阅读说明：本技术 应用程序许可管理系统及方法 (Application program permission management system and method ) 是由 李鑫 胡伟琪 于 2021-08-11 设计创作，主要内容包括：本申请公开了一种应用程序许可管理系统,包括：许可边车容器,应用程序接口服务器和许可服务器,部署在云端的许可管理器；许可边车容器,用于获得应用程序发出的第一许可验证请求消息,并向应用程序接口服务器发送第二许可验证请求消息；应用程序接口服务器,用于根据第二许可验证请求消息,创建针对许可令牌的用户自定义资源实例,将第二许可验证请求消息携带的待验证许可数据存储到用户自定义资源实例中；许可服务器,用于获得待验证许可数据,并获得许可有效性数据,根据许可有效性数据对待验证许可数据进行验证,获得第一验证结果；许可管理器,用于根据有效性数据获取请求消息获得许可有效性数据,将许可有效性数据返回给许可服务器。(The application discloses an application program license management system, including: the system comprises a license side car container, an application program interface server, a license server and a license manager deployed at the cloud end; the license sidecar container is used for acquiring a first license verification request message sent by the application program and sending a second license verification request message to the application program interface server; the application program interface server is used for creating a user-defined resource instance aiming at the license token according to the second license verification request message and storing the license data to be verified carried by the second license verification request message into the user-defined resource instance; the license server is used for obtaining license data to be verified, obtaining license validity data, verifying the license data to be verified according to the license validity data and obtaining a first verification result; and the license manager is used for acquiring the license validity data according to the validity data acquisition request message and returning the license validity data to the license server.)

1. An application license management system, comprising: the license sidecar container, the application program interface server and the license server which are deployed in the edge container cluster and correspond to the application program, and the license manager deployed in the cloud end;

the license sidecar container is used for acquiring a first license verification request message sent by an application program and sending a second license verification request message to the application program interface server;

the application program interface server is used for creating a user-defined resource instance aiming at the license token according to the second license verification request message, and storing the license data to be verified carried by the second license verification request message into the user-defined resource instance;

the license server is used for accessing the user-defined resource instance, obtaining the license data to be verified, sending a validity data obtaining request message for obtaining the license validity data corresponding to the application program to the license manager, obtaining the license validity data corresponding to the application program returned by the license manager, verifying the license data to be verified according to the license validity data, obtaining a first verification result, and storing the first verification result in the user-defined resource instance;

the license manager is used for obtaining the license validity data according to the validity data obtaining request message and returning the license validity data to the license server;

the application program interface server is also used for obtaining the first verification result from the user-defined resource instance and returning the first verification result to the side car permission container;

the licensed sidecar container is further configured to return the first verification result to the application.

2. The application license management system of claim 1, wherein the license sidecar container is specifically configured to obtain a first license verification request message issued by the application at startup;

the first verification result is used for the application program to determine whether to continue to start.

3. The application program license management system of claim 1, wherein the license server is specifically configured to, after it is monitored that the user-defined resource instance is created, access the user-defined resource instance to obtain the license data to be verified.

4. The application license management system of claim 1, wherein the license server is further configured to generate token data for license verification for execution of the application, the token data being provided to the application program interface server;

the application program interface server is further configured to send the token data to the licensed sidecar container;

the licensed sidecar container is further configured to send the token data to the application.

5. The application program license management system according to claim 4, wherein the first license verification request message carries the token data, the license data to be verified includes the token data, and the license validity data includes validity period information of the token data;

the license server is specifically configured to determine whether the token data included in the license data to be verified is valid according to the validity period information included in the license validity data, obtain a first determination result, and generate the first verification result according to the first determination result.

6. The application program license management system according to claim 1, wherein the license data to be verified includes cluster information to which the electronic device where the application program is located when started belongs;

the license server is specifically configured to determine whether the cluster information is the same as the cluster information of the edge container cluster, obtain a second determination result, and generate the first verification result according to the second determination result.

7. The application program license management system according to claim 1, wherein the license data to be verified includes user information for using the application program, and the license validity data includes user information permitted to use the application program;

the permission server is specifically configured to determine whether user information for using the application is the same as at least one piece of user information in the user information permitted to use the application, obtain a third determination result, and generate the first verification result according to the third determination result.

8. The application program license management system according to claim 7, wherein the license server is specifically configured to, if it is determined that the user information for using the application program is the same as at least one of the user information for which use of the application program is permitted, use the user information for using the application program as permitted user information, determine whether the number of devices currently running the application program by the permitted user information exceeds a permitted device number threshold value, obtain a fourth determination result, and generate the first verification result according to the fourth determination result, wherein the license validity data includes the permitted device number threshold value.

9. The application license management system of claim 4,

the licensed sidecar container is also used to cache the token data.

