirror Info and running environment requirement.
In the embodiment of the present invention, the corresponding container Mirror Info of access scene can be preparatory according to concrete scene by administrator
Configuration, can also be by certificate server generation when user is accessed for the first time by terminal device in certificate server.
As an implementation, in above-mentioned steps 201, when receiving the access request of terminal device transmission, on
Stating may comprise steps of according to the corresponding container Mirror Info of the access scene of terminal device acquisition:
11) container Mirror Info corresponding with the access scene of terminal device, is judged whether there is;
12), if it exists, it is determined that the container Mirror Info is the corresponding container mirror image letter of access scene of terminal device
Breath;
13) corresponding container Mirror Info, otherwise, is generated according to the access scene of terminal device.
In this embodiment, when certificate server receives the access request of terminal device transmission, certificate server
The corresponding relationship of the access scene and container Mirror Info that can be saved according to the access scenario queries itself of terminal device currently,
To judge whether there is the corresponding container Mirror Info of the access scene current with terminal device;If it exists, then certificate server
The corresponding container Mirror Info of the available access scene;Otherwise, certificate server can be according to the access field of terminal device
Scape generates corresponding container Mirror Info.
Optionally, in embodiments of the present invention, certificate server generates corresponding appearance according to the access scene of terminal device
After device Mirror Info, the corresponding relationship of access scene and container Mirror Info can be saved, and the access ought be received again
When access request under scene, the container Mirror Info corresponding with the access scene of itself preservation is obtained, and according to the container
Mirror Info determines the running environment requirement of corresponding container.
Still optionally further, certificate server according to the access scene of terminal device generate corresponding container Mirror Info it
Afterwards, the running environment requirement of corresponding container can also be determined according to the container Mirror Info, and saves access scene and container mirror
As the corresponding relationship that information and the running environment of corresponding container require, thus, when receiving connecing under the access scene again
When entering to request, obtains itself container Mirror Info corresponding with the access scene of preservation and the running environment of corresponding container is wanted
It asks.
As an implementation, in embodiments of the present invention, certificate server is raw according to the access scene of terminal device
At corresponding container Mirror Info, may comprise steps of:
21) access authority of terminal device, is determined according to preset access strategy according to the access scene of terminal device;
It 22) is, that terminal device generates corresponding container Mirror Info according to access authority.
In this embodiment, the corresponding access strategy of various different access scenes can be preset, for example, administrator
The access strategy of various different access scenes can be configured in certificate server according to enterprise requirements.
Correspondingly, it when certificate server receives the access request of terminal device transmission, and does not inquire and terminal device
Access scene corresponding container Mirror Info when, certificate server can be corresponding according to the current access scenario queries of terminal
Access strategy, and determine according to the access strategy inquired the access authority of the terminal device.Wherein, which can wrap
It includes but is not limited to network access authority (as allowed access market portion VLAN, allowing to access Finance Department VLAN), application access permission
(such as allow access Word, Excel) and data access authority (such as 1.1.1.1 data (data) 1,2.2.2.2
One or more of data3 etc.) etc..
For example, preconfigured access strategy may include: in certificate server
A), accessed in 8:00-18:00, then there is the permission for obtaining working environment, or there can be relatively more (can lead to
Cross and set the mode of specific threshold value and limit, similarly hereinafter) the resources such as network, CPU, memory permission, otherwise do not have above-mentioned permission;
B), research and development region in access, then have obtain working environment permission, or can have relatively large number of network,
Otherwise the permission of the resources such as CPU, memory does not have the permission for obtaining working environment;
C), accessed in local area network, then have obtain working environment permission, or can have relatively large number of network,
The permission of the resources such as CPU, memory;It is remotely accessed by VPN, does not then have above-mentioned permission;
D), accessed using desktop computer, then have obtain working environment permission, or can have relatively large number of network,
The permission of the resources such as CPU, memory;It is accessed by mobile terminals such as mobile phones, does not then have above-mentioned permission.
