Redirection method and device of USB device, electronic device and medium

Abstract

This specification provides a method, apparatus, electronic device, and medium for redirecting a USB device. The method includes: receiving a virtual application launch request sent by a terminal via a cloud desktop channel, the terminal being connected to a USB device; sending a session connection request to an application server based on the virtual application access request, the session connection request including a virtual application identifier, to establish a session between the application server and the cloud desktop server, creating a virtual USB channel bound to the session identifier, and launching the virtual application; and sending a USB redirection command message corresponding to the USB device to the application server via the virtual USB channel, the USB redirection command message including the session identifier.

Description

Technical Field

[0001] This specification relates to the field of cloud desktop technology, and in particular to methods, apparatus, electronic devices and media for redirecting USB devices. Background Technology

[0002] Cloud computing technology is advancing rapidly, and VDI (Virtual Desktop Infrastructure), or cloud desktops, is now widely used across various industries. To improve customer experience, reduce costs, and increase server concurrency, virtual application technology is also being rapidly adopted in the virtualization field. During the localization of cloud desktop technology, many business systems still rely on Windows applications. Because the kernels of domestically developed cloud desktop systems differ from those of Windows systems, if a virtual application from a Windows system is embedded within a domestically developed cloud desktop, that virtual application cannot access the USB (Universal Serial Bus) device on the cloud desktop terminal. Summary of the Invention

[0003] To overcome the problems existing in related technologies, this specification provides methods, apparatus, electronic devices and media for redirecting USB devices.

[0004] According to a first aspect of the embodiments of this specification, a method for redirecting a USB device is provided, applied to a cloud desktop server. The method includes: receiving a virtual application launch request sent by a terminal through a cloud desktop channel, the terminal being connected to a USB device; sending a session connection request to an application server according to the virtual application access request, the session connection request including a virtual application identifier of the virtual application, so as to establish a session between the application server and the cloud desktop server, creating a virtual USB channel bound to the session identifier, and launching the virtual application; and sending a USB redirection command message corresponding to the USB device to the application server through the virtual USB channel, the USB redirection command message including the session identifier.

[0005] According to a second aspect of the embodiments of this specification, a method for redirecting a USB device is provided, applied to an application server. The method includes: receiving a session connection request sent by a cloud desktop server, the session connection request including a virtual application identifier; establishing a session with the cloud desktop server according to the session connection request, creating a virtual USB channel bound to the session identifier, and starting a virtual application corresponding to the virtual application identifier; receiving a USB redirection command message sent by the cloud desktop server through the virtual USB channel, the USB redirection command message corresponding to a USB device of a terminal, the USB command message including the session identifier; and redirecting the USB device to the application server according to the USB redirection command message.

[0006] According to a third aspect of the embodiments of this specification, a USB device redirection apparatus is provided, applied to a cloud desktop server. The apparatus includes: a startup request receiving module, configured to receive a virtual application startup request sent by a terminal through a cloud desktop channel, the terminal being connected to a USB device; a session connection request sending module, configured to send a session connection request to an application server according to the virtual application access request, the session connection request including a virtual application identifier of the virtual application, so that the application server establishes a session with the cloud desktop server, creates a virtual USB channel bound to the session identifier, and starts the virtual application; and a USB redirection command message sending module, configured to send a USB redirection command message corresponding to the USB device to the application server through the virtual USB channel, the USB redirection command message including the session identifier.

[0007] According to a fourth aspect of the embodiments of this specification, a USB device redirection apparatus is provided, applied to an application server. The apparatus includes: a session connection request receiving module, configured to receive a session connection request sent by a cloud desktop server, the session connection request including a virtual application identifier; a session processing module, configured to establish a session with the cloud desktop server according to the session connection request, create a virtual USB channel bound to the session identifier, and start a virtual application corresponding to the virtual application identifier; a USB redirection command message receiving module, configured to receive a USB redirection command message sent by the cloud desktop server through the virtual USB channel, the USB redirection command message corresponding to a USB device of a terminal, the USB command message including the session identifier; and a redirection module, configured to redirect the USB device to the application server according to the USB redirection command message.

[0008] According to a fifth aspect of the embodiments of this specification, an electronic device is provided, comprising: processor; Memory used to store processor-executable instructions; The processor is configured to execute the USB device redirection method of the first aspect, the second aspect, or any corresponding embodiment thereof described above.

[0009] According to a sixth aspect of the embodiments of this specification, a computer-readable storage medium is provided, the computer-readable storage medium storing computer instructions, the computer instructions being configured to cause a computer to perform the USB device redirection method of the first aspect, the second aspect, or any corresponding embodiment thereof described above.

