KR101544487B1 - Virtual desktop service system for client that has multiple user accounts - Google Patents

Abstract

The present invention relates to a virtual desktop service system for a client having a plurality of user accounts, comprising: a plurality of user virtual machines for each client; a virtual virtual machine for supporting virtual desktop services of the user virtual machines; By providing a virtual desktop system consisting of machines, desktop delivery control virtual machines and Active Directory virtual machines, it is possible to provide separate virtual desktop services to multiple corporate or organizational clients in a single data center.

Description

Technical Field [1] The present invention relates to a virtual desktop service system for a client having a plurality of user accounts,

The present invention relates to a system for providing a virtual desktop service for a client having a plurality of user accounts, and more particularly, to a virtual desktop service capable of providing virtual desktop services separated from each other to a plurality of companies or organization clients in a single data center Service system.

Desktop virtualization can be divided into Server-Based Computing (SBC) and Virtual Desktop Infrastructure (VDI). While SBC provides users with a virtual desktop environment through terminal services provided by the server operating system, VDI creates a virtual machine for the desktop environment on the server and installs the operating system and applications on the created virtual machine to the user There is a difference in that it implements a virtual desktop environment. Among these, VDI services are attracting attention in that they can have a desktop environment similar to a user's local desktop environment.

In the case of providing a VDI service to a client having a plurality of user accounts, that is, a company or an organization unit, conventionally, one physical hardware and virtualization software have been provided for each client.

However, as the number of clients in an enterprise or organizational unit that desires a VDI service increases, a system capable of providing VDI services to a plurality of enterprise or organizational unit clients within a single data center is needed.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a virtual desktop service system capable of providing virtual desktop services separated from each other to a plurality of companies or organization clients in a single data center.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not intended to limit the invention to the particular embodiments that are described. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, There will be.

According to an aspect of the present invention, there is provided a virtual desktop service system including: a plurality of user virtual machines for providing a virtual desktop environment using virtual computing resources that virtualize physical computing resources in a data center; At least one router virtual machine for assigning an IP to the user virtual machine to mediate communication between the user virtual machine and the external network and for routing communication in the private network of the user virtual machine; A desktop delivery control virtual machine for connecting a session between the user virtual machine and a user account accessing the user virtual machine and managing a virtual desktop service provided by the user virtual machine; And an Active Directory virtual machine for authenticating a user account accessing at least one of the user virtual machine and the desktop delivery control virtual machine.

More preferably, each client may have a separate set of system virtual machines including a router virtual machine, a desktop delivery control virtual machine, and an active directory virtual machine.

More preferably, the router virtual machine may include a DHCP server that assigns a dynamic IP to the user virtual machines.

More preferably, the router virtual machine may be dynamically added or reduced according to the number of user virtual machines.

More preferably, a first sub-network between the router virtual machine and an external public network, a second sub-network for controlling the router virtual machine, the active directory virtual machine and the desktop delivery control virtual machine in a management system of the service provider, , The third sub-network for communicating with the router virtual machine, the active directory virtual machine and the desktop delivery control virtual machine in the user virtual machine may be logically separated from each other.

More preferably, when there are a plurality of router virtual machines, the third subnetwork may include a plurality of subnetworks allocated to each of the plurality of router virtual machines and logically separated from each other.

More preferably, when there are a plurality of router virtual machines, the subnetwork may further include a subnetwork for sharing routing information between the plurality of router virtual machines.

According to an aspect of the present invention, there is provided a method of preparing a virtual desktop service, comprising: mediating communication with an external network of a user virtual machine that provides a virtual desktop environment using virtual computing resources that virtualize physical computing resources of a data center; A router virtual machine creation step of creating a router virtual machine for routing communication in a sub-network of the router; An active directory creation step of creating an active directory virtual machine for authenticating a user account for accessing a user virtual machine based on an IP allocated to a subnetwork from a router virtual machine; And a desktop delivery that allocates the IP of the subnetwork from the router virtual machine and connects the session between the user virtual machine and the user account based on the allocated IP, and manages the virtual desktop service provided by the user virtual machine Desktop delivery that creates the virtual machine Generating step; And updating the port forwarding rules of the router virtual machine based on the default port of the IP of the desktop delivery virtual machine.

