本文關(guān)鍵詞： 云計(jì)算 虛擬云桌面 認(rèn)證 安全傳輸　出處：《西安電子科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著互聯(lián)網(wǎng)的迅猛發(fā)展,計(jì)算機(jī)應(yīng)用已經(jīng)滲透到人類生活的各個(gè)領(lǐng)域,人們對(duì)計(jì)算機(jī)性能的要求也越來越高,頻繁的更換高性能主機(jī),勢(shì)必會(huì)造成一定的資源浪費(fèi),因此,人們對(duì)傳統(tǒng)的計(jì)算模式有了新的認(rèn)識(shí),云計(jì)算應(yīng)運(yùn)而生。伴隨著云計(jì)算的快速發(fā)展,尤其是私有云的廣泛應(yīng)用,云計(jì)算相關(guān)的虛擬化技術(shù)也越來越成熟,用戶可以使用多個(gè)低性能主機(jī)協(xié)調(diào)提供高性能虛擬云桌面,這樣能夠以有限的資源更好的滿足用戶的需求。私有云的發(fā)展,虛擬云桌面的廣泛使用,給企業(yè)內(nèi)部網(wǎng)絡(luò)帶來了新的安全挑戰(zhàn)。用戶在瘦客戶端上通過網(wǎng)絡(luò)連接到自己的虛擬云桌面,像使用一臺(tái)實(shí)體主機(jī)一樣,運(yùn)用該云桌面進(jìn)行一切網(wǎng)絡(luò)操作,例如用戶可以通過該云桌面訪問企業(yè)內(nèi)部的虛擬應(yīng)用服務(wù)器。在虛擬環(huán)境下,用戶的虛擬云桌面位于云計(jì)算中心,用戶通過瘦客戶端與云計(jì)算中心相連接,進(jìn)而獲得到自己的云桌面,因此需要對(duì)用戶的瘦客戶端進(jìn)行有效的注冊(cè)認(rèn)證;同時(shí),在云計(jì)算中心,多個(gè)用戶云桌面共用網(wǎng)絡(luò)和虛擬交換機(jī),而在一般情況下,數(shù)據(jù)的傳輸均以明文的方式進(jìn)行,因此,必須保證用戶虛擬云桌面與應(yīng)用服務(wù)器間的數(shù)據(jù)安全傳輸。本文設(shè)計(jì)的虛擬云桌面認(rèn)證與安全傳輸平臺(tái),利用FreeIPA對(duì)加入到云區(qū)域內(nèi)的服務(wù)和用戶進(jìn)行管理,同時(shí)以證書的方式對(duì)瘦客戶端進(jìn)行注冊(cè)和認(rèn)證,用戶通過瘦客戶端進(jìn)行登錄,連接至FreeIPA服務(wù)器,然后訪問FreeIPA管理的服務(wù);利用OpenStack實(shí)現(xiàn)用戶主機(jī)和應(yīng)用服務(wù)器的虛擬化,FreeIPA將Open Stack作為一個(gè)服務(wù)進(jìn)行管理,連接至FreeIPA服務(wù)器的用戶,可以訪問OpenStack服務(wù),獲得云桌面,用戶通過該云桌面進(jìn)行一切網(wǎng)絡(luò)操作,例如訪問應(yīng)用服務(wù)器。該課題結(jié)合云計(jì)算環(huán)境下虛擬化的特點(diǎn),利用數(shù)字證書對(duì)瘦客戶端進(jìn)行認(rèn)證,采用Kerberos協(xié)議對(duì)用戶身份進(jìn)行認(rèn)證。課題根據(jù)云桌面與云服務(wù)器虛擬化的特點(diǎn),對(duì)傳統(tǒng)SSL安全協(xié)議進(jìn)行改進(jìn),實(shí)現(xiàn)虛擬環(huán)境下云桌面與應(yīng)用服務(wù)器之間的雙向身份認(rèn)證。將客戶端證書存入U(xiǎn)sbKey,使得用戶通過UsbKey的PIN碼與證書綁定在一起,UsbKey中的證書通過虛擬機(jī)的bios.uuid序列號(hào)與用戶的虛擬云桌面綁定在一起,最終實(shí)現(xiàn)用戶、證書、虛擬云桌面的“合三為一”,建立用戶虛擬云桌面與應(yīng)用服務(wù)器之間的安全傳輸通道,確保通信雙方數(shù)據(jù)傳輸?shù)陌踩浴?br/>[Abstract]:With the rapid development of the Internet, computer applications have penetrated into the various fields of human life, people have higher and higher requirements for the performance of computers, frequent replacement of high-performance hosts. It is bound to cause a certain waste of resources, so people have a new understanding of the traditional computing model, cloud computing came into being. With the rapid development of cloud computing, especially the wide application of private cloud. Cloud computing related virtualization technology is becoming more and more mature, users can use multiple low-performance hosts to coordinate the provision of high-performance virtual cloud desktop. This can better meet the needs of users with limited resources, the development of private cloud, the wide use of virtual cloud desktop. Users connect to their virtual cloud desktop through the network on the thin client and use the cloud desktop for all network operations just like using an entity host. For example, the user can access the virtual application server within the enterprise through the cloud desktop. In the virtual environment, the user's virtual cloud desktop is located in the cloud computing center, and the user connects to the cloud computing center through the thin client. In order to get their own cloud desktop, it is necessary to register and authenticate the user's thin client effectively. At the same time, in the cloud computing center, multi-user cloud desktop sharing network and virtual switch, and in general, data transmission is done in clear text, so. It is necessary to ensure the secure data transmission between the user virtual cloud desktop and the application server. The virtual cloud desktop authentication and secure transmission platform designed in this paper. FreeIPA is used to manage the services and users who join in the cloud area. At the same time, the thin client is registered and authenticated in the form of certificate, and the user logs in through the thin client. Connect to the FreeIPA server and then access the FreeIPA managed service; Using OpenStack to realize the virtualization of user host and application server FreeIPA manages OpenStack as a service. A user connected to a FreeIPA server can access the OpenStack service to obtain a cloud desktop through which the user performs all network operations. For example, access to application server. This subject combines the characteristics of virtualization in cloud computing environment, using digital certificates to authenticate thin clients. According to the characteristics of cloud desktop and cloud server virtualization, the traditional SSL security protocol is improved. Realize the bidirectional authentication between the cloud desktop and the application server in the virtual environment. The client certificate is stored in the UsbKey. the user is bound to the certificate through the UsbKey PIN code. The certificate in UsbKey binds to the virtual cloud desktop through the bios.uuid serial number of the virtual machine, and finally realizes the user, certificate, virtual cloud desktop "three as one". The secure transmission channel between the user virtual cloud desktop and the application server is established to ensure the security of the data transmission between the two parties.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)博士學(xué)位論文 前1條

1 吳晶晶;PKI關(guān)鍵理論與應(yīng)用技術(shù)研究[D];中國科學(xué)技術(shù)大學(xué);2008年

，

本文編號(hào)：1491724