KR102827465B1 - VDI integrated operation management server for providing digital working environment and method thereof - Google Patents

Abstract

The present invention relates to a VDI integrated operation management server for providing a digital work environment, and includes a connection security module for performing user authentication on user login information received from a user terminal device to enable connection to a virtual desktop, an integrated management module for managing user policies set for users and administrator policies set for administrators, and managing user terminal devices and virtual desktops remotely connected to the virtual desktop, a digital work analysis module for analyzing digital work data generated while a user works by connecting to a virtual desktop via a user terminal device, and a VDI management module for managing a VDI server providing a virtual desktop based on multi-tenancy.

Description

VDI integrated operation management server and method for providing digital working environment {VDI integrated operation management server for providing digital working environment and method thereof}

The present invention relates to a VDI integrated operation management server and method for providing a digital work environment.

Recently, digital work systems such as telecommuting are being implemented more widely in public institutions and companies, but unlike office work environments, most telecommuting systems are comprised of only personal computing devices. As a result, there are limitations in implementing various functions similar to office work environments or in responding to problems when they occur.

Currently, the digital work environment most commonly adopted by public institutions is the VDI (Virtual Desktop Infrastructure) environment, and most public institutions are using the VDI environment to enable stable and secure telecommuting in a network separation environment.

However, since the existing digital work environment operates individual solutions such as operation management solutions, remote access management servers, attendance management servers, and PC security servers, there are many similar functions that overlap for each solution, and these similar functions result in a lot of waste of resources, and when a problem occurs, it takes a long time to identify the cause of the problem in which solution or server.

In addition, hypervisors mainly used for digital work environments are XenServer, vSphere, and Acropolis products, but these existing products have the disadvantage of not being able to be migrated at the user's level, making it difficult to manage multiple digital tasks in one place, and frequently causing accidents such as data leaks due to the use of virtual desktops and key information leaks through hacking, making security vulnerable.

Domestic Publication Patent No. 10-2012-0085434

In order to solve the above-mentioned problems, the technical task of the present invention is to propose a VDI integrated operation management server and method for providing a digital work environment that can manage desktop clouds in one place and apply enhanced security functions when linking with a remote work system to complement the shortcomings of security vulnerabilities.

The solutions to the problems of the present invention are not limited to those mentioned above, and other solutions not mentioned will be clearly understood by those skilled in the art from the description below.

As a means for solving the above-mentioned technical problem, a VDI integrated operation management server for providing a digital work environment according to an embodiment of the present invention may include: a connection security module for performing user authentication on user login information received from a user terminal device to access a virtual desktop; an integrated management module for managing a user policy set for a user and an administrator policy set for an administrator, and managing a user terminal device and a virtual desktop remotely accessed to the virtual desktop; a digital work analysis module for analyzing digital work data generated while a user accesses a virtual desktop through the user terminal device and works; and a VDI management module for managing a VDI server providing the virtual desktop based on a multi-tenancy basis.

The above connection security module provides an SSO (Single Sign On) service using login information received from a user terminal device, and can analyze whether the user's connection is abnormal by inputting the user's connection log into a connection abnormality detection model.

The above integrated management module can automate operations using RPA (Robot Process Automation) to check the resource usage of the server, manage remote access of the user terminal device, check for abnormalities when providing virtual desktop services, and identify virtual desktop access failures.

The above digital work analysis module can input digital work data including at least one of the user's mouse and keyboard usage log, network usage data, and access IP (Internet Protocol) from the user terminal device into a work pattern analysis model to analyze the user's work pattern and whether the user's abnormal behavior occurs.

The above digital business analysis module, if it determines that an abnormal behavior has occurred as a result of analyzing the digital business data, reports this to the access security module, and if the abnormal behavior is an illegal data leak, the access security module can insert a watermark into the data from which the illegal data leak was attempted, or can block the data leak at the source.

The above user terminal device may further include a streaming module that records user commands and operations of the virtual desktop performed by the user commands while the user terminal device is connected to the virtual desktop and working.

It may further include a digital work collaboration module that provides a number of collaboration tools to provide a cloud-based collaborative work environment and a work management application that manages work for each user.

The above digital work collaboration module can support work automation by linking the above multiple collaboration tools and work management applications using RPA (Robot Process Automation) while the user is working using the above multiple collaboration tools and work management applications.

Meanwhile, a VDI integrated operation management method for providing a digital work environment according to another embodiment of the present invention may include: (A) a step in which the connection security module of the VDI integrated operation management server performs user authentication on the user's login information received from the user terminal device to access a virtual desktop; (B) a step in which the VDI management module of the VDI integrated operation management server allocates a virtual desktop to the user terminal device and manages the VDI server providing the virtual desktop based on multi-tenancy; (C) a step in which the digital work analysis module of the VDI integrated operation management server analyzes digital work data generated while the user accesses the virtual desktop through the user terminal device and works; and (D) a step in which the integrated management module of the VDI integrated operation management server manages a user policy set for the user and an administrator policy set for the administrator, and manages the user terminal device and the virtual desktop that are remotely accessed to the virtual desktop.