More preferably, the step of generating a router virtual machine comprises: allocating a management IP through a management network logically separated from a service network; Generating a router virtual machine based on the assigned management IP; Requesting a public IP and a service IP allocation for the generated router virtual machine; And updating the initial configuration of the router virtual machine based on the public IP and the service IP allocated in response to the request.

More preferably, the step of generating an active directory comprises: allocating a management IP through a management network logically separated from the service network; Creating an Active Directory virtual machine based on the assigned management IP; Requesting a router virtual machine for a service IP allocation for the generated active directory virtual machine; And updating the initial settings of the active directory based on the service IP assigned in response to the request.

More preferably, the desktop delivery generating step comprises: receiving a management IP through a management network logically separated from a service network; Creating a desktop delivery virtual machine based on the allocated management IP; Requesting a router virtual machine for a service IP allocation for the generated desktop delivery virtual machine; And updating the initial settings of the desktop delivery virtual machine based on the service IP assigned in response to the request.

According to the present invention, it is possible to provide virtual desktop services separated from each other to a plurality of companies or organizational clients in one data center.

In particular, it is possible to provide a virtual desktop service conforming to the client's IT environment by faithfully reflecting demands of different hardware and software for each client.

1 is a diagram illustrating the overall configuration of a virtual desktop service system according to a preferred embodiment of the present invention.
2 is a diagram illustrating a conceptual configuration of a VMS that is a component of a virtual desktop service system according to an embodiment of the present invention.
FIGS. 3A and 3B are views illustrating service APIs that can be performed according to a control right of a service API used in a VMS of a virtual desktop service system according to a preferred embodiment of the present invention and a corresponding right.
4A and 4B are views illustrating a request and response format of a service API used in a VMS of a virtual desktop service system according to an exemplary embodiment of the present invention.
5 is a diagram illustrating a process of creating a system VM allocated to each of the clients in the VMS service process according to an exemplary embodiment of the present invention.
6 is a diagram illustrating a process of setting a basic environment for performing a VDI service in a user VM of each client in a service process of a VMS according to a preferred embodiment of the present invention.
FIG. 7 is a diagram for explaining a multitenancy virtual desktop service provided in a data center according to a preferred embodiment of the present invention.
8 is a diagram illustrating a network environment independently configured for each client according to an exemplary embodiment of the present invention.
9 is a diagram illustrating a process of a DeployVDI API for creating a virtual desktop environment for a user belonging to a specific client of the multi-TNS virtual desktop service according to the preferred embodiment of the present invention.

The following merely illustrates the principles of the invention. Thus, those skilled in the art will be able to devise various apparatuses which, although not explicitly described or shown herein, embody the principles of the invention and are included in the concept and scope of the invention. Furthermore, all of the conditional terms and embodiments listed herein are, in principle, intended only for the purpose of enabling understanding of the concepts of the present invention, and are not intended to be limiting in any way to the specifically listed embodiments and conditions . It is also to be understood that the detailed description, as well as the principles, aspects and embodiments of the invention, as well as specific embodiments thereof, are intended to cover structural and functional equivalents thereof. It is also to be understood that such equivalents include all elements contemplated to perform the same function irrespective of currently known equivalents as well as equivalents to be developed in the future.

Thus, the functions of the various elements shown in the drawings, including the functional blocks shown in the figures or similar concepts, may be provided by use of dedicated hardware as well as hardware capable of executing software in connection with appropriate software. When provided by a processor, the functions may be provided by a single dedicated processor, a single shared processor, or a plurality of individual processors, some of which may be shared. Also, the use of terms such as processor, control, or similar concepts should not be construed as exclusive reference to hardware capable of executing software, but may include, without limitation, digital signal processor (DSP) hardware, (ROM), random access memory (RAM), and non-volatile memory. Other hardware may also be included.

The above objects, features and advantages will become more apparent from the following detailed description in conjunction with the accompanying drawings. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

On the other hand, when an element is referred to as " including " an element, it does not exclude other elements unless specifically stated to the contrary.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

FIG. 1 is a diagram illustrating the overall configuration of a virtual desktop service system 100 for one client according to an exemplary embodiment of the present invention. Referring to FIG.