10. The application license management system of claim 9, wherein the license server is further configured to send, to the application program interface server, first indication information for indicating that the license sidecar container verifies the license data to be verified, or send, to the application program interface server, first status information for indicating that the license server cannot verify the license data to be verified, or send, to the application program interface server, second status information for indicating that the license server cannot perform information interaction with the license manager, when the license server cannot perform information interaction with the license manager;

the application program interface server is further used for sending the first indication information, the first state information or the second state information to the permitted sidecar container;

and the permitted sidecar container is also used for verifying the permitted data to be verified according to the cached token data and the first indication information, the first state information or the second state information to obtain a second verification result, and returning the second verification result to the application program.

11. The application license management system of claim 10, wherein the license data to be verified includes the token data;

the permitted sidecar container is specifically used for judging whether the token data included in the to-be-verified permission data is the same as the cached token data, obtaining a sixth judgment result, and obtaining the second verification result according to the sixth judgment result.

12. The application program license management system according to claim 1, wherein the license server is further configured to obtain all user information of the application program being executed and/or operating environment data of all devices of the application program being executed, which are provided by the application program interface server, and send the all user information of the application program being executed and/or the operating environment data of all devices of the application program being executed to the license manager;

the license manager is specifically configured to generate the license validity data according to the information of all users that are running the application program and/or the running environment data of all devices that are running the application program after obtaining the validity data obtaining request message.

13. An application license management method, comprising:

obtaining a second permission verification request message sent by a permission sidecar container;

according to the second permission verification request message, creating a user-defined resource instance aiming at the permission token, and storing the permission data to be verified carried by the second permission verification request message into the user-defined resource instance;

and obtaining a first verification result from the user-defined resource instance, and returning the first verification result to the permitted sidecar container.

14. An application license management method, comprising:

accessing a user-defined resource instance to obtain permission data to be verified;

sending a validity data acquisition request message for acquiring the validity data of the license corresponding to the application program to a license manager so as to acquire the validity data of the license corresponding to the application program returned by the license manager;

and verifying the permission data to be verified according to the permission validity data to obtain a first verification result, and storing the first verification result into the user-defined resource instance.

Technical Field

The application relates to the technical field of computers, in particular to an application program license management system and two application program license management methods.

Background

With the development of wireless communication technologies such as 4G/5G, the distributed application architecture is gradually used by users, which mainly deploys computing resources to edge computing nodes close to the users. The distributed application architecture has the advantages of reducing response delay, reducing network overhead between the user equipment and the cloud, enhancing private data protection and the like. Common application types include CDN (Content Delivery Network), artificial intelligence, transcoding and uploading of video streams, and the like.

In an Edge environment, in order to improve the efficiency of Application/software engineering, the Application is generally deployed in a cluster in a container manner, for example, the Application is deployed in an ACK @ Edge (Edge container service) cluster in a container manner, at this time, a machine in the cluster is actually provided by a user and added to the ACK @ Edge cluster, and the user has a complete access control right for an API Server (Application Programming Interface Server) of the Edge cluster and a Server in the cluster. This raises the License management problem of application software, for example, a user may get a link of an application image and run the application outside the cluster; the API Server which the user has the right to access can carry out capacity expansion operation on the application in the cluster, so that the application is operated in a mode of violating the license.

The current general License scheme in the industry is to collect hardware fingerprint information such as Series Number, Media Access Control Address (MAC Address) and the like of a server and calculate a License by combining information such as a user mail Address and the like, read hardware information of a local computer when application software runs, compare the hardware information with data retained in the License information, and if the hardware information does not conform to the data, the application fails to start, and the application and the hardware equipment are guaranteed to run in a binding mode by the mode.

However, the existing License scheme has several disadvantages as follows:

(1) in the traditional scheme, License is bound with hardware equipment, so that an application container cannot be subjected to cross-host scheduling in a cluster, and a Kubernetes cluster cannot be subjected to high-availability scheduling on the application container under the condition of host crash; or in this case License authorization is required for the servers of the entire cluster.

(2) In the edge computing scene, because security problems are involved, HTTP access of the public network cannot be directly opened, that is, except access of the API Server of the cloud, other public network service ports are basically inaccessible, and therefore License information synchronization cannot be performed by accessing the License Server deployed in the cloud.

(3) The License management party cannot perform License use condition collection in the runtime under the conventional scheme, that is, if the user performs a configuration upgrading operation on the server running the application, such as upgrading the server of 4C8G to 8C16G, the License management party does not know the information.

Disclosure of Invention

The embodiment of the application provides an application program license management system to solve the problems in the prior art. The embodiment of the application also provides two application program license management methods.

An embodiment of the present application provides an application program license management system, including: the license sidecar container, the application program interface server and the license server which are deployed in the edge container cluster and correspond to the application program, and the license manager deployed in the cloud end;

the license sidecar container is used for acquiring a first license verification request message sent by an application program and sending a second license verification request message to the application program interface server;

the application program interface server is used for creating a user-defined resource instance aiming at the license token according to the second license verification request message, and storing the license data to be verified carried by the second license verification request message into the user-defined resource instance;

the license server is used for accessing the user-defined resource instance, obtaining the license data to be verified, sending a validity data obtaining request message for obtaining the license validity data corresponding to the application program to the license manager, obtaining the license validity data corresponding to the application program returned by the license manager, verifying the license data to be verified according to the license validity data, obtaining a first verification result, and storing the first verification result in the user-defined resource instance;

the license manager is used for obtaining the license validity data according to the validity data obtaining request message and returning the license validity data to the license server;

the application program interface server is also used for obtaining the first verification result from the user-defined resource instance and returning the first verification result to the side car permission container;

the licensed sidecar container is further configured to return the first verification result to the application.

