[go: up one dir, main page]

CN113703911A - Virtual machine migration method, device, equipment and storage medium - Google Patents

Virtual machine migration method, device, equipment and storage medium Download PDF

Info

Publication number
CN113703911A
CN113703911A CN202110779956.6A CN202110779956A CN113703911A CN 113703911 A CN113703911 A CN 113703911A CN 202110779956 A CN202110779956 A CN 202110779956A CN 113703911 A CN113703911 A CN 113703911A
Authority
CN
China
Prior art keywords
virtual machine
key
check value
migrated
destination host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110779956.6A
Other languages
Chinese (zh)
Other versions
CN113703911B (en
Inventor
王理想
左兰海
刘海伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN202110779956.6A priority Critical patent/CN113703911B/en
Publication of CN113703911A publication Critical patent/CN113703911A/en
Application granted granted Critical
Publication of CN113703911B publication Critical patent/CN113703911B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本申请公开了一种虚拟机迁移方法、装置、设备、存储介质,包括:利用待迁移虚拟机的特征信息从密钥服务器中查询与待迁移虚拟机对应的第一密钥,并利用第一密钥生成第一校验值;将包含所述特征信息以及所述第一校验值的迁移请求发送至目的主机,以便目的主机利用特征信息从密钥服务器中查询与待迁移虚拟机对应的第二密钥,并利用第二密钥生成第二校验值;当获取到目的主机基于第一校验值和第二校验值之间的比对结果表明允许进行迁移时,则将待迁移虚拟机的虚拟机数据迁移至目的主机。通过校验源主机和目的主机的虚拟机密钥来防止迁移的目的主机的IP欺骗,有效防止了虚拟机数据被非法截获和篡改。

Figure 202110779956

The present application discloses a method, device, device and storage medium for migrating a virtual machine, including: querying a first key corresponding to the virtual machine to be migrated from a key server by using feature information of the virtual machine to be migrated, and using the first key of the virtual machine to be migrated. The key generates a first check value; the migration request containing the feature information and the first check value is sent to the destination host, so that the destination host can use the feature information to query the key server for the virtual machine to be migrated. The second key is used, and the second key is used to generate the second check value; when it is obtained that the destination host is allowed to migrate based on the comparison result between the first check value and the second check value, the The virtual machine data of the migrated virtual machine is migrated to the destination host. By verifying the virtual machine keys of the source host and the destination host, IP spoofing of the destination host to be migrated is prevented, effectively preventing the virtual machine data from being illegally intercepted and tampered with.