It, can be according to this after certificate server determines the access authority of terminal device according to the access scene of terminal device
Access authority generates corresponding container Mirror Info, and determines that the running environment of corresponding container is wanted according to the container Mirror Info
It asks.
Wherein, certificate server generates corresponding container Mirror Info according to access authority and can include but is not limited to:
A), its network configuration is defined in the container mirror image of generation according to the network access authority of user and is required (such as band
It is roomy small);
B), its available application and environment configurations are defined in the container mirror image of generation according to the application access permission of user
And require (such as application version);
C), its addressable memory space is defined in the container mirror image of generation according to the data access authority of user and is wanted
Ask (such as storage size);
D), its other relevant configuration and requirement are defined in the container mirror image of generation according to other permissions of user.
In one embodiment, container Mirror Info can be the identification information of container mirror image, such as container mirror image title,
Certificate server gets the operation ring of corresponding container Mirror Info and corresponding container according to the access scene of terminal device
After border requires, the running environment of container Mirror Info and corresponding container can be required to be sent to container management service device, by
Container management service device obtains corresponding container mirror image according to the container Mirror Info from specific memory space, and according to this
Container mirror image carries out subsequent processing.I.e. in this embodiment, container mirror image is not stored in certificate server, but is stored
In specific memory space, which can be the memory space of itself of container server, is also possible to it
The memory space that its container server can be accessed directly.
In another embodiment, container Mirror Info is container mirror image (i.e. container image file), authentication service
After device gets the running environment requirement of corresponding container Mirror Info and corresponding container according to the access scene of terminal device,
The running environment of container Mirror Info and corresponding container can be required to be sent to container management service device, be taken by Container Management
Device be engaged according to the running environment of the container Mirror Info and corresponding container requirement progress subsequent processing.I.e. preferably
In, container mirror image is directly stored in certificate server.
Step 202 requires the running environment of container Mirror Info and corresponding container to be sent to container management service device,
So that container management service device is required according to the running environment of container Mirror Info and corresponding container, generates and start corresponding
Container instance.
In the embodiment of the present invention, certificate server get the corresponding container Mirror Info of access scene of terminal device with
And after the running environment of corresponding container requires, the running environment of the container Mirror Info and corresponding container can be required to send out
Give container management service device.
Container management service device receives the container Mirror Info of certificate server transmission and the operation ring of corresponding container
After border requires, it can be required according to the running environment of the container Mirror Info and corresponding container, from container server cluster
Cell therefor server is selected, generates and starts corresponding container instance.
It should be noted that in embodiments of the present invention, when the identification information that said vesse Mirror Info is container mirror image
When, container management service device receives the running environment requirement of the container Mirror Info and corresponding container of certificate server transmission
Afterwards, corresponding container mirror image first can be obtained according to the container Mirror Info, in turn, according to the container mirror image and received
The running environment requirement of corresponding container, cell therefor server is selected from container server cluster, generates and starts correspondence
Container instance.
Wherein, container management service device from container server cluster selection container server selection principle may include but
It is not limited to:
A), the server for meeting running environment requirement randomly assigne: is randomly selected in whole container servers;
B), the most server of available resources resource priority principle: is chosen in whole container servers;
C), the operation least server of number of containers idle principle: is chosen in whole container servers;
D), sequential selection principle: each request is distributed on whole container servers according to certain rotation one by one.
Step 203 receives the container instance access mode that container management service device is sent, and by container instance access side
Formula is sent to terminal device, so that terminal device accesses corresponding container instance according to the container instance access mode.
In the embodiment of the present invention, management server selects the appearance for starting container instance from container server cluster
Device server, and after starting container instance, the container instance access mode of the container instance can be sent to certificate server.
Optionally, container instance access mode may include container instance mark, such as the IP address or URL of container instance
(Uniform Resource Locator, uniform resource locator).
Still optionally further, container instance access mode can also include other than it may include container instance mark
Access the information such as operation instruction.
It, can be by the container after certificate server receives the container instance access mode of container management service device transmission
Instance identification access mode is sent to terminal device, so that terminal device accesses corresponding container according to container instance access mode
Example, to obtain corresponding working environment.