Optionally, the license sidecar container is specifically configured to obtain a first license verification request message sent by the application program when the application program is started;

the first verification result is used for the application program to determine whether to continue to start.

Optionally, the permission server is specifically configured to, after it is monitored that the user-defined resource instance is created, access the user-defined resource instance to obtain the permission data to be verified.

Optionally, the license server is further configured to generate token data for license verification for the running of the application program, and provide the token data to the application program interface server;

the application program interface server is further configured to send the token data to the licensed sidecar container;

the licensed sidecar container is further configured to send the token data to the application.

Optionally, the first license verification request message carries the token data, the license data to be verified includes the token data, and the license validity data includes validity period information of the token data;

the license server is specifically configured to determine whether the token data included in the license data to be verified is valid according to the validity period information included in the license validity data, obtain a first determination result, and generate the first verification result according to the first determination result.

Optionally, the permission data to be verified includes cluster information to which the electronic device belongs when the application program is started;

the license server is specifically configured to determine whether the cluster information is the same as the cluster information of the edge container cluster, obtain a second determination result, and generate the first verification result according to the second determination result.

Optionally, the license data to be verified includes user information for using the application program, and the license validity data includes user information permitted to use the application program;

the permission server is specifically configured to determine whether user information for using the application is the same as at least one piece of user information in the user information permitted to use the application, obtain a third determination result, and generate the first verification result according to the third determination result.

Optionally, the license server is specifically configured to, if it is determined that the user information for using the application is the same as at least one piece of user information in the user information permitted to use the application, use the user information for using the application as licensed user information, determine whether the number of devices currently running the application through the licensed user information exceeds a licensed device number threshold, obtain a fourth determination result, and generate the first verification result according to the fourth determination result, where the license validity data includes the licensed device number threshold.

Optionally, the licensed sidecar container is further configured to cache the token data.

Optionally, the license server is further configured to, when the license server fails to perform information interaction with the license manager, send first indication information used for indicating the license sidecar container to verify the license data to be verified to the application program interface server, or send first status information used for indicating that the license server fails to verify the license data to be verified to the application program interface server, or send second status information used for indicating that the license server fails to perform information interaction with the license manager to the application program interface server;

the application program interface server is further used for sending the first indication information, the first state information or the second state information to the permitted sidecar container;

and the permitted sidecar container is also used for verifying the permitted data to be verified according to the cached token data and the first indication information, the first state information or the second state information to obtain a second verification result, and returning the second verification result to the application program.

Optionally, the license data to be verified includes the token data;

the permitted sidecar container is specifically used for judging whether the token data included in the to-be-verified permission data is the same as the cached token data, obtaining a sixth judgment result, and obtaining the second verification result according to the sixth judgment result.

Optionally, the license server is further configured to obtain all user information of the application program being executed and/or operating environment data of all devices that are executing the application program, which are provided by the application program interface server, and send the all user information of the application program being executed and/or the operating environment data of all devices that are executing the application program to the license manager;

the license manager is specifically configured to generate the license validity data according to the information of all users that are running the application program and/or the running environment data of all devices that are running the application program after obtaining the validity data obtaining request message.

An embodiment of the present application provides an application program license management method, including:

obtaining a second permission verification request message sent by a permission sidecar container;

according to the second permission verification request message, creating a user-defined resource instance aiming at the permission token, and storing the permission data to be verified carried by the second permission verification request message into the user-defined resource instance;

and obtaining a first verification result from the user-defined resource instance, and returning the first verification result to the permitted sidecar container.

An embodiment of the present application provides an application program license management method, including:

accessing a user-defined resource instance to obtain permission data to be verified;

sending a validity data acquisition request message for acquiring the validity data of the license corresponding to the application program to a license manager so as to acquire the validity data of the license corresponding to the application program returned by the license manager;

and verifying the permission data to be verified according to the permission validity data to obtain a first verification result, and storing the first verification result into the user-defined resource instance.

Compared with the prior art, the method has the following advantages:

an embodiment of the present application provides an application program license management system, including: the system comprises a license sidecar container corresponding to an application program, an application program interface server and a license server which are deployed in an edge container cluster, and a license manager which is deployed in a cloud end; the license sidecar container is used for acquiring a first license verification request message sent by an application program and sending a second license verification request message to the application program interface server; the application program interface server is used for creating a user-defined resource instance aiming at the license token according to the second license verification request message, and storing the license data to be verified carried by the second license verification request message into the user-defined resource instance; the license server is used for accessing the user-defined resource instance, obtaining the license data to be verified, sending a validity data obtaining request message for obtaining the license validity data corresponding to the application program to the license manager, obtaining the license validity data corresponding to the application program returned by the license manager, verifying the license data to be verified according to the license validity data, obtaining a first verification result, and storing the first verification result in the user-defined resource instance; the license manager is used for obtaining the license validity data according to the validity data obtaining request message and returning the license validity data to the license server; the application program interface server is also used for obtaining the first verification result from the user-defined resource instance and returning the first verification result to the side car permission container; the licensed sidecar container is further configured to return the first verification result to the application. According to the embodiment of the application program permission verification method and the device, the user-defined resource instance carrying the permission data to be verified is created through the permission side car container and the application program interface server, the permission data to be verified is verified through the permission validity data stored in the cloud end, and the permission verification of the application program under the scene that the access of the edge computing public network is limited is achieved.