Figure 202110779956

Description

Virtual machine migration method, device, equipment and storage medium
Technical Field
The present application relates to the field of virtual machine technologies, and in particular, to a virtual machine migration method, apparatus, device, and storage medium.
Background
Virtual machine migration is an important function of virtualization software or a cloud computing management platform. Virtual machine migration may be to migrate a shutdown or running virtual machine from one physical host to another, where migrating the shutdown virtual machine is called cold migration and migrating the running virtual machine on the host is called hot migration.
However, in the process of migrating a virtual machine at present, a source host generally migrates the virtual machine to be migrated to a corresponding destination host directly according to an IP address of the destination host, but since the IP address of the destination host may be spoofed and replaced, an illegal destination host acquires data of the migrated virtual machine, thereby causing illegal interception of the virtual machine data.
Therefore, how to avoid the situation that data is illegally intercepted due to the IP spoofing of a destination host in the migration process of a virtual machine is a problem to be solved in the field.
Disclosure of Invention
In view of this, an object of the present application is to provide a method, an apparatus, a device, and a storage medium for migrating a virtual machine, which can avoid the situation that data is illegally intercepted due to IP spoofing of a destination host. The specific scheme is as follows:
in a first aspect, the present application discloses a virtual machine migration method, applied to a source host, including:
inquiring a first key corresponding to the virtual machine to be migrated from a key server by using the characteristic information of the virtual machine to be migrated, and operating the first key to generate a first check value;
sending a migration request containing the characteristic information and the first check value to a target host, so that the target host can query a second key corresponding to the virtual machine to be migrated from the key server by using the characteristic information, and operate the second key to generate a second check value;
acquiring response information, which is returned by the target host based on a comparison result between the first check value and the second check value, for the migration request;
and if the response information is response information for indicating that migration is allowed, migrating the virtual machine data of the virtual machine to be migrated to the destination host.
Optionally, the querying, by using the feature information of the virtual machine to be migrated, a first key corresponding to the virtual machine to be migrated from a key server, and performing an operation on the first key to generate a first check value includes:
creating a key query request containing the characteristic information and sending the key query request to the key server so that the key server can query the first key which is stored locally in advance and corresponds to the virtual machine to be migrated by using the characteristic information;
acquiring the first key sent by the key server;
calculating the first key by using a preset target check value generation algorithm to obtain the first check value;
and, the process of the destination host operating the second key to generate the second check value includes: and operating the second key by using the target check value generation algorithm to obtain the second check value.
Optionally, the obtaining of the response information, returned by the destination host based on the comparison result between the first check value and the second check value, for the migration request includes:
and if the comparison result is that the first check value is matched with the second check value, acquiring response information which is returned by the destination host and used for indicating that the migration is allowed.
Optionally, the sending the migration request including the feature information and the first check value to the destination host includes:
sending a migration request containing the characteristic information, the first check value and the data volume of the virtual machine data to a target host;
correspondingly, the obtaining of the response information, returned by the destination host based on the comparison result between the first check value and the second check value, for the migration request includes:
and if the comparison result is that the first check value is matched with the second check value and the local idle storage resource of the target host is not less than the data volume, acquiring response information which is returned by the target host and used for indicating that the migration is allowed.
Optionally, the migrating the virtual machine data of the virtual machine to be migrated to the destination host includes:
encrypting the virtual machine data of the virtual machine to be migrated by using the first key and based on an asymmetric encryption algorithm to obtain encrypted data;
and migrating the encrypted data to the target host, so that the target host decrypts the encrypted data by using the second key and stores the corresponding decrypted data.
Optionally, before querying, by using the feature information of the virtual machine to be migrated, the first key corresponding to the virtual machine to be migrated from the key server, the method further includes:
sending the characteristic information to the key server so that the key server can bind the key pair which is created aiming at the virtual machine to be migrated in advance with the characteristic information and store the key pair and the characteristic information locally; wherein, the public key in the key pair is the first key, and the private key in the key pair is the second key.
In a second aspect, the present application discloses a virtual machine migration method, applied to a destination host, including:
acquiring a migration request which is sent by a source host and contains characteristic information of a virtual machine to be migrated and a first check value; the first check value is generated by the source host by inquiring a first key corresponding to the virtual machine to be migrated from a key server by using the characteristic information and calculating the first key;
querying a second key corresponding to the virtual machine to be migrated from the key server by using the characteristic information, and operating the second key to generate a second check value;
comparing the first check value with the second check value to obtain a corresponding comparison result;
returning response information aiming at the migration request to the source host based on the comparison result;
and if the response information is response information for indicating that migration is allowed, acquiring the virtual machine data of the virtual machine to be migrated, which is migrated by the source host.
In a third aspect, the present application discloses a virtual machine migration apparatus, applied to a source host, including:
the first check value generation module is used for inquiring a first key corresponding to the virtual machine to be migrated from a key server by using the characteristic information of the virtual machine to be migrated, and calculating the first key to generate a first check value;
a request sending module, configured to send a migration request including the feature information and the first check value to a destination host, so that the destination host queries, from the key server, a second key corresponding to the virtual machine to be migrated using the feature information, and performs an operation on the second key to generate a second check value;
an information obtaining module, configured to obtain response information, returned by the destination host based on a comparison result between the first check value and the second check value, for the migration request;
and the data migration module is used for migrating the virtual machine data of the virtual machine to be migrated to the destination host when the response information is response information for indicating that the migration is allowed.
In a fourth aspect, the present application discloses an electronic device comprising a processor and a memory; wherein the processor implements the aforementioned virtual machine migration method when executing the computer program stored in the memory.
In a fifth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements the aforementioned virtual machine migration method.