It is in embodiments of the present invention, above-mentioned to be pre-configured with or authentication service it is worth noting that as an implementation
The corresponding container Mirror Info of access scene that device generates can also be container Mirror Info corresponding with user identity information, i.e.,
The corresponding container Mirror Info of same access scene of different user can be different.
Correspondingly, when terminal device sends access request to certificate server, user can be carried in the access request
Identification information;It, can be according to the access scene of terminal device after certificate server receives the access request of terminal device transmission
And the user identity information carried in access request obtains corresponding container Mirror Info, and true according to the container Mirror Info
Determine the running environment requirement of corresponding container.Wherein, user identity information can be the access account of user's registration or succeed in registration
The User ID (mark) of certificate server distribution afterwards.
Optionally, in this embodiment, when the container server of container management service device selection starting container instance, also
User's principle of centrality can be followed, i.e., by same user, same class (same department or identical permission or identical access conditions etc.)
User concentrates and is arranged on given server.
As it can be seen that, when receiving the access request of terminal device, being set according to terminal in the method flow described in Fig. 2
Standby access scene obtains the running environment requirement of corresponding container Mirror Info and corresponding container, and sends it to container
Management server, to generate and start corresponding container instance;As the container instance access side for receiving management server transmission
When formula, which is sent to terminal device so that terminal device accesses corresponding container instance, pass through by
Virtual container technology is merged with BYOD, and the user of difference access scene distributes different container instances, obtains different office rings
Border, the user for realizing working environment customize, so may be implemented in BYOD scene the raising of network-control flexibility and
Using the exclusive of distribution.
Based on the network architecture shown in FIG. 1, the embodiment of the invention provides another BYOD methods.Fig. 3 is referred to, for this
The flow diagram for another BYOD method that inventive embodiments provide, as shown in figure 3, this method may comprise steps of:
It should be noted that step 301~step 304 executing subject can be the certification in the network architecture shown in Fig. 1
Processor in server or certificate server, such as CPU, for ease of description, below with step 301~step 304 execution master
Body be certificate server for be illustrated.
Step 301, when receive terminal device transmission access request when, according to the access scene of terminal device and connect
Enter the running environment requirement that the user identity information carried in request obtains corresponding container Mirror Info and corresponding container.
Step 302 requires the running environment of container Mirror Info and corresponding container to be sent to container management service device,
So that container management service device is required according to the running environment of container Mirror Info and corresponding container, generates and start corresponding
Container instance.
Step 303 receives the container instance access mode that container management service device is sent, and by container instance access side
Formula is sent to terminal device, so that terminal device accesses corresponding container instance according to the container instance access mode.
In the embodiment of the present invention, the specific implementation of step 301~step 303 may refer to 201~step 203 of above-mentioned steps
In associated description, details are not described herein for the embodiment of the present invention.
Step 304, when detect terminal device it is offline or without the response time be more than preset time threshold when, to Container Management
Server sends instruction out of service, which carries container instance mark, so that container management service device
Stop container instance operation.
In the embodiment of the present invention, after container instance access mode is sent to terminal device by certificate server, it can detecte
The active state of terminal device.
When certificate server detects terminal device offline (such as receive terminal device transmission exits request) or detection
Time to terminal device without response is more than preset time threshold (as continuous N number of period does not receive the heart of terminal device transmission
Jump message) when, certificate server can consider the operation for needing to stop container instance, to save resource, thus, certificate server
The instruction out of service for carrying container instance and identifying can be sent to container management service device;Container management service device receives
When the instruction out of service, the container instance that can stop carrying in the instruction out of service identifies the fortune of corresponding container instance
Row.
Further, in embodiments of the present invention, terminal device starts cell therefor example, obtains corresponding office ring
Behind border, it may result in container in office process and change, for example, user changes the application for including in container.