Drawings

Fig. 1 is a schematic diagram of an application scenario provided in a first embodiment of the present application.

Fig. 2 is a flowchart of an application license management system according to a first embodiment of the present application.

Fig. 3 is a flowchart of an application license management method according to a second embodiment of the present application.

Fig. 4 is a flowchart of an application license management method according to a third embodiment of the present application.

Fig. 5 is a schematic diagram of a software application license management apparatus according to a fourth embodiment of the present application.

Fig. 6 is a schematic diagram of a software application license management apparatus according to a fifth embodiment of the present application.

Fig. 7 is a schematic view of an electronic device according to a sixth embodiment of the present application.

Detailed Description

In the following description, numerous specific details are set forth to provide a thorough understanding of embodiments of the present application. The embodiments of this application are capable of embodiments in many different forms than those described herein and can be similarly generalized by those skilled in the art without departing from the spirit and scope of the embodiments of this application and, therefore, the embodiments of this application are not limited to the specific embodiments disclosed below.

In order to make those skilled in the art better understand the solution of the present application, a detailed description is given below of a specific application scenario of an embodiment of the present application based on the application license management system provided in the present application, as shown in fig. 1, which is a schematic diagram of an application scenario provided in a first embodiment of the present application.

This scenario corresponds to the software application license management system provided in the first embodiment of the present application, in which a user uses application software through a software application license, and the software application license is still within a validity period. Specifically, in the process of starting the application program, the application program adds permission verification logic into a starting code, requests a port of a local host, sends a verification request and sends the verification request to a permission Sidecar container (License Sidecar), the permission Sidecar container accesses an application program interface server after receiving the verification request, the application program interface server creates a user-defined Resource instance (Custom Resource Definition) aiming at a permission token according to the verification request, then obtains a creation completion instruction corresponding to the user-defined Resource instance, and stores the permission data to be verified into the user-defined Resource instance according to the creation completion instruction. The sidecar container is a sidecar for realizing client logic of specific verification code verification, the sidecar is a mode of application deployment, and part of logic is transferred from application to the sidecar to be realized.

After the application program interface Server stores the License data to be verified in the user-defined resource instance, a creation completion instruction of the License data to be verified is correspondingly generated and sent to a License Server (License Server), and the License Server obtains the License data to be verified according to the creation completion instruction after detecting that the user-defined resource instance is created. And, the License server sends a validity data acquisition request message for acquiring the License validity data corresponding to the application program to a License Manager (License Manager) to acquire the License validity data stored by the License Manager deployed in the cloud. And then, verifying the license data to be verified through the license validity data to obtain a first verification result, and storing the first verification result in the user-defined resource instance. Then, the side car permission container monitors the first verification result and sends the first verification result back to the application program, and the application program determines whether to continue to start or stop running according to the verification result.

It should be added that, based on the license sidecar container, all the user-defined resource instances in the application program interface service module can be cached, so that when a weak network or an end network (as indicated by a dotted arrow in fig. 1, an edge is not communicated with a cloud), the verification of the license data to be verified can be completed by caching all the user-defined resource instances in the application program interface service module.

Corresponding to the above scenario, a first embodiment of the present application provides an application program license management system, as shown in fig. 2, and fig. 2 is a schematic diagram of an application software license management system provided in the first embodiment of the present application.

In a first embodiment of the present application, the system comprises: a license sidecar container 201 corresponding to the application program, an application program interface server 202 and a license server 203 which are deployed in the edge container cluster, and a license manager 204 which is deployed in the cloud.

In the first embodiment of the present application, the cluster may be an Edge container cluster (Acknowledge container cluster @ Edge cluster). The allowed sidecar container 201 is an auxiliary container in the container group, the sidecar container refers to a sidecar of the client logic for realizing specific verification code verification, the sidecar is a mode of application deployment, and a part of logic is migrated from the application to the sidecar to be realized. In the first embodiment of the present application, the license sidecar container 201 is deployed in the same container group as the component application instance, and is responsible for communicating with the license server and performing the roles of application license verification and the like. The application program interface server provides the addition, deletion, modification and check of various resource objects, and is a data bus and a data center of the whole system. Authentication authorization, data verification and cluster state change of cluster management are provided; and a hub for data interaction and communication between other modules is provided (the other modules inquire or modify data through the application program interface server, and only the application program interface server directly operates the etcd). In the first embodiment of the present application, the application program interface server is configured to create a user-defined resource instance for the license token, and store the license data to be verified in the user-defined resource instance. And the license server is deployed in a pipe supporting component in the ACK/ACK @ Edge cluster and is responsible for verifying the license validity of the application program, generating Token and the like, and regularly counting the CPU usage of the container group instance and reporting the CPU usage to the license manager.