[0010] The technical solutions provided in the embodiments of this specification may include the following beneficial effects: In the embodiments described in this specification, by redirecting the USB device of the redirected cloud desktop back to the application server, virtual applications in the application server can access the USB device. The USB device can penetrate two layers of virtualization environments, solving the USB device compatibility issue in cross-platform convergence scenarios.

[0011] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this specification. Attached Figure Description

[0012] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this specification and, together with the description, serve to explain the principles of this specification.

[0013] Figure 1 This is a schematic diagram of a system architecture illustrated in this specification according to an exemplary embodiment.

[0014] Figure 2 This is a flowchart illustrating a method for redirecting a USB device according to an exemplary embodiment.

[0015] Figure 3A This is a flowchart illustrating a method for redirecting a USB device according to another exemplary embodiment of this specification.

[0016] Figure 3B This is a flowchart illustrating a method for redirecting a USB device according to another exemplary embodiment of this specification.

[0017] Figure 4 This is a hardware structure diagram of a computer device containing the redirection device of a USB device in an embodiment of this specification.

[0018] Figure 5 This is a block diagram illustrating a USB device redirection device according to an exemplary embodiment of this specification.

[0019] Figure 6 This specification illustrates a block diagram of another USB device redirection device according to an exemplary embodiment. Detailed Implementation

[0020] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numerals in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this specification. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this specification as detailed in the appended claims.

[0021] The terminology used in this specification is for the purpose of describing particular embodiments only and is not intended to be limiting of this specification. The singular forms “a,” “the,” and “the” as used in this specification and the appended claims are also intended to include the plural forms unless the context clearly indicates otherwise. It should also be understood that the term “and / or” as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.

[0022] It should be understood that although the terms first, second, third, etc., may be used in this specification to describe various information, this information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of this specification, first information may also be referred to as second information, and similarly, second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "when," "when," or "in response to determination."

[0023] The embodiments described in this specification will now be described in detail.

[0024] The following combination Figure 1 The system architecture of the USB device redirection method and apparatus applicable to the embodiments of this specification will be described. It should be noted that... Figure 1 The examples shown are merely examples of system architectures that can be applied to the embodiments of this specification, in order to help those skilled in the art understand the technical content of this specification, but do not mean that the embodiments of this specification cannot be used in other devices, systems, environments or scenarios.

[0025] Figure 1 This is a schematic diagram of a system architecture illustrated in this specification according to an exemplary embodiment.

[0026] like Figure 1 As shown, the system architecture may include, for example, terminal devices (terminals), cloud desktop servers, and application servers.

[0027] Cloud desktop servers can be used to run cloud desktops. Virtual applications can be nested within cloud desktops, and these virtual applications can run within the application server's operating system. Terminals can connect to these virtual applications via clients, just like opening applications on a local system. Compared to cloud desktops, cloud servers are more lightweight and offer higher concurrency.

[0028] The terminal can be any electronic device with a display screen and web browsing support, including but not limited to smartphones, tablets, laptops, and desktop computers. Various communication client applications, such as cloud desktop clients, can be installed on the terminal. The terminal can connect to USB devices, such as USB key devices, dongles, card readers, USB cameras, USB storage devices, etc.

[0029] The terminal and the cloud desktop server can be connected directly or indirectly; this specification does not impose specific limitations on this. For example, in this embodiment, the terminal and the cloud desktop server can be connected via a gateway. The gateway acts as middleware or a proxy server, responsible for transmitting messages between the terminal and the cloud desktop server.

[0030] The operating systems of cloud desktop servers and application servers can differ. For example, cloud desktop servers may be based on Linux kernel-based operating systems, such as UOS or Kylin. Application servers may be based on Windows Server operating systems. Windows Server is a multi-user system that supports multiple users simultaneously, and remote access is provided by Microsoft's Remote Desktop Services component. Cloud desktop clients may connect to virtual applications published by the application server based on the VDP (Virtual Desktop Protocol). A USB protocol client can run on the terminal, and a USB server can run on the cloud desktop. A connection is established through the VDP protocol's dedicated peripheral channel, and the terminal's USB device is redirected to the cloud desktop according to peripheral policies.

[0031] According to embodiments of this specification, after a USB device is redirected to a cloud desktop, the USB device in the cloud desktop can be redirected again to the application server so that virtual applications in the application server can access the USB device.