Referring to FIG. 1, the virtual desktop service system 100 according to the present embodiment manages a client-specific virtual desktop system 110, which is a set of virtual machines allocated to each client, and the virtual desktop systems 110, And a centralized management system 120 of the service provider that controls. It is apparent that other components other than the above-described components may be included in the virtual desktop service system 100 according to the present embodiment.

The virtual desktop system 110 and the central management system 120, which are components of the virtual desktop service system 100 according to the present embodiment, include at least a program module for communicating with an external terminal device or an external server, These program modules may be included in the virtual desktop service system 100 as an operating system, an application program module, and other program modules, and may be physically stored in various kinds of known storage devices. In addition, these program modules may be stored in a remote storage device capable of communicating with the virtual desktop service system 100. These program modules, on the other hand, encompass routines, subroutines, programs, objects, components, data structures, etc., that perform particular tasks or perform particular abstract data types as described below in accordance with the present invention, Do not.

The virtual desktop system 110 for each client according to the present embodiment includes user virtual machines 115 assigned to a plurality of user accounts, a system virtual machine 115 allocated for each client and supporting virtual desktop services of individual user virtual machines (111 to 114).

The user virtual machines 115 each provide a virtual desktop environment for each user account using virtual computing resources that virtualize the physical computing resources of the data center, The same operating system and applications as the local desktop environment can be installed and operated.

The system virtual machines may be a router virtual machine (RVM) 111 to 112, an active directory virtual machine (AD) 113, and a desktop delivery control virtual machine (DDC) 114.

That is, according to the present embodiment, each client has a separate system virtual machine set including a router virtual machine (RVM), an active directory virtual machine (AD), and a desktop delivery control virtual machine (DDC) The virtual desktop services may be separately created and allocated to the clients prior to the creation of the user virtual machines to directly provide the virtual desktop services, You need to go through the process of installing the software package first.

The router virtual machine RVM 111 to 112 allocates a service IP to each of the user virtual machines 115 to mediate communication between the user virtual machines 115 and the external network, And performs a router function of a virtual sub-network for each client that routes communication in the sub-network of the client. For example, in order to access the Internet in the virtual desktop environment provided through the user virtual machines 115, the user accesses through the router virtual machine. At this time, the router virtual machine (RVM, 111 to 112) can perform a function as a client external Internet aggregation switch.

 In addition, the router virtual machine (RVM, 111 to 112) may include a DHCP server for assigning a dynamic IP to the user virtual machines 115.

It is desirable that the router virtual machine (RVM, 111 to 112) can be dynamically added or scaled-out according to the number of user virtual machines.

A desktop delivery control virtual machine (DDC) 114 connects a session between a user virtual machine and a user account accessing the user virtual machine, and manages the virtual desktop service provided by the user virtual machine.

The Active Directory Virtual Machine (AD) 113 manages the information of the user accounts of the user virtual machines and the desktop delivery control virtual machine, and authenticates the user account that accesses them. In other words, the Active Directory virtual machine 114 provides an Active directory service for managing user account information in a virtual sub-network for each client having virtual machines provided for each client as a component. To this end, both the user virtual machines and the desktop delivery control virtual machine must be joined to the Active Directory of the Active Directory virtual machine 113.

The service provider's central management system 120 according to the present embodiment may include a VMS 121, a Portal 122, a VSV 123 and a VMS-UI 124.

The VMS 121 is a component for performing a core management function and a VDI extension function of the entire data center, wherein the core management function is a function for managing physical computing resources belonging to a data center in units of Zone / Pod / Cluster / Storage / Host Manage the entire storage and network resources in the data center, manage packages or templates to be installed in user virtual machines and system virtual machines, manage pools of virtual machines to be used in creating or adding virtual machines, The VDI extension function is a function of the virtual desktop service which is independently provided for each client through control of the desktop delivery control virtual machine 113 and the active directory virtual machine 114, You can adjust things.

The Portal 122, the VSV 123, and the VMS-UI 124 are all components that provide a user interface. The Portal 122 receives a subscription application for a virtual desktop service from a client, The VSV 123 provides a user interface for the portion of the VDI 121 to manage the billing of the service, and the VMS-UI 124 provides the user interface for the billing of the service, And provides a user interface related to the core management function part of the management functions of one VMS 121.