The functional roles of the license sidecar container 201, the application program interface server 202, the license server 203, and the license manager 204 deployed in the cloud end are described in detail below.

In the first embodiment of the present application, the License Sidecar container 201(License Sidecar) is configured to obtain a first License verification request message sent by an application program, and send a second License verification request message to the application program interface server 202. Wherein the first license verification request message and the second license verification request message are the same license verification request message.

Specifically, in the first embodiment of the present application, the license sidecar container 201 is specifically used to obtain the first license verification request message issued by the application program at the time of startup. In the process of starting the Application program, the Application program adds permission verification logic in the start code, requests a port of the local host, sends a first verification request and sends the first verification request to the permission sidecar container 201, and the permission sidecar container 201 sends a second permission verification request message to an Application Programming Interface Server 202(API Server) after receiving the first verification request.

In the first embodiment of the present application, the application program interface server 202 is configured to create a user-defined resource instance for the license token according to the second license verification request message, and store the license data to be verified, which is carried in the second license verification request message, in the user-defined resource instance.

In the first embodiment of the present application, the license server 203 is configured to access the user-defined resource instance to obtain the license data to be verified. Specifically, after the user-defined resource instance is created, the License Server 203(License Server) may monitor that the user-defined resource instance is created, and then access the user-defined resource instance to obtain the License data to be verified.

After obtaining the License data to be verified, the License server 203 is further configured to send a validity data obtaining request message for obtaining License validity data corresponding to the application program to a License Manager 204(License Manager), obtain the License validity data corresponding to the application program returned by the License Manager 204, verify the License data to be verified according to the License validity data, obtain a first verification result, and store the first verification result in the user-defined resource instance. Wherein the first verification result is used for the application program to determine whether to continue to start.

Further, the license server 203 is also configured to generate token data for license verification for the execution of the application program, and provide the token data to the application program interface server 202. Correspondingly, the application program interface server 202 is further configured to send the token data to the licensed sidecar container 201, and the licensed sidecar container 201 is further configured to send the token data to the application program, so that the application program operates according to the token data. Of course, in the first embodiment of the present application, the licensed sidecar container 201 is also used to cache the token data.

In the first embodiment of the present application, the first license verification request message carries the token data, and the first license verification request message and the second license verification request message are the same license verification request message based on that the first license verification request message and the second license verification request message carry the token data, and the second license verification request message carries the license data to be verified based on that the license data to be verified includes the token data, and the license validity data includes the validity period information of the token data. Correspondingly, the license server 203 is specifically configured to determine whether the token data included in the license data to be verified is valid according to the validity period information included in the license validity data, obtain a first determination result, and generate the first verification result according to the first determination result.

For example, where the validity period information is a usage period specified for the license for the software application to be produced, for example, the period specified for the validity period information is 6/2020 to 9/2020, the token data included in the license data to be verified cannot be used any further until 6/2020 or after 9/2020. For example, if the validity period information included in the license validity data is 6 month 2020 to 9 month 2020, and the token data included in the license data to be verified is 7 month 2020 to 8 month 2020, after verification, the first determination result is obtained, and the first verification result is generated according to the first determination result.

In the first embodiment of the present application, the permission data to be verified includes cluster information to which the electronic device where the application program is located belongs when the application program is started, and correspondingly, the permission server 203 is specifically configured to determine whether the cluster information is the same as cluster information of an edge container cluster, obtain a second determination result if the cluster information is the same as the cluster information of the edge container cluster, and generate the first verification result according to the second determination result.

In the first embodiment of the present application, the license data to be verified includes user information for using the application program, the license validity data includes user information permitted to use the application program, and correspondingly, the license server 203 is specifically configured to determine whether the user information for using the application program is the same as at least one user information in the user information permitted to use the application program, obtain a third determination result if the user information is the same as the at least one user information, and generate the first verification result according to the third determination result. Specifically, the license server 203 is specifically configured to, if it is determined that the user information for using the application is the same as at least one piece of user information in the user information permitted to use the application, use the user information for using the application as the permitted user information, determine whether the number of devices currently running the application through the permitted user information exceeds a threshold value of the number of permitted devices, if not, obtain a fourth determination result, and generate the first verification result according to the fourth determination result, where the license validity data includes the threshold value of the number of permitted devices.

For example, it is specified that the threshold of the number of licensed devices is 5, if the number of devices currently running the application program through the information of the licensed user is 3, after the determination, the number of devices currently running the application program through the information of the licensed user does not exceed the threshold of the number of licensed devices, a fourth determination result is obtained, and the first verification result is generated according to the fourth determination result. On the contrary, if the threshold value of the number of licensed devices is 5, the number of devices currently running the application program through the licensed user information is 6 (after the first five software application licenses are enabled simultaneously, the sixth software application license is verified when being used and started), and after verification, the start is verified to be over-limit.