In the application, a first key corresponding to the virtual machine to be migrated is inquired from a key server by using the characteristic information of the virtual machine to be migrated, and the first key is operated to generate a first check value, then sending a migration request containing the characteristic information and the first check value to a destination host, so that the destination host queries a second key corresponding to the virtual machine to be migrated from the key server by using the characteristic information, and performing operation on the second key to generate a second check value, and then acquiring response information, which is returned by the destination host based on a comparison result between the first check value and the second check value and is directed to the migration request, if the response information is response information indicating that migration is allowed, migrating the virtual machine data of the virtual machine to be migrated to the destination host. Therefore, before the virtual machine data in the source host is migrated to the destination host, the destination host needs to generate a corresponding second check value by using a second secret key corresponding to the virtual machine to be migrated, which is acquired from the secret key server, and compares the second check value with a first check value acquired from the source host, so as to determine whether to migrate the virtual machine data to the destination host based on the check value comparison result, and when the first check value is not matched with the second check value, it indicates that the destination host cannot successfully access the secret key server and acquire a legal second secret key therefrom, that is, the destination host is not a legal destination host, so that it can be seen from the above that the legality of the destination host can be detected through the above process, thereby avoiding the situation that the illegal destination host illegally intercepts the virtual machine data through IP deception, and the data security is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a virtual machine migration method disclosed in the present application;
FIG. 2 is a flowchart of a particular virtual machine migration method disclosed herein;
FIG. 3 is a flowchart of a particular virtual machine migration method disclosed herein;
FIG. 4 is a flowchart of a particular virtual machine migration method disclosed herein;
fig. 5 is a schematic structural diagram of a virtual machine migration apparatus disclosed in the present application;
fig. 6 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application discloses a virtual machine migration method, which is applied to a source host, and is shown in fig. 1, and the method comprises the following steps:
step S11: the method comprises the steps of inquiring a first secret key corresponding to a virtual machine to be migrated from a secret key server by utilizing characteristic information of the virtual machine to be migrated, and operating the first secret key to generate a first check value.
It should be noted that, in this embodiment, the key server is mainly used to store a virtual machine key of a virtual machine to be migrated in the source host and a virtual machine key corresponding to the destination host, and the virtual machine key of the virtual machine to be migrated and the virtual machine key corresponding to the destination host are stored in pairs. Specifically, the key server needs to establish a communication connection with a source host in advance, obtain feature information which is sent by the source host and can uniquely represent the identity of the virtual machine to be migrated, bind a key pair which is created for the virtual machine to be migrated in advance with the feature information, and store the key pair in the key server; the characteristic information includes, but is not limited to, configuration information, unique identification information, etc. of the virtual machine. It is understood that the configuration information is information that uniquely characterizes the virtual machine, including but not limited to the IP address of the virtual machine.
Further, when a first key corresponding to the virtual machine to be migrated needs to be queried, the virtual machine key corresponding to the feature information and needing to be sent to the source host, that is, the first key, can be queried by sending the feature information corresponding to the virtual machine to be migrated to the key server.
In this embodiment, after the first key is obtained, the first key may be operated through a preset check value generation algorithm to obtain a first check value corresponding to the virtual machine to be migrated.
Step S12: and sending a migration request containing the characteristic information and the first check value to a target host, so that the target host queries a second key corresponding to the virtual machine to be migrated from the key server by using the characteristic information, and operating the second key to generate a second check value.
In this embodiment, after the first check value is obtained, the feature information of the virtual machine to be migrated and the first check value are packaged into a migration request and sent to a destination host, and the destination host obtains the feature information and the first check value after receiving the migration request, queries a virtual machine key, that is, the second key, corresponding to the feature information and needing to be sent to the destination host from the key server, and performs an operation on the second key by using the check value generation algorithm to obtain the second check value. It should be noted that the check value generation algorithm corresponding to the first check value and the check value generation algorithm corresponding to the second check value are the same algorithm.
Step S13: and acquiring response information which is returned by the target host based on the comparison result between the first check value and the second check value and aims at the migration request.
In this embodiment, after sending the migration request including the feature information and the first check value to the destination host, the destination host obtains the second check value by performing an operation on the second key, and further, the destination host compares the first check value with the second check value in the migration request, and when the first check value is matched with the second check value, indicating that the destination host successfully accesses the key server and obtains the second check value that is legitimate, and when the first check value does not match the second check value, it indicates that the destination host cannot successfully access the key server and obtain the legal second check value therefrom, thereby indicating that the destination host at this time is not a legal destination host, therefore, the condition that the data of the virtual machine is illegally intercepted and captured caused by the IP deception of the target host is avoided.
Step S14: and if the response information is response information for indicating that migration is allowed, migrating the virtual machine data of the virtual machine to be migrated to the destination host.
In this embodiment, if response information for the migration request returned by the destination host based on the matching comparison result is obtained, it indicates that the virtual machine data of the virtual machine to be detected is allowed to be migrated, and further, an operation of migrating the virtual machine data to the destination host is performed. It should be noted that, in order to ensure security during the transmission process of the virtual machine data, the first key may be used to encrypt the virtual machine data to obtain encrypted data, and the encrypted data is sent to the destination host.
It can be understood that, in this embodiment, the source host sends a migration request including the feature information of the virtual machine and the first check value to the destination host, and then the destination host obtains the migration request, thereby implementing a first handshake between the source host and the destination host; the target host returns response information aiming at the migration request to the source host based on a comparison result between the first check value and the second check value, and the source host acquires the response information to realize second handshake between the source host and the target host; the source host encrypts and migrates the virtual machine data to the destination host according to the response information, and the destination host decrypts and stores the received virtual machine data, so that third handshake between the source host and the destination host is realized.