[0032] If the terminal is lost, data will be lost. In order to ensure the data security of virtual applications, according to the embodiments of this specification, a scenario of using virtual applications in a cloud desktop is introduced. That is, the terminal uses the cloud desktop client as the access side, connects to the cloud desktop through a proprietary protocol, accesses virtual applications in the cloud desktop, and the virtual applications can also use the terminal's USB device.

[0033] The USB device redirection method provided in the embodiments of this specification will be described in detail below. For example... Figure 2 As shown, Figure 2 This is a flowchart illustrating a USB device redirection method according to an exemplary embodiment of this specification. The USB device redirection method provided in the embodiments of this specification may include the following steps.

[0034] In step 210, the cloud desktop server receives a virtual application launch request sent by the terminal through the cloud desktop channel. The terminal is connected to a USB device.

[0035] According to embodiments of this specification, a virtual application launch request can be used to launch a virtual application nested within a cloud desktop, the virtual application running on an application server. The cloud desktop channel may, for example, include a VDP channel.

[0036] In step 220, the cloud desktop server sends a session connection request to the application server based on the virtual application access request. The session connection request includes the virtual application identifier of the virtual application.

[0037] According to embodiments of this specification, a session connection request can be used to request an application server to establish a session with a cloud desktop server. The session connection request includes a virtual application identifier for the virtual application and a session identifier corresponding to the cloud desktop terminal. The session identifier can be used to identify the virtual application session; exemplarily, the session identifier may include, for example, a Session ID.

[0038] In step 230, after the application server receives the session connection request sent by the cloud desktop server, it establishes a session with the cloud desktop server according to the session connection request, creates a virtual USB channel bound to the session identifier, and starts the virtual application corresponding to the virtual application identifier.

[0039] According to the embodiments in this specification, a virtual USB channel is a dynamically created new virtual USB channel dedicated to a session identifier for subsequent USB communication.

[0040] In step 240, the cloud desktop server sends a USB redirection command message corresponding to the USB device to the application server through the virtual USB channel.

[0041] According to embodiments of this specification, a USB redirection command message can be used to redirect a terminal's USB device to an application server. The USB redirection command message may include a USB redirection command and a session identifier.

[0042] In step 250, after the application server receives the USB redirection command message sent by the cloud desktop server through the virtual USB channel, it redirects the USB device to the application server according to the USB redirection command message.

[0043] According to embodiments of this specification, by redirecting a USB device to an application server, a virtual application can access a terminal's USB device. The process of redirecting a USB device to an application server may include, for example, binding a session identifier to the USB device and assigning an address to the USB device within a virtual bus scope.

[0044] The USB device redirection method according to the embodiments of this specification redirects the USB device of the redirected cloud desktop back to the application server, thereby enabling virtual applications in the application server to access the USB device. Furthermore, this method supports scenarios where the application server and the cloud desktop server have different operating systems with different kernels. Even if the operating system of the virtual application is different from that of the cloud desktop, the virtual application can still access the terminal's USB device. The USB device can penetrate two layers of virtualization environments, solving the USB device compatibility problem in cross-platform convergence scenarios. Additionally, it eliminates the need to install drivers for the virtual application's operating system at the cloud desktop layer, maintaining a lightweight architecture. For example, the application server's operating system can be a Windows-based operating system, such as Windows Server; the cloud desktop server's operating system can be a Linux-based operating system, such as UOS or Kylin. Therefore, this method can seamlessly integrate domestically developed desktops with Windows ecosystem applications, resolving the pain point of peripheral compatibility and USB device compatibility, and facilitating smooth migration.

[0045] Furthermore, by creating an independent virtual channel for each virtual application session and strictly binding the USB device to the user session through a session identifier, device isolation is achieved during the second-level redirection. This ensures that each user can only access the USB device they have redirected, achieving physical isolation at the communication link level. Even if multiple users use the same type of device on the same server, they are physically and logically isolated, eliminating the possibility of device cross-use and data snooping.

[0046] According to the embodiments of this specification, when a virtual application in the application server needs to access the USB device of the terminal, the application server can send a USB device access request of the virtual application to the cloud desktop server through the virtual USB channel. The USB device access request can be used to request access to the USB device connected to the terminal.

[0047] After receiving a USB device access request from the application server via a virtual USB channel, the cloud desktop server can forward the request to the terminal via the cloud desktop channel. The terminal's USB device then processes the request and obtains the result.

[0048] The terminal can also send the processing results to the cloud desktop server via the cloud desktop channel. The cloud desktop server then sends the processing results and session identifier to the application server via the virtual USB channel. The application server returns the processing results to the virtual application corresponding to the session identifier.

