CN100493089C - Service computing system based on service and underlying resource separation - Google Patents
Service computing system based on service and underlying resource separation Download PDFInfo
- Publication number
- CN100493089C CN100493089C CNB2005101325497A CN200510132549A CN100493089C CN 100493089 C CN100493089 C CN 100493089C CN B2005101325497 A CNB2005101325497 A CN B2005101325497A CN 200510132549 A CN200510132549 A CN 200510132549A CN 100493089 C CN100493089 C CN 100493089C
- Authority
- CN
- China
- Prior art keywords
- service
- module
- resource
- deployment
- trust
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to server computer system based on the separated service and bottom resource, which comprises: from bottom to top, a resource layer with original service, bottom resource and allocated service; a distributed service register library supported organizing and finding all resource, a service browser to provide operation platform based on Web, and a user layer with providers for service and bottom resource and consumer. Compared with prior art, this invention improves treatment efficiency, and reduce cost.
Description
Technical field
The present invention relates to a kind of service computing system that separates with underlying resource based on service, relate in particular to a kind of be used for solving how serving easily in service compute provide and use, and the service computing system that separates with underlying resource based on service of problems such as the operational efficiency that guarantees service and resource utilization.
Background technology
Internet calculating based on SOA (abbreviation of Service Oriented Architecture) structure is called service compute, specifically comprises Web service and service grid environment etc.How serving easily in service compute provides and uses and problem such as the operational efficiency that guarantees to serve and resource utilization, becomes the task of top priority.
In service compute, calculating, storage, network, data and software resource all are conceptualized as service, support the resource of service operation, comprise computational resource, storage resources and network environment or the like.In service compute, in general three class entities are arranged, i.e. ISP, service consumer and web services registry.The ISP provides the service that can handle problems to the user, and the relevant information of serving is published in the web services registry; Service consumer, i.e. user searches the service that needs from web services registry, and operation service and ISP carry out finishing the use of service alternately on corresponding resource.
In the existing service compute, the Web service field is an example with Apache Axis, and Apache Axis is a foremost middleware system in the Web service field, the running environment that it provides the foundation for the operation of Web service.But Axis only limits to provide running environment for the service on the node, do not have respectively the underlying resource of service and operation service to be considered, the dynamic deployment function of serving the bottom resource is not provided, makes service to operate on the resource of being bound like this.And Axis does not provide the function of service discovery yet, the user must integrate Axis and UDDI service discovery system such as (Universal Description, the abbreviations of Discoveryand Integration) could make up complete Web service operational support system, OSS.Even if like this, because UDDI self also exists a lot of problems.UDDI is the important component part of Web service protocol suite, it has defined the information model of describing Web service, and provide a unified registration and a discovery of the overall situation to serve, by this abstract mode of tModel the classification of service is described, and can be by to the expansion support of tModel storage and the inquiry to the QoS attribute.UDDI structurally is still centralized mode, is easy to cause the problem of performance bottleneck and single point failure, and this is not suitable for the wide area distributed computing environment of service compute.In addition, UDDI only retrieves at the information of the service of having disposed, and does not support the retrieval to the resource of operation service.
In service grid environment, Globus Toolkit 4.0 is typical service grid environment middleware systems.GlobusToolkit 4.0 is not only for following Web service resource framework (Web service resourceframework, abbreviation WSRF) service of standard provides running environment WSRF, the monitoring and discovery service basic functions such as (Monitor and Discovery Service are called for short MDS) that are used for service discovery also are provided simultaneously.But WSRF core does not provide dynamic service arrangement function, that is to say and use Globus Toolkit 4.0, the user can not dynamically be deployed to service on the underlying resource (as PC), service among the Globus Toolkit 4.0 and underlying resource remain and bind together in other words, the supplier wants for the user provides service, must be in advance with service arrangement to the computer of appointment.In addition, though MDS provides the function of service discovery, and adopted distributed structure, but its structure is complete stratification, and information converges to the upper strata gradually from lower floor, but when network size becomes big, the load of the assembly on MDS upper strata is increasing, and efficient also decreases.Even more noteworthy, do not provide the information of underlying resource among the MDS, the user can not find the needed underlying resource that is used for operation service by MDS.
The problem that prior art exists is, no matter is Web service, or in the realization of the system of service grid environment, all will not serve and separately consideration of resource.The ISP must provide the resource of operation service, and the consumer of service can only call the service that has been deployed on the specific resources and handle the problem of oneself, has no idea freely to select service and resource.The binding of this service and resource has caused following three problems:
1. the treatment effeciency of user job and the utilance of resource have been reduced.Aspect job processing efficiency, because the user can only select to be deployed in the service on the specific resources, therefore have no idea to select respectively best resource and service to come processing operation, this will inevitably reduce the treatment effeciency of operation; On the utilance of resource, may there be a large amount of resources because there is not service operation, and makes its resource waste, reduced overall resource utilization.
2. in the true applied environment that needs pay to use, the user may pay higher economic cost for same service and resource.In actual applications, resource and service are not free, need the user to buy by certain mode.If providing respectively of resource and service is not provided, the user has no idea to select respectively to have the resource and the service of optimality price ratio, thereby causes paying more economic cost potentially.
3. under the network environment of dynamic wide area, face bigger security challenge.Under the dynamic Wide Area Network environment that highly distributes, the trusting relationship between each entity has no idea to set up in advance, and potential security threat and user form sharp-pointed contradiction to the demand of job safety reliability service.Although current a lot of safe practice is devoted to solve the challenge that faces, these technology often all can reduce the treatment effeciency of system greatly.On the other hand, in some cases, the user may have or know some believable safe resources in advance, and the user can handle the operation of oneself relievedly on these resources.But under the situation of service and resource binding, may not serve and to move on the resource that the user trusted, so the user has to select to operate in the service on the insincere resource, thereby has increased safe risk, and sacrificed the efficient that operation is handled in order to obtain safety.