The above step (A) provides a SSO (Single Sign On) service using login information received from a user terminal device, and inputs the user's access log into an access anomaly detection model to analyze whether the user is accessing abnormally.

The above step (D) can automate operations using RPA (Robot Process Automation) to check the resource usage of the server, manage remote access of the user terminal device, check for abnormalities when providing virtual desktop services, and identify virtual desktop access failures.

The step (C) above can input digital work data including at least one of the user's mouse and keyboard usage log, network usage data, and connection IP (Internet Protocol) from the user terminal device into a work pattern analysis model to analyze the user's work pattern and whether the user's abnormal behavior occurs.

In the step (C) above, if the digital business analysis module determines that an abnormal behavior has occurred as a result of analyzing the digital business data, it reports this to the access security module, and if the abnormal behavior is an illegal data leak, the access security module can insert a watermark into the data from which the illegal data leak was attempted or block the data leak at the source.

(E) The streaming module of the VDI integrated operation management server may further include a step of recording user commands and operations of the virtual desktop performed by the user commands while the user terminal device is connected to the virtual desktop and working.

(F) The digital work collaboration module of the above VDI integrated operation management server may further include a step of providing a plurality of collaboration tools to provide a cloud-based collaborative work environment and providing a work management application that manages work for each user to enable collaboration.

In the above step (F), the digital work collaboration module can support work automation by linking the multiple collaboration tools and work management applications using RPA (Robot Process Automation) while the user is working using the multiple collaboration tools and work management applications.

According to the present invention, a smart office environment can be provided by safely supporting non-face-to-face work, work sharing, collaboration, etc. through a cloud-based VDI solution and system enhancement.

In addition, according to the present invention, when accessing a virtual desktop and performing digital work, it is possible to detect abnormal work or access behavior of the user based on artificial intelligence and prevent external leakage of important information.

In addition, according to the present invention, by providing a smart work cloud platform, it is possible to establish standardization and standardization processes for digital work of public institutions.

In addition, according to the present invention, an intelligent service platform for improving work efficiency based on user information can be provided, thereby providing a systematic work processing and work content data collection and management process.

In addition, according to the present invention, instead of purchasing and installing security solutions, digital work solutions, and remote management solutions individually for the existing digital work environment, by integrating each of these solutions into one solution, compatibility issues, security issues, purchase cost issues, etc. between each solution can be resolved, and work convenience can be improved.

In addition, according to the present invention, it is possible to manage desktop clouds in one place and apply enhanced security functions when linking with digital work systems to complement the shortcomings of security vulnerabilities.

The effects of the present invention are not limited to those mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the description below.

FIG. 1 is a drawing illustrating a VDI integrated operation management system for providing a digital work environment according to an embodiment of the present invention.
Figure 2 is an example diagram for explaining the SSO service in digital work of the connection security module (410).
Figure 3 is a drawing for explaining VPN pre-authentication using VPN tunneling.
Figure 4 is a conceptual diagram for explaining the authentication operation when the OIDC protocol is added on top of OAuth 2.0.
Figure 5 is an example diagram for explaining the screen security function.
Figure 6 is a diagram illustrating a number of collaboration tools and work management applications.
Figure 7 is an example screen of a business management application.
Figure 8 is a drawing to explain the integrated work automation support by linking functions between RPA, collaboration tools, and collaboration apps.
Figure 9 is a drawing illustrating an intelligent document integration management platform supported by a digital business collaboration module (440).
FIG. 10 is a conceptual diagram for explaining the overall operation of the VDI integrated operation management system for providing a digital work environment according to the embodiment of the present invention described above, and
FIG. 11 is a flowchart schematically illustrating a VDI integrated operation management method for providing a digital work environment according to an embodiment of the present invention.

The above objects, other objects, features and advantages of the present invention will be readily understood through the following preferred embodiments related to the attached drawings. However, the present invention is not limited to the embodiments described herein and may be embodied in other forms. Rather, the embodiments introduced herein are provided so that the disclosed contents can be thorough and complete and so that the spirit of the present invention can be sufficiently conveyed to those skilled in the art.

In some cases, it is mentioned in advance that parts that are commonly known but not closely related to the invention are not described in order to avoid unnecessary confusion in describing the present invention.

When terms such as first, second, etc. are used in this specification to describe components, these components should not be limited by these terms. These terms are only used to distinguish one component from another.

Additionally, when it is stated that a first component operates or executes on a second component (ON), it should be understood that the first component operates or executes in an environment in which the second component operates or executes, or operates or executes through direct or indirect interaction with the second component.

