【摘要】：基于互聯(lián)網(wǎng)的云計(jì)算,以服務(wù)的方式為用戶提供動(dòng)態(tài)可伸縮的虛擬化資源,將其所提供的所有服務(wù)構(gòu)建在動(dòng)態(tài)的架構(gòu)上,剝離了軟件與應(yīng)用環(huán)境之間的聯(lián)系,使用戶通過(guò)網(wǎng)絡(luò)即可獲得其所需的服務(wù),而無(wú)須耗費(fèi)時(shí)間在繁瑣的計(jì)算資源管理上。資源的彈性需求是云計(jì)算的關(guān)鍵特征,因?yàn)椴煌挠脩粼诓煌臅r(shí)間段所需要的資源是不同的,這就要求云計(jì)算系統(tǒng)支持自適應(yīng)的服務(wù)資源管理機(jī)制,動(dòng)態(tài)的分配虛擬資源給不同時(shí)間段的不同用戶使用。傳統(tǒng)的云計(jì)算模式下,用戶所使用的虛擬計(jì)算資源都是處于云端的公共物理資源上,雖然這極大的節(jié)約了云計(jì)算平臺(tái)的構(gòu)建成本,但是這也使所有用戶數(shù)據(jù)都處于公共的環(huán)境中,這就必然存在著數(shù)據(jù)安全方面的問(wèn)題。雖然現(xiàn)今社會(huì)普遍采用數(shù)據(jù)加密的方式來(lái)保證數(shù)據(jù)的安全,但是這些加密方式也存在著一定的安全以及性能方面的問(wèn)題。因此,針對(duì)上述存在的問(wèn)題,本文設(shè)計(jì)并實(shí)現(xiàn)了一種安全高效的虛擬網(wǎng)絡(luò)結(jié)構(gòu),在網(wǎng)絡(luò)層面根據(jù)系統(tǒng)平臺(tái)上虛擬資源的使用狀況,將其劃分為不同的安全域,在隔離不同安全域之間信息交互的同時(shí),保證同一個(gè)安全域內(nèi)的虛擬資源之間能夠交流信息。不僅如此,本文提出的虛擬網(wǎng)絡(luò)結(jié)構(gòu)在保證安全性的同時(shí),實(shí)現(xiàn)了一種基于共享內(nèi)存的通信機(jī)制,使得虛擬資源能夠根據(jù)其在物理平臺(tái)上的實(shí)時(shí)分布狀態(tài)選擇不同的通信機(jī)制,大大提高了虛擬資源之間的通信性能。 本文的主要工作體現(xiàn)在以下幾個(gè)方面： 1)設(shè)計(jì)并實(shí)現(xiàn)了一種安全的虛擬網(wǎng)絡(luò)結(jié)構(gòu)。在網(wǎng)絡(luò)層面根據(jù)系統(tǒng)平臺(tái)上虛擬資源的使用狀況,將其劃分為不同的安全域,安全域是彼此隔離的信息域,不同安全域之間不能夠交換信息,保證安全域內(nèi)的數(shù)據(jù)只能由屬于該安全域的虛擬資源所共享,不會(huì)外泄到其它安全域。安全域的跨物理主機(jī)的實(shí)現(xiàn)。這不僅擴(kuò)大了安全域的范圍,使處于不同物理主機(jī)上的虛擬資源能夠劃分到一個(gè)安全域內(nèi),實(shí)現(xiàn)數(shù)據(jù)的共享,而且有著簡(jiǎn)便的實(shí)現(xiàn)方式,方便虛擬資源劃分到不同的安全域內(nèi)。同時(shí)通過(guò)虛擬資源的實(shí)時(shí)遷移功能,能夠提高系統(tǒng)平臺(tái)的可靠性。 2)根據(jù)虛擬資源在系統(tǒng)平臺(tái)上的實(shí)時(shí)分布狀況,設(shè)計(jì)并實(shí)現(xiàn)了一種新的通信機(jī)制,這種基于共享內(nèi)存的通信機(jī)制能夠提供比傳統(tǒng)通信機(jī)制更高的通信效率,滿足系統(tǒng)平臺(tái)上對(duì)于高性能通信的需求。
[Abstract]:Internet based cloud computing provides users with dynamic and scalable virtualization resources in the form of services, builds all the services they provide on a dynamic architecture and strips the connection between software and application environment. Users can get the services they need through the network, without wasting time on the tedious computing resource management. The elastic demand of resources is the key feature of cloud computing, because different users need different resources in different time periods, which requires cloud computing systems to support adaptive service resource management mechanism. Dynamically allocate virtual resources to different users in different time periods. In the traditional cloud computing mode, the virtual computing resources used by users are all in the cloud public physical resources, although this greatly saves the construction cost of cloud computing platform. But this also makes all user data in a common environment, which is bound to have data security problems. Nowadays, data encryption is widely used to ensure the security of data, but these encryption methods also have some security and performance problems. Therefore, in view of the above problems, this paper designs and implements a secure and efficient virtual network structure, which is divided into different security domains according to the use of virtual resources on the system platform. While isolating the information exchange between different security domains, the virtual resources in the same security domain can exchange information at the same time. Moreover, the virtual network structure proposed in this paper not only guarantees the security, but also implements a communication mechanism based on shared memory, which enables virtual resources to choose different communication mechanisms according to their real-time distributed state on the physical platform. The communication performance between virtual resources is greatly improved. The main work of this paper is as follows: 1) A secure virtual network structure is designed and implemented. On the network level, virtual resources are divided into different security domains according to the use of virtual resources on the system platform. Security domains are information domains isolated from each other, and information can not be exchanged between different security domains. Ensure that the data in the security domain can only be shared by the virtual resources belonging to the security domain, and will not be leaked to other security domains. Security domain cross-physical host implementation. This not only expands the scope of the security domain, but also makes the virtual resources on different physical hosts can be divided into a security domain to share data, and has a simple way to realize the virtual resources to be divided into different security domains. At the same time, the reliability of the system platform can be improved by the real-time migration of virtual resources. 2) according to the real-time distribution of virtual resources on the system platform, a new communication mechanism is designed and implemented. The communication mechanism based on shared memory can provide higher communication efficiency than the traditional communication mechanism and meet the requirements of high performance communication on the system platform.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.01

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 郝昌澤;虛擬網(wǎng)技術(shù)在企業(yè)網(wǎng)中的應(yīng)用[J];工程建設(shè)與設(shè)計(jì);2004年11期

2 王冰;;淺談云計(jì)算環(huán)境下用戶數(shù)據(jù)的安全保護(hù)和隔離[J];硅谷;2011年15期

3 朱團(tuán)結(jié);艾麗蓉;;基于共享內(nèi)存的Xen虛擬機(jī)間通信的研究[J];計(jì)算機(jī)技術(shù)與發(fā)展;2011年07期

，

本文編號(hào)：2277777