Summary of the invention
The objective of the invention is to propose a kind of service computing system that separates with underlying resource based on service at above-mentioned the deficiencies in the prior art, in order to will serve and the resource of operation service is separated, improve the treatment effeciency of user job and the utilance of resource, and under the dynamic Wide Area Network environment that highly distributes, be reduced to the processing cost that safeguards system safety is paid.
Based on above-mentioned purpose, the invention provides a kind of service computing system that separates with underlying resource based on service, this system comprises: resource layer, be provided with original service, underlying resource and deployment services, be positioned at the bottom of described system, described underlying resource is provided with: node server, cluster, Pc machine; This node server is used to provide service operation environment, authentic remote service heat deploying function and monitoring resource function to the underlying resource of this node is provided; The Distributed Services registry for the tissue and the discovery of all kinds of resources provides support, is positioned at the last layer of described resource layer; Service browser provides operating platform based on the Web mode to the user, is positioned at the last layer of described Distributed Services registry; Client layer is provided with and serves provider, underlying resource supplier and consumer, is positioned at the last layer of described service browser.
The present invention separates by serving with underlying resource, has solved in the service compute of current service and underlying resource binding low, the potential higher resource of job processing efficiency and resource utilization effectively and has used economic cost and safety problem.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Fig. 1 is the system configuration schematic diagram of a preferred embodiment of the present invention;
Fig. 2 is the structural representation of a preferred embodiment of believable service remote thermal deployment module among the present invention;
Fig. 3 is the structural representation of a preferred embodiment of trust negotiation proxy module among the present invention;
Fig. 4 disposes the flow chart of disposing module operation in the service process for service arrangement module among the present invention;
Fig. 5 disposes the flow chart of anti-deployment module operation in the service process for service arrangement module among the present invention;
Fig. 6 disposes the flow chart of heavy deployment module operation in the service process for service arrangement module among the present invention;
Fig. 7 is the schematic diagram of a basic trust negotiation process during believable service remote thermal is disposed among the present invention;
Fig. 8 is an embodiment flow chart of trust negotiation process during believable service remote thermal is disposed among the present invention;
Fig. 9 realizes the flow chart of the embodiment that whole believable service remote thermal is disposed for the present invention;
Figure 10 is the structural representation that is used for a preferred embodiment of nodal information monitoring module of node resource monitoring among the present invention;
Figure 11 is the process chart of resource monitor among the present invention;
Figure 12 is the process chart of supplier's manager among the present invention;
Figure 13 is the structural representation of DSR embodiment RLDS among the present invention;
Figure 14 is the flow chart of soft state management neutron node report state information among the present invention;
Figure 15 checks the flow chart of state information for father node in the soft state management among the present invention;
Figure 16 is the preceding tree topology schematic diagram of middle layer node inefficacy;
Figure 17 is the tree topology schematic diagram after the inefficacy reconstruct;
Figure 18 is the flow chart of middle layer node inefficacy back tree topology reconstruct;
Figure 19 is the flow chart of the recovery of tree;
Figure 20 is the flow chart based on the information query method of forest shape topological structure.
Embodiment
Now being embodied as example with the system of the service grid environment in the service compute is elaborated.
At first define following term:
Original service (Raw services is hereinafter to be referred as RS).RS is meant the service that the ISP designs and develops, but also is not deployed on the computer, and therefore such service is out of use.RS is similar to the software kit that software supplier provides very much, and before software kit was not mounted, software can't be used.The concrete form of RS is presented as the compressed package of a GAR (Grid Archive) form, and GAR is a kind of service document form by Globus Toolkit definition.
Underlying resource (Underlying resources is hereinafter to be referred as UR).UR refers to support the underlying resource of service operation, and for example high-performance server, cluster, PC are if the change of segmentation comprises computational resource, storage resources, Internet resources and instrument and equipment or the like.
Deployment services (Deployed services is hereinafter to be referred as DS).After DS is meant and is deployed to RS more than the UR, the service that can be used by the user that obtains.DS is similar to and has been installed in a certain the software on the computer very much, and such software can be used by the user.
In fact, RS, UR and DS can regard the resource in the network as, just their character separately is different with form, all resources that relate in the service compute are divided into RS, UR for we and this three major types of DS is other, unless specified otherwise, the meaning of hereinafter " resource " have contained RS, UR and three kinds of resources of DS.
Fig. 1 is the system configuration schematic diagram of this a preferred embodiment, and its structure is divided according to level, and being divided into is four layers.
Orlop is a resource layer 10, and said here is sensu lato resource, has comprised RS 11, UR 12 and DS 13 when RS 11 and UR 12 are separated, also allows to have the service of having disposed in the network, and promptly DS 13, so DS 13 is also drawn at this one deck.
The second layer is Distributed Services registry 20 (Distributed Service Repository is called for short DSR).DSR is similar to the web services registry in the service-oriented architecture (Service Oriented Architecture, be called for short SOA), for the tissue and the discovery of all kinds of resources provides support.Different is that the resource kind that DSR supported has comprised RS, UR and DS three class resources.RS, UR and DS that DSR will be distributed on the network organize according to certain logical construction, querying method has efficiently been realized in inside, provide abundant query interface to export-oriented user, the processing that the user can find own resource needed to fulfil assignment by DSR.
The 3rd layer of service browser 30 (Service Explorer is called for short SE).SE 30 is the one decks between DSR 20 and client layer 40, and SE 30 provides and issues all kinds of resources for ISP 41, underlying resource supplier 42 and provides support, and supports consumer 43 to use resource to carry out problem solving efficiently and easily simultaneously.
Topmost one deck is a client layer 40.This one deck comprises that open service provides a few class users with consumer environment: ISP 41, underlying resource supplier 42 and consumer 43.The supplier is by SE 30 issue resources; Consumer 43 can search needed RS 11, UR 12 and DS 13 by SE 30, and submits the operation of oneself to, finally obtains the operation result.