When a component, device, or system is referred to as including a component consisting of a program or software, even if there is no explicit mention, it should be understood that the component, device, or system includes hardware (e.g., memory, CPU, etc.) or other programs or software (e.g., an operating system or drivers necessary to operate hardware) necessary for the program or software to execute or operate.

Additionally, unless otherwise specifically stated, a component may be implemented in software, hardware, or both software and hardware.

Also, the terminology used herein is for the purpose of describing embodiments only and is not intended to limit the present invention. In this specification, the singular also includes the plural unless specifically stated otherwise in the phrase. The words 'comprises' and/or 'comprising' as used in the specification do not exclude the presence or addition of one or more other components mentioned.

In addition, terms such as 'part', 'module', 'server', 'system', 'platform', 'device' or 'terminal' in this specification may be intended to refer to a functional and structural combination of hardware and software driven by or for driving the hardware. For example, the hardware herein may be a data processing device including a CPU or other processor. In addition, software driven by the hardware may refer to a running process, an object, an executable, a thread of execution, a program, etc.

In addition, it can be easily inferred by an average expert in the technical field of the present invention that the above terms may mean a logical unit of a given code and hardware resources for executing the given code, and do not necessarily mean physically connected code or a type of hardware.

Hereinafter, the specific technical contents to be implemented in the present invention will be described in detail with reference to the attached drawings.

Each configuration of the virtual desktop service system for enhancing security functions illustrated in FIG. 1 is shown to be functionally or logically separable, and it will be easily inferred by an average expert in the technical field of the present invention that it does not necessarily mean that each configuration is separated into a separate physical device or written in a separate code.

In addition, the administrator terminal device (100), user terminal device (200), VDI server (300), and VDI integrated operation management server (400) illustrated in FIG. 1 may be any electronic device capable of installing and executing a program, including a storage medium and a processor, such as a desktop PC (Personal Computer), a laptop PC, a netbook computer, or a smartphone.

The storage medium may include at least one of a flash memory, a hard disk, a solid state disk (SSD), a secure digital card (SD card), a random access memory (RAM), a static random access memory (SRAM), a read only memory (ROM), a programmable read only memory (PROM), an electrically erasable and programmable ROM (EEPROM), and an erasable and programmable ROM (EPROM) that can store instructions executed by the processor.

The processor may be electrically connected to a wired or wireless communication interface module, a user interface module such as a keyboard, and a storage medium. The processor may include at least one of processing units such as an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a Central Processing Unit (CPU), a microcontroller, and a microprocessor to control the operation of each device or server.

In addition, DB (470) may mean a functional and structural combination of software and hardware that store information. DB (470) may be implemented with at least one table, and may further include a separate DBMS (Database Management System) for searching, storing, and managing information stored in the DB (470). In addition, it may be implemented in various ways, such as in the form of a linked list, a tree, and a relational DB, and includes all data storage media and data structures that can store information corresponding to the DB.

FIG. 1 is a diagram illustrating a VDI integrated operation management system for providing a digital work environment according to an embodiment of the present invention.

The VDI integrated operation management system for providing a digital work environment according to an embodiment of the present invention illustrated in FIG. 1 is a system for providing a virtual desktop infrastructure (VDI) service in a network separation environment separated from the Internet and a business network, enabling digital work using a virtual machine (VM), and can be implemented to satisfy the secure communication function required by a security function certification certificate of a country or public institution in order to strengthen the security function. Digital work is work performed in a network separation environment, and in the embodiment of the present invention, examples thereof include telecommuting and remote work.

A VDI service may include a technology that virtualizes another desktop that operates within an actual operating computer and provides it as a user environment by linking it with a VDI integrated operation management server (400).

Referring to FIG. 1, a VDI integrated operation management system for providing a digital work environment according to an embodiment of the present invention may include an administrator terminal device (100), a user terminal device (200), a VDI server (300), and a VDI integrated operation management server (400).

The administrator terminal device (100) may be a computing device for the administrator to access the VDI integrated operation management server (400) or a user interface such as a keyboard connected to the VDI integrated operation management server (400).

The user terminal device (200) can install and execute a user digital work program (or application) and a user agent provided by the VDI integrated operation management server (200) for digital work services in memory (not shown).

The digital work program for users can be linked with the digital work program for administrators and the VDI program.

The user terminal device (200) can provide a user portal to execute a user digital work program, enable the user to log in to the VDI integrated operation management server (400), access the assigned virtual desktop (i.e., virtual machine), display the virtual desktop screen, and perform work through the virtual desktop. That is, the user digital work program can provide a user portal to enable work to be performed in a virtual desktop environment.

The user agent is an agent that is linked with an agent of a virtual desktop (hereinafter referred to as a 'VD agent') assigned to a user terminal device (200), and can detect and block a security violation event occurring in the user terminal device (200). The security violation event includes an event of capturing a work-related screen displayed on a virtual desktop, and an event of collecting key input information (such as a password and key information) through an illegal program. Therefore, the user agent can provide a screen capture prevention function and a key logging prevention function to prevent key information leakage when accessing a virtual desktop.