It can be seen that, in the embodiment of the present application, before migrating virtual machine data in a source host to a destination host, the destination host needs to generate a corresponding second check value by using a second secret key corresponding to a virtual machine to be migrated, which is obtained from a secret key server, and compare the second check value with a first check value obtained from the source host, so as to determine whether to migrate the virtual machine data to the destination host based on a check value comparison result, and when the first check value is not matched with the second check value, it indicates that the destination host cannot successfully access the secret key server and obtain a legal second secret key therefrom, that is, the destination host is not a legal destination host at this time, which is seen from top to bottom, the validity of the destination host can be detected through the above process in the embodiment of the present application, thereby preventing an illegal destination host from illegally intercepting virtual machine data through an IP spoofing, and the data security is improved.
The embodiment of the application discloses a virtual machine migration method, which is applied to a source host, and is shown in fig. 2, and the method comprises the following steps:
step S21: and creating a key inquiry request containing the characteristic information of the virtual machine to be migrated and sending the key inquiry request to the key server so that the key server can inquire the first key which is locally pre-stored and corresponds to the virtual machine to be migrated by using the characteristic information.
In this embodiment, before sending the feature information of the virtual machine to be migrated to the key server, the source host needs to create a key query request including the feature information of the virtual machine to be migrated first, and send the key query request to the key server, after obtaining the feature information, the key server queries a local virtual machine key, that is, the first key, which is pre-stored locally and corresponds to the virtual machine to be migrated, using the feature information, and returns the first key to the source host.
Step S22: and acquiring the first key sent by the key server.
In this embodiment, after a key query request including feature information of a virtual machine to be migrated is created and sent to the key server, the first key corresponding to the virtual machine to be migrated, which is obtained by querying by the key server, is obtained.
Step S23: and operating the first key by using a preset target check value generation algorithm to obtain the first check value.
In this embodiment, after the first key sent by the key server is obtained, a preset target check value generation algorithm may be used to calculate the first key, so as to obtain the first check value corresponding to the virtual machine to be migrated. The Check value generation Algorithm includes, but is not limited to, parity Check, MD5(Message-Digest Algorithm), CRC (Cyclic Redundancy Check) Algorithm, LRC (Longitudinal Redundancy Check) Algorithm, and the like.
Step S24: and sending a migration request containing the characteristic information, the first check value and the data volume of the virtual machine data to a target host, so that the target host queries a second key corresponding to the virtual machine to be migrated from the key server by using the characteristic information, calculates the second key to generate a second check value, and then compares the first check value with the second check value.
In this embodiment, after the first check value is obtained, a migration request including the feature information, the first check value, and the data size of the virtual machine data is sent to the destination host, and after the destination host receives the migration request, the destination host obtains the feature information, the first check value, and the data size of the virtual machine data, queries the second key corresponding to the virtual machine to be migrated from the key server by using the feature information, and performs an operation on the second key by using the target check value generation algorithm to generate a second check value.
Step S25: and if the comparison result is that the first check value is matched with the second check value and the local idle storage resource of the target host is not less than the data volume, acquiring response information which is returned by the target host and used for indicating that the migration is allowed.
In this embodiment, if the comparison result is that the first check value matches the second check value, it is determined that the identity of the destination host is normal and a trust relationship is established between the destination host and the destination host, further, in order to prevent that the local idle storage resource of the destination host is too small to accommodate the virtual machine data of the new virtual machine to be migrated and cause failure of data transmission, a quantity relationship between the local idle storage resource of the destination host and the data volume needs to be further determined, if the local idle storage resource of the destination host is greater than or equal to the data volume, it indicates that the current local idle storage resource of the destination host can accommodate the virtual machine data of the virtual machine to be migrated, and then response information returned by the destination host and indicating that migration is allowed is obtained.
Step S26: and if the response information is response information for indicating that migration is allowed, migrating the virtual machine data of the virtual machine to be migrated to the destination host.
For more specific processing procedures of the steps S24 and S26, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, in the embodiment of the application, before the migration of the virtual machine, the first check value and the second check value corresponding to the source host and the destination host are obtained through the virtual machine key, the two check values are compared, the local idle storage resource of the destination host is judged, the source host and the destination host are verified, the destination host is ensured to have enough resources to accommodate the virtual machine data, the IP spoofing of the migrated destination host can be prevented, and the enough resources to accommodate the data to be migrated can be ensured.
The embodiment of the application discloses a virtual machine migration method, which is applied to a source host, and is shown in fig. 3, and the method comprises the following steps:
step S31: the method comprises the steps of inquiring a first secret key corresponding to a virtual machine to be migrated from a secret key server by utilizing characteristic information of the virtual machine to be migrated, and operating the first secret key to generate a first check value.
Step S32: and sending a migration request containing the characteristic information and the first check value to a target host, so that the target host queries a second key corresponding to the virtual machine to be migrated from the key server by using the characteristic information, and operating the second key to generate a second check value.
Step S33: and acquiring response information which is returned by the target host based on the comparison result between the first check value and the second check value and aims at the migration request.
Step S34: and if the response information is response information for indicating that the migration is allowed, encrypting the virtual machine data of the virtual machine to be migrated by using the first key and based on an asymmetric encryption algorithm to obtain encrypted data.
In this embodiment, if the response information is response information indicating that migration is allowed, the virtual machine data of the virtual machine to be migrated is encrypted by using the first key and based on an asymmetric encryption algorithm, so as to obtain encrypted data. It can be understood that, in order to improve security in the data transmission process, in the process of encrypting the virtual machine data of the virtual machine to be migrated by using the first key, the virtual machine data may be encrypted by using an asymmetric encryption algorithm to obtain encrypted data. The asymmetric encryption algorithm includes, but is not limited to, RSA algorithm, ecc (error Correcting code) algorithm, DH (Diffie-Hellman) algorithm, ECDH (Elliptic Curve capacitor Diffie-Hellman key Exchange) algorithm, etc
Step S35: and migrating the encrypted data to the target host, so that the target host decrypts the encrypted data by using the second key and stores the corresponding decrypted data.