In the system of the service grid environment that separates with underlying resource based on service realizes, select the basic way of realization of WSRF standard as service.The operation of service needs the support of UR, and operation service simultaneously requires to have the support of software environment, for the WSRF service, set up a software runtime environment of supporting the WSRF service, usually, such running environment is called service container.In the service grid environment computing system that separates with underlying resource based on service, with node server (Node Server, be called for short NS) as service container, and require all to add based on the UR in the service grid environment system of service and underlying resource classification, a NS software environment all will be installed.
The major function of NS comprises: provide the basic running environment of WSRF service, believable service remote thermal to dispose (Remote ﹠amp; Hot Service Deployment with Trustworthiness is called for short ROST) and the node resource monitoring.
The basic running environment of WSRF service is meant that NS is necessary for the WSRF service basic running environment is provided, and comprises the realization of WSRF standard and processing of soap message or the like, and this function has adopted the realization of increasing income of GlobusToolkit 4.0 kernels.
Be provided with believable service remote thermal deployment module among the NS and be used to realize believable service remote thermal deployment function, believable service remote thermal is disposed the deployment issue that mainly solves service, comprising three main function characteristicses: the safety in hot deployment, remote deployment and the deployment.The deployment of service is the deployment of RS in essence, and process is similar to the installation process of software, and its main work is that the configuration of NS is upgraded, and is similar to software is installed to process in the operating system.So-called heat is disposed and is meant after the new RS deployment, need not to restart service container, can be so that service can be called.Remote deployment mainly is the distributed nature at network, and the deployer of service may be dispersed on the different network nodes with NS, therefore need provide the NS of service arrangement to far-end.Network environment is very complicated, the deployer of malice may be the malice service arrangement that comprises virus to NS, the deployer of the same possibility of the NS of malice spoofs services externally provides false service simultaneously, therefore the very big security risk of existence in the process of service arrangement.And, be difficult on the network any two entities relation that breaks the wall of mistrust in advance because the deployer of service may be positioned at the autonomous territory of different safety with NS, therefore must solve the safety in the deployment under this environment.
Dispose for realizing believable service remote thermal, the present invention adopts following technical scheme: the form with the WSRF service in service container realizes a remote deployment service, be responsible for to receive the service that will dispose that transmits from the deployer, and this service arrangement in service container.Can to use behind the service arrangement and do not need to restart container, remote deployment service will realize that heat disposes function in order to make; In order to delete the service of having disposed in the grid service container, the remote deployment service also needs to provide anti-deployment function; For the service of having disposed in the update service container, the remote deployment service also needs to provide the function of heavily disposing.In order to guarantee the secure and trusted of remote deployment, deployer and target container two sides a service negotiation agency (Trust Negotiation Agent is arranged respectively, be called for short TNA) module, adopt automated trust negotiation (Automated Trust Negotiation is called for short ATN) technology to carry out trust negotiation.
Fig. 2 is the structural representation of a preferred embodiment of believable service remote thermal deployment module among the present invention, this module comprises trust negotiation proxy module 100, remote thermal deployment module (Remote HotDeployment is called for short RHD) 200 and service container configuration module 300.
Trust negotiation proxy module 100 is used to set up the trusting relationship between deployer and the destination service container; RHD 200 is used to carry out remote service heat deploying and local automation services are disposed, and is connected with trust negotiation proxy module 100.RHD 200 comprises remote deployment module 210, local disposition module 220, basic deployment module 230 and disposes aid module 240; Remote deployment module 210 comprises the service receiver 211 of the service that the deployer that is used for receiving remote is transmitted and trusts detector 212, trust detector 212, be used to judge whether the described service that receives is credible, and call trust negotiation proxy module or basic deployment module 230 according to judged result, be connected with described service receiver 211, described trust negotiation proxy module 100 and basic deployment module 230; Remote deployment module 210 is used for the original service of receiving remote and judges whether long-range deployer is credible, judges according to judged result and calls described trust negotiation proxy module 100 or call described basic deployment module 230; Described service receiver 211 is connected with described trust detector 212, and described trust detector 212 is connected with described trust negotiation proxy module 100; Local disposition module 220 comprises event listener 221 and event analysis device 222, is used to monitor local deployment file folder and transfers the corresponding deployment operation of execution according to monitor message; Described event listener 221 is connected with described event analysis device 222; Basic deployment module 230 comprises disposes submodule 231, instead disposes submodule 232 and heavily dispose submodule 233, these three modules are on the basis of ANT technology, the GAR file is disposed or instead disposed or heavily be deployed in the grid service container, the long-range GAR file that 210 pairs of described remote deployment modules receive, realize remote deployment based on the FTP/SOAP annex, the trust detector 212 in this basic deployment module 230 and the remote deployment module 210 is connected with the event analysis device 222 in the local disposition module 220.
Service container configuration module 300 is used for assisting in functions such as needed document analysis of deployment operation or file decompressions, is connected with described basic deployment module 230.In carrying out the deployment operation process, the service container configuration parameter table in the service container configuration module 300 dynamically upgrades.
Fig. 3 is the structural representation of a preferred embodiment of trust negotiation proxy module among the present invention, mainly contains following six parts and constitutes:
Trust bill manager 110: issue to the requestor by access arbitration person and trust bill (Trustticket) or verify based on the bill storehouse of this locality whether effective requestor's trust bill is;
Policy engine 120: use and entrust the strategy decision when, how to disclose local certificate and strategy.In addition, it is also maked decision to the state of entrusting, and is success, failure or continuation, is connected with described trust bill manager 110;
Consistency checker 130: determine the certificate of which this locality to satisfy requestor's strategy and whether requestor's certificate satisfies local strategy;
Trust bill thesaurus 140: be used for storage and trust bill, be connected with described trust bill manager 110;
Credentials chain gatherer 150: entrust for the trust in the open network, when certificate was not stored in this locality, access control policy need find the certificate chain of a delegable from the source to requestor usually.The main effect of credentials chain gatherer 150 is exactly to find and collect essential certificate, is connected with described policy engine 120;
In the process that realizes ROST, all need TNA on deployer and the destination service container.If the requestor has a legal trust bill, trust negotiation proxy module 100 can call trust bill manager 110 and make decision.Otherwise the trust negotiation process will be triggered.When the requestor discloses he tactful, whether to continue by the current negotiation of policy engine 120 decisions. continue if desired, trust negotiation proxy module 100 can call consistency checker 130 and confirm to provide which certificate, and then responds certificate and the strategy that needs.If certificate not in the certificate/policy library of this locality, is found the certificate of needs dynamically thereby credentials chain gatherer 150 can be called.Similarly, when the requestor submitted his certificate to, trust negotiation proxy module 100 also can call consistency checker 130, confirmed whether this certificate satisfies local strategy and make the visit decision.