In the first embodiment of the present application, the license data to be verified includes execution environment data of a device that requests execution of an application; the operation environment data at least comprises CPU operation data and storage data of the memory. Correspondingly, the license server 203 is specifically configured to, if it is determined that the user information for using the application is the same as at least one piece of user information in the user information permitted to use the application, use the user information for using the application as the permitted user information, determine whether the operating environment data of the device requesting to operate the application satisfies the operating environment condition of the device operating the application corresponding to the permitted user information, obtain a fifth determination result, and generate the first verification result according to the fifth determination result, where the license validity data includes the operating environment condition of the device operating the application corresponding to the permitted user information. Specifically, when a user purchases the right to use a software application, it is determined whether the CPU operating data of the device requesting to run the application satisfies the operating speed condition of the device requesting to run the application, or the like, or whether the storage data of the memory of the device requesting to run the application satisfies the storage capacity condition of the device requesting to run the application, or the like.

After the license server 203 obtains the first verification result, the application program interface server 202 is further configured to obtain the first verification result from the user-defined resource instance, and return the first verification result to the licensed sidecar container 201, and correspondingly, the licensed sidecar container 201 is further configured to return the first verification result to the application program.

In the first embodiment of the present application, the permission data to be verified includes cluster information to which the electronic device where the application program is located belongs when the application program is started, and correspondingly, the permission server 203 is specifically configured to determine whether the cluster information is the same as the cluster information of the edge container cluster, obtain a second determination result, and generate the first verification result according to the second determination result. By collecting cluster information, software application permission and hardware equipment are unbound, and applications can freely migrate on servers in a cluster, namely cross-host scheduling of the applications in the cluster is realized, so that the cluster can be used for high-availability scheduling of the applications under the condition that a host machine crashes.

In the first embodiment of the present application, the license server 203 is further configured to, when the license server 203 cannot perform information interaction with the license manager 204 (for example, in a case of weak network or network outage), send first indication information for indicating that the license sidecar container 201 verifies the license data to be verified to the application program interface server 202, or send first status information for indicating that the license server 203 cannot verify the license data to be verified to the application program interface server 202, or send second status information for indicating that the license server 203 cannot perform information interaction with the license manager 204 to the application program interface server 202; correspondingly, the application program interface server 202 is further configured to send the first indication information, the first status information, or the second status information to the permitted sidecar container 201; the allowed sidecar container 201 is further configured to verify the allowed data to be verified according to the cached token data and the first indication information, the first state information or the second state information, obtain a second verification result, and return the second verification result to the application program. Further, the license data to be verified includes the token data, and correspondingly, the licensed sidecar container 201 is specifically configured to determine whether the token data included in the license data to be verified is the same as the cached token data, obtain a sixth determination result, and obtain the second verification result according to the sixth determination result.

In the first embodiment of the present application, the license manager 204 is configured to obtain the license validity data according to the validity data obtaining request message, and return the license validity data to the license server 203. In the first embodiment of the present application, corresponding to the foregoing, the license server 203 is further configured to obtain all user information of the application program being executed and/or operating environment data of all devices that are executing the application program, which are provided by the application program interface server 202, and send the all user information of the application program being executed and/or the operating environment data of all devices that are executing the application program to the license manager 204. Correspondingly, the license manager 204 is specifically configured to generate the license validity data according to the information of all users running the application program and/or the running environment data of all devices running the application program after obtaining the validity data obtaining request message.

In the first embodiment of the present application, the method further includes: the license database is deployed at the cloud end and used for storing all data or part of data in the license validity data; the license manager 204 is further configured to obtain all or part of the license validity data from the license database according to the validity data obtaining request message. It should be added that, after the license server 203 reads the license data to be verified of the relevant application program, the license server 203 uploads the license data to be verified to the cloud periodically and stores the license data in the license database of the cloud, so that the relevant information of the license of the software application is stored in the cloud, and statistics and collection of specification information of all application instances using a certain license of the software application in the cluster are completed. Furthermore, this stored information can serve as license validity data for the next time that the software application license is verified.

A first embodiment of the present application provides an application license management system, including: a license sidecar container 201 corresponding to an application program, an application program interface server 202 and a license server 203 deployed in an edge container cluster, and a license manager 204 deployed in a cloud; the permitted sidecar container 201 is configured to obtain a first permission verification request message sent by an application program, and send a second permission verification request message to the application program interface server 202; the application program interface server 202 is configured to create a user-defined resource instance for the license token according to the second license verification request message, and store the license data to be verified, which is carried in the second license verification request message, in the user-defined resource instance; the license server 203 is configured to access the user-defined resource instance, obtain the license data to be verified, send an obtaining request message of validity data used for obtaining the license validity data corresponding to the application program to the license manager 204, obtain the license validity data corresponding to the application program returned by the license manager 204, verify the license data to be verified according to the license validity data, obtain a first verification result, and store the first verification result in the user-defined resource instance; the license manager 204 is configured to obtain the license validity data according to the validity data obtaining request message, and return the license validity data to the license server 203; the application program interface server 202 is further configured to obtain the first verification result from the user-defined resource instance, and return the first verification result to the licensed sidecar container 201; the licensed sidecar container 201 is also used to return the first verification result to the application. According to the first embodiment of the application, the user-defined resource instance carrying the license data to be verified is created through the license sidecar container 201 and the application program interface server 202, the license data to be verified is verified through the license validity data stored in the cloud, and the license verification of the application program under the scene of limited access of the marginal computing public network is realized.