In this embodiment, after the first key is used and the asymmetric encryption algorithm is used to encrypt the virtual machine data of the virtual machine to be migrated to obtain encrypted data, the encrypted data is migrated to the target host, and the target host further receives the encrypted data, decrypts the encrypted data by using the second key to obtain corresponding decrypted data, and stores the decrypted data. It can be understood that, the first key and the second key are stored in the key server in pairs by using the same encryption algorithm, and since the encryption is performed by using the first key in the process of encrypting the virtual machine, a decryption operation needs to be performed by using the second key corresponding to the first key after the destination host receives the virtual machine data.
It should be noted that, in this embodiment, before querying, by using the feature information of the virtual machine to be migrated, the first key corresponding to the virtual machine to be migrated from the key server, the method further includes:
sending the characteristic information to the key server so that the key server can bind the key pair which is created aiming at the virtual machine to be migrated in advance with the characteristic information and store the key pair and the characteristic information locally; wherein, the public key in the key pair is the first key, and the private key in the key pair is the second key. It can be understood that, after the characteristic information is sent to the key server, the key server binds a key pair, which is created in advance for the virtual machine to be migrated and is based on an asymmetric encryption algorithm, with the characteristic information and stores the bound key pair locally, where the key pair includes a public key and a private key, where the public key corresponds to the first key and the private key corresponds to the second key.
For more specific processing procedures of the steps S31, S32, and S33, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the IP deception of the migrated target host is prevented through three-way handshake, the virtual machine key is encrypted by adopting an asymmetric encryption algorithm, the migrated target host is authenticated through the virtual machine key verification, and the virtual machine data is encrypted by utilizing the virtual machine key, so that the data has better confidentiality in the transmission process, and the data can be effectively prevented from being intercepted and tampered.
The embodiment of the application discloses a virtual machine migration method, which is applied to a destination host, and is shown in fig. 4, and the method comprises the following steps:
step S41: acquiring a migration request which is sent by a source host and contains characteristic information of a virtual machine to be migrated and a first check value; the first check value is generated by the source host by inquiring a first key corresponding to the virtual machine to be migrated from a key server by using the characteristic information and calculating the first key.
In this embodiment, the characteristic information is information that can uniquely represent the identity of the virtual machine to be migrated, the source host may query the first key corresponding to the characteristic information from the key server by using the characteristic information, obtain the first check value by using the first key based on a preset target check value generation algorithm, and then package the first key and the first check value into a migration request and send the migration request to the target host.
Further, it should be noted that before querying the first key corresponding to the virtual machine to be migrated from the key server by using the feature information of the virtual machine to be migrated, the method further includes: sending the characteristic information to the key server so that the key server can bind the key pair which is created aiming at the virtual machine to be migrated in advance with the characteristic information and store the key pair and the characteristic information locally; the key pair may be obtained by a symmetric encryption algorithm or an asymmetric encryption algorithm. Specifically, if an asymmetric encryption algorithm is adopted, the public key in the key pair is the first key, and the private key in the key pair is the second key.
Step S42: and querying a second key corresponding to the virtual machine to be migrated from the key server by using the characteristic information, and operating the second key to generate a second check value.
In this embodiment, after a migration request including feature information of a virtual machine to be migrated and a first check value sent by a source host is obtained, the second key corresponding to the virtual machine to be migrated is queried from the key server, and then the second key is operated to generate the second check value. It should be noted that the algorithm for generating the second check value by using the second key and the algorithm for generating the first check value by using the first key are the same algorithm, that is, both algorithms are the target check value generation algorithms. Wherein, the target check value generation algorithm includes, but is not limited to, parity check, MD5 algorithm, CRC algorithm, LRC algorithm, etc.
Step S43: and comparing the first check value with the second check value to obtain a corresponding comparison result.
Further, in this embodiment, after the second check value is obtained, the second check value is compared with the first check value in the migration request, when the first check value matches the second check value, it indicates that the destination host successfully accesses the key server and obtains a legal second check value, and when the first check value does not match the second check value, it indicates that the destination host cannot successfully access the key server and obtains a legal second check value from the key server, that is, the IP address of the current destination host may be in a spoofed state.
Step S44: and returning response information aiming at the migration request to the source host based on the comparison result.
In this embodiment, after the comparison result between the first check value and the second check value is obtained, response information for the migration request may be returned to the source host based on the comparison result.
In a particular embodiment, may include: and if the comparison result is that the first check value is matched with the second check value, acquiring response information which is returned by the destination host and used for indicating that the migration is allowed.
In another specific embodiment, the method can comprise the following steps: if a migration request containing the characteristic information, the first check value and the data volume of the virtual machine data is received, the first check value and the second check value are compared firstly, if the comparison result is that the first check value is matched with the second check value, the quantity relation between the local idle storage resources and the data volume is further judged, and if the local idle storage resources are not smaller than the data volume, response information which is returned by the target host and used for indicating that the migration is allowed is obtained.
Step S45: and if the response information is response information for indicating that migration is allowed, acquiring the virtual machine data of the virtual machine to be migrated, which is migrated by the source host.
In this embodiment, when the response information indicates that migration is allowed, the virtual machine data of the virtual machine to be migrated that is migrated by the source host is acquired. It can be understood that, when the response information obtained by comparing the first check value and the second check value indicates that migration is allowed, i.e., a trust relationship is established between the response information and the source host, the virtual machine data of the virtual machine to be migrated, which is migrated by the source host, may be received.
Further, after receiving the virtual machine data, the virtual machine data may be decrypted by using the second key to obtain decrypted data, and the decrypted data may be stored.
For more specific processing procedures of the above steps S41, S42, S43, S44, and S45, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated herein.