Process for quickening to consult all needs to retrieve same certificate chain if trust negotiation proxy module 100 is thought for different negotiations processes, and it can get up this certificate chain buffer memory so, thereby has avoided frequent retrieval.
TNA adopts accurate RTML (Role-Based Trust Management Language MarkupLanguage) to represent access control policy and based on the certificate of attribute.When the storage of certificate when being distributed, the algorithm of target directing has guaranteed that all available certificates can both be found and collect.In the design of ROST, the form of trusting bill is:<subject, issuer, subject, validdate, expiration date, signature 〉.
In addition; the exchange of negotiation information must be on the safe communication agreement (such as SSL/TLS), thereby prevents eavesdropping, man-in-the-middle attack; Replay Attack etc. in ROST, we follow the WS-Security standard and the WS-Conversation standard is protected soap message.
Fig. 4 disposes the flow chart of disposing module operation in the service process for service arrangement module among the present invention, specifically carries out following operation:
Step 101: check whether the GAR file exists, if there is no, execution in step 108; If exist, then execution in step 102;
Step 102: if the GAR file exists, judge whether the ANT environment is available, if unavailable, if execution in step 108 is available execution in step 103;
Step 103: decompression GAR file;
Step 104: Java Class execute file is loaded into service container;
Step 105: resolve the WSDD configuration documentation and configuration information is loaded in the service container;
Step 106: wsdl document is copied to specific directory;
Step 107: resolve other documents and configuration service containers such as JNDI;
Step 108: finish operation this time.
Above-mentioned steps 103-107 utilizes the ANT instrument that GAR Documents Department is deployed to process in the grid service container.
Fig. 5 disposes the flow chart that anti-deployment module is operated in the service process for service arrangement module of the present invention, the following operation of concrete execution:
Step 201: judge whether the anti-service of disposing exists, if, execution in step 202, if not, then execution in step 207;
Step 202: judge whether the ANT environment is available, if, execution in step 203, if not, execution in step 207;
Step 203: executable files such as Java Class are unloaded from service container;
Step 204: the corresponding WSDD configuration of deletion service from the service container configuration;
Step 205: deletion wsdl document;
Step 206: from service container, delete other configuration informations and other associated documents such as JNDI;
Step 207: finish operation this time.
Above-mentioned steps 203-206 calls all configuration informations that will be loaded into when the ANT instrument will be disposed in the service container, the process of program file deletion.
Fig. 6 disposes the flow chart that heavy deployment module is operated in the service process for service arrangement module among the present invention, specifically carries out following operation:
Step 301: to anti-deployment of GAR file of appointment, concrete implementation is seen Fig. 5;
Step 302: the GAR file to appointment is disposed, and concrete implementation is seen Fig. 4;
Step 303: finish operation this time.
When the GAR file with the long-range this locality that sends to of FTP mode, then RHD 200 at first downloads the GAR file from ftp server, call local disposition mechanism then and be Fig. 4,5 or flow process shown in Figure 6 the GAR file is carried out corresponding deployment.
When the GAR file with the long-range this locality that sends to of SOAP annex mode, then service arrangement module 10 is at first downloaded the GAR file from long-range transmission terminal, call local disposition mechanism then and be Fig. 4,5 or flow process shown in Figure 6 the GAR file is carried out corresponding deployment.
For ensureing the safety problem in disposing, before service arrangement, need carry out trust negotiation at destination service container and deployer, the relation of breaking the wall of mistrust, promptly the destination service container is before trusting the deployer, and it needs the deployer to show certificate and specifies some determinant attributes.On the other hand, may comprise sensitive information in certificate, therefore must formulate corresponding strategy protects these information.These strategies have specified certificate to be exposed to before the other side, and what condition the other side must satisfy.Trust negotiation mainly is exactly the process that exchanges certificate according to strategy separately.
Fig. 7 is the schematic diagram of a basic trust negotiation process during believable service remote thermal is disposed among the present invention, and deployer 81 is in security domain A 80, and service container 83 is in security domain B 82.Deployer 81 proposes a deployment request 84 to service container 83, after container is received this request 84 again, according to it self strategy 85, requires the deployer to provide certain certificate just to allow the execution of deployment operation.Deployer 81 provides corresponding certificate 86 to service container 83 then, and service container 83 is told deployer 81 negotiation result 87 after these certificates 86 being verified again.If certificate 86 is legal, then allow deployment operation to proceed, otherwise this operation is rejected.
Fig. 8 is an embodiment flow chart of trust negotiation process during believable service remote thermal is disposed among the present invention, supposes that node D is that the deployer need specifically may further comprise the steps a service arrangement to destination service container T:
Step 401:D sends one to T and disposes request (Deployment Request) Rdep;
Step 402:T is the access strategy Policies of oneself: have only the node that has certificate CA1 and CA2 simultaneously just to allow to carry out deployment operation, tell D;
Step 403:D has certificate CA1 and CA2, but comprises the sensitive information of D among the CA2, so D is provided with an access strategy to CA2: the user who only has certificate CB1 just can read CA2; D is CA1 and his strategy (Policies (C
B1→ C
A2)) send to T again;
Step 404:T has certificate CB1, so it issues D to CB1;
After step 405:D receives CB1,, CA2 is issued T through checking;
Step 406:T issues D consulting successful result (negotiation result (success)).