[0049] Optionally, the virtual USB channel can be based on RDP (Remote Desktop Protocol). For example, a cloud desktop server may include an RDP client, and an application server may include an RDP server. An RDP virtual channel can be created between the RDP server and the RDP client as a virtual USB channel.

[0050] Optionally, the application server may include a virtual application agent and a USB service. Based on this, the application server can use the virtual application agent to send USB redirection commands and session identifiers to the USB service; then, using the USB service, if the session identifier matches the USB device, it can process the USB redirection command and obtain the processing result.

[0051] Optionally, after obtaining the processing result, the application server also uses the USB service to send the processing result to the virtual application agent. Then, the virtual application agent uses the virtual USB channel to send the processing result to the cloud desktop server, so that the cloud desktop server can send the processing result to the terminal through the cloud desktop channel.

[0052] Optionally, the application server can use a virtual application agent to create a socket channel with the USB service. Based on this, the virtual application agent can send USB redirection commands and session identifiers to the USB service via the socket channel, and the USB service can send processing results to the virtual application agent via the socket channel.

[0053] In addition, before sending the USB device access request of the virtual application to the cloud desktop server through the virtual channel, the application server can use the virtual application to send the original access request and session identifier for the USB device to the USB service; then, using the USB service, if the session identifier matches the USB device, the session identifier and the original access request and session identifier are sent to the virtual application agent through the virtual USB channel; next, using the virtual application agent, the USB device access request is sent to the cloud desktop server through the virtual USB channel corresponding to the session identifier. The USB device access request includes the original access request and the session identifier.

[0054] Optionally, the virtual application proxy on the application server can reside in user space, while the USB service on the application server can run at the kernel level. When the USB service processes a redirection request, it verifies and binds the session identifier that initiated the request. The virtual application proxy must also carry the correct session identifier when forwarding the request. This provides dual protection through user-space proxy authentication and kernel-space session verification. Even if a malicious user attempts to forge or intercept virtual channel data, they will fail because they cannot pass the kernel-level session identifier verification, greatly enhancing device access security in a multi-tenant environment.

[0055] Based on the foregoing embodiments, the following describes a method for redirecting a USB device in conjunction with another embodiment of this specification.

[0056] According to embodiments of this specification, a USB client can run on the terminal, and a corresponding USB server can run on the cloud desktop server. The USB server in the cloud desktop and the USB client in the terminal can establish a connection through the cloud desktop's dedicated peripheral channel, and the terminal's USB device can be redirected to the cloud desktop according to the management platform's peripheral policy. The dedicated peripheral channel can, for example, be based on the VDP protocol.

[0057] Cloud desktops can also run components such as virtual application proxies, USB clients, and RDP clients (e.g., based on FreeRDP). Cloud desktops can use RDP clients to connect to application servers via the RDP protocol and launch specified virtual applications on the application server. Using an RDP protocol virtual channel, USB clients running on cloud desktops can establish connections with USB servers running on the application server and redirect USB devices back to the application server.

[0058] For example, in this embodiment, the application server can be based on Windows Server. Windows Server is a multi-user operating system. With the help of the system's user session isolation, when the USB service redirects USB devices, it can use the user session identifier to redirect only to the current user session. This achieves the effect of multiple users connecting to virtual applications simultaneously, redirecting multiple USB devices, and isolating and allowing each user to access them independently.

[0059] Cloud desktops can use RDP clients to initiate session connection requests to application servers. Upon receiving the request, the application server creates a session and starts the corresponding virtual application and its agent, vappagent. vappagent is responsible for communicating with the USB service component running on the application server and forwarding messages. vappagent can be a user-space component. Then, vappagent can communicate with the RDP client component in the cloud desktop through the newly created RDP virtual channel.

[0060] The RDP client of the cloud desktop can load a USB client plugin and send USB redirection command messages to the application server through a virtual channel. The vappagent component can read USB commands or data from the virtual channel and forward them to the USB service.

[0061] When a virtual application running on the application server accesses a redirected USB device, the USB service can initiate an access request message to vappagent, which is then forwarded through a virtual channel to the USB client plugin loaded by the RDP client. The USB client plugin then initiates an access request to the physical USB device on the terminal and returns the request result to the remote virtual application.

[0062] like Figure 3A The diagram shown is a flowchart illustrating a method for redirecting a USB device according to another exemplary embodiment. This embodiment describes a process for redirecting a terminal's USB device to a cloud desktop, based on the foregoing embodiments.

[0063] For example, in this embodiment, the terminal includes a cloud desktop client (hereinafter referred to as the client), and the terminal is connected to a USB device. The cloud desktop server includes cloud desktops such as UOS or Kylin, and a USB server can run in the cloud desktop.