It can be seen that, in the embodiment of the present application, before migrating virtual machine data in a source host to a destination host, the destination host needs to generate a corresponding second check value by using a second secret key corresponding to a virtual machine to be migrated, which is obtained from a secret key server, and compare the second check value with a first check value obtained from the source host, so as to determine whether to migrate the virtual machine data to the destination host based on a check value comparison result, and when the first check value is not matched with the second check value, it indicates that the destination host cannot successfully access the secret key server and obtain a legal second secret key therefrom, that is, the destination host is not a legal destination host at this time, which is seen from top to bottom, the validity of the destination host can be detected through the above process in the embodiment of the present application, thereby preventing an illegal destination host from illegally intercepting virtual machine data through an IP spoofing, and the data security is improved.
Correspondingly, an embodiment of the present application further discloses a virtual machine migration apparatus, as shown in fig. 5, the apparatus includes:
the first check value generating module 11 is configured to query, from a key server, a first key corresponding to a virtual machine to be migrated by using feature information of the virtual machine to be migrated, and perform operation on the first key to generate a first check value;
a request sending module 12, configured to send a migration request including the feature information and the first check value to a destination host, so that the destination host queries, from the key server, a second key corresponding to the virtual machine to be migrated using the feature information, and performs an operation on the second key to generate a second check value;
an information obtaining module 13, configured to obtain response information, returned by the destination host based on a comparison result between the first check value and the second check value, for the migration request;
and the data migration module 14 is configured to, when the response information is response information indicating that migration is allowed, migrate the virtual machine data of the virtual machine to be migrated to the destination host.
It can be seen that, in the embodiment of the present application, before migrating virtual machine data in a source host to a destination host, the destination host needs to generate a corresponding second check value by using a second secret key corresponding to a virtual machine to be migrated, which is obtained from a secret key server, and compare the second check value with a first check value obtained from the source host, so as to determine whether to migrate the virtual machine data to the destination host based on a check value comparison result, and when the first check value is not matched with the second check value, it indicates that the destination host cannot successfully access the secret key server and obtain a legal second secret key therefrom, that is, the destination host is not a legal destination host at this time, which is seen from top to bottom, the validity of the destination host can be detected through the above process in the embodiment of the present application, thereby preventing an illegal destination host from illegally intercepting virtual machine data through an IP spoofing, and the data security is improved.
In some specific embodiments, the first check value generating module 11 may specifically include:
a first request sending unit, configured to create a key query request including the feature information and send the key query request to the key server, so that the key server queries, by using the feature information, the first key corresponding to the to-be-migrated virtual machine, where the first key is locally pre-stored;
a first key obtaining unit, configured to obtain the first key sent by the key server;
the first check value generating unit is used for calculating the first key by using a preset target check value generating algorithm to obtain a first check value;
and, the process of the destination host operating the second key to generate the second check value includes:
and the second check value generating unit is used for operating the second key by using the target check value generating algorithm to obtain the second check value.
In some specific embodiments, the information obtaining module 13 may specifically include:
and the first information acquisition module unit is configured to acquire response information, which is returned by the destination host and used for indicating that migration is allowed, if the comparison result is that the first check value matches the second check value.
In some specific embodiments, the request sending module 12 may specifically include:
a second request sending unit, configured to send a migration request including the feature information, the first check value, and the data size of the virtual machine data to a destination host;
correspondingly, the information obtaining module 13 may specifically include:
and a second information obtaining module unit, configured to obtain, when the comparison result is that the first check value matches the second check value, and a local idle storage resource of the destination host is not less than the data volume, response information returned by the destination host and indicating that migration is allowed.
In some specific embodiments, the migrating the virtual machine data of the virtual machine to be migrated to the destination host specifically may include:
the data acquisition unit is used for encrypting the virtual machine data of the virtual machine to be migrated by using the first key and based on an asymmetric encryption algorithm to obtain encrypted data;
and the data migration unit is used for migrating the encrypted data to the target host so that the target host can decrypt the encrypted data by using the second key and store the corresponding decrypted data.
In some specific embodiments, before the first check value generating module 11, the method may further include:
the information sending unit is used for sending the characteristic information to the key server so that the key server can bind the key pair which is created aiming at the virtual machine to be migrated in advance with the characteristic information and store the key pair and the characteristic information locally; wherein, the public key in the key pair is the first key, and the private key in the key pair is the second key.
Further, an electronic device is disclosed in the embodiments of the present application, and fig. 6 is a block diagram of an electronic device 20 according to an exemplary embodiment, which should not be construed as limiting the scope of the application.
Fig. 6 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement the relevant steps in the virtual machine migration method disclosed in any one of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the resources stored thereon may include an operating system 221, a computer program 222, etc., and the storage manner may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device on the electronic device 20 and the computer program 222, and may be Windows Server, Netware, Unix, Linux, or the like. The computer programs 222 may further include computer programs that can be used to perform other specific tasks in addition to the computer programs that can be used to perform the virtual machine migration method performed by the electronic device 20 disclosed in any of the foregoing embodiments.
Further, the present application also discloses a computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the virtual machine migration method disclosed above. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing detailed description is directed to a virtual machine migration method, apparatus, device, and storage medium provided by the present application, and a specific example is applied in the present application to explain the principle and implementation of the present application, and the description of the foregoing embodiment is only used to help understand the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1.一种虚拟机迁移方法,其特征在于,应用于源主机,包括:1. A virtual machine migration method, characterized in that, applied to a source host, comprising: 利用待迁移虚拟机的特征信息从密钥服务器中查询与所述待迁移虚拟机对应的第一密钥,并对所述第一密钥进行运算以生成第一校验值;Use the feature information of the virtual machine to be migrated to query the first key corresponding to the virtual machine to be migrated from the key server, and perform an operation on the first key to generate a first check value; 将包含所述特征信息以及所述第一校验值的迁移请求发送至目的主机,以便所述目的主机利用所述特征信息从所述密钥服务器中查询与所述待迁移虚拟机对应的第二密钥,并对所述第二密钥进行运算以生成第二校验值;Send the migration request including the feature information and the first check value to the destination host, so that the destination host uses the feature information to query the key server for the first number corresponding to the virtual machine to be migrated. a second key, and performing an operation on the second key to generate a second check value; 获取所述目的主机基于所述第一校验值和所述第二校验值之间的比对结果返回的针对所述迁移请求的应答信息;obtaining the response information for the migration request returned by the destination host based on the comparison result between the first check value and the second check value; 若所述应答信息为用于表明允许进行迁移的应答信息,则将所述待迁移虚拟机的虚拟机数据迁移至所述目的主机。