Pass through the mutual of above-mentioned several steps, D and T have set up trusting relationship.Next the GAR bag is transferred to T from D, disposes accordingly according to Fig. 4,5 and 6.
A negotiations process may spend the long time.In addition, in some cases, the user need upgrade the service of having disposed, and there is no need to carry out one time again and consults.In order to improve the efficient of negotiation, we have proposed the notion of trust bill (TrustTicket) in ROST.After once successful trust negotiation, the deployer can in this TrustTicket, store some crucial security information to TrustTicket of service container application.TrustTicket has been arranged, and the deployer carries out trust negotiation with regard to not needing once more with this container, and the TrustTicket that only need show him just.For guaranteeing higher fail safe, TrustTicket is signed by the container of issuing and has the limited lifetime.
In order to guarantee to consult always to stop, we surpass overtime for consulting to be provided with time-out time when negotiation time, promptly can be forced to stop.
Fig. 9 is the flow chart that the present invention realizes the embodiment that whole believable service remote thermal is disposed, and specifically carries out following steps:
Step 501: the deployer sends the request of deployment to long-range service container;
Step 502: after long-range service container is received request, check and oneself can bear this service.If can, execution in step 503; Otherwise, execution in step 511;
Step 503: long-range service container checks according to local domain effector or historical information whether the deployer is believable.If, execution in step 504; Otherwise, execution in step 507; Trigger trust negotiation;
Step 504: send a credible notice to the deployer;
Step 505: the deployer checks whether long-range service container is believable after receiving the credible notice that the remote service container sends.If, execution in step 506; Otherwise, execution in step 507;
Step 506: send a credible notice to the remote service container;
Step 507: carry out trust negotiation between long-range service container and the deployer;
Step 508: if both sides are believable or the trust negotiation success, both sides have set up trusting relationship, and then execution in step 509; Otherwise, execution in step 511;
Step 509: the deployer is transferred to the remote service container to the service that will dispose;
Step 510: the remote service container is carried out hot deployment operation and is told the deployer result;
Step 511: finish.
Realize believable service remote thermal deployment by such scheme, guaranteed the secure and trusted of remote deployment.
Figure 10 is the structural representation that is used for a preferred embodiment of nodal information monitoring module of node resource monitoring among the present invention, this module is provided with resource monitor (ResourceMonitor) 50, this resource monitor 50 is provided with query interface module 51 and notification interface 52 modules, and is connected with supplier's manager (ProviderManager) 54.Because the information of resource is dynamically to change on the network, so NS provides the function that the UR resource of this locality is monitored, and makes the user can obtain the current state of resource.Resource information is collected by various informants 53, according to the information type difference of gathering, can divide the supplier of static resource information (as OS Type and Machine Type) and the supplier of dynamic resource information (as cpu load).Informant 53 carries out unified management by supplier's manager 54 according to the regulation of configuration file, time interval that pushes as informant 53 initialization, control information and stop service etc.Informant 53 with information to draw (pull) or (push) pattern that pushes away is sent to resource monitor 50, resource monitor 50 finally is encapsulated as the WSRF service, except the query interface 51 to resource information is provided, also provide notification interface 52 at multidate information, the user can utilize the informing mechanism of WSRF to obtain resource information in asynchronous mode.
In the process of carrying out the node resource monitoring, resource monitor 50 and supplier's manager 54 are carried out following operating process respectively.
Figure 11 is the process chart of resource monitor among the present invention, specifically may further comprise the steps:
Step 601: analyze supplier (Provider) configuration file;
Step 602: judge whether to exist next supplier (Provider), if, execution in step 603, otherwise, execution in step 606;
Step 603: judge whether the information type that this supplier (Provider) gathers is included in the resource template, if, execution in step 604, otherwise, execution in step 605;
Step 604: load this supplier (Provider), create a supplier (Provider) object, execution in step 602;
Step 605: add unloading (Unload) array, this supplier of mark (Provider) is not written into, execution in step 602;
Step 606: finish.
Figure 12 is the process chart of supplier's manager among the present invention, specifically carries out following steps:
Step 701: obtain resource template;
Step 702: analyze the Resource Properties template, judge that wherein Resource Properties is dynamically or static, if dynamically, execution in step 703, if static, then execution in step 704;
Step 703: add TopicList, execution in step 705;
Step 704: add the static resource attribute list;
Step 705: initialization supplier manager (ProviderManager);
Step 706: travel through static supplier (Provider) object, the queries static Resource Properties;
Step 707: the static resource attribute is reported to information service;
Step 708: start dynamic supplier (Provider);
Step 709: finish.
DSR of the present invention is that example describes as a means of source location with describing service (Resource Locating and DescriptionService is called for short RLDS) module.
Figure 13 is the structural representation of DSR embodiment RLDS among the present invention.RLDS adopts the topological structure of forest shape that various network resources such as DS 13, RS 11 and UR 12 etc. are carried out unified organization and administration, and the search and the positioning service of resource are provided for the user.Adopting distributed structure, all resources that participate in service compute are divided into a plurality of autonomous territories according to the geographical position, adopt tree-like structure to organize in each autonomous territory, is by many tree structures on the whole, adopts the mode of equity to connect between the tree.
Virtual Organization--the autonomous territory that a plurality of RLDS 61 nodes are formed according to tree-shaped topological structure.RLDS nodes sharing identical information model, security strategy in the autonomous territory.A RLDS node can only have a father RLDS node, and each RLDS node can have a plurality of sub-RLDS nodes; Each RLDS node can dynamically be preserved the service access point of his father's RLDS node and sub-RLDS node after startup, logically form a virtual tree.A regional switching node (RegionSwitch) 60 will be disposed in each autonomous territory, is used for transmitting cross-domain query requests between autonomous territory, realizes the information sharing between the autonomous territory.