[0064] In this embodiment, the client can initiate a desktop connection to the cloud desktop server, and the client and the cloud desktop server will perform a handshake and initialization.

[0065] After a successful handshake, the client can send a VDP protocol channel creation request to the cloud desktop server, and the client and the cloud desktop server will establish a channel.

[0066] After the channel connection is successful, the client can use the VDP protocol channel to initiate a USB connection request to the cloud desktop server, and the cloud desktop server will then establish a USB connection.

[0067] After a successful USB connection, the client can send a USB redirection command message to the cloud desktop server via the protocol channel. This message can include a redirection command word, which is a USB control command and may include device discovery, data transfer, or device control commands.

[0068] The USB service of the cloud desktop can execute redirection commands and send the command execution results to the client.

[0069] After the USB device is redirected to the cloud desktop, the client can interact with the cloud desktop via USB data.

[0070] When a client needs to disconnect, it can send a disconnect request to the cloud desktop to request a break from the cloud desktop. Once the disconnection is complete, the redirection ends.

[0071] Understandably, when the client and the cloud desktop are connected through a gateway, the data exchanged between the client and the desktop server can be forwarded by the gateway.

[0072] According to the embodiments of this specification, after a USB device is redirected to a cloud desktop, the USB device in the cloud desktop can be redirected to the application server again.

[0073] For example, in this embodiment, the cloud desktop server includes cloud desktops such as UOS or Kylin, and USB clients and RDP clients (e.g., rdpclient) can run in the cloud desktop.

[0074] For example, in this embodiment, after the client connects to the cloud desktop and logs in, the cloud desktop's agent program can generate shortcuts for corresponding virtual applications on the cloud desktop's desktop interface according to the virtual application information authorized by the platform policy. The shortcuts may include, for example, information such as the application icon and the application server to which the application belongs, and are associated with the RDP client.

[0075] Users can select virtual application shortcuts on the desktop interface through the client. After selection, the cloud desktop will launch the RDP client, initiate an RDP session connection request to the application server, and launch the corresponding virtual application.

[0076] Based on the platform's virtual application policy, the cloud desktop redirects USB devices in the cloud desktop to the application server.

[0077] like Figure 3B The diagram shown is a flowchart illustrating a method for redirecting a USB device according to another exemplary embodiment. This embodiment describes a process for redirecting a USB device in a cloud desktop to an application server, based on the foregoing embodiments.

[0078] Cloud desktops can use RDP clients to initiate session connection requests to application servers. Upon receiving the request, the application server creates a session and starts the corresponding virtual application and its agent, vappagent. vappagent is responsible for communicating with the USB service running on the application server and forwarding messages. vappagent can be a user-space component. Then, vappagent can create new RDP virtual channels (referred to as virtual channels) specifically for communication between the RDP client and the vappagent user-space process on the application server, transmitting USB control commands and data. The lifecycle of this channel is consistent with the session. This allows for on-demand, dynamic redirection of USB devices within the virtual application.

[0079] vappagent can communicate with the USB service via sockets. When establishing USB redirection initialization, a session identifier is passed to control that USB messages are only redirected to the current user session.

[0080] The cloud desktop's RDP client can load a USB client plugin to send USB redirection command messages to the application server via a virtual channel. These USB redirection command messages include USB command words and / or data. The vappagent component can listen for messages sent by the RDP client through the virtual channel, read the USB command words and / or data from the virtual channel, forward them to the USB service, and then forward the command processing results from the USB service to the cloud desktop via the virtual channel.

[0081] When a virtual application running on the application server accesses a redirected USB device, the USB service can initiate an access request message to vappagent, which is then forwarded through a virtual channel to the USB client plugin loaded by the RDP client. The USB client plugin then initiates an access request to the physical USB device on the terminal and returns the request result to the remote virtual application.

[0082] According to the embodiments in this specification, the USB service on the application server runs at the system kernel level, but when processing redirection requests, it strongly verifies and binds the session identifier that initiated the request. vappagent must also carry the correct session identifier when forwarding requests. This achieves dual protection through user-space proxy authentication and kernel-space session verification. Even if a malicious user attempts to forge or intercept virtual channel data, they will fail because they cannot pass the kernel-level session identifier verification, greatly enhancing device access security in a multi-tenant environment.

[0083] When a client needs to disconnect, the cloud desktop can send a disconnect request to vappagent. Based on the disconnect request, vappagent instructs the USB service to cancel USB redirection. Once the connection is broken, the redirection ends.