2 is a diagram illustrating a conceptual configuration of a VMS 200, which is a component of a virtual desktop service system according to an exemplary embodiment of the present invention.

Referring to FIG. 2, the VMS 200 of the virtual desktop service system according to the present embodiment is a component for performing a core management function and a VDI extension function of the entire data center, And a broker section 220.

A program module belonging to the API layer 211 of the core unit 210 is activated by calling a service API in a RESTful manner outside the VMS 200 (e.g., Portal, VSV, and VMS UI of FIG. 1) A core management function for managing an infrastructure or a virtual machine on a command layer 212 by a function call included in the program modules, a VDI function for managing AD or DDC, a monitoring function and a scheduling function can be performed.

In this embodiment, the service API is an API that can be called from outside the VMS 200 (for example, the portal, the VSV, and the VMS UI of FIG. 1) to the individual functions constituting the virtual desktop service And can provide a request and response point for the request.

The broker unit 220 is a program module for managing or controlling a system virtual machine allocated to each of the hypervisor and the client. The broker unit 220 includes a hypervisor manager 221, an RVM manager 222, a DDC manager 223, an AD manager 224 And a TVM manager 225, and the like.

The hypervisor manager 221 receives a VM from a cluster pool in which a plurality of VMs are generated in advance when a system VM is to be newly created, generates a system VM of a required kind, .

The RVM manager 222, the DDC manager 223, and the TVM manager 225 are program modules for respectively managing and controlling RVM, DDC, and TVM, which are system VMs allocated on a client-by-client basis, And the corresponding system VMs can be managed and controlled by calling the remote procedure in XML form via the XML-RPC protocol.

The AD manager 224 is a program module that manages and controls AD, which is a system VM for a directory service allocated for each client, and can preferably use LDAP, which is a communication protocol for directory services.

The core unit 210 and the broker unit 220 can communicate with each other through the RESTful API call for necessary management and control.

In this embodiment, the REST (REpresentational State Transfer) ful method used for the API between the service API, the core unit 210 and the broker unit 220 uses a service resource identified in the form of a URI as an intermediary, (CRUD) and control through the POST / GET function, thereby making it possible to call and manipulate or control mutual resources or program modules more conveniently and easily.

FIGS. 3A and 3B are views illustrating service APIs that can be performed according to a control right of a service API used in a VMS of a virtual desktop service system according to a preferred embodiment of the present invention and a corresponding right.

Referring to FIG. 3A, among the service APIs according to the present embodiment, A1 is a right granted to an administrator account of the entire service. In the core management function, a control module (Infra Manager) , RW).

A2 is a privilege granted to the administrator account for monitoring the service. It has the rest of the core management functions (READ ONLY, RO) excluding the creation and deletion of all APIs through the infrastructure management function module (Infra Manager).

B1 is a privilege granted to the VDI manager account of an individual client and has control (READ & WRITE, RW) of the VDI management API of the client through the VDI manager function module (VDI Manager).

B2 is a privilege granted to an administrator account for VDI monitoring of an individual client. The VDI management function module has a READ ONLY and RO privilege except for creation and deletion of the VDI management API of the client through the VDI management function module.

Referring to FIG. 3B, the DeploySVM of the service API creates a system VM such as RVM, AD, or DDC, which is allocated to each client, and can be called only from the service administrator account having the A1 privilege.

DeployVM creates an ordinary user VM, not a system VM. It can be called from the VDI manager account of the client having the B1 privilege as well as the A1 privilege.

ListHost is a hypervisor listing API, such as XenServer, that can be called from a service manager account with permissions such as A1 or A2.

4A and 4B are views illustrating a request and response format of a service API used in a VMS of a virtual desktop service system according to an exemplary embodiment of the present invention.

Referring to FIG. 4A, a request for a service API according to the present embodiment may include a parameter of a session 411, a method 412, a request 413, and an async 414, Lt; / RTI >

The session 411 corresponds to a parameter for inputting a session key of a string type, and is indispensable when requesting all APIs other than the SessionLogin API of the service API according to the present embodiment.