The tree topology structure in the autonomous territory of a plurality of equities forms a forest shape topological structure.Organize together the tabulation of writing down all available RegionSwitch 60 by regional registration table RegionRegistry between each autonomous territory with ad-hoc mode (P2P) by regional switching equipment RegionSwitch 60.RLDS forest shape topological structure has good expandability, is embodied in following two aspects:
1) extensibility between the territory: the keeper can add grid environment by setting up new autonomous territory, shares the various resources under the grid environment.Showing as new tree of interpolation on original forest structure on the topological structure;
2) extensibility in the territory: the keeper also can add grid environment by adding already present autonomous territory, shares the various resources under the grid environment.On certain one tree that shows as on the topological structure at original forest structure, add a shoot.
The maintenance of RLDS topological structure realizes by the soft state administrative mechanism.The soft state administrative mechanism refers to two information between the node by the regular information interaction of carrying out, and keeps set membership each other.It comprises the implication of two aspects:
1) child node adopts " pushing away " pattern, and own up-to-date state information is initiatively reported to father node, thereby makes the father recognize the existence of child node and current set membership is preserved.This process realizes by the AliveKeeper thread, as shown in figure 14, specifically carries out following several steps:
Step 801: judge whether to carry out the thread operation, if, execution in step 802, otherwise, execution in step 809;
Step 802: judge whether to register, if, execution in step 803, otherwise, execution in step 804;
Step 803: register to father node;
Step 804: certain interval of time;
Step 805: judge whether registration is successful, if succeed in registration, execution in step 806, otherwise, execution in step 808;
Step 806: to father node keep alive;
Step 807: judge whether Keep alive is successful, if, execution in step 802, otherwise, execution in step 808;
Step 808: be set to not registered state, execution in step 802;
Step 809: finish.
2) father node is made regular check on the latest state information that node is reported, judge and whether surpassed certain pre-set threshold its update time, if surpass then mean that child node may not exist, the set membership between these two nodes will be removed so.This process realizes by soft state manager (SoftState Manager) thread, as shown in figure 15, specifically carries out following several steps:
Step 901: whether carry out the thread operation, if, execution in step 902, otherwise, execution in step 906;
Step 902: the expired situation of checking state information;
Step 903: judge whether state information is expired, if, execution in step 904, otherwise, execution in step 905;
Step 904: remove set membership;
Step 905: certain interval of time, execution in step 902;
Step 906: finish.
RLDS topology Dynamic Maintenance comprises three aspect contents: the 1) maintenance that concerns between the RLDS node: between the RLDS node in the same autonomous territory by setting up the tree topology structure of set membership constructing virtual, perception position each other.So just the query requests that with certain RLDS service is inlet can be forwarded to other RLDS node in the territory or between the territory, finish, realize the integrated shared of information a plurality of RLDS nodes or cross-domain information inquiry in the territory; 2) maintenance that concerns between the RLDS node under computing node and its: RLDS node registration and the regularly keep alive of computing node under it converges to RLDS node under it with the information of computing node; 3) maintenance that concerns between RegionSwitch and the RegionRegistry: RegionSwitch makes RegionRegistry can write down the autonomous domain list of all current existence to RegionRegistry registration and regular keep alive.
Because the unreliability of grid environment lower network and node needs RLDS to have relatively stable and healthy and strong topological structure, integrates all available gridding resources as much as possible, avoids forming the information island of Virtual Organization.In the tree topology structure that RLDS constitutes, in case the Virtual Organization that the middle layer node failure will cause lower level node to constitute can't the access to network system.This just needs a kind of mechanism, and the Virtual Organization that makes these lower level nodes constitute can continue to reside in the grid environment, and guarantees that its structure does not change.We call this process the reconstruct of tree, shown in Figure 16 and 17, Figure 16 is the tree topology schematic diagram before middle layer node 72 lost efficacy, when father node 71 finds that by the soft state administrative mechanism state information of RLDS node 72 is expired, with its anti-registration, and the Virtual Organization that the direct child node 73,74,75 of failure node 72 constitutes promoted be own direct child node, Figure 17 is the tree topology schematic diagram after the inefficacy reconstruct.
Figure 18 is the flow chart of middle layer node inefficacy back tree topology reconstruct, the concrete execution following several steps:
Steps A 01: check whether the inefficacy child node also has lower floor's child node, if having, execution in step A02, otherwise, execution in step A04;
Steps A 02: the direct child node lifting of inefficacy child node is the direct child node of father node oneself;
Steps A 03: preserve the topological structure relevant with the inefficacy child node;
Steps A 04: finish.
In RLDS topology maintenance process, father node may think that child node lost efficacy owing to following two kinds of reasons: the one, and the service of child node is unavailable; The 2nd, owing to causing its father node, unstable networks do not receive that its keep alive message thinks its inefficacy by mistake.Since the recovery of node or network, the very fast probably Virtual Organization that adds again of the node of inefficacy.For this reason, we have proposed a kind of elasticity topological structure, make that the topological structure after the reconstruct can automatically restore to the preceding topological structure of node failure.We call this process the recovery of tree.
Figure 19 is the flow chart of the recovery of tree, the concrete execution following several steps:
Step B01: check whether register node has relevant historical topological structure, if having, execution in step B02, otherwise, execution in step B05;
Step B02: the recovery of setting according to historical topology;
Step B03: give back this node original direct child node;
Step B04: delete the topological structure relevant with this node;
Step B05: finish.
Find that by the soft state administrative mechanism state information of sub-RLDS node is expired and with its anti-registration the time when father RLDS node, the topological structure relevant with this failure node can be noted.When the node that lost efficacy again when father node register, father node can be checked lost efficacy preceding and failure node relevant topology structure, the recovery of setting according to this topological structure.By carrying out aforesaid operations, father node is realized the recovery of tree according to the topological structure before losing efficacy.
