基于桌面云的计算资源控制保护方案

Computing Resource Control and Protection Scheme Based on Desktop Cloud

桌面云是基于云计算技术的虚拟桌面服务,已经被广泛应用。同时,在桌面云平台与业务需求的结合过程中,形成了基于业务的桌面云管理平台和业务应用平台。然而桌面云环境的脆弱性和计算资源的底层访问特性,使得基于桌面云的应用环境缺乏对计算资源调用的有效控制和保护,迫切需要解决资源认证和非授权调用等问题。这种对资源的安全保护问题也制约了桌面云与业务需求结合的进一步发展。针对上述问题,文章设计了一种基于桌面云的计算资源控制保护方案,以HTTPS加密信道作为资源请求接入点,采用基于携带用户信息的公钥加密令牌认证方法对用户请求进行认证并对通信内容进行加密,并根据认证机制和角色权限对计算资源进行管控和防护。方案实现了用户对计算资源的安全访问,有效改善了桌面云环境下计算资源的控制保护特性。

Desktop cloud is commonly known as a type of virtual desktop which towards cloud computing to implement. At the same time, with the combination of desktop cloud platform and business requirements, business application platform and business based desktop cloud management platform are also been produced. However, the vulnerability of the desktop cloud environment and the underlying access characteristics of computing resources, not only make the application environment based on the desktop cloud lack of effective control and protection for the invoking of computing resource, but also make the computing resource face the problems that need to be used certifed and cannot be invoked without authorization. Aiming at the above problems, this paper designs a desktop cloud-based computing resource controlled protection scheme, which made HTTPS encryption as the resource request access, and used PKI token based on user information, authenticatedthe user request and encrypted the communication content, controlled and protected the computing resources according to the authentication mechanism and the role privilege. The scheme protects users from secure access to computing resources. After testing, the system effectively improves the controlled protection of computing resources in desktop cloud.