Design And Implementation Of Unified User Management System For The Autonomous Blade Server

Autonomous control of information system is an important means to ensure information security in security-critical information areas of the country.Notebooks,desktop computers and servers based on domestically produced fundamental hardware and software,such as domestic CPUs and OS,have been successfully applied to many important information systems in the federal government and military.Higher-density autonomous blade server should be a better choice to solve the contradiction between the relative low performance of domestic CPUs and the increasing performance requirements of complex business systems.The autonomous blade server adopts the domestic CPUs and operating system,and runs a variety of applications above them.These applications are relatively independent.With the increase of applications and the expansion of the network size,users and administrators face the management problems of high-density autonomous blade server.According to the manageability requirements of autonomous blade server,we design,and implement a Unified User Management System(UUMS)for autonomous blade server in this paper.Single Sign-On(SSO)method and unified identity authentication are proposed in the blade server system.With these methods,the UUMS can do well with unified user management,and be capable of allocating and managing user resources for the system.The main work of this paper includes:1.To solve the unreliable problem of transmitting user authentication information across different domains,and to release the design complexity and the undergoing incompatibility between different applications in SSO,a Restful agent model is introduced into the authentication procedure.And then,the SHA256 encryption algorithm and message digest are used to encrypt and transmit the ticket.The proposed authentication improves the unforgeability of single sign-on information when users switch between multiple applications.The Restful interface as a plug-in is implemented in the client side to achieve the third-party application system integration into the system.These methods dramatically reduce development complexity and cost,and improves system compatibility.2.For the various security problems brought by the single factor identity authentication method,a multi-factor for different authentication cross-domain identity authentication method is proposed.This method can combine with the advantages of password authentication,smart card authentication and digital certificate authentication.Furthermore,different factors are introduced to the cross-domain authentication system at the different authentication stages.At the first login stage,the PIN code and DN code are used for authentication,while the user name,password,PIN code and DN code are used for authentication at other stages.Specially,different certificate authentication is used according to different user roles,such as the system administrator the ordinary user.This cross-domain authentication mechanism not only overcomes the security risks of the single authentication method,but also effectively prevents replay attacks and man-in-the-middle attacks.3.A unified user management system for autonomous blade server is implemented.Data Search with Binary tree is used during the data structure conversion,which reduces the complexity of data access to the organizational structure.The method of pulling data by active PULL primitive improves the efficiency of user data synchronization.The experimental results show that the management system runs stably on the proposed blade sever based on domestic Phytium CPU and Kylin OS and its performance meets the requirements.