In order to reduce the frequent information interaction that the distributed organization structure causes, in service grid environment, we have proposed the information query method based on forest shape topological structure, and it can satisfy the search request of user to magnanimity information under the grid environment effectively.
Figure 20 is the flow chart based on the information query method of forest shape topological structure, the following several steps operations of the concrete execution of query script:
Step C01: judging whether can caching query, if can, execution in step C02, otherwise, execution in step C04;
Step C02: inquire about local cache;
Step C03: cache hit whether, if, execution in step C13, otherwise execution in step C04;
Step C04: inquiry local data base;
Step C05: whether carry out local search, if, execution in step C13, otherwise, execution in step C06;
Step C06: whether result set satisfies, if execution in step C13, otherwise, execution in step C07;
Step C07: whether carry out the subtree inquiry, if, execution in step C13, otherwise, execution in step C08;
Step C08: whether result set satisfies, if execution in step C13, otherwise, execution in step C09;
Step C09: whether local node is root node, if, execution in step C10, otherwise, execution in step C12;
Step C10: whether cross-domain inquiry, if, execution in step C11, otherwise, execution in step C13;
Step C11: inquire about other territories, execution in step C13;
Step C12: to the request of father node forwarding inquiries;
Step C13: finish.
This querying method is under the prerequisite that satisfies the user inquiring requirement, as far as possible inquiry is limited in the rationally controlled scope, reduces the message communicating cost that distributed query causes.At first, the user submits to certain RLDS with query requests, and we are referred to as the RLDS that enters the mouth.If the local information of inlet RLDS can satisfy user's query requests, then poll-final is the subtree scope of root otherwise inquire about with inlet RLDS, if can't satisfy user's query requests, then continues the upper layer node forwarding inquiries request to inlet RLDS.If arrived the root RLDS of the autonomous territory the superiors, still can not satisfy user's query requests, then query requests is transmitted each other autonomous territory.
This shows that this querying method reasonably defines the dispersal direction and the scope of query requests, and higher search efficiency is arranged.
Service browser SE is user oriented middleware among the present invention, existing in fact dual mode: based on the client utility of traditional GUI with based on the gui tool of Web.Consider all degree of accepting extensively at Web interface of the extensive use of Web and people, SE has adopted the GUI form based on Web.
The function of SE comprises to be obtained RS, resource is provided, resource selection, the service of calling, generate service call interface, supervisory user operation and operation execution result and represent.SE can regard a kind of technology of traditional web portal and the extension of theory as, and the user uses SE by Web browser.The realization of SE is based on a lot of traditional Web programming techniques, and its unique distinction is to provide the mode that participates in service compute easily by this mode for supplier and end user.
Wherein obtaining RS and resource is provided is the process of visit RLDS service, and the service of calling, supervisory user operation can realize by the Web programming technique, be not the peculiar content of SE.And the automatic generation at service call interface and operation result represent and resource selection is outstanding technical characterstic of SE, elaborate below.
SE has defined two interfaces:
getHTMLInputRendering()
getHTMLOutputRendering(Object?result)
At each WSRF, service providers all will realize this two interfaces.First interface is used to the interface that represents of the service that generates, and second interface is used to represent result, and the return value of two interfaces is the HTML segment, and SE can carry out automatic service interface generation by these two interfaces of service and the result represents.
As for resource selection, SE can dispose multiple resource selection strategy, as selects nearest resource, the strongest resource of ability, user to specify and select at random etc., be that SE is configurable flexibly, it is not limited to a certain strategy, and the demand that the user can handle according to operation is selected flexibly and disposed.
The present invention separates by serving with underlying resource, has solved in the service compute of current service and underlying resource binding low, the potential higher resource of job processing efficiency and resource utilization effectively and has used economic cost and safety problem.
It should be noted last that, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not break away from the spirit and scope of technical solution of the present invention.
Claims (9)
1, a kind of service computing system that separates with underlying resource based on service is characterized in that comprising:
Resource layer is provided with original service, underlying resource and deployment services, is positioned at the bottom of described system, and described underlying resource is provided with: node server, cluster, Pc machine; This node server is used to provide service operation environment, authentic remote service heat deploying function and monitoring resource function to the underlying resource of this node is provided;
The Distributed Services registry for the tissue and the discovery of all kinds of resources provides support, is positioned at the last layer of described resource layer;
Service browser provides operating platform based on the Web mode to the user, is positioned at the last layer of described Distributed Services registry;
Client layer is provided with and serves provider, underlying resource supplier and consumer, is positioned at the last layer of described service browser.
2, service computing system according to claim 1 is characterized in that described node server is provided with believable service remote thermal deployment module and the nodal information monitoring module that is used to realize service arrangement.
3, service computing system according to claim 2 is characterized in that described believable service remote thermal deployment module comprises:
The trust negotiation proxy module is used to set up the trusting relationship between deployer and the destination service container;
The remote thermal deployment module is used to carry out remote service heat deploying and local automation services are disposed, and is connected with described trust negotiation proxy module;
The service container configuration module is used to store the configuration parameter with the management service container, disposes with described remote thermal to be connected.
4, service computing system according to claim 3 is characterized in that described trust negotiation proxy module comprises:
Trust the bill manager, be used to issue or verify the trust bill;
Trust the bill thesaurus, be used for storage and trust bill, be connected with described trust bill manager;
Policy engine, be used for the disclosure of decision-making and to negotiation result success or not judge, be connected with described trust bill manager;
Consistency checker is used to determine to satisfy the local certificate of requester policy and judge that whether requestor's certificate satisfies local policy, is connected with described policy engine;
Strategic memory pool is used for storage policy, is connected with described consistency checker;
Credentials chain gatherer is used to find and collect essential certificate, is connected with described policy engine.
