| With the wide application of cloud computing,a lot of Internet companies start researching and deploying their own cloud platforms.It is extremely inconvenient for users to repeat authentication every time with different domain sites.How to deploy and share resources reasonably and how to ensure the authentication security of cross-domain access can come down to the problem of cloud platform cross-domain access,which is a new project.This thesis do research based on the OpenStack,which is an open source cloud-computing platform.OpenStack can deploy a fully virtualized environment rapidly,and build several interconnected virtual servers with virtualization environment.It is convenient for users to apply for an account and access.This work is an expanded project based on a project of the management of cloud platform.They deployed some independent OpenStack cloud platforms at the fist time.Nevertheless,there are business and data exchanges between these users,so they want the platforms to provide cloud platform cross-domain access,which enables the single sign-on function on multiple OpenStack cloud platforms.However,the version of the deployed OpenStack does not provide it,so we will implement the function of the cross-domain access based on the OpenStack.There are still some problems.Firstly,OpenStack has no cross-domain access policies and mechanisms.Secondly,it is difficult to manage and determine the trust relationship between cloud platforms.For the first problem,based on the analysis of the authentication mechanism and process of OpenStack platform,and technology and ideas of cross-domain access,the existing cross-domain access technology is introduced into the Open Stack authentication system.For the second problem,the trust problem between different cloud platforms is solved by introducing trust management scheme based on fuzzy computing.A joint access model is proposed in this thesis.The core idea is adding a joint access middleware in Keystone to realize the cross-domain access to multiple OpenStack cloud platforms.Based on the analysis of OpenStack security architecture,an enhancement scheme is proposed for some weak points in the certification process.Finally,the function and performance of the joint access model are tested,and the proposed enhancement scheme is tested. |
PDF Full Text Request