| With the rapid development of the internet, the application of computer has been permeated into all the fields of people’s life and there is a higher demand for computer’s performance. The frequent renewal of mainframe with higher performance has caused the waste of resource. Thus cloud computing comes into being with people’s new view of traditional computing model. With the rapid development of cloud computing, especially the wide application of private cloud, virtualization technology related to cloud computing is becoming more and more mature. Users can have high-performance virtual cloud desktop with many low-performance mainframes so that the restricted resources can better satisfy users’ demand.The development of private cloud and the wide application of virtual desktop have brought new challenges to the security of enterprise’s internal network. Users can be connected to their own virtual desktop with thin client through network and perform all network operations with this desktop just as using a tangible mainframe. For example, users can visit enterprise’s internal virtual server through this desktop. In virtual environment, user’s virtual desktop is located in the cloud computing center. User can access to their cloud desktop after thin client is connected to this center. Thus thin client requires a valid registration and authorization. At the same time, in the cloud computing center, network and virtual switchboard can be shared by many users’ cloud desktops. In General, the transmission of data is in plain text way so the security of data transmission between the server and user’s virtual desktop must be ensured.The platform designed for virtual desktop’s authorization and secure transmission in the paper can manage the service and users in the cloud with Free IPA and register and authorize thin client with certification. Users can log in by a thin client and connect to Free IPA server, then obtain the services managed by Free IPA. The virtualization of mainframe and application server is achieved by Open Stack which is managed by Free IPA as a service. Users connected to Free IPA server can visit Open Stack and access to cloud desktop through which user can perform all the network operations such as visiting application server.Combining the characteristics of virtualization in the cloud computing environment, the thin client is authenticated by the digital certificates and user is authenticated by the Kerberos protocol. Traditional SSL security protocol is improved in the paper, according to the virtualization characteristics of the cloud desktop and cloud server. And it implements two-way authentication between the application server and cloud desktop in virtual environment.The client’s certification is stored in Usbkey so that the user and certification are bound together by Usb Key’s PIN code and the certification in the Usbkey is bound with user’s virtual desktop through virtual machine’s bios.uuid serial number, which can finally achieve the integration of user, certificate and virtual cloud desktop. So, it establishes a secure transmission channel between virtual desktop and application server and make sure the security of data transmission. |
PDF Full Text Request