If the response information is response information for indicating permission to perform migration, migrate the virtual machine data of the virtual machine to be migrated to the destination host. 2.根据权利要求1所述的虚拟机迁移方法,其特征在于,所述利用待迁移虚拟机的特征信息从密钥服务器中查询与所述待迁移虚拟机对应的第一密钥,并对所述第一密钥进行运算以生成第一校验值,包括:2 . The virtual machine migration method according to claim 1 , wherein the feature information of the virtual machine to be migrated is used to query the first key corresponding to the virtual machine to be migrated from a key server, and the first key corresponding to the virtual machine to be migrated is queried. 3 . The first key is operated to generate a first check value, including: 创建包含所述特征信息的密钥查询请求并发送至所述密钥服务器,以便所述密钥服务器利用所述特征信息查询本地预先保存的与所述待迁移虚拟机对应的所述第一密钥;Create a key query request including the feature information and send it to the key server, so that the key server uses the feature information to query the locally pre-stored first key corresponding to the virtual machine to be migrated key; 获取所述密钥服务器发送的所述第一密钥;obtaining the first key sent by the key server; 利用预设的目标校验值生成算法对所述第一密钥进行运算,以得到所述第一校验值;Use a preset target check value generation algorithm to operate on the first key to obtain the first check value; 并且,所述目的主机对所述第二密钥进行运算以生成所述第二校验值的过程包括:利用所述目标校验值生成算法对所述第二密钥进行运算,以得到所述第二校验值。In addition, the process that the destination host operates on the second key to generate the second check value includes: using the target check value generation algorithm to operate on the second key to obtain the Describe the second check value. 3.根据权利要求1所述的虚拟机迁移方法,其特征在于,所述获取所述目的主机基于所述第一校验值和所述第二校验值之间的比对结果返回的针对所述迁移请求的应答信息,包括:3 . The virtual machine migration method according to claim 1 , wherein the obtaining the target host based on the comparison result between the first check value and the second check value returns the target host. 4 . The response information of the migration request includes: 若所述比对结果为所述第一校验值与所述第二校验值相匹配,则获取所述目的主机返回的用于表明允许进行迁移的应答信息。If the comparison result is that the first check value matches the second check value, the response information returned by the destination host and used to indicate that migration is permitted is obtained. 4.根据权利要求1所述的虚拟机迁移方法,其特征在于,所述将包含所述特征信息以及所述第一校验值的迁移请求发送至目的主机,包括:4. The virtual machine migration method according to claim 1, wherein the sending the migration request including the feature information and the first check value to the destination host comprises: 将包含所述特征信息、所述第一校验值以及所述虚拟机数据的数据量的迁移请求发送至目的主机;sending a migration request including the feature information, the first check value and the data volume of the virtual machine data to the destination host; 相应的,所述获取所述目的主机基于所述第一校验值和所述第二校验值之间的比对结果返回的针对所述迁移请求的应答信息,包括:Correspondingly, the acquiring the response information for the migration request returned by the destination host based on the comparison result between the first check value and the second check value includes: 若所述比对结果为所述第一校验值与所述第二校验值相匹配,并且所述目的主机的本地空闲存储资源不小于所述数据量,则获取所述目的主机返回的用于表明允许进行迁移的应答信息。If the comparison result is that the first check value matches the second check value, and the local free storage resources of the destination host are not less than the amount of data, obtain the data returned by the destination host. Reply message to indicate that migration is allowed. 5.根据权利要求1至4任一项所述的虚拟机迁移方法,其特征在于,所述将所述待迁移虚拟机的虚拟机数据迁移至所述目的主机,包括:5. The virtual machine migration method according to any one of claims 1 to 4, wherein the migrating virtual machine data of the virtual machine to be migrated to the destination host comprises: 利用所述第一密钥并基于非对称加密算法对所述待迁移虚拟机的虚拟机数据进行加密,得到加密后数据;Encrypt the virtual machine data of the virtual machine to be migrated by using the first key and based on an asymmetric encryption algorithm to obtain encrypted data; 将所述加密后数据迁移至所述目的主机,以便所述目的主机利用所述第二密钥对所述加密后数据进行解密处理,并保存相应的解密后数据。The encrypted data is migrated to the destination host, so that the destination host decrypts the encrypted data by using the second key, and saves the corresponding decrypted data. 6.根据权利要求5所述的虚拟机迁移方法,其特征在于,所述利用待迁移虚拟机的特征信息从密钥服务器中查询与所述待迁移虚拟机对应的第一密钥之前,还包括:6 . The virtual machine migration method according to claim 5 , wherein, before using the feature information of the virtual machine to be migrated to query the first key corresponding to the virtual machine to be migrated from the key server, further include: 将所述特征信息发送至所述密钥服务器,以便所述密钥服务器将预先针对所述待迁移虚拟机创建的密钥对与所述特征信息进行绑定并保存在本地;其中,所述密钥对中的公钥为所述第一密钥,所述密钥对中的私钥为所述第二密钥。sending the feature information to the key server, so that the key server binds a key pair created in advance for the virtual machine to be migrated with the feature information and saves it locally; wherein the The public key in the key pair is the first key, and the private key in the key pair is the second key. 7.一种虚拟机迁移方法,其特征在于,应用于目的主机,包括:7. A virtual machine migration method, characterized in that, applied to a destination host, comprising: 获取源主机发送的包含待迁移虚拟机的特征信息以及第一校验值的迁移请求;所述第一校验值为所述源主机利用所述特征信息从密钥服务器中查询与所述待迁移虚拟机对应的第一密钥,并对所述第一密钥进行运算生成的校验值;Acquire a migration request sent by the source host that includes the feature information of the virtual machine to be migrated and a first check value; the first check value is the source host using the feature information to query the key server for a connection with the to-be-migrated virtual machine. Migrating the first key corresponding to the virtual machine, and performing an operation on the first key to generate a check value; 利用所述特征信息从所述密钥服务器中查询与所述待迁移虚拟机对应的第二密钥,并对所述第二密钥进行运算以生成第二校验值;Use the feature information to query the key server for a second key corresponding to the virtual machine to be migrated, and perform an operation on the second key to generate a second check value; 将所述第一校验值和所述第二校验值进行比对,得到相应的比对结果;Comparing the first check value and the second check value to obtain a corresponding comparison result; 基于所述比对结果向所述源主机返回针对所述迁移请求的应答信息;Returning response information for the migration request to the source host based on the comparison result; 若所述应答信息为用于表明允许进行迁移的应答信息,则获取所述源主机迁移的所述待迁移虚拟机的虚拟机数据。If the response information is response information indicating that migration is permitted, acquire the virtual machine data of the to-be-migrated virtual machine migrated by the source host. 8.一种虚拟机迁移装置,其特征在于,应用于源主机,包括:8. A virtual machine migration device, characterized in that, applied to a source host, comprising: 第一校验值生成模块,用于利用待迁移虚拟机的特征信息从密钥服务器中查询与所述待迁移虚拟机对应的第一密钥,并对所述第一密钥进行运算以生成第一校验值;A first check value generation module, configured to use the feature information of the virtual machine to be migrated to query the first key corresponding to the virtual machine to be migrated from the key server, and perform operations on the first key to generate the first check value; 请求发送模块,用于将包含所述特征信息以及所述第一校验值的迁移请求发送至目的主机,以便所述目的主机利用所述特征信息从所述密钥服务器中查询与所述待迁移虚拟机对应的第二密钥,并对所述第二密钥进行运算以生成第二校验值;A request sending module is configured to send a migration request including the feature information and the first check value to the destination host, so that the destination host can use the feature information to query the key server for information about the destination host. Migrating the second key corresponding to the virtual machine, and performing an operation on the second key to generate a second check value; 信息获取模块,用于获取所述目的主机基于所述第一校验值和所述第二校验值之间的比对结果返回的针对所述迁移请求的应答信息;an information acquisition module, configured to acquire the response information for the migration request returned by the destination host based on the comparison result between the first check value and the second check value; 数据迁移模块,用于当所述应答信息为用于表明允许进行迁移的应答信息,则将所述待迁移虚拟机的虚拟机数据迁移至所述目的主机。The data migration module is configured to migrate the virtual machine data of the virtual machine to be migrated to the destination host when the response information is response information indicating that migration is permitted. 9.一种电子设备,其特征在于,包括处理器和存储器;其中,所述处理器执行所述存储器中保存的计算机程序时实现如权利要求1至7任一项所述的虚拟机迁移方法。9. An electronic device, comprising a processor and a memory; wherein, the processor implements the virtual machine migration method according to any one of claims 1 to 7 when the processor executes the computer program saved in the memory . 10.一种计算机可读存储介质,其特征在于,用于存储计算机程序;其中,所述计算机程序被处理器执行时实现如权利要求1至7任一项所述的虚拟机迁移方法。10 . A computer-readable storage medium, characterized in that it is used for storing a computer program; wherein, when the computer program is executed by a processor, the virtual machine migration method according to any one of claims 1 to 7 is implemented.
CN202110779956.6A 2021-07-09 2021-07-09 Virtual machine migration method, device, equipment and storage medium Active CN113703911B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110779956.6A CN113703911B (en) 2021-07-09 2021-07-09 Virtual machine migration method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110779956.6A CN113703911B (en) 2021-07-09 2021-07-09 Virtual machine migration method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113703911A true CN113703911A (en) 2021-11-26
CN113703911B CN113703911B (en) 2024-03-12