The method (412) corresponds to a parameter that receives a method name to be called as a string type. In the present embodiment, a method named " ListZones " is called

request 413 is a part for inputting parameters called " request parameters " defined on the API to be input at the time of calling the corresponding method. In the present embodiment, ID is input as a request parameter of a method named " ListZones " And the numeric data of 2 is transmitted as an input value to the ID.

The async 414 is a parameter that requires additional input when the corresponding method has an Asyc job execution right. The async 414 is a portion for receiving a boolean type value regarding whether to execute the method as an Async job. In this embodiment, "Is passed as" false "as the input value of the parameter so as not to execute the method named Async job.

Referring to FIG. 4B, a response of the service API according to the present embodiment may include response values of status 421, response 422, and total count 423, and may be provided in a RESTful manner Receive.

The status 421 corresponds to a portion for transmitting a performance status according to a request as a string type. In the present embodiment, the status 421 indicates success in performance through a status value of " success ".

response 422 is a part defined on the API so as to transmit response values including an execution result according to the calling of the method. In this embodiment, id is "1" as a response value, A data record having the name "EPC-KR0", a data record having the meaning "EPC-VDI-DEV MOK-DONG", a data record having id "2" DEV MOK-CHEON " as a result of execution of the corresponding method in the form of a list.

The total count 423 is a value that is additionally returned when the corresponding method is a LIST API that provides list-type data as a response value. The total count 423 is a total count of elements belonging to a list provided as a response value. . ≪ / RTI >

The following table illustrates exemplary methods of a system API having a request and response format according to the present embodiment.

Referring to the above table, the DeploySVM among the system APIs according to the present embodiment can be limitedly invoked only in a program module executed in an account having the A1 privilege. The request parameters include serviceprofile_id, description, cpus, mem_size, host_id, storage_id, serviceprofile_id, cpus, mem_size, host_id, storage_id, and org_id can be input as integer values. Of these, serviceprofile_id must be included as a request parameter in the method call. One can omit the rest or enter it selectively.

These DeploySVMs are able to use the results of performing the requests as id, name, description, os_id, os_name, status, cpus, mem_size, vmtype_id, vmtype_name, system_type, org_id, org_name, host_id, host_name, cluster_id, cluster_name, pod_id, pod_name, zone_id, cpus, mem_size, vmtype_id, org_id, of which the corresponding method is called through the response values corresponding to zone_name, created, uptime, boot, iso_id, iso_name, ha, locked, nics and disks. response values corresponding to host_id, cluster_id, pod_id, zone_id, and iso_id have an integer type. Response values corresponding to created and uptime indicate a specific time. Response values corresponding to nics, disks, It is defined as having a list form

DeployVDI among the system APIs according to the present embodiment can be called not only by the account having the A1 privilege but also by the program module executed in the B1 or C1 privilege account. The request parameter includes serviceprofile_id, description, cpus, mem_size, host_id, serviceprofile_id, cpus, mem_size, host_id, storage_id, org_id can be input as an integer. Among them, serviceprofile_id, org_id, and user_uri can be input. When calling a method, it must be included as a request parameter, but the rest can be omitted or optionally input.

These DeployVDIs can be used to send the result of the request to the server with the result of the request as id, name, description, os_id, os_name, status, cpus, mem_size, vmtype_id, vmtype_name, system_type, org_id, org_name, host_id, host_name, cluster_id, cluster_name, pod_id, pod_name, the corresponding method can be transmitted to the calling program module through the response values corresponding to zone_name, created, uptime, boot, iso_id, iso_name, ha, nics, disks, user_uri, user_id, firstname, lastname, user_type, connection_status. Response values corresponding to id, cpus, mem_size, vmtype_id, org_id, host_id, cluster_id, pod_id, zone_id and iso_id have an integer type and response values corresponding to created and uptime represent a specific time , nics, and disks are defined as having a list type.

5 is a diagram illustrating a process of creating a system VM allocated to each of the clients in the VMS service process according to an exemplary embodiment of the present invention.