Correspondingly, in container instance operational process, container management service device may determine that whether the container changes,
If changing, the container after container management service device can change this saves as new container mirror image, and to certification
Server sends more new container Mirror Info;Certificate server receives the more new container mirror image letter of container management service device transmission
After breath, the container Mirror Info corresponding with the access scene of terminal device of itself storage can be updated to the more new container mirror
As information, used when being accessed under the access scene for terminal device next time.
As a kind of implementation, in embodiments of the present invention, container Mirror Info, which updates, to be the single mirror image of update
The file information, the i.e. corresponding container Mirror Info of the changed container instance of more new container.
As another implementation, in embodiments of the present invention, the update of container mirror image, which can also be, updates multiple phases
The image file information of mutual correlation pre-establishes incidence relation between that is, multiple image file information, when multiple interrelated
Multiple image file information in any one corresponding container instance when changing in the process of running, update this and mutually close
Multiple image file information of connection.
Optionally, in embodiments of the present invention, certificate server storage access scene (or access scene and user mark
Know information) with the corresponding relationship of container Mirror Info when, the record of original container Mirror Info can be saved, and return when needed
Fall back on required container Mirror Info.
It, can be separately to deposit when certificate server saves more new container Mirror Info specifically, in embodiments of the present invention
Mode saves the container Mirror Info before updating, and records the corresponding relationship of holding time Yu container Mirror Info, so as to subsequent
It can choose the container mirror image returning back to sometime if necessary.
It should be noted that in embodiments of the present invention, it, can also not when changing in container instance operational process
Change corresponding container Mirror Info file.For example, it is assumed that user is in container instance operational process, it is newly downloaded in a reservoir
Using (as applied A), then after user's appearance example is out of service, this can't be stored in corresponding container mirror image letter using A
It ceases in file, not will include using A still when next time corresponds in container instance according to the container image file information.
In order to make those skilled in the art more fully understand technical solution provided in an embodiment of the present invention, below with reference to specific
Application scenarios technical solution provided in an embodiment of the present invention is described.
Fig. 4 is referred to, is a kind of configuration diagram of concrete application scene provided in an embodiment of the present invention, in the embodiment
In, it is assumed that configured with following access strategy (wherein, in this embodiment, to store in certificate server in certificate server
Container Mirror Info is for container mirror image title):
User User1 is in 9:30 using terminal 1 (Mobile Phone (mobile phone)) by VPN mode from Internet
Request access corporate office environment, certificate server first authenticate the user, after certification passes through, check for and work as
Access strategy under preceding access scene, search result are to exist, i.e., access strategy 1 is the access strategy being currently accessed under scene.
Certificate server further determines whether the container Mirror Info under the existing access scene, and judging result is also presence,
The entitled Image1 of container mirror image.Certificate server is directly by the running environment of container mirror image title Image1 and corresponding container
It is required that (assuming that are as follows: 2CPU/4G MEM/20G HD, i.e. double-core CPU, 4G memory and 20G hard drive space) pass to Container Management
(above-mentioned running environment requires to can be used as a part definition in initial configuration of access strategy server, can also be by authenticating
Server is determining according to the strategy such as busy idle period, accessing user's quantity is accessed when receiving access request).
After container management service device receives the running environment requirement of container mirror image title and corresponding container, according to the appearance
The corresponding container mirror image of device mirror image name acquiring, and require to choose used vessel service according to the container mirror image and running environment
Device simultaneously starts container instance Container-Image1 on the container server, later by the container of Container-Image1
Example access mode returns to certificate server, is notified by certificate server to terminal 1.Terminal 1 is according to receiving container
Example access mode accesses Container-Image1, to obtain its working environment.
It after user handles official business, is issued by terminal to certificate server and actively exits request, certificate server retrieval should
User's container instance currently in use identifies Container-Image1, and the container instance is identified and instruction one out of service
And container management service device is issued, after container management service device is connected to container instance instruction out of service, judge that the container is not sent out
Changing directly stops the operation of the container.