The VDI server (300) provides an infrastructure for providing virtual desktops to multiple users. The VDI server (300) can execute a VDI program to individually assign virtual desktops to each user and activate a VD agent that links with the virtual desktops assigned to the users.

The VD agent can perform integrity verification while the virtual desktop is booting, and store the event result of performing the integrity verification in the DB (470). In detail, the VD agent can receive data required for integrity verification by calling the API (Application Programming Interface) of the VDI integrated operation management server (400) while the virtual desktop to be assigned to the user is booting, and can receive a list of multiple files from the DB (470).

Data required for integrity verification received from the VDI integrated operation management server (400) may include at least one of a whitelist and a blacklist. A plurality of file lists received from the DB (470) include executable files, setting values, processes, libraries, etc., and each has a file name and a HASH ID.

The VD agent performs integrity verification by comparing the hash IDs of multiple file lists with at least one of the whitelist and blacklist to determine whether the hash ID has been changed, and can store the integrity verification result in the audit record table of the DB (470) via the API. This is because the hash ID also changes when hacking, virus intrusion, or forced change of the executable file occurs.

If the integrity verification result is determined to be free of abnormalities, i.e., if the hash ID is determined to have not been changed, the DDC (Desktop Delivery Controller) server (not shown) can transmit the integrity verification result received from the VD agent to the VDI integrated operation management server (400). The VDI integrated operation management server (400) causes a screen for logging into a virtual desktop to be displayed on the user terminal device (200).

The DDC server (not shown) can assign a booted virtual desktop to the user terminal device (200) and connect the user session with the assigned virtual desktop since user authentication has been completed in the AD (Active Directory) server (not shown).

The VDI integrated operation management server (400) performs user authentication by transmitting the user ID and password entered by the user to the AD server (not shown). When the user authentication is completed, the DDC server (not shown) connects the booted virtual desktop and the user session, thereby allowing the VDI server (300) to provide a virtual desktop environment to the user terminal device (200), and the user terminal device (200) to remotely connect to the virtual desktop and display the screen of the virtual desktop.

The user performs a desired task through a screen displayed on the user terminal device (200). While the user accesses the virtual desktop through the user terminal device (200) and performs the task, the VD agent monitors whether a security-related event occurs, and if a security-related event occurs, it can perform virtual desktop control.

Security-related events include, for example, attempts to change an IP (Internet Protocol) assigned to a virtual desktop, attempts to share a non-shareable folder, and attempts to execute a non-executable file, and may be caused by a user terminal device (200) or hacking, viruses, etc. When a security-related event is detected, the VD agent may control the virtual desktop by blocking IP changes, blocking folder sharing, or preventing execution of files.

Meanwhile, the VDI integrated operation management server (400) operates and manages security solutions, digital work solutions, and VDI operation management solutions in an integrated manner to provide digital work services, thereby increasing not only the convenience of users' work but also the convenience of administrators' work.

The VDI integrated operation management server (400) can install and execute a digital business program for administrators to provide digital business services. The digital business program for administrators is a virtual environment integrated operation management solution that provides an administrator portal for automatic provisioning and operation management by linking with a digital business program for users, a DDC server program, an AD server program, and a VDI program.

The VDI integrated operation management server (400) comprehensively provides a user management function linked with an AD server (not shown) by executing a digital work program for administrators, a monitoring function for stable operation and fault management, and an internal/external security enhancement function, and can provide a solution that facilitates user accessibility from various browsers as a Java-based web application.

In addition, the VDI integrated operation management server (400) can provide a virtualization environment integrated operation management solution that enables resource management in a single space for comprehensive and efficient operation management of virtualized IT resources by executing a digital work program for administrators, and supports life cycle management of virtualized systems and images. In particular, in preparation for security-related incidents and accidents such as data leaks through virtual desktops and illegal acquisition of key information by illegal program installation, it can provide account management for authenticated users, a system protection function for integrity damage caused by illegal hacking, a function to prevent forced termination of key processes, and an encryption function to prevent information leaks through plaintext communication between each component.

To this end, the VDI integrated operation management server (400) may include a connection security module (410), an integrated management module (420), a digital business analysis module (430), a digital business collaboration module (440), a streaming module (450), a VDI management module (460), and a DB (470).

The connection security module (410) can be operated or managed to perform user authentication for the user's login information received from the user terminal device (200) to access the virtual desktop. The connection security module (410) can provide security of a remotely accessing terminal (user terminal device (200) or virtual desktop), user security using a user authentication protocol, and screen security functions.

First, regarding the remote access terminal security function, the access security module (410) can provide an SSO (Single Sign On) service using login information (e.g., ID and password) received from the user terminal device (200).