5, service computing system according to claim 3 is characterized in that described remote thermal deployment module comprises:
The remote deployment module is used for the original service of receiving remote and judges whether long-range deployer is credible, judges according to judged result and calls described trust negotiation proxy module or call described basic deployment module; Described service receiver is connected with described trust detector, and described trust detector is connected with described trust negotiation proxy module;
The local disposition module is provided with event listener and event analysis device, is used to monitor local deployment file folder and transfers the corresponding deployment operation of execution according to monitor message; Described event listener is connected with described event analysis device;
Basic deployment module is provided with deployment module, anti-deployment module and heavy deployment module, is used for the service that receives is disposed, instead disposed or heavy deployment operation, and this basic deployment module is connected with described local disposition with described remote deployment module;
Dispose the aid module, be used for assisting, be connected with described basic deployment module in functions such as needed document analysis of deployment operation or file decompressions.
6, service computing system according to claim 5 is characterized in that described remote deployment module comprises:
Service receiver is used for the service that the deployer of receiving remote is transmitted;
Trust detector, be used to judge whether the described service that receives is credible, and call trust negotiation proxy module or basic deployment module, be connected with described service receiver, described trust negotiation proxy module and basic deployment module according to judged result.
7, service computing system according to claim 2 is characterized in that described nodal information monitoring module is provided with resource monitor, and this resource monitor is provided with query interface module and notification interface module, and is connected with supplier's manager.
8, service computing system according to claim 1, it is characterized in that described Distributed Services registry adopts distributed structure, all resources that participate in service compute are divided into a plurality of autonomous territories according to the geographical position, adopt tree-like structure to organize in each autonomous territory, be by many tree structures on the whole, adopt the mode of equity to connect between the tree.
9, service computing system according to claim 1 is characterized in that described service browser is provided with and is used to representing interface and being used to represent the interface of result of the service that generates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101325497A CN100493089C (en) | 2005-12-26 | 2005-12-26 | Service computing system based on service and underlying resource separation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101325497A CN100493089C (en) | 2005-12-26 | 2005-12-26 | Service computing system based on service and underlying resource separation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1791117A CN1791117A (en) | 2006-06-21 |
| CN100493089C true CN100493089C (en) | 2009-05-27 |
Family
ID=36788605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101325497A Expired - Fee Related CN100493089C (en) | 2005-12-26 | 2005-12-26 | Service computing system based on service and underlying resource separation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100493089C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101826087B (en) * | 2009-03-02 | 2012-12-19 | 中兴通讯股份有限公司 | Configuration device and method of coding information data |
| CN101826078B (en) * | 2009-03-05 | 2014-04-09 | 中兴通讯股份有限公司 | Storage method and device of electronic product code information service (EPCIS) data |
| CN101707613B (en) * | 2009-12-10 | 2012-12-12 | 北京信息科技大学 | Authentication system based on trust negotiation and user login and collaboration systems and methods |
| CN101951375B (en) * | 2010-09-21 | 2014-02-19 | 北京信息科技大学 | Trust assessment-based adaptive trust negotiation system and method |
| CN102158533B (en) * | 2011-01-28 | 2013-11-13 | 浙江大学 | Distributed web service selection method based on QoS (Quality of Service) |
| CN105284094B (en) * | 2014-05-15 | 2019-05-28 | 华为技术有限公司 | A kind of network function virtualization network system, data processing method and device |
| CN106685901B (en) * | 2015-11-10 | 2020-06-02 | 华为技术有限公司 | Method for processing cross-domain data, first server and second server |
-
2005
- 2005-12-26 CN CNB2005101325497A patent/CN100493089C/en not_active Expired - Fee Related
Non-Patent Citations (2)
| Title |
|---|
| 基于Web服务的网格体系结构及其支撑环境研究. 胡春明,怀进鹏,孙海龙.软件学报,第15卷第7期. 2004 |
| 基于Web服务的网格体系结构及其支撑环境研究. 胡春明,怀进鹏,孙海龙.软件学报,第15卷第7期. 2004 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1791117A (en) | 2006-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100493089C (en) | Service computing system based on service and underlying resource separation | |
| US6915338B1 (en) | System and method providing automatic policy enforcement in a multi-computer service application | |
| CN113169952B (en) | Container cloud management system based on block chain technology | |
| US9641647B2 (en) | Communication protocol and system for network communications | |
| CN105247529B (en) | The synchronous voucher hash between directory service | |
| US7296061B2 (en) | Distributed web services network architecture | |
| US9021065B2 (en) | Automated topology formation in dynamic distributed environments | |
| US7788403B2 (en) | Network publish/subscribe incorporating web services network routing architecture | |
| US20060031395A1 (en) | Method and system for managing programs for web service system | |
| US20060048157A1 (en) | Dynamic grid job distribution from any resource within a grid environment | |
| US20080263082A1 (en) | Recovery segment identification in a computing infrastructure | |
| CN109189334B (en) | Block chain network service platform, capacity expansion method thereof and storage medium | |
| US20060150159A1 (en) | Coordinating the monitoring, management, and prediction of unintended changes within a grid environment | |
| JP2007518169A (en) | Maintaining application behavior within a sub-optimal grid environment | |
| CN101461190A (en) | Managing communications between computing nodes | |
| JP2006528387A (en) | Cluster server system and method for load balancing in cooperation | |
| CN105868333A (en) | File processing method and device | |
| US7590618B2 (en) | System and method for providing location profile data for network nodes | |
| US5857076A (en) | Program product for obtaining the state of network resources in A distributed computing environment | |
| JP2009093417A (en) | File transfer system, file transfer method, file transfer program, and index server | |
| De Palma et al. | A declarative approach to topology-aware serverless function-execution scheduling | |
| Steffenel | Improving the performance of fog computing through the use of data locality | |
| US8205199B2 (en) | Method and system for associating new queues with deployed programs in distributed processing systems | |
| JP2006508465A (en) | Index server support for file sharing applications | |
| CN116389599A (en) | Gateway service request processing method and device and cloud native gateway system management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090527 Termination date: 20121226 |