In correspondence with the above system, a second embodiment of the present application provides an application license management method whose execution subject is an application interface server. As shown in fig. 3, fig. 3 is a flowchart of an application license management method according to a second embodiment of the present application. The method comprises the following steps:

in step S301, a second license verification request message sent by the licensed sidecar container is obtained.

In this step, the allowed sidecar container is an auxiliary container in the container group, the sidecar container is a sidecar for implementing the client logic for verifying the specific verification code, the sidecar is a mode for deploying the application, and a part of logic is migrated from the application to the sidecar to be implemented. The License Sidecar container (License Sidecar) is used for obtaining a first License verification request message sent by the application program and sending a second License verification request message to the application program interface server. Wherein the first license verification request message and the second license verification request message are the same license verification request message.

Step S302, according to the second permission verification request message, a user-defined resource instance aiming at the permission token is created, and the permission data to be verified carried by the second permission verification request message is stored in the user-defined resource instance.

In the step, the second permission verification request message carries permission data to be verified, after the second permission verification request message is obtained, a user-defined resource instance aiming at the permission token can be created according to the second permission verification request message, and the permission data to be verified carried by the second permission verification request message is stored in the user-defined resource instance.

Step S303, obtaining a first verification result from the user-defined resource instance, and returning the first verification result to the permitted side car container.

In this step, the first verification result is obtained by verifying the license data to be verified in the user-defined resource instance through the license validity data, specifically, whether the token data included in the license data to be verified is valid is judged according to the validity period information included in the license validity data, a first judgment result is obtained, and the first verification result is generated according to the first judgment result. For example, where the validity period information is a usage period specified for the license for the software application to be produced, for example, the period specified for the validity period information is 6/2020 to 9/2020, the token data included in the license data to be verified cannot be used any further until 6/2020 or after 9/2020. For example, if the validity period information included in the license validity data is 6 month 2020 to 9 month 2020, and the token data included in the license data to be verified is 7 month 2020 to 8 month 2020, after verification, the first determination result is obtained, and the first verification result is generated according to the first determination result. And returning the first verification result to the permitted sidecar container after the first verification result is obtained.

In correspondence with the above system, the third embodiment of the present application provides an application program license management method, which is applied to a license server. As shown in fig. 4, fig. 4 is a flowchart of an application license management method according to a third embodiment of the present application. The method comprises the following steps:

step S401, accessing the user-defined resource instance to obtain the permission data to be verified.

In this step, the user-defined resource instance is created based on the application program interface server according to the verification request, and a creation completion instruction corresponding to the user-defined resource instance is obtained, and the license data to be verified is stored in the user-defined resource instance according to the creation completion instruction. And after the license server monitors the user-defined resource instance, accessing the user-defined resource instance to obtain the license data to be verified.

Step S402, sending a validity data acquisition request message for acquiring the license validity data corresponding to the application program to the license manager, so as to acquire the license validity data corresponding to the application program returned by the license manager.

After obtaining the license data to be verified, a validity data obtaining request message for obtaining license validity data corresponding to the application program may be issued to the license manager. The license manager is a manager deployed in the cloud and used for providing validity data of the license validity data corresponding to the application program. The validity data may verify the license data to be verified. See step S403 for details.

Step S403, verifying the license data to be verified according to the license validity data to obtain a first verification result, and storing the first verification result in the user-defined resource instance.

Specifically, whether token data included in license data to be verified is valid is judged according to validity period information included in the license validity data, a first judgment result is obtained, and the first verification result is generated according to the first judgment result. For example, where the validity period information is a usage period specified for the license for the software application to be produced, for example, the period specified for the validity period information is 6/2020 to 9/2020, the token data included in the license data to be verified cannot be used any further until 6/2020 or after 9/2020. For example, if the validity period information included in the license validity data is 6 month 2020 to 9 month 2020, and the token data included in the license data to be verified is 7 month 2020 to 8 month 2020, after verification, the first determination result is obtained, and the first verification result is generated according to the first determination result. And returning the first verification result to the permitted sidecar container after the first verification result is obtained.

In the first embodiment of the present application, the license data to be verified includes user information for using the application program, the license validity data includes user information permitted to use the application program, and correspondingly, the license server is specifically configured to determine whether the user information for using the application program is the same as at least one piece of user information in the user information permitted to use the application program, obtain a third determination result if the user information is the same as the at least one piece of user information, and generate the first verification result according to the third determination result. Specifically, the license server is specifically configured to, if it is determined that the user information for using the application is the same as at least one piece of user information in the user information permitted to use the application, use the user information for using the application as licensed user information, determine whether the number of devices currently running the application through the licensed user information exceeds a licensed device number threshold, obtain a fourth determination result if the number of devices currently running the application through the licensed user information does not exceed the licensed device number threshold, and generate the first verification result according to the fourth determination result, where the license validity data includes the licensed device number threshold.