At synchronization (9:30), user User3 also request to access office by company Intranet by using terminal 3 (notebook)
Environment, certificate server first authenticate the user, after certification passes through, check whether the access under existing current scene
Strategy, search result be exist, i.e., access strategy 2 be current scene access strategy.Certificate server further determines whether
Container Mirror Info under the existing access scene, judging result be there is no.Needing to generate new container mirror image at this time (can order
Entitled Image3), according to its application access strategy, its available application is written in newly-generated container image file Image3
The network configuration of container is written according to its network access policies in the installation and operation script of software (Excel, DB) in Image3
Script, according to its data storage scheme and access strategy, in Image3 write-in connection 2.2.2.2 data3 memory space script.Certification
Container mirror image title Image3 is stored in the corresponding container mirror image name column of access strategy 2 by server.Certificate server is by container
Mirror image title Image3 passes to container management service device, while the running environment of container being required: 4CPU/2G MEM/15G
HD passes to container management service device.After container management service device is connected to container mirror image title and the running environment of corresponding container,
According to the corresponding container mirror image of container mirror image name acquiring, and requires to choose to use according to the container mirror image and running environment and hold
Device server simultaneously starts container instance Container-Image3 on that server, later by the appearance of Container-Image3
Device example access mode returns to certificate server, and certificate server notifies terminal 3.Terminal 3 connects container
Container-Image3, to obtain its working environment.After user handles official business, is issued and led to certificate server by terminal
Dynamic to exit request, certificate server retrieves user container instance mark Container-Image3 currently in use, and should
Container management service device is issued in container instance mark and instruction out of service together, and container management service device is connected to finger out of service
After order, judge that the container is changed, which is saved as to new container mirror image Image3.2, and will more new container mirror image
Title (i.e. Image3.2) feeds back to certificate server, and stops the operation of the container.Certificate server will more new container mirror image
Title saves as the default container mirror image title of corresponding access strategy, so that the next access strategy uses.
Through above description as can be seen that in technical solution provided in an embodiment of the present invention, when receiving terminal device
Access request when, the operation ring of corresponding container Mirror Info and corresponding container is obtained according to the access scene of terminal device
Border requires, and sends it to container management service device, to generate and start corresponding container instance;When receiving management service
When the container instance access mode that device is sent, which is sent to terminal device, so that terminal device is visited
Ask corresponding container instance, by merging virtual container technology with BYOD, the user of difference access scene distributes different appearances
Device example obtains different working environments, and the user for realizing working environment customizes, and then net in BYOD scene may be implemented
Network controls the raising of flexibility and monopolizing for application distribution.
Fig. 5 is referred to, is a kind of structural schematic diagram of BYOD device provided in an embodiment of the present invention, wherein the BYOD
Device can be applied to the certificate server in the network architecture shown in Fig. 1, as shown in figure 5, the apparatus may include:
Receiving unit 510, the access request sent for receiving terminal apparatus;
Acquiring unit 520, when for receiving the access request of terminal device transmission when the receiving unit, according to described
The access scene of terminal device obtains the running environment requirement of corresponding container Mirror Info and corresponding container;
Transmission unit 530 is sent to appearance for requiring the running environment of the container Mirror Info and corresponding container
Device management server, so that running environment of the container management service device according to the container Mirror Info and corresponding container
It is required that generating and starting corresponding container instance;
The receiving unit 510 is also used to receive the container instance access mode that the container management service device is sent;
The transmission unit 530 is also used to the container instance access mode being sent to the terminal device, so that institute
It states terminal device and corresponding container instance is accessed according to the container instance access mode.
It referring to Figure 6 together, is the structural schematic diagram of another kind BYOD device provided in an embodiment of the present invention, in Fig. 5 institute
Show the basis of embodiment, in embodiment illustrated in fig. 6, acquiring unit 520 may include judgment sub-unit 521, generate subelement
522, saving subunit 523 and acquisition subelement 524;Wherein:
Judgment sub-unit 521 is sentenced when for receiving the access request of terminal device transmission when the receiving unit 510
It is disconnected to whether there is container Mirror Info corresponding with the access scene of the terminal device;
Subelement 522 is generated, is not present if being judged as the judging unit 521, according to the terminal device
It accesses scene and generates corresponding container Mirror Info;
Saving subunit 523, for saving the corresponding relationship of the access scene and the container Mirror Info;
Subelement 524 is obtained, is believed specifically for container mirror image corresponding with the access scene of the terminal device if it exists
Breath, then the running environment requirement for obtaining the container Mirror Info saved in the saving subunit 523 and obtaining corresponding container,
It is raw then to obtain the generation subelement 522 for container Mirror Info corresponding with the access scene of the terminal device if it does not exist
At the container Mirror Info and obtain corresponding container running environment requirement.
It referring to Figure 7 together, is the structural schematic diagram of another kind BYOD device provided in an embodiment of the present invention, in Fig. 6 institute
Show the basis of embodiment, in embodiment illustrated in fig. 7, generating subelement 522 may include: determining module 5221 and generation module
5222;Wherein:
Determining module 5221 determines institute for the access scene according to the terminal device according to preset access strategy
State the access authority of terminal device;
Generation module 5222, for being that the terminal device generates corresponding container mirror image letter according to the access authority
Breath.
In one embodiment, the transmission unit 530 can be also used for detecting under the terminal device when described device
Line or when being more than preset time threshold without the response time, Xiang Suoshu container management service device sends instruction out of service, described to stop
Only operating instruction carries container instance mark, so that the container management service device stops container instance operation.
In one embodiment, the receiving unit 510 can be also used for receiving the container management service device transmission more
New container Mirror Info;
The saving subunit 523 can be also used for saving itself corresponding with the access scene of the terminal device
Container Mirror Info be updated to the more new container Mirror Info.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
Fig. 8 is referred to, for a kind of hardware structure diagram of equipment where BYOD device provided in an embodiment of the present invention, including place
Reason device 810 and nonvolatile memory 820, processor 810 are connected with nonvolatile memory 820 by bus.Wherein, it handles
Device 810 is used to execute the machine readable instructions module of the storage of nonvolatile memory 820.Nonvolatile memory 820 is stored with
The executable machine readable instructions module of processor 810.When the instruction module being stored in nonvolatile memory 820 is processed
, it can be achieved that aforementioned receiving unit 510, acquiring unit 520, the function of transmission unit 530 when device 810 executes.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit
The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with
It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual
The purpose for needing to select some or all of the modules therein to realize the present invention program.Those of ordinary skill in the art are not paying
Out in the case where creative work, it can understand and implement.
As seen from the above-described embodiment, when receiving the access request of terminal device, according to the access scene of terminal device
The running environment requirement of corresponding container Mirror Info and corresponding container is obtained, and sends it to container management service device,
To generate and start corresponding container instance;When receiving the container instance access mode of management server transmission, by the appearance
Device example access mode is sent to terminal device, so that terminal device accesses corresponding container instance, by by virtual container skill
Art is merged with BYOD, and the user of difference access scene distributes different container instances, is obtained different working environments, is realized and do
The user of public environment customizes, and then the raising of network-control flexibility in BYOD scene may be implemented and apply the only of distribution
It accounts for.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or
Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the present invention
Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.
Claims (10)
1. a kind of equipment office BYOD method for carrying oneself characterized by comprising
When receiving the access request of terminal device transmission, corresponding container is obtained according to the access scene of the terminal device
The requirement of the running environment of Mirror Info and corresponding container;
The running environment of the container Mirror Info and corresponding container is required to be sent to container management service device, so that described
Container management service device is required according to the running environment of the container Mirror Info and corresponding container, is generated and is started corresponding
Container instance;
The container instance access mode that the container management service device is sent is received, and the container instance access mode is sent
To the terminal device, so that the terminal device accesses corresponding container instance according to the container instance access mode.