Referring to FIG. 5, the system VM allocated to each client according to the present embodiment is RVM, AD, and DDC, and the DeploySVM API for creating a system VM for each client is changed to an input parameter (serviceprofile_id) So as to perform preparations for providing the VDI service to each of the clients.

First, in order to create an RVM among the system VMs, the WAS is allocated a DHCP IP of the management interface through the management network, and the RVM is created based on the DHCP IP of the management interface. Then, the WAS requests additional IP for the corresponding virtual machine, that is, IP (public IP) in the Internet network and IP setting in the service network. Updates the DHCP setting information for the private network based on the additional IP information set by the WAS, updates the port forwarding information for the corresponding RVM, and performs other setting operations. In addition, a series of RVM generation processes 501 can be completed by finishing all the settings required for the initial operation of the RVM and driving the RVM.

After the RVM is created, the WAS is assigned the DHCP IP of the management interface through the management network to generate the AD, the AD is generated based on the DHCP IP of the management interface, and then the service Allocate IP on the network and perform other configuration tasks. Then, a series of AD generation processes 502 can be completed by finishing all the settings necessary for the initial operation of the AD and driving the AD.

After RVM and AD are created, WAS is allocated DHCP IP of the management interface through the management network to generate DDC, DDC is generated based on the DHCP IP of the management interface, and then RVM The IP is allocated to the service network, and other configuration tasks are performed. Then, a series of DDC generation processes 503 can be completed by completing all the settings necessary for initial operation of the DDC and driving the DDC.

Finally, the WAS can be implemented to include port 80 of DDC's service IP in the port forwarding rule of the RVM so that the VDI service user can access the DDC, and update the port forwarding rule of the RVM so that it is applied to port forwarding of the RVM (POST PROCESS , 504).

6 is a diagram illustrating a process of setting a basic environment for performing a VDI service in a user VM of each client in a service process of a VMS according to a preferred embodiment of the present invention.

Referring to FIG. 6, the VMS creates a user VM through a hypervisor manager module Xen Server, allocates an IP to the user VM, boots the user VM based on the allocated IP, obtains initial setting information necessary for the user VM , The getProvisioninginfo API is called to obtain information necessary for the initial setup from the AD, generates sysprep configuration information based on the information, re-initializes the user VM, and then changes the initial configuration of the operating system level according to the generated sysprep configuration information And reboots the user VM.

When the user VM is rebooted and the getProvisioninginfo API is called, the user VM is mapped to the VDI service user through the DDC. The port of the service IP of the DDC is connected to the port of the RVM so that the VDI service user can access the DDC. And is updated in the forwarding rule, thereby completing the basic configuration process for performing the VDI service in the user VM.

FIG. 7 is a diagram for explaining a multitenancy virtual desktop service provided in the data center 700 according to a preferred embodiment of the present invention. The virtual virtual machines 715 to 716, 725, and 735 according to the present embodiment, The RVMs 711 to 712 and 721 and 731 and ADs 713 and 723 and 733 and the DDCs 714 and 724 and 734 correspond to the user virtual machines 115 to 116 of the virtual desktop service system shown in FIG. The virtual machines 111 to 112, the active directory virtual machine 113, and the desktop delivery control virtual machine 114, respectively. Therefore, the same items as those in the description of the virtual desktop service system shown in Fig. 1 are referred to.

In the multi-tangent virtual desktop service according to the present embodiment, a plurality of independent clients must receive the same type of virtual desktop service from one data center 700, and a virtual desktop service for a specific client must be provided to a virtual desktop The data center 700 according to the present embodiment logically separates and manages client-specific information. In addition, the data center 700 according to an embodiment of the present invention includes a hardware resource independent of each client, Provides a virtual desktop system.

Referring to FIG. 7, the client-specific virtual desktop systems 710, 720 and 730 according to the present embodiment are sets of users and system virtual machines including user virtual machines, RVM, AC and DDC for each client, And it is assumed that the security between the mutual systems is maintained while being hidden with respect to each other.

The RVMs 711, 721 and 731 must allocate service IPs to the user virtual machines 715, 725 and 735, respectively, and the number of assignable IPs is limited. Therefore, The additional RVM 712 is generated and configured in the form of a multi-RVM. In this case, in order to prevent IP conflict, the network between the user virtual machines 715 connected to the existing RVM 711 and the existing RVM 711, the user virtual machines 716 connected to the newly created RVM 712, The networks between the RVMs must be logically separated from each other.