[0084] According to the embodiments in this specification, through a two-layer USB redirection of "terminal → cloud desktop → virtual application," the virtual application can access the terminal's USB device even if the operating system of the virtual application is different from that of the cloud desktop. Users can seamlessly use Linux desktop and Windows applications within a single client. The USB device can penetrate both virtualization environments, solving the USB device compatibility problem in cross-platform convergence scenarios. Furthermore, there is no need to install Windows drivers at the Linux desktop layer, maintaining a lightweight architecture.

[0085] Furthermore, by creating an independent virtual channel for each virtual application session and strictly binding the USB device to the user session through a session identifier, device isolation is achieved during the second-level redirection. This ensures that each user can only access the USB device they are redirecting to, achieving physical isolation at the communication link level. Even if multiple users use the same type of device on the same server, they are physically and logically isolated, eliminating the possibility of device cross-use and data snooping. In addition, the management platform can finely control which user can use which type of USB device to redirect to which application in which desktop environment based on policies, achieving full manageability, controllability, and auditability of device access.

[0086] According to the embodiments in this specification, data generated by virtual applications (such as sensitive data from USB device interactions) can be flexibly saved according to platform policies, either on the application server or on the cloud desktop server. All data generated by virtual applications is processed and stored on the server side, not on the terminal, thus preventing data from being stored locally and effectively protecting against data leakage due to terminal loss or theft, thereby improving security. Furthermore, centralized utilization of server resources can increase concurrency density.

[0087] According to the embodiments in this specification, the terminal is only used as a display and input device, so a low-power, low-configuration thin client or old PC can be used as the terminal, thereby saving terminal costs.

[0088] Corresponding to the embodiments of the foregoing methods, this specification also provides embodiments of a USB device redirection device and the terminal to which it is applied.

[0089] The embodiments of the USB device redirection device described in this specification can be applied to computer devices, such as servers or terminal devices. The device embodiments can be implemented in software, hardware, or a combination of both. Taking software implementation as an example, as a logical device, it is formed by the processor reading the corresponding computer program instructions from non-volatile memory into memory for execution. From a hardware perspective, such as... Figure 4 The diagram shown is a hardware structure diagram of a computer device containing a USB device redirection device according to an embodiment of this specification. Except for... Figure 4 In addition to the processor 410, memory 430, network interface 420, and non-volatile memory 440 shown, the server or electronic device where the device 431 is located in the embodiment may also include other hardware depending on the actual function of the computer device, which will not be described in detail here.

[0090] like Figure 5 As shown, Figure 5 This is a block diagram illustrating a USB device redirection device according to an exemplary embodiment of this specification. The device can be applied to a cloud desktop server and includes: The startup request receiving module 510 is used to receive virtual application startup requests sent by the terminal through the cloud desktop channel. The terminal is connected to a USB device. The session connection request sending module 520 is used to send a session connection request to the application server according to the virtual application access request. The session connection request includes the virtual application identifier of the virtual application, so that the application server can establish a session with the cloud desktop server, create a virtual USB channel bound to the session identifier, and start the virtual application. The USB redirection command message sending module 530 is used to send a USB redirection command message corresponding to the USB device to the application server through the virtual USB channel. The USB redirection command message includes a session identifier.

[0091] Accordingly, this specification also provides an electronic device, which includes a processor; a memory for storing processor-executable instructions; wherein the processor is configured to: receive a virtual application launch request sent by a terminal through a cloud desktop channel, the terminal being connected to a USB device; send a session connection request to an application server based on the virtual application access request, the session connection request including a virtual application identifier of the virtual application, so as to enable the application server to establish a session with the cloud desktop server, create a virtual USB channel bound to the session identifier, and launch the virtual application; and send a USB redirection command message corresponding to the USB device to the application server through the virtual USB channel, the USB redirection command message including a session identifier.

[0092] like Figure 6 As shown, Figure 6 This is a block diagram illustrating another USB device redirection device according to an exemplary embodiment of this specification. The device can be applied to an application server and includes: The session connection request receiving module 610 is used to receive session connection requests sent by the cloud desktop server. The session connection request includes a virtual application identifier. The session processing module 620 is used to establish a session with the cloud desktop server according to the session connection request, create a virtual USB channel bound to the session identifier, and start the virtual application corresponding to the virtual application identifier. USB redirection command message receiving module 630 is used to receive USB redirection command messages sent by cloud desktop server through virtual USB channel. The USB redirection command message corresponds to the USB device of the terminal and includes a session identifier. The redirection module 640 is used to redirect USB devices to the application server according to USB redirection command messages.

[0093] Accordingly, this specification also provides an electronic device, which includes a processor and a memory for storing processor-executable instructions; wherein the processor is configured to: receive a session connection request sent by a cloud desktop server, the session connection request including a virtual application identifier; establish a session with the cloud desktop server according to the session connection request, create a virtual USB channel bound to the session identifier, and start the virtual application corresponding to the virtual application identifier; receive a USB redirection command message sent by the cloud desktop server through the virtual USB channel, the USB redirection command message corresponding to the terminal's USB device, the USB command message including a session identifier; and redirect the USB device to the application server according to the USB redirection command message.

[0094] The USB device redirection method according to the embodiments of this specification redirects the USB device of the redirected cloud desktop back to the application server, thereby enabling virtual applications in the application server to access the USB device. Furthermore, this method supports scenarios where the application server and the cloud desktop server have different operating systems with different kernels. Even if the operating system of the virtual application is different from that of the cloud desktop, the virtual application can still access the terminal's USB device. The USB device can penetrate two layers of virtualization environments, solving the USB device compatibility problem in cross-platform convergence scenarios. Additionally, there is no need to install drivers for the operating system of the virtual application at the cloud desktop layer, maintaining a lightweight architecture. For example, the application server's operating system can be a Windows kernel-based operating system, such as Windows Server; the cloud desktop server's operating system can be a Linux kernel-based operating system, such as UOS or Kylin. Therefore, this method can seamlessly integrate domestically developed desktops with Windows ecosystem applications, solving the pain point of USB device compatibility and facilitating smooth migration.

[0095] Furthermore, by creating an independent virtual channel for each virtual application session and strictly binding the USB device to the user session through a session identifier, device isolation is achieved during the second-level redirection. This ensures that each user can only access the USB device they have redirected, achieving physical isolation at the communication link level. Even if multiple users use the same type of device on the same server, they are physically and logically isolated, eliminating the possibility of device cross-use and data snooping.

[0096] According to the embodiments of this specification, the USB device redirection device enables virtual applications in the application server to access the USB device by redirecting the USB device of the redirected cloud desktop back to the application server.

[0097] The specific implementation process of the functions and roles of each module in the above device can be found in the implementation process of the corresponding steps in the above method, and will not be repeated here.

[0098] For the device embodiments, since they basically correspond to the method embodiments, the relevant parts can be referred to in the description of the method embodiments. The device embodiments described above are merely illustrative. The modules described as separate components may or may not be physically separate, and the components shown as modules may or may not be physical modules, that is, they may be located in one place or distributed across multiple network modules. Some or all of the modules can be selected to achieve the purpose of the solution in this specification according to actual needs. Those skilled in the art can understand and implement this without creative effort.

[0099] The foregoing has described specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims may be performed in a different order than that shown in the embodiments and may still achieve the desired result. Furthermore, the processes depicted in the drawings do not necessarily require the specific or sequential order shown to achieve the desired result. In some embodiments, multitasking and parallel processing are possible or may be advantageous.

[0100] Other embodiments of this specification will readily occur to those skilled in the art upon consideration of the specification and practice of the invention claimed herein. This specification is intended to cover any variations, uses, or adaptations that follow the general principles of this specification and include common knowledge or customary techniques in the art not claimed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this specification are indicated by the following claims.

[0101] It should be understood that this specification is not limited to the precise structures described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of this specification is limited only by the appended claims.

[0102] The above description is merely a preferred embodiment of this specification and is not intended to limit this specification. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this specification should be included within the scope of protection of this specification.

Claims

1. A redirection method of a USB device, applied to a cloud desktop server, characterized in that, The method includes: The receiving terminal sends a virtual application launch request through a cloud desktop channel, and the terminal is connected to a USB device; Based on the virtual application access request, a session connection request is sent to the application server. The session connection request includes the virtual application identifier of the virtual application, so that the application server establishes a session with the cloud desktop server, creates a virtual USB channel bound to the session identifier, and starts the virtual application. The USB redirection command message corresponding to the USB device is sent to the application server through the virtual USB channel. The USB redirection command message includes the session identifier.

2. The method of claim 1, wherein, The method further includes: The application server receives a USB device access request from the virtual application sent through the virtual USB channel. The USB device access request is used to request access to the USB device connected to the terminal. The USB device access request is sent to the terminal through the cloud desktop channel.

3. The method of claim 1, wherein, The cloud desktop server includes a Remote Desktop Protocol (RDP) client, the application server includes an RDP server, and the virtual USB channel includes an RDP virtual channel between the RDP server and the RDP client.

4. The method of claim 1, wherein, The application server and the cloud desktop server operate on different kernels.

5. A redirection method of a USB device, applied to an application server, characterized in that, The method includes: Receive a session connection request sent by a cloud desktop server, wherein the session connection request includes a virtual application identifier; Based on the session connection request, establish a session with the cloud desktop server, create a virtual USB channel bound to the session identifier, and start the virtual application corresponding to the virtual application identifier; The terminal receives a USB redirection command message sent by the cloud desktop server through the virtual USB channel. The USB redirection command message corresponds to the USB device of the terminal and includes the session identifier. The USB device is redirected to the application server according to the USB redirection command message.

6. The method according to claim 5, further comprising: The virtual application sends a USB device access request to the cloud desktop server through the virtual USB channel. The USB device access request is used to request access to the USB device connected to the terminal.

7. The method of claim 5, wherein, The application server includes a virtual application proxy and a USB service; before sending the USB device access request of the virtual application to the cloud desktop server through the virtual channel, the method further includes: The virtual application sends a raw access request for the USB device and the session identifier to the USB service. Using the USB service, if the session identifier matches the USB device, The session identifier, along with the original access request and the session identifier, is sent to the virtual application agent via the virtual USB channel. Sending the USB device access request for the virtual application to the cloud desktop server through the virtual channel includes: Using the virtual application proxy, a USB device access request is sent to the cloud desktop server through a virtual USB channel corresponding to the session identifier. The USB device access request includes the original access request and the session identifier.

8. The method of claim 5, wherein, The USB redirection command message also includes a USB redirection command. The application server includes a virtual application agent and a USB service. Redirecting the USB device to the application server according to the USB redirection command message includes: The virtual application agent is used to send the USB redirection command and the session identifier to the USB service; Using the USB service, the USB redirection command is processed if the session identifier matches the USB device, and a processing result is obtained; The method further includes: The processing result is sent to the virtual application agent using the USB service. The processing result is sent to the cloud desktop server via the virtual USB channel using the virtual application agent, so that the cloud desktop server can send the processing result to the terminal via the cloud desktop channel.

9. The method of claim 8, wherein, The step of using the virtual application agent to send the USB redirection command and the session identifier to the USB service includes: The virtual application agent is used to create a socket channel with the USB service; The virtual application agent is used to send the USB redirection command and the session identifier to the USB service through the socket channel; The step of using the USB service to send the processing result to the virtual application agent includes: The processing result is sent to the virtual application agent via the socket channel using the USB service.

10. The method of claim 5, wherein, The cloud desktop server includes a Remote Desktop Protocol (RDP) client, the application server includes an RDP server, and the creation of a virtual USB channel bound to the session identifier includes: An RDP virtual channel is created between the RDP server and the RDP client, serving as the virtual USB channel.

11. The method of claim 5, wherein, The application server and the cloud desktop server operate on different kernels.

12. A redirection apparatus of a USB device, applied to a cloud desktop server, characterized in that, The device includes: A startup request receiving module is used to receive virtual application startup requests sent by the terminal through the cloud desktop channel, wherein the terminal is connected to a USB device; The session connection request sending module is used to send a session connection request to the application server according to the virtual application access request. The session connection request includes the virtual application identifier of the virtual application, so that the application server establishes a session with the cloud desktop server, creates a virtual USB channel bound to the session identifier, and starts the virtual application. The USB redirection command message sending module is used to send a USB redirection command message corresponding to the USB device to the application server through the virtual USB channel. The USB redirection command message includes the session identifier.

13. A redirection apparatus of a USB device, applied to an application server, characterized in that, The device includes: The session connection request receiving module is used to receive session connection requests sent by the cloud desktop server, wherein the session connection request includes a virtual application identifier; The session processing module is used to establish a session with the cloud desktop server according to the session connection request, create a virtual USB channel bound to the session identifier, and start the virtual application corresponding to the virtual application identifier; The USB redirection command message receiving module is used to receive USB redirection command messages sent by the cloud desktop server through the virtual USB channel. The USB redirection command message corresponds to the USB device of the terminal, and the USB command message includes the session identifier. The redirection module is used to redirect the USB device to the application server according to the USB redirection command message.

14. An electronic device, comprising: The electronic device includes: processor; Memory used to store processor-executable instructions; The processor is configured to perform the USB device redirection method according to any one of claims 1 to 11.

15. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer instructions for causing a computer to perform the redirection method of the USB device according to any one of claims 1 to 11.

Images