本文關鍵詞： 云計算 虛擬云桌面 認證 安全傳輸　出處：《西安電子科技大學》2014年碩士論文　論文類型：學位論文

【摘要】：隨著互聯(lián)網(wǎng)的迅猛發(fā)展,計算機應用已經(jīng)滲透到人類生活的各個領域,人們對計算機性能的要求也越來越高,頻繁的更換高性能主機,勢必會造成一定的資源浪費,因此,人們對傳統(tǒng)的計算模式有了新的認識,云計算應運而生。伴隨著云計算的快速發(fā)展,尤其是私有云的廣泛應用,云計算相關的虛擬化技術也越來越成熟,用戶可以使用多個低性能主機協(xié)調提供高性能虛擬云桌面,這樣能夠以有限的資源更好的滿足用戶的需求。私有云的發(fā)展,虛擬云桌面的廣泛使用,給企業(yè)內部網(wǎng)絡帶來了新的安全挑戰(zhàn)。用戶在瘦客戶端上通過網(wǎng)絡連接到自己的虛擬云桌面,像使用一臺實體主機一樣,運用該云桌面進行一切網(wǎng)絡操作,例如用戶可以通過該云桌面訪問企業(yè)內部的虛擬應用服務器。在虛擬環(huán)境下,用戶的虛擬云桌面位于云計算中心,用戶通過瘦客戶端與云計算中心相連接,進而獲得到自己的云桌面,因此需要對用戶的瘦客戶端進行有效的注冊認證;同時,在云計算中心,多個用戶云桌面共用網(wǎng)絡和虛擬交換機,而在一般情況下,數(shù)據(jù)的傳輸均以明文的方式進行,因此,必須保證用戶虛擬云桌面與應用服務器間的數(shù)據(jù)安全傳輸。本文設計的虛擬云桌面認證與安全傳輸平臺,利用FreeIPA對加入到云區(qū)域內的服務和用戶進行管理,同時以證書的方式對瘦客戶端進行注冊和認證,用戶通過瘦客戶端進行登錄,連接至FreeIPA服務器,然后訪問FreeIPA管理的服務;利用OpenStack實現(xiàn)用戶主機和應用服務器的虛擬化,FreeIPA將Open Stack作為一個服務進行管理,連接至FreeIPA服務器的用戶,可以訪問OpenStack服務,獲得云桌面,用戶通過該云桌面進行一切網(wǎng)絡操作,例如訪問應用服務器。該課題結合云計算環(huán)境下虛擬化的特點,利用數(shù)字證書對瘦客戶端進行認證,采用Kerberos協(xié)議對用戶身份進行認證。課題根據(jù)云桌面與云服務器虛擬化的特點,對傳統(tǒng)SSL安全協(xié)議進行改進,實現(xiàn)虛擬環(huán)境下云桌面與應用服務器之間的雙向身份認證。將客戶端證書存入UsbKey,使得用戶通過UsbKey的PIN碼與證書綁定在一起,UsbKey中的證書通過虛擬機的bios.uuid序列號與用戶的虛擬云桌面綁定在一起,最終實現(xiàn)用戶、證書、虛擬云桌面的“合三為一”,建立用戶虛擬云桌面與應用服務器之間的安全傳輸通道,確保通信雙方數(shù)據(jù)傳輸?shù)陌踩浴?br/>[Abstract]:With the rapid development of the Internet, computer applications have penetrated into the various fields of human life, people have higher and higher requirements for the performance of computers, frequent replacement of high-performance hosts. It is bound to cause a certain waste of resources, so people have a new understanding of the traditional computing model, cloud computing came into being. With the rapid development of cloud computing, especially the wide application of private cloud. Cloud computing related virtualization technology is becoming more and more mature, users can use multiple low-performance hosts to coordinate the provision of high-performance virtual cloud desktop. This can better meet the needs of users with limited resources, the development of private cloud, the wide use of virtual cloud desktop. Users connect to their virtual cloud desktop through the network on the thin client and use the cloud desktop for all network operations just like using an entity host. For example, the user can access the virtual application server within the enterprise through the cloud desktop. In the virtual environment, the user's virtual cloud desktop is located in the cloud computing center, and the user connects to the cloud computing center through the thin client. In order to get their own cloud desktop, it is necessary to register and authenticate the user's thin client effectively. At the same time, in the cloud computing center, multi-user cloud desktop sharing network and virtual switch, and in general, data transmission is done in clear text, so. It is necessary to ensure the secure data transmission between the user virtual cloud desktop and the application server. The virtual cloud desktop authentication and secure transmission platform designed in this paper. FreeIPA is used to manage the services and users who join in the cloud area. At the same time, the thin client is registered and authenticated in the form of certificate, and the user logs in through the thin client. Connect to the FreeIPA server and then access the FreeIPA managed service; Using OpenStack to realize the virtualization of user host and application server FreeIPA manages OpenStack as a service. A user connected to a FreeIPA server can access the OpenStack service to obtain a cloud desktop through which the user performs all network operations. For example, access to application server. This subject combines the characteristics of virtualization in cloud computing environment, using digital certificates to authenticate thin clients. According to the characteristics of cloud desktop and cloud server virtualization, the traditional SSL security protocol is improved. Realize the bidirectional authentication between the cloud desktop and the application server in the virtual environment. The client certificate is stored in the UsbKey. the user is bound to the certificate through the UsbKey PIN code. The certificate in UsbKey binds to the virtual cloud desktop through the bios.uuid serial number of the virtual machine, and finally realizes the user, certificate, virtual cloud desktop "three as one". The secure transmission channel between the user virtual cloud desktop and the application server is established to ensure the security of the data transmission between the two parties.
【學位授予單位】：西安電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關博士學位論文 前1條

1 吳晶晶;PKI關鍵理論與應用技術研究[D];中國科學技術大學;2008年

，

本文編號：1491724