For example, it is specified that the threshold of the number of licensed devices is 5, if the number of devices currently running the application program through the information of the licensed user is 3, after the determination, the number of devices currently running the application program through the information of the licensed user does not exceed the threshold of the number of licensed devices, a fourth determination result is obtained, and the first verification result is generated according to the fourth determination result. On the contrary, if the threshold value of the number of licensed devices is 5, the number of devices currently running the application program through the licensed user information is 6 (after the first five software application licenses are enabled simultaneously, the sixth software application license is verified when being used and started), and after verification, the start is verified to be over-limit.

In the third embodiment of the present application, the license data to be verified includes operating environment data of a device that requests to operate the application; the operation environment data at least comprises CPU operation data and storage data of the memory. Correspondingly, the license server is specifically configured to, if it is determined that the user information for using the application is the same as at least one piece of user information in the user information permitted to use the application, use the user information for using the application as the permitted user information, determine whether the operating environment data of the device requesting to operate the application satisfies the operating environment condition of the device operating the application corresponding to the permitted user information, obtain a fifth determination result, and generate the first verification result according to the fifth determination result, where the license validity data includes the operating environment condition of the device operating the application corresponding to the permitted user information. Specifically, when a user purchases the right to use a software application, it is determined whether the CPU operating data of the device requesting to run the application satisfies the operating speed condition of the device requesting to run the application, or the like, or whether the storage data of the memory of the device requesting to run the application satisfies the storage capacity condition of the device requesting to run the application, or the like.

After the license server obtains the first verification result, the application program interface server is further configured to obtain the first verification result from the user-defined resource instance, and return the first verification result to the licensed sidecar container, and correspondingly, the licensed sidecar container is further configured to return the first verification result to the application program.

In a third embodiment of the present application, the permission data to be verified includes cluster information to which the electronic device where the application program is located belongs when the application program is started, and correspondingly, the permission server is specifically configured to determine whether the cluster information is the same as the cluster information of the edge container cluster, obtain a second determination result, and generate the first verification result according to the second determination result. By collecting cluster information, software application permission and hardware equipment are unbound, and applications can freely migrate on servers in a cluster, namely cross-host scheduling of the applications in the cluster is realized, so that the cluster can be used for high-availability scheduling of the applications under the condition that a host machine crashes.

A fourth embodiment of the present application correspondingly provides an application license management apparatus, corresponding to the application license management method provided in the second embodiment of the present application. Since the apparatus embodiment is substantially similar to the second embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the second embodiment for relevant points. The device embodiments described below are merely illustrative.

Please refer to fig. 5, which is a diagram illustrating an application license management apparatus according to a fourth embodiment of the present application. The application program license management device includes: a second license verification request message obtaining unit 501, configured to obtain a second license verification request message sent by a licensed sidecar container; a to-be-verified permission data processing unit 502, configured to create a user-defined resource instance for the permission token according to the second permission verification request message, and store to-be-verified permission data carried in the second permission verification request message in the user-defined resource instance; and the first verification result processing unit 503 is configured to obtain a first verification result from the user-defined resource instance, and return the first verification result to the permitted sidecar container.

A fifth embodiment of the present application correspondingly provides an application license management apparatus, corresponding to the application license management method provided in the third embodiment of the present application. Since the apparatus embodiment is substantially similar to the third embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the third embodiment for relevant points. The device embodiments described below are merely illustrative.

Please refer to fig. 6, which is a diagram illustrating an application license management apparatus according to a fifth embodiment of the present application. The application program license management device includes: a to-be-verified permission data obtaining unit 601, configured to access a user-defined resource instance to obtain to-be-verified permission data; a license validity data processing unit 602, configured to issue, to a license manager, a validity data acquisition request message for acquiring license validity data corresponding to an application program by using license validity data to obtain license validity data corresponding to the application program returned by the license manager; a first verification result processing unit 603, configured to verify the license data to be verified according to the license validity data, obtain a first verification result, and store the first verification result in the user-defined resource instance.

Corresponding to the application program license management methods of the second and third embodiments of the present application, a sixth embodiment of the present application also provides an electronic device. As shown in fig. 7, fig. 7 is a schematic view of an electronic device provided in a sixth embodiment of the present application. The electronic device includes: a processor 601; a memory 602 for storing a computer program executed by the processor to execute the application license management method according to the second embodiment or the third embodiment.

Corresponding to the application license management methods of the second and third embodiments of the present application, a seventh embodiment of the present application also provides a computer storage medium storing a computer program executed by a processor to execute the application license management methods of the second and third embodiments.

Although the present application has been described with reference to the preferred embodiments, it is not intended to limit the present application, and those skilled in the art can make variations and modifications without departing from the spirit and scope of the present application, therefore, the scope of the present application should be determined by the claims that follow.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.