8 is a diagram illustrating a network environment independently configured for each client according to a preferred embodiment of the present invention. The user virtual machines 815 to 816, the RVMs 811 to 812, the AD 813 ) And the DDC 814 correspond to the user virtual machines 115 to 116, the router virtual machines 111 to 112, the active directory virtual machine 113 and the desktop delivery control virtual machine 114 of the virtual desktop service system shown in FIG. Respectively. Therefore, the same items as those in the description of the virtual desktop service system shown in Fig. 1 are referred to.

8, a virtual desktop system provided for each client according to the present embodiment is connected to a plurality of subnetworks (Network A to E), and these subnetworks are connected to IPs Are logically separated from each other through the VLAN to prevent collision of the two.

The network A is a network between the RVM 811 and an external public network (e.g., the Internet).

The network B is a network between system virtual machines assigned to the same client, that is, the RVMs 811 to 812, the AD 813, the DDC 814, and the management system 820 of the service provider.

Network C is a network between the VDI service provided through the user virtual machine and the system virtual machines (RVM 811, AD 813, and DDC 814) for supporting the VDI service.

Network D is a network between the user virtual machines and the additional RVM 812 in the Multi-RVM environment formed when the number of user virtual machines exceeds the number of IPs that can be allocated in the RVM, It should be logically separated from Network C.

Network E is a network between a plurality of RVMs 811 and 812 in a Multi-RVM environment formed when the number of user virtual machines exceeds the number of IPs that can be allocated in RVM, It can be used for applications.

9 is a diagram illustrating a process of a DeployVDI API for creating a virtual desktop environment for a user belonging to a specific client of the multi-TNS virtual desktop service according to the preferred embodiment of the present invention.

The DeployVDI API according to the present embodiment includes a series of preprocessing processes for checking availability of hardware resources logically separated for each client and allocating resources of a virtual machine for implementing the corresponding user virtual desktop environment in order to provide a multitenancy virtual desktop service (S902 to S906).

First, a DeployVDI request is received through a call to a DeployVDI method to create a user VM through an administrator account of the client (S901). A list of servers allocated to the client is inquired (S902) (Step S903).

If there is no server assignable to the new user VM, the hypervisor manager notifies the hypervisor manager of a message indicating that the server resource allocated to the client is insufficient (S908). The hypervisor manager notifies the client's manager account of the request to request additional payment for allocation of a new server resource, or to check the currently available server resources in the data center and to allocate additional server resources to the client However, this is merely one embodiment for convenience of description, and the present invention is not limited thereto.

If there is a server that can be allocated to the new user VM, the list of storage resources allocated to the client is inquired (S904), and it is determined whether there is a storage resource allocatable to the new user VM (S905).

If there is no storage resource allocable to the new user VM, the hypervisor manager notifies a message to the hypervisor manager indicating that the storage resource allocated by the client account is insufficient (S909). The hypervisor manager notifies the client's administrator account of the current storage resource in the data center, such as requesting additional payment for allocation of a new storage resource, or allocating a new storage resource to the client However, this is merely one embodiment for convenience of description, and the present invention is not limited thereto.

In step S906, the server and the storage resource to be allocated to the new user VM among the assignable servers and storage resources identified in steps S903 and S905 are selected. For example, among the allocatable server resources, a server resource with the smallest current VM can be selected. Also, the storage connected to the selected server resource can be selected among the storage resources allocated to the client, The VM can select the least allocated storage resource.

As described above, after a series of preprocessing steps (S902 to S906) for checking the availability of logically separated hardware resources for each client and allocating resources of the user virtual machine for implementing the virtual desktop environment of the user, DeployVDI Method (S907), thereby creating a user virtual machine for implementing the virtual desktop environment of the user.

According to the present invention, when a virtual desktop system is implemented and provided for each customer, it is possible to provide a plurality of virtual desktops separated from each other to a plurality of companies or organization clients in one data center, Service can be provided.