Figure 2 is an example diagram for explaining the SSO service in digital work of the connection security module (410).

Referring to FIG. 2, the connection security module (410) can provide an SSO service for integrated login to a VDI integrated operation management server (400) and a VDI server (300) that provides a terminal control server (e.g., a DDC server or an AD server), a VDI management portal, and VPN (Virtual Private Network) tunneling for encrypted communication, VPN pre-authentication, and a VDI management portal using login information entered when the initial virtual desktop is booted.

In addition, the connection security module (410) can provide a dynamic authentication service to enable authentication when using a number of applications (e.g., collaboration tools) and services provided by the present invention using input login information.

In addition, the connection security module (410) stores login information used in the authentication procedure in the form of a token in the SSO Daemon through PAM (Pluggable Authentication Modules), and the stored token can be managed or processed so that it can be utilized in the execution of the integrated business portal and VDI.

Figure 3 is a diagram explaining VPN pre-authentication using VPN tunneling.

Referring to FIG. 3, the connection security module (410) can perform VPN pre-authentication in order to prevent security risks that may arise in advance due to external intrusions such as hacking or malware of an external remote access terminal device attempting to connect to a user terminal device (200) or a virtual desktop. The connection security module (410) can establish a VPN tunneling through a network connected at the kernel level immediately after the Network Service Deamon is driven during the booting process of the user terminal device (200) or the virtual desktop to be allocated to the user terminal device (200) for pre-authentication of the VPN. Through the connected VPN tunneling, the remaining Service Deamon required for booting is driven after the integrity check, and the OS Shell that allows the user's operation is executed, and the terminal OS is completely driven.

Next, regarding the user security and screen security functions using the user authentication protocol, the access security module (410) can perform OAuth/OIDC (Open Authorization / OpenID Connect)-based authentication.

Figure 4 is a conceptual diagram explaining the authentication operation when the OIDC protocol is added on top of OAuth 2.0.

Referring to FIG. 4, the connection security module (410) can provide an open standard protocol that can authenticate the user login information of the application without providing it to an external app. That is, the connection security module can request authentication from or to another application so that resources and services can be provided between them. This is an Authorization Code Grant method that allows the use of a linked app without a separate login when a refresh token is permanently stored on the server, and can easily process authentication at a higher layer based on the OAuth 2.0 protocol. OIDC requests a service by transmitting an Access Token and an ID Token to an application server, and since it stores user information in an encrypted token through JWT (JSON Web Token) and has user information in the ID Token, API calls are unnecessary, so the number of calls can be reduced.

Next, regarding the screen security function, the connection security module (410) can insert a watermark into the content using its own screen transmission protocol rather than the MS RDP (Remote Desktop Protocol) used in existing VDI solutions and then transmit it to the user terminal device (200).

Figure 5 is an example diagram explaining the screen security function.

Referring to FIG. 5, when a user requests image downloading from a virtual desktop, the connection security module (410) requests the watermark engine to insert a watermark, and the virtual desktop can download the image with the watermark inserted to the user terminal device (200). This makes it possible to fundamentally block document forgery and alteration in the user terminal device (200).

In addition, the connection security module (410) can analyze whether the user is abnormally connected by inputting the user's connection log into the connection abnormality detection model. The connection abnormality detection model is an artificial intelligence model that can detect whether there is an abnormal connection by learning the connection log data of a plurality of users. The connection security module (410) can detect abnormal connection logs by inputting a plurality of connection log data, such as the user's login pattern, the location where the user is logged in, and the IP change of the terminal that is logged in, into the connection abnormality detection model. If it is detected that the user is abnormally connected, the connection security module (410) can disconnect the connected user session or block the user's login.

In addition, the connection security module (410) can strengthen security authentication by allowing login using a SNS (Social Network Service)-based biometric authentication method or supporting vOTP (Virtual One Time Password) method.

Referring back to FIG. 1, the integrated management module (420) manages user policies set for users and administrator policies set for administrators, and can manage user terminal devices (200) remotely connected to virtual desktops and VDI servers (300) that provide virtual desktops. For example, the user policy can disconnect a session if no logs, events, etc. occur from the user terminal device (200) for a set period of time.

In addition, the integrated management module (420) can support operational automation using RPA (Robot Process Automation). [Table 1] shows an example of operational automation support using RPA.

Referring to [Table 1], the integrated management module (420) can automate the operation of checking the resource usage rate of the VDI integrated operation management server (400), managing remote access of the user terminal device (200), checking for abnormalities in the virtual desktop when providing a virtual desktop service, and identifying virtual desktop access failures using the RPA method.

The digital work analysis module (430) can analyze digital work data generated while a user is working by accessing a virtual desktop through a user terminal device (200).

The digital work analysis module (430) inputs digital work data including at least one of the user's mouse and keyboard usage log, network usage data, and access IP (Internet Protocol) from the user terminal device (200) into a work pattern analysis model to analyze the user's work pattern and whether the user's abnormal behavior occurs. The work pattern analysis model is a machine learning-based data analysis model created by learning the user's mouse and keyboard usage log, network usage data, and access IP that occurred in the past, and can detect not only the user's work start and end times, but also abnormal behavior and abnormal work that deviate from the user's normal work pattern. For this purpose, the user's normal work pattern can be pre-learned.

The digital work analysis module (430) can report to the access security module (410) if the work pattern analysis model determines that an abnormal behavior has occurred based on the analysis of digital work data. The access security module (410) analyzes the report and, if the abnormal behavior occurring in the user terminal device (200) is an illegal data leak, can insert a watermark into the data where an illegal data leak was attempted or request the virtual desktop to block the data leak at the source.

The digital work collaboration module (440) may provide a number of collaboration tools to provide a cloud-based collaborative work environment and may provide a work management application that manages work for each user.

Figure 6 is a diagram illustrating a number of collaboration tools and work management applications.

Referring to Figure 6, multiple collaboration tools include messengers, notes, drives, and calendars, and the task management app refers to a task management application.

Messenger can provide communication support between workers, that is, users, transmission and storage of images, videos, files, etc., real-time notifications when messages are received, linkage with external apps through webhooks, and real-time messaging through web sockets.

Notes can provide users with simple notes, an editor (e.g. HTML) for writing notes, note management using chapter or page divisions, history saving, external sharing of notes, and downloading functions.

Drive can provide upload, download, rename, preview, and share files externally via URL for files and folders.

The calendar can provide functions such as registering and managing a user's personal schedule, registering and managing the schedule of a group to which the user belongs, linking and sharing external calendars in iCal data format, and schedule notifications through the scheduler.

Figure 7 is an example screen of a business management application.

Referring to Fig. 7, the work management application can assign work between users and provide individual work management functions. In detail, the work management application creates a group by project unit to enable user task registration and management. The work management application can define user work by task unit, set a person in charge, and manage the status of the task (to-do, in progress, completed, on hold, etc.). In addition, the work management application allows detailed progress to be shared with department members or group members through comments, files, and to-dos written by other users by task. Individual users or groups can grasp the progress of the work in real time through the status of the task.

In addition, the digital work collaboration module (440) can support work automation by linking multiple collaboration tools and work management applications using the RPA method while the user is working using multiple collaboration tools and work management applications.

Figure 8 is a diagram to explain the integrated work automation support by linking functions between RPA, collaboration tools, and collaboration apps.

Referring to FIG. 8, the digital work collaboration module (440) can automatically share the schedule by notifying person in charge A and person in charge B of the work to be processed when the time to start work on the calendar has arrived by using the RPA function. In addition, when person in charge A completes the work processing, the digital work collaboration module (440) can automatically share or automatically transfer the work processing results to person in charge B by using the RPA function, and support communication between person in charge A and B.

In addition, the digital business collaboration module (440) can automatically request decision-making from persons in charge A and B using the RPA function, automatically link to a video conference to provide a non-face-to-face meeting for decision-making, and automatically record shared opinions, meeting history, etc. in notes to manage history.

In addition, the digital business collaboration module (440) can use RPA functions to store and manage work processing results, decision-making results, etc. in a drive and set/support data sharing between personnel.

In addition, the digital work collaboration module (440) can automatically register as a task of the work management application when user intervention is required during RPA work by utilizing the RPA function. As a result, a new task can be automatically registered in the To-Do list of Fig. 7. When the task status of the person in charge (i.e., the user) is changed to Complete, the digital work collaboration module (440) can automatically re-perform a different or identical RPA task.

In addition, the digital work collaboration module (440) can provide task notifications to the person in charge when a work bottleneck occurs by using a messenger bot account among RPA functions, thereby resolving the work bottleneck.

Figure 9 is a drawing illustrating an intelligent document integrated management platform supported by a digital business collaboration module (440).

Referring to FIG. 9, the digital business collaboration module (440) can further perform an intelligent document integration management function. The digital business collaboration module can process documents with various extensions so that multiple users can co-edit them in real time on the cloud. For example, when a group wants to co-edit a Korean document, if person in charge 1 changes the font, the digital business collaboration module (440) can share the changed font with other people in the group on the screen, and manage the history of changes made by multiple people in charge and the conversion authority of each person in charge.

Referring back to FIG. 1, the streaming module (450) can record all user operations, including commands occurring in the user terminal device (200) while the user terminal device (200) is connected to the virtual desktop and working, and operations of the virtual desktop performed by the user commands. For example, all user operations, such as the user's typing status, the name of the executed program, and data read by the virtual desktop from the DB (470), can be recorded. In the event of a security incident in the virtual desktop in the future, the user operations recorded by the streaming module (450) can be used by the connection security module (410) or the integrated management module (420) to trace back past history to determine whether the user has issued a command related to a security breach.

The VDI management module (460) can manage the VDI server (300) that provides independent virtual desktops for each user based on multi-tenancy. The VDI management module (460) can control the configured hypervisor, broker service, and AD, and manage the life cycle (VM LifeCycle) of the virtual desktop. For example, the VDI management module (460) provides a Daas (Device as Service) VDI service based on multi-tenancy, and at this time, XenServer, vSphere, or Acropolis can be used as the hypervisor, but this is only an example and is not limited thereto.

FIG. 10 is a conceptual diagram for explaining the overall operation of a VDI integrated operation management system for providing a digital work environment according to an embodiment of the present invention described above.

Referring to Fig. 10, when a user terminal device (200) accesses a VDI integrated operation management server (400), the VDI integrated operation management server (400) performs user authentication by strengthening the security authentication method, and at this time, if abnormal access is detected based on AI, user access can be blocked. The VDI integrated operation management server (400) controls a multi-tenancy-based VDI server (300), and the VDI server (300) allocates a virtual desktop (VD) to a user.

A user performs digital work by accessing a virtual desktop and work server (10) through a user terminal device (200), and at this time, the VDI integrated operation management server (400) can analyze the user's work pattern based on AI and detect abnormal work.

In addition, when a video conference is in progress, the VDI integrated operation management server (400) can record the video conference streaming in conjunction with the video conference server (20), store it in the DB (470), compress the stored streaming in the streaming server (30), and then transmit it to the user terminal device (200).

Therefore, the VDI integrated operation management system, or VDI integrated operation management server (400) for providing a digital work environment according to the embodiment of the present invention described above can provide a security authentication function (SNS/vOTP), a multi-tenancy support function, a DasS-based VDI management function, a VM LifeCycle management function, an access statistics/history management function, a work pattern analysis function, and a PC/VM integrated security management function in an integrated manner.

FIG. 11 is a flowchart schematically illustrating a VDI integrated operation management method for providing a digital work environment according to an embodiment of the present invention.

The VDI integrated operation management method illustrated in FIG. 11 can be operated by the VDI integrated operation management server (400) described with reference to FIGS. 1 to 10, and a detailed description thereof is omitted as it has been described above.

Referring to FIG. 11, the connection security module (410) of the VDI integrated operation management server (400) performs user authentication on the user's login information received from the user terminal device (200), and when the authentication is completed, the user terminal device (200) can be processed to connect to the virtual desktop (S1110).

Step S1110 provides an SSO service using login information received from a user terminal device (200), and inputs the user's access log into an access abnormality detection model to analyze whether the user's access is abnormal.

The VDI management module (460) can assign a virtual desktop to an authenticated user terminal device (200) and manage the VDI server providing the virtual desktop based on a multi-tenancy basis (S1120).

The digital work analysis module (430) can analyze digital work data generated while a user is working by accessing a virtual desktop through a user terminal device (200) (S1130).

Step S1130 inputs digital work data including at least one of the user's mouse and keyboard usage log, network usage data, and access IP generated from the user terminal device (200) into a work pattern analysis model to analyze the user's work pattern and whether the user's abnormal behavior (e.g., illegal downloading, screen capture, etc.) occurs.

In addition, in step S1130, if it is determined that an abnormal behavior has occurred as a result of analyzing digital business data, the digital business analysis module (430) reports it to the access security module (410), and if the abnormal behavior is an illegal data leak, the access security module (410) can insert a watermark into the data from which an illegal data leak was attempted, or can block the data leak at the source.

The digital work collaboration module (440) can provide a number of collaboration tools to provide a cloud-based collaborative work environment, and can provide a work management application that manages work for each user to enable collaboration between users (S1140). Step S1140 can support work automation by linking a number of collaboration tools and work management applications using RPA (Robot Process Automation) while the user is working using a number of collaboration tools and work management applications.

The streaming module (450) can record user commands and operations of the virtual desktop performed by the user commands while steps S1130 and S1140 are performed, that is, while the user terminal device (200) is connected to the virtual desktop and working (S1150).

The integrated management module (420) manages the user policy set for the user and the administrator policy set for the administrator while steps S1110 to S1150 are performed, and can manage the server status for digital work such as the status of the user terminal device (200) remotely connected to the virtual desktop, the virtual desktop, and security (S1160). Step S1160 can automate operations using RPA to check the resource usage rate of the server (300, 400), manage remote access of the user terminal device (200), check for abnormalities when providing virtual desktop services, and identify virtual desktop access failures.

In the above, even though all the components constituting the embodiments of the present invention have been described as being combined as one or combined and operating, the present invention is not necessarily limited to these embodiments. That is, within the scope of the purpose of the present invention, all of the components may be selectively combined and operating one or more times. In addition, although all of the components may be implemented as independent hardware, some or all of the components may be selectively combined and implemented as a computer program having a program module that performs some or all of the functions combined in one or more hardware. The codes and code segments constituting the computer program may be easily inferred by a person skilled in the art of the present invention. Such a computer program may be stored in a computer-readable storage medium and read and executed by a computer, thereby implementing the embodiments of the present invention.

Meanwhile, although the preferred embodiments have been described and illustrated to illustrate the technical idea of the present invention, the present invention is not limited to the configuration and operation as illustrated and described, and those skilled in the art will understand that many changes and modifications can be made to the present invention without departing from the scope of the technical idea. Accordingly, all such appropriate changes and modifications and equivalents should be considered to fall within the scope of the present invention. Accordingly, the true technical protection scope of the present invention should be determined by the technical idea of the attached claims.

100: Administrator terminal device
200: User terminal device
300: VDI Server
400: VDI Integrated Operation Management Server

Claims (9)

In the integrated operation management server of VDI (Virtual Desktop Infrastructure) that provides a digital work environment,
A connection security module that performs user authentication on the user's login information received from the user terminal device to connect to a virtual desktop;
An integrated management module that manages user policies set for users and administrator policies set for administrators, and manages user terminal devices and virtual desktops remotely connected to the virtual desktop;
A digital work analysis module that analyzes digital work data generated while a user is working by accessing a virtual desktop through the user terminal device; and
A VDI management module that manages a VDI server that provides independent virtual desktops for each user based on multi-tenancy; including:
The above digital business analysis module,
A VDI integrated operation management server for providing a digital work environment, characterized in that the digital work data including at least one of the user's mouse and keyboard usage log, network usage data, and connection IP (Internet Protocol) from the user terminal device is input into a work pattern analysis model to analyze the user's work pattern and occurrence of the user's abnormal behavior, and compare and analyze it with machine learning-based data generated by learning the user's previous mouse and keyboard usage log, network usage data, and connection IP to detect abnormal behavior and abnormal work. In the first paragraph,
The above connection security module,
A VDI integrated operation management server for providing a digital work environment, characterized by providing an SSO (Single Sign On) service using login information received from a user terminal device and analyzing whether the user's access is abnormal by inputting the user's access log into an access abnormality detection model.
In the first paragraph,
The above integrated management module,
A VDI integrated operation management server for providing a digital work environment characterized by automating operations using RPA (Robot Process Automation) to check server resource usage, manage remote access of the user terminal device, check for abnormalities when providing virtual desktop services, and identify virtual desktop access failures.
delete In the first paragraph,
The above digital business analysis module,
If it is determined that an abnormal behavior has occurred as a result of analyzing the above digital business data, it is reported to the access security module.
The above connection security module,
A VDI integrated operation management server for providing a digital work environment characterized by inserting a watermark into the data from which the illegal data leakage was attempted or blocking the data leakage at the source if the above abnormal behavior occurred is an illegal data leakage. In the first paragraph,
A streaming module that records user commands and operations of a virtual desktop performed by the user commands while the user terminal device is connected to the virtual desktop and working;
A VDI integrated operation management server for providing a digital work environment characterized by including more.
In the first paragraph,
A digital work collaboration module that provides a number of collaboration tools to provide a cloud-based collaborative work environment and a work management application that manages work for each user;
A VDI integrated operation management server for providing a digital work environment characterized by including more.
In Article 7,
The above digital business collaboration module,
A VDI integrated operation management server for providing a digital work environment, characterized in that it supports work automation by linking a plurality of collaboration tools and work management applications using RPA (Robot Process Automation) while the user works using the plurality of collaboration tools and work management applications.
In the VDI (Virtual Desktop Infrastructure) integrated operation management method of the integrated operation management server that provides a digital work environment,
(A) A step in which the connection security module of the above VDI integrated operation management server performs user authentication on the user's login information received from the user terminal device to connect to the virtual desktop;
(B) A step in which the VDI management module of the VDI integrated operation management server allocates a virtual desktop to the user terminal device and manages the VDI server providing the virtual desktop based on a multi-tenancy basis;
(C) A step in which the digital work analysis module of the above VDI integrated operation management server analyzes digital work data generated while the user accesses the virtual desktop through the user terminal device and works;
(C-1) If it is determined that an abnormal behavior has occurred as a result of analyzing digital business data, it is reported to the access security module, and if the abnormal behavior is an illegal data leak, a watermark is inserted into the data where an illegal data leak was attempted and the data leak is blocked at the source; and
(D) A step in which the integrated management module of the above VDI integrated operation management server manages user policies set for users and administrator policies set for administrators, and manages user terminal devices and virtual desktops remotely connected to the above virtual desktops;
A VDI integrated operation management method for providing a digital work environment including .

Images