2. the method according to claim 1, wherein when receive terminal device transmission access request when, institute
It states and includes: according to the corresponding container Mirror Info of the access scene of terminal device acquisition
Judge whether there is container Mirror Info corresponding with the access scene of the terminal device;
If it exists, it is determined that the container Mirror Info is the corresponding container Mirror Info of access scene of terminal device;
Otherwise, corresponding container Mirror Info is generated according to the access scene of the terminal device, and saves the access scene
With the corresponding relationship of the container Mirror Info.
3. according to the method described in claim 2, it is characterized in that, described according to the generation pair of the access scene of the terminal device
The container Mirror Info answered, comprising:
According to the access scene of the terminal device according to preset access strategy, the access authority of the terminal device is determined;
It is that the terminal device generates corresponding container Mirror Info according to the access authority.
4. the method according to claim 1, wherein it is described the container instance access mode is sent to it is described
After terminal device, further includes:
When detecting that the terminal device is offline or is more than preset time threshold without the response time, Xiang Suoshu container management service
Device sends instruction out of service, and the instruction out of service carries container instance mark, so that the container management service
Device stops container instance operation.
5. according to the method described in claim 4, it is characterized in that, it is described the container instance access mode is sent to it is described
After terminal device, further includes:
Receive the more new container Mirror Info that the container management service device is sent, and saving with the terminal device by itself
The corresponding container Mirror Info of access scene be updated to the more new container Mirror Info.
6. a kind of equipment office BYOD device for carrying oneself characterized by comprising
Receiving unit, the access request sent for receiving terminal apparatus;
Acquiring unit is set when for receiving the access request of terminal device transmission when the receiving unit according to the terminal
Standby access scene obtains the running environment requirement of corresponding container Mirror Info and corresponding container;
Transmission unit is sent to Container Management clothes for requiring the running environment of the container Mirror Info and corresponding container
Business device, so that the container management service device is required according to the running environment of the container Mirror Info and corresponding container, it is raw
At and start corresponding container instance;
The receiving unit is also used to receive the container instance access mode that the container management service device is sent;
The transmission unit is also used to the container instance access mode being sent to the terminal device, so that the terminal
Equipment accesses corresponding container instance according to the container instance access mode.
7. device according to claim 6, which is characterized in that the acquiring unit includes:
Judgment sub-unit judges whether there is when for receiving the access request of terminal device transmission when the receiving unit
Container Mirror Info corresponding with the access scene of the terminal device;
Subelement is generated, is not present if being judged as the judgment sub-unit, according to the access scene of the terminal device
Generate corresponding container Mirror Info;
Saving subunit, for saving the corresponding relationship of the access scene and the container Mirror Info;
Subelement is obtained then to obtain specifically for container Mirror Info corresponding with the access scene of the terminal device if it exists
Take the container Mirror Info saved in the saving subunit and obtain corresponding container running environment requirement, if it does not exist with
The corresponding container Mirror Info of the access scene of the terminal device then obtains the container mirror that the generation subelement generates
As information and obtain corresponding container running environment requirement.
8. device according to claim 7, which is characterized in that the generation subelement includes:
Determining module determines that the terminal is set for the access scene according to the terminal device according to preset access strategy
Standby access authority;
Generation module, for being that the terminal device generates corresponding container Mirror Info according to the access authority.
9. device according to claim 7, which is characterized in that
The transmission unit, when being also used to detect that the terminal device is offline when described device or be more than default without the response time
Between threshold value when, Xiang Suoshu container management service device sends instruction out of service, and the instruction out of service carries container reality
Example mark, so that the container management service device stops container instance operation.