In particular, it is possible to provide a virtual desktop service that conforms to each IT environment of a client without competing computing resources or IPs, while faithfully reflecting demands of different hardware and software for each client.

The virtual desktop system according to the present invention can be implemented as a computer-readable code on a computer-readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer-readable recording medium include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage, and the like. In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner. In addition, functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers of the technical field to which the present invention belongs.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is clearly understood that the same is by way of illustration and example only and is not to be taken by way of limitation, You will understand. Accordingly, the true scope of protection of the present invention should be determined only by the appended claims.

Claims (11)

A plurality of user virtual machines for providing a virtual desktop environment using virtual computing resources that virtualize physical computing resources of a data center;
At least one router virtual machine for assigning an IP to the user virtual machine to mediate communication between the user virtual machine and the external network and to route communication in the sub network of the user virtual machine;
A desktop delivery control virtual machine for connecting a session between the user virtual machine and a user account accessing the user virtual machine and managing a virtual desktop service provided by the user virtual machine; And
And an Active Directory virtual machine for authenticating a user account accessing at least one of the user virtual machine and the desktop delivery control virtual machine. The method according to claim 1,
Wherein each client has a set of independent system virtual machines including a router virtual machine, a desktop delivery control virtual machine, and an active directory virtual machine. The method according to claim 1,
Wherein the router virtual machine includes a DHCP server for assigning a dynamic IP to the user virtual machines. The method according to claim 1,
Wherein the router virtual machine can be dynamically expanded or reduced according to the number of the user virtual machines. The method according to claim 1,
A first sub-network between the router virtual machine and an external public network, a second sub-network for controlling the router virtual machine, the Active Directory virtual machine and the desktop delivery control virtual machine in a management system of the service provider, Wherein the router virtual machine, the active directory virtual machine, and the third subnetwork for communicating with the desktop delivery control virtual machine are logically separated from each other. 6. The method of claim 5,
When there are a plurality of router virtual machines,
Wherein the third subnetwork comprises a plurality of subnetworks allocated to each of the plurality of router virtual machines and logically separated from each other. The method according to claim 6,
When there are a plurality of router virtual machines,
Wherein the private network further comprises a subnetwork for sharing routing information between the plurality of router virtual machines. A router virtual machine that mediates communication with an external network of a user virtual machine that provides a virtual desktop environment using virtual computing resources that virtualize physical computing resources of a data center and routes communications within the sub-network of the user virtual machine A router virtual machine generation step of generating a router virtual machine;
An active directory creation step of creating an active directory virtual machine that is allocated an IP of the subnetwork from the router virtual machine and authenticates a user account accessing the user virtual machine based on the IP of the allocated subnetwork; And
A desktop for managing a virtual desktop service provided by the user virtual machine and for connecting a session between the user virtual machine and the user account based on the IP of the sub-network allocated to the sub-network from the router virtual machine, A desktop delivery generating step of generating a delivery virtual machine; And
Updating a port forwarding rule of the router virtual machine based on a predefined port of an IP of the subnetwork of the desktop delivery virtual machine. How to prepare. 9. The method of claim 8,
The router virtual machine creation step
Receiving an IP for management through a management network logically separated from a service network including the subnetwork;
Generating the router virtual machine based on the allocated management IP;
Requesting a public IP and a service IP allocation for the generated router virtual machine; And
And updating an initial configuration of the router virtual machine based on a public IP and a service IP allocated in response to the request. 9. The method of claim 8,
The active directory creation step
Receiving an IP for management through a management network logically separated from a service network including the subnetwork;
Creating the active directory virtual machine based on the allocated management IP;
Requesting the router virtual machine for a service IP allocation for the generated active directory virtual machine; And
And updating the initial setting of the active directory based on the service IP allocated in response to the request. ≪ Desc / Clms Page number 19 > 9. The method of claim 8,
The desktop delivery generating step
Receiving an IP for management through a management network logically separated from a service network including the subnetwork;
Generating the desktop delivery virtual machine based on the allocated management IP;
Requesting the router virtual machine for a service IP allocation for the generated desktop delivery virtual machine; And
And updating an initial configuration of the desktop delivery virtual machine based on a service IP assigned in response to the request. ≪ Desc / Clms Page number 19 >

Images