Family

ID=78648672

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110779956.6A Active CN113703911B (en) 2021-07-09 2021-07-09 Virtual machine migration method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113703911B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114938275A (en) * 2022-07-21 2022-08-23 国开启科量子技术(北京)有限公司 Method, apparatus, medium, and device for migrating virtual machine using quantum key
CN115189928A (en) * 2022-06-25 2022-10-14 中国人民解放军战略支援部队信息工程大学 A method and system for dynamic and secure migration of a cryptographic service virtual machine
CN115933989A (en) * 2022-12-30 2023-04-07 中电云数智科技有限公司 A verification method for data integrity of virtual machine live migration
CN119561701A (en) * 2024-11-22 2025-03-04 广州众诺微电子有限公司 Security protection module, security chip, communication equipment and communication system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130159700A1 (en) * 2011-12-16 2013-06-20 Hitachi, Ltd. Computer system and volume migration control method using the same
CN110515700A (en) * 2019-08-23 2019-11-29 北京浪潮数据技术有限公司 A kind of virtual machine migration method, system, device and readable storage medium storing program for executing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130159700A1 (en) * 2011-12-16 2013-06-20 Hitachi, Ltd. Computer system and volume migration control method using the same
CN110515700A (en) * 2019-08-23 2019-11-29 北京浪潮数据技术有限公司 A kind of virtual machine migration method, system, device and readable storage medium storing program for executing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘明芳;李文锋;赵阳;: "一种基于XEN平台的可信虚拟机迁移协议", 计算机安全, no. 03 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115189928A (en) * 2022-06-25 2022-10-14 中国人民解放军战略支援部队信息工程大学 A method and system for dynamic and secure migration of a cryptographic service virtual machine
CN115189928B (en) * 2022-06-25 2023-10-17 中国人民解放军战略支援部队信息工程大学 A method and system for dynamic and secure migration of cryptographic service virtual machines
CN114938275A (en) * 2022-07-21 2022-08-23 国开启科量子技术(北京)有限公司 Method, apparatus, medium, and device for migrating virtual machine using quantum key
CN114938275B (en) * 2022-07-21 2022-10-14 国开启科量子技术(北京)有限公司 Method, apparatus, medium, and device for migrating virtual machine using quantum key
CN115933989A (en) * 2022-12-30 2023-04-07 中电云数智科技有限公司 A verification method for data integrity of virtual machine live migration
CN119561701A (en) * 2024-11-22 2025-03-04 广州众诺微电子有限公司 Security protection module, security chip, communication equipment and communication system

Also Published As

Publication number Publication date
CN113703911B (en) 2024-03-12

Similar Documents

Publication Publication Date Title
US20250086293A1 (en) Providing cryptographically secure post-secrets-provisioning services
JP6215934B2 (en) Login verification method, client, server, and system
US10805087B1 (en) Code signing method and system
US10437985B2 (en) Using a second device to enroll a secure application enclave
US9699150B2 (en) System and method for secure cloud computing
JP5860815B2 (en) System and method for enforcing computer policy
CN113626802B (en) Login verification system and method for equipment password
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
CN113703911A (en) Virtual machine migration method, device, equipment and storage medium
WO2021120871A1 (en) Authentication key negotiation method and apparatus, storage medium and device
CN105933315B (en) A network service secure communication method, device and system
CN111064569B (en) Method and device for obtaining cluster key of trusted computing cluster
US10298388B2 (en) Workload encryption key
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
US10257171B2 (en) Server public key pinning by URL
KR102510868B1 (en) Method for authenticating client system, client device and authentication server
US11296878B2 (en) Private key updating
CN114338091B (en) Data transmission method, device, electronic device and storage medium
CN111600903A (en) A communication method, system, device and readable storage medium
CN114244569A (en) SSL VPN remote access method, system and computer equipment
CN110515700B (en) Virtual machine migration method, system, device and readable storage medium
EP3836478A1 (en) Method and system of data encryption using cryptographic keys
WO2020034881A1 (en) Method and apparatus for activating trusted execution environment
CN114065170A (en) Method and device for acquiring platform identity certificate and server
CN112261103A (en) Node access method and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant