Implementation method for security private cloud system

Abstract

The invention relates to an implementation method for a security private cloud system. A HOST performs packet filtering and port mapping by adopting an UBUNTO system and a firewall and using a NETFILTER architecture technology. A message digest 5 (MD5), a secure hash algorithm 1 (SHA-1) or the like is adopted by the code authentication of a GUEST. The system is divided into different virtual distributed Ethernets (VDE) according to different requirements of virtual machines and users by setting a new physical frame based on a public key infrastructure (PKI) technology and a username and Internet protocol (IP) address binding technology, illegal information transmission among the GUEST, the HOST and the GUEST is prevented by a packet filtering technology, only the GUEST accessing of a remote desktop is opened by utilizing a random port technology, own remote desktop software of the user is installed at the user and monitored to be run only once to ensure that the resources of the user cannot be shared by the GUEST, and a printscreen key shielding technology is adopted, thereby ensuring that the information of the GUEST only can be accessed by legal users in a range specified by the system.

Description

technical field [0001] The invention relates to the technical field of cloud systems, in particular to a method for realizing a secure private cloud system. Background technique [0002] Private clouds are built for the sole use of one customer, thus providing the most effective control over data, security and quality of service. Private clouds can be deployed inside the firewall of the enterprise data center, or they can be deployed in a secure hosting place, which can be built by the company's own IT organization or by the cloud provider; in this "hosted private" model , Cloud computing providers like Sun and IBM can install, configure and operate infrastructure to support a private cloud in a company's enterprise data center. This model gives the company a very high level of control over cloud resource usage, while Bring the expertise needed to set up and operate that environment. [0003] Virtualization can make full use of the resources of the computer system, but the...

AI Technical Summary

Problems solved by technology

[0003] Virtualization can make full use of the resources of the computer system, but the security issues caused by it have always been the focus of research. Due to the overall physical connectivity of the cloud system, the security of the cloud system is a very complex and difficult problem to solve.

The traditional private cloud security problem is to install a firewall on each virtualized machine and use the GUEST login function for user identity authentication. The biggest problem with these results is: ① Unable to prevent unauthorized transmission of files on the same intranet; ② Unable to Control unauthorized users to access the designated GUEST; ③ Unable to control the unauthorized transfer of files between users and GUEST; ④ Unable to prevent unauthorized users from accessing GUEST remote desktop; ⑤ Unable to ensure that illegal users directly access the HOST The entire GUEST virtual file is directly and illegally copied to the computer of unauthorized users, which has a great impact on the large-scale popularization of private clouds

Although the use of traditional network security technologies such as VLAN, VPN, SSH login, firewall, and identity authentication can prevent the access of illegal external users, it cannot prevent legitimate users from sending and receiving unauthorized network data packets, unauthorized file transfers, Unauthorized transfer of files across domains and unauthorized sending and receiving of network data packets across domains directly affect the security of private clouds

Images