10. device according to claim 9, which is characterized in that
The receiving unit is also used to receive the more new container Mirror Info that the container management service device is sent;
The saving subunit, the container Mirror Info corresponding with the access scene of the terminal device for saving itself
It is updated to the more new container Mirror Info.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610079668.9A CN105763545B (en) | 2016-02-04 | 2016-02-04 | A kind of BYOD method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610079668.9A CN105763545B (en) | 2016-02-04 | 2016-02-04 | A kind of BYOD method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105763545A CN105763545A (en) | 2016-07-13 |
| CN105763545B true CN105763545B (en) | 2019-05-07 |
Family
ID=56330603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610079668.9A Active CN105763545B (en) | 2016-02-04 | 2016-02-04 | A kind of BYOD method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105763545B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302632B (en) * | 2016-07-21 | 2020-02-14 | 华为技术有限公司 | Downloading method of basic mirror image and management node |
| TWI648637B (en) | 2017-11-30 | 2019-01-21 | 財團法人工業技術研究院 | System and method for deploying and operating mobile operating system on platform |
| CN108549821B (en) * | 2018-04-02 | 2021-08-17 | 云知声智能科技股份有限公司 | Data authority management method and system |
| CN113296868B (en) * | 2021-07-27 | 2021-11-23 | 杭州筋斗腾云科技有限公司 | Application platform and application management method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101754407A (en) * | 2008-12-16 | 2010-06-23 | 联想(北京)有限公司 | Method, server and system for processing service access request |
| CN102685136A (en) * | 2012-05-18 | 2012-09-19 | 深信服网络科技(深圳)有限公司 | Multi-network environment isolation method and terminal |
| CN105099706A (en) * | 2015-08-25 | 2015-11-25 | 华为技术有限公司 | Data communication method, user equipment and server |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140109171A1 (en) * | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Providing Virtualized Private Network tunnels |
-
2016
- 2016-02-04 CN CN201610079668.9A patent/CN105763545B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101754407A (en) * | 2008-12-16 | 2010-06-23 | 联想(北京)有限公司 | Method, server and system for processing service access request |
| CN102685136A (en) * | 2012-05-18 | 2012-09-19 | 深信服网络科技(深圳)有限公司 | Multi-network environment isolation method and terminal |
| CN105099706A (en) * | 2015-08-25 | 2015-11-25 | 华为技术有限公司 | Data communication method, user equipment and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105763545A (en) | 2016-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10827008B2 (en) | Integrated user interface for consuming services across different distributed networks | |
| US11627129B2 (en) | Method and system for contextual access control | |
| CN108737468B (en) | Cloud platform service cluster, construction method and device | |
| Shiraz et al. | A review on distributed application processing frameworks in smart mobile devices for mobile cloud computing | |
| US11805178B2 (en) | Computer system providing user specific session prelaunch features and related methods | |
| KR102328193B1 (en) | Apparatus and method for virtual desktop service | |
| US10693795B2 (en) | Providing access to application program interfaces and Internet of Thing devices | |
| WO2022177776A1 (en) | Techniques for automatically configuring minimal cloud service access rights for container applications | |
| US10579411B2 (en) | Loading and running virtual working environments in a mobile device management system | |
| US10331599B2 (en) | Employing session level restrictions to limit access to a redirected interface of a composite device | |
| CN105763545B (en) | A kind of BYOD method and device | |
| US20210182440A1 (en) | System for preventing access to sensitive information and related techniques | |
| CN109716735B (en) | System and method for sharing application data between isolated applications executing on one or more application platforms | |
| US11252157B1 (en) | Permission management for electronic resources | |
| CN110008019B (en) | Method, device and system for sharing server resources | |
| US10924590B1 (en) | Virtual workspace experience visualization and optimization | |
| KR20190069574A (en) | Wireless network type detection method and apparatus, and electronic device | |
| US12341776B2 (en) | Service to service communication and authentication via a central network mesh | |
| US20210374684A1 (en) | Dynamic Recommendation Engine | |
| US20190098107A1 (en) | Geographic location based user computing asset provisioning in distributed computing systems | |
| CN102170473A (en) | Resource sharing system, mobile terminal and resource sharing method | |
| EP3387816B1 (en) | Connecting and retrieving security tokens based on context | |
| CN112243016B (en) | Middleware platform, terminal equipment, 5G artificial intelligence cloud processing system and processing method | |
| US9887872B2 (en) | Hybrid application environments including hosted applications and application servers for interacting with data in enterprise environments | |
| US11588801B1 (en) | Application-centric validation for electronic resources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |