CN112559122A - Virtualization instance management and control method and system based on electric power special security and protection equipment - Google Patents

Virtualization instance management and control method and system based on electric power special security and protection equipment Download PDF

Info

Publication number
CN112559122A
CN112559122A CN202011260423.9A CN202011260423A CN112559122A CN 112559122 A CN112559122 A CN 112559122A CN 202011260423 A CN202011260423 A CN 202011260423A CN 112559122 A CN112559122 A CN 112559122A
Authority
CN
China
Prior art keywords
physical host
physical
virtual
resource
instance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011260423.9A
Other languages
Chinese (zh)
Inventor
李勃
陈泽文
金明辉
李宏伟
梁野
王丹
潘志远
李泽科
肖飞
邵立嵩
荆辉
刘朝阳
李慧勋
李航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing Kedong Electric Power Control System Co Ltd
State Grid Fujian Electric Power Co Ltd
State Grid Shanghai Electric Power Co Ltd
State Grid Electric Power Research Institute
State Grid of China Technology College
Original Assignee
State Grid Corp of China SGCC
Beijing Kedong Electric Power Control System Co Ltd
State Grid Fujian Electric Power Co Ltd
State Grid Shanghai Electric Power Co Ltd
State Grid Electric Power Research Institute
State Grid of China Technology College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing Kedong Electric Power Control System Co Ltd, State Grid Fujian Electric Power Co Ltd, State Grid Shanghai Electric Power Co Ltd, State Grid Electric Power Research Institute, State Grid of China Technology College filed Critical State Grid Corp of China SGCC
Priority to CN202011260423.9A priority Critical patent/CN112559122A/en
Publication of CN112559122A publication Critical patent/CN112559122A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/06Electricity, gas or water supply
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Public Health (AREA)
  • Water Supply & Treatment (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a virtualization instance control method and a virtualization instance control system based on electric power special security equipment, wherein the method comprises the following steps: deploying the virtual instance to a physical host to run according to the virtual instance deployment scheme in advance; monitoring the resource utilization rate of each physical host in real time, determining whether the physical host is overloaded, and if so, transferring part of virtual instances on the overloaded physical host to the physical host with lower resource utilization rate or idle; predicting the resource use condition of the resource pool of the security equipment, judging whether to dynamically integrate resources of the physical host according to the prediction result, if so, migrating all virtual instances running on the physical host with lower resource utilization rate to other physical hosts which are not overloaded, and setting the original physical host to be in a dormant state. The invention optimizes the processing logic of the traditional virtual instance distributed to the computing nodes, can carry out centralized control on the virtual instance, reduces the energy consumption of the system and lowers the maintenance cost.

Description

Virtualization instance management and control method and system based on electric power special security and protection equipment
Technical Field
The invention relates to a virtualization instance control method and system based on electric power special security equipment, and belongs to the technical field of electric power equipment virtualization.
Background
The cloud platform uses a virtualization technology to centrally manage computing resources, storage resources and network resources of each computing node, so that a dynamic virtualized resource pool is constructed. Dynamic management and control of various resources can be realized through a virtualized resource scheduling and management technology, so that various virtualized devices meeting different requirements of users are created. The virtualization technology is one of the cores of the cloud computing technology, and the virtualization resource scheduling technology is a core part in the process of creating the virtualization instance and has important theoretical and practical values.
The general virtual machine scheduler selects a computing node creating instance to mainly complete the following work: (1) filtering out computing nodes which do not meet the resource requirement of the virtual machine; (2) performing weight calculation on the rest calculation nodes; (3) and selecting the computing node with the optimal weight calculation value to return. As shown in fig. 1, an example of a process of creating a virtual machine instance to schedule resources of a compute node is shown: there are 5 Compute nodes 1-Compute5 from the beginning, filtered layer by layer through filters, Compute3 and Compute5 do not pass and are filtered out, the rest Compute nodes Compute weights, and the result, Compute4, scores the highest and is finally used to create the virtual machine instance.
However, there are still some problems in the current field of virtual resource scheduling: the diversity of virtual resources is not considered, the service quality of a user cannot be effectively guaranteed, the experience is poor, and the energy consumption of the system is high.
Disclosure of Invention
The invention aims to provide a virtualization instance control method and a virtualization instance control system based on electric power special security equipment, which are used for carrying out centralized control on electric power security equipment serving as virtualization instances through a virtualization technology, realizing load balancing by migrating the virtualization instances, improving the resource utilization rate of the virtualization security equipment and reducing the energy consumption of a security equipment resource pool.
In order to achieve the purpose, the invention is realized by the following technical scheme:
on one hand, the invention provides a virtualization instance control method based on electric power special security equipment, which is realized based on a virtualization instance control model of the electric power security equipment, wherein the model comprises a security equipment resource pool consisting of a plurality of clusters, each cluster consists of a plurality of physical hosts, data is shared among all the physical hosts, the electric power special security equipment is used as a virtual instance to run on the physical hosts, and the method comprises the following steps:
monitoring the resource utilization rate of each physical host in real time, determining whether the physical host is overloaded, and if so, transferring part of virtual instances on the overloaded physical host to the physical host with lower resource utilization rate or idle;
predicting the resource use condition of the resource pool of the security equipment, judging whether to dynamically integrate resources of the physical host according to the prediction result, if so, migrating all virtual instances running on the physical host with lower resource utilization rate to other physical hosts which are not overloaded, and setting the original physical host to be in a dormant state.
Further, the method for managing and controlling the virtualization instance based on the electric power dedicated security device further includes: the method comprises the steps of calculating by taking the minimum use number of physical hosts in a security equipment resource pool as a target in advance and taking available physical resources of each physical host as constraint conditions to obtain a virtual instance deployment scheme, and deploying virtual instances to the physical hosts according to the deployment scheme to run.
Further, the available physical resources include a CPU, a memory, and a network bandwidth, and the constraint condition is: for any physical host, the sum of CPUs (central processing units), the sum of memories and the sum of network bandwidths occupied by all virtual instances running on the physical host are respectively less than or equal to the corresponding physical resource quantity of the physical host.
Further, solving the deployment of the virtual instance using a constrained planning model with objective optimization, the model comprising an objective function:
Figure BDA0002774465820000031
constraint conditions are as follows:
Figure BDA0002774465820000032
Figure BDA0002774465820000033
Figure BDA0002774465820000034
Figure BDA0002774465820000035
wherein M is the using number of the physical hosts in the security equipment resource pool, q is the number of the physical hosts, and vm represents a virtual instance; v denotes the set of all currently running virtual instances, V ═ V (vm)1,vm2,...,vml,...,vmv),vmlRepresenting the ith virtual instance in V; h isjlFor determining virtual instances vmlWhether it runs on the jth physical host, when the virtual instance vmlRunning on the jth physical host, then hjl=1;mjUsed for judging whether a virtual instance runs on the jth physical host or not, as long as one virtual instance runs on the jth physical host,then m isjWhen no virtual instance runs on the jth physical host, m is 1j0; v is the number of virtual instances, rl cpuFor virtual instances vmlThe required CPU is used for the CPU to be used,
Figure BDA0002774465820000036
for virtual instances vmlThe required memory of the memory is set as the memory,
Figure BDA00027744658200000310
for virtual instances vmlThe required bandwidth of the network is,
Figure BDA0002774465820000037
is available CPU of the jth physical host,
Figure BDA0002774465820000038
is the available memory of the jth physical host,
Figure BDA0002774465820000039
is the network bandwidth of the jth physical host.
Further, the monitoring resource utilization of each physical host in real time, determining whether the physical host is overloaded, and if the physical host is overloaded, migrating a part of virtual instances on the overloaded physical host to a physical host with a lower resource utilization or an idle physical host, includes:
traversing each physical host of the security equipment resource pool, judging whether the physical host is overloaded, and if so, selecting a virtual instance to be migrated;
selecting a target physical host with low resource utilization rate or idle for a virtual instance to be migrated;
migrating the virtual instance to be migrated to the target physical host.
Further, the predicting the resource usage of the resource pool of the security device and determining whether to dynamically integrate resources of the physical host according to the prediction result includes:
calculating the maximum resource utilization rate of all physical hosts of the next time window according to the initial resource utilization rate, the maximum resource utilization rate and the current resource utilization rate of all the physical hosts of the previous time window, wherein the time window is a time interval of dynamic integration of two continuous virtual resources;
and deducing the number of the physical hosts required by the next time window according to the maximum resource utilization rate of all the physical hosts of the next time window, and dynamically integrating the resources of the physical hosts when the number of the physical hosts required by the next time window is less than the number of the physical hosts used by the previous time window.
Further, the dynamic integration of resources includes:
according to the resource utilization rate of each physical host, sorting all the physical hosts in an ascending order, and selecting the physical host with the lowest physical resource utilization rate;
selecting a target physical host with a resource utilization rate higher than that of the physical host for the virtual instance on the physical host;
and after all the virtual instances on the physical host are redistributed, executing a virtual instance redistribution migration scheme, migrating all the virtual instances on the physical host to the target physical host, and setting the original physical host to be in a dormant state.
In another aspect, the present invention provides a virtualized instance management and control system based on a dedicated security device for power, where the system is implemented based on a virtualized instance management and control model for power security devices, where the model includes a security device resource pool formed by multiple clusters, each cluster is formed by multiple physical hosts, data is shared among all the physical hosts, the dedicated security device for power operates on the physical hosts as a virtual instance, and the system includes:
the virtual instance dynamic scheduling module is configured to monitor the resource utilization rate of each physical host in real time, determine whether the physical host is overloaded, and if the physical host is overloaded, migrate part of virtual instances on the overloaded physical host to the physical host with lower resource utilization rate or idle physical host;
and the virtual instance dynamic integration module is configured to predict the resource use condition of the resource pool of the security equipment, judge whether to perform resource dynamic integration on the physical host according to the prediction result, and if so, migrate all virtual instances running on the physical host with lower resource utilization rate to other non-overloaded physical hosts and set the original physical host in a dormant state.
Further, the system for managing and controlling the virtualized instance based on the electric power dedicated security device further includes:
the virtual resource initial allocation module is configured to calculate to obtain a virtual instance deployment scheme by taking the minimum use number of the physical hosts in the resource pool of the security equipment as a target in advance and taking the available physical resources of each physical host as a constraint condition, and deploy the virtual instance to the physical hosts to run according to the deployment scheme.
Compared with the prior art, the invention has the following beneficial effects:
according to the invention, the electric security equipment is deployed on the physical host as the virtualization instance to run by virtue of the virtualization technology, and the virtual instance is migrated, so that the centralized control of the virtual instance is achieved, the load balance can be realized, and the physical host with low resource utilization rate can be idled and subjected to sleep operation, so that the energy consumption of the security equipment resource pool is reduced, the energy is saved, and the maintenance cost is reduced;
by adopting the virtual instance real-time scheduling and dynamic integration technology, the processing logic of distributing the traditional virtual instances to the computing nodes is optimized, when a plurality of virtual instance requests are submitted by a user, the virtual instances can be created by using the least physical servers, and the resource utilization rate of the virtualized security equipment is improved.
Drawings
FIG. 1 is an example of a prior art process for creating a virtual machine instance to schedule compute node resources;
FIG. 2 is an architecture diagram of a management and control model of a virtualization instance of an electric security device;
fig. 3 is a flowchart of a virtualization instance management and control method based on a security device dedicated to electric power according to an embodiment of the present invention;
FIG. 4 is a diagram of a method of predicting future temporal physical resource usage of an embodiment of the present invention;
fig. 5 is a structural diagram of a virtualization example management and control system based on a security device dedicated to electric power according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
According to the invention, the special security equipment for the electric power is used as a virtualization example for the cloud computing platform through the virtualization technology, so that heterogeneous security resources are formed. The special security equipment for the electric power uses a special national cryptographic algorithm, and meanwhile, the transverse isolation equipment adopts a system structure with independent internal and external networks. The method and the system consider the position and the structure of the security equipment, the use of virtual resources, the allocation of resources and the power consumption when the virtualized security equipment is scheduled, adopt the real-time scheduling and dynamic integration technology of the virtual instances, realize the resource scheduling of the virtual instances of the electric power security equipment, and have important significance for improving the resource utilization rate of the virtualized security equipment, saving energy and reducing the operation cost.
An electric security device virtualization instance management and control model architecture is shown in fig. 2, and the model includes a large-scale security device resource pool composed of M clusters, each cluster being composed of N physical nodes (i.e., physical hosts). In the security equipment resource pool, the physical resources of each physical node comprise CPU processing capacity, memory capacity and network bandwidth. The security protection equipment resource pool stores data in a Network Attached Storage (NAS) mode, all data stored by physical nodes are stored on a certain Storage server node in the NAS, all the physical nodes can share the data, and the security protection equipment virtual instances on the physical nodes can be rapidly migrated on line. When a certain physical computing node is unavailable due to problems, the virtual instance of the security equipment can be quickly rebuilt to other available physical nodes.
As shown in fig. 3, an embodiment of the present invention provides a virtualization instance management and control method based on a security device dedicated to electric power, including the following steps:
s1, calculating to obtain a virtual instance deployment scheme by taking the minimum use number of the physical hosts in the resource pool of the security equipment as a target in advance and the available physical resources of each physical host as constraint conditions, and deploying the virtual instances to the physical hosts to run according to the deployment scheme;
in this step, the virtual instance requested by the user is pre-allocated to the physical machine to run. The invention adopts a constraint planning model with target optimization to calculate the constraint planning model and solve the deployment of the virtual instance. The virtual instance initial allocation problem can be seen as a classical binning problem, where different compute nodes represent bins of different capacities, the virtual instances represent items to be binned, the size of the bins is the physical resources available to the physical nodes, and the goal of the virtual instance deployment problem is to minimize the number of compute nodes used.
First, the physical quantities used in the present invention are defined as follows:
definition 1: defining an allocation of a virtual instance as a virtual instance allocation vector NiAssign virtual instance to vector NiInto a single vector V ═ (vm)1,vm2,...,vml,...,vmv) Where V represents the set of all currently running virtual instances, vmlAnd l is more than or equal to 1 and less than or equal to V, and V is the number of virtual instances.
Definition 2: for the jth physical host of the security equipment resource pool, j is more than or equal to 1 and less than or equal to q, q represents the number of the physical hosts, and a bit vector H is definedj=(hj1,hj2,...,hjl,...,hjv) Wherein H isjIndicating which virtual instances are running on the jth physical host, hjlFor determining virtual instances vmlWhether it is running on a jth physical host.
Definition 3: definition vector R ═ (R)1,r2,...,rl,...,rv) R represents the requirements of all virtual instancesPhysical resource of rlRepresenting virtual instances vmlThe physical resources required, among others,
Figure BDA0002774465820000081
Figure BDA00027744658200000814
for virtual instances vmlThe amount of CPU resources that are required,
Figure BDA0002774465820000082
for virtual instances vmlThe memory resources required for the memory are selected,
Figure BDA00027744658200000812
for virtual instances vmlRequired network bandwidth resources.
Then, solving the virtual instance deployment problem by using a constraint planning model with target optimization, wherein an objective function is as follows:
Figure BDA0002774465820000083
constraint conditions are as follows:
Figure BDA0002774465820000084
Figure BDA0002774465820000085
Figure BDA0002774465820000086
Figure BDA0002774465820000087
wherein M is the using number of the physical hosts in the safety equipment resource pool, and q is the objectThe number of the host computers, vm represents a virtual instance; v represents the set of all currently running virtual instances; h isjlFor determining virtual instances vmlWhether it runs on the jth physical host, when the virtual instance vmlRunning on the jth physical host, then hjl=1;mjIs used for judging whether a virtual instance runs on the jth physical host, and if only one virtual instance runs on the jth physical host, m isjWhen no virtual instance runs on the jth physical host, m is 1j0; v is the number of virtual instances, rl cpuFor virtual instances vmlThe required CPU is used for the CPU to be used,
Figure BDA0002774465820000088
for virtual instances vmlThe required memory of the memory is set as the memory,
Figure BDA00027744658200000813
for virtual instances vmlThe required bandwidth of the network is,
Figure BDA0002774465820000089
is available CPU of the jth physical host,
Figure BDA00027744658200000810
is the available memory of the jth physical host,
Figure BDA00027744658200000811
is the network bandwidth of the jth physical host.
Equation (1) is an objective function for virtual instance deployment that represents a minimum number of physical hosts using the pool of security device resources. This stage generates a virtual instance deployment vector HjThe vector indicates which virtual instances should run on the jth physical machine.
Equations (2) - (4) are target constraints, that is, for any physical host, the sum of resources of CPU, memory, and network bandwidth of all virtual instances running on the host is less than or equal to the corresponding resource quantity of the physical host.
Equation (5) indicates that each virtual instance must be assigned to a unique physical host.
And S2, monitoring the resource utilization rate of each physical host in real time, determining whether the physical host is overloaded, and if so, migrating part of virtual instances on the overloaded physical host to the physical host with lower resource utilization rate or idle physical host.
The method comprises the steps of determining an overloaded physical host by monitoring the resource utilization rate of the physical host in real time, and finally migrating a virtual instance on the physical machine with the overhigh load to a physical machine with a lower resource utilization rate or an idle physical machine by using a virtual instance migration technology, so as to realize load balancing. The method mainly analyzes historical data of the use condition of the virtual instance resources so as to determine when the virtual instance is migrated and to which host. In this embodiment, the pseudo code for implementing the virtual instance dynamic scheduling is as follows:
inputting an algorithm: host list hostlist
And (3) outputting an algorithm: virtual instance migration scheme migrationmap
The algorithm comprises the following steps:
Figure BDA0002774465820000091
Figure BDA0002774465820000101
the execution process of the virtual instance dynamic scheduling algorithm comprises the following steps: firstly, traversing each physical host of a resource pool of the security equipment, judging whether the resources of the host are overloaded or not, if so, selecting a designated virtual instance to migrate to other physical hosts, and after selecting the virtual instance, calling a virtual instance deployment method to deploy the virtual instance to a new physical node. The output of the algorithm is a virtual instance migration matrix with M rows and two columns, wherein M represents the number of the virtual instances to be migrated, the first column of the matrix represents the number of the virtual instances, and the second column represents the host number of the virtual instances to be migrated to a new physical node.
S3, predicting the resource use condition of the resource pool of the security equipment, judging whether to dynamically integrate the resource of the physical host according to the prediction result, if so, migrating all virtual instances running on the physical host with lower resource utilization rate to other unarmed physical hosts, and setting the original physical host to be in a dormant state.
The number of the running physical hosts should be dynamically adjusted according to the load in the resource pool of the security device, and when the system load is low, some physical hosts can be set to be in a dormant state, so that the energy cost can be reduced. When the system virtual resources are dynamically integrated, whether the current system can perform virtual resource integration needs to be determined, and if the physical resource utilization rate of some current physical hosts is low, the system can integrate the resources.
In this embodiment, a time interval between two consecutive dynamic integrations of virtual resources is defined as a time window. The method for predicting the resource use condition of the security equipment resource pool mainly comprises the following steps: and predicting the resource use conditions of all the physical hosts of the next time window t +1 according to the resource use conditions of all the physical hosts of the previous time window t, and judging whether the system needs to perform resource dynamic integration according to the resource use conditions of the time window t + 1.
As shown in FIG. 4, according to the initial resource utilization u in the time window tt-1Maximum resource utilization umax,tAnd current resource utilization utCalculating the maximum resource utilization rate u in the next time window t +1max,t+1The calculation method is shown as the following formula:
umax,t+1=ut+(umax,t-ut-1)
according to the predicted maximum resource utilization rate of the next time window, the number of the physical hosts required by the next time window can be deduced, namely the maximum resource utilization rate of the next time window is multiplied by all the resources of the system and then divided by the resources owned by each physical host. In this embodiment, the calculation is mainly performed by using the CPU resource utilization rate, for example, if the maximum CPU resource utilization rate in the next time window is 70%, all CPU resources of the system are 102360MIPS, and the CPU resource of each physical host is 5118MIPS (assuming that all the physical hosts are homogeneous), the number of the physical hosts required in the next time window is about 14, and only when the number of the physical hosts predicted in the next time window is smaller than the number of the physical hosts in the current time window, resource integration is required.
Resource consolidation is to minimize virtual instance reallocation. Firstly, sorting all physical hosts in an ascending order according to the utilization rate of CPU resources; then the system selects the physical host with the lowest CPU utilization rate, all the virtual instances on the physical host are distributed to the target physical host with the CPU utilization rate higher than that of the physical host, when all the virtual instances on the physical host needing to be integrated are redistributed, the virtual instance redistribution migration scheme is executed, and the original physical host is set to be in a dormant state after the execution is finished. For the physical hosts after migration, all the physical hosts after migration can be sorted in an ascending order according to the utilization rate of the CPU resources, the physical host with the lowest CPU utilization rate is selected, and then all the virtual instances on the physical host are redistributed and migrated to other suitable physical hosts.
In another embodiment of the present invention, a virtualization instance management and control system based on a dedicated security device for electric power is provided, and as shown in fig. 5, the system includes:
the virtual resource initial allocation module 501 is configured to calculate a virtual instance deployment scheme by using the minimum number of physical hosts in the resource pool of the security equipment as a target in advance and using the available physical resources of each physical host as constraint conditions, and deploy a virtual instance to the physical host to run according to the deployment scheme;
a virtual instance dynamic scheduling module 502 configured to monitor resource utilization of each physical host in real time, determine whether the physical host is overloaded, and if the physical host is overloaded, migrate part of virtual instances on the overloaded physical host to a physical host with a lower resource utilization or an idle physical host;
the virtual instance dynamic integration module 503 is configured to predict resource usage of the resource pool of the security device, determine whether to perform resource dynamic integration on the physical host according to the prediction result, and if so, migrate all virtual instances running on the physical host with a low resource utilization rate to other non-overloaded physical hosts, and set the original physical host in a dormant state.
The virtual resource initial allocation module is mainly responsible for allocating the virtual instance requested by the user to the physical machine to run. The virtual resource dynamic scheduling module collects information of all physical nodes, and sends a control command to a node controller on the physical nodes to optimize resource allocation according to the resource utilization condition, so that load balancing is realized. The virtual resource dynamic integration module is mainly responsible for migrating the virtual instances running on the nodes with lower physical resource utilization rate to other nodes and setting the original nodes to be in a dormant state, so that the energy consumption of the safety equipment resource pool is reduced.
According to the method, the processing logic of the traditional virtual instance distributed to the computing nodes is optimized by constructing a power security equipment virtualization instance control method and adopting a virtual instance real-time scheduling and dynamic integration technology, and when a plurality of virtual instance requests submitted by users are available, the function processing uses the least physical servers to create the virtual instances.
The virtual instance resource scheduling method of the electric power security equipment combines the characteristics that the special electric power security equipment uses a special state cryptographic algorithm, and meanwhile, the transverse isolation equipment adopts a system structure with independent internal and external networks, and the like, so that the resource scheduling of the virtual instance is realized.
The invention realizes the dynamic integration of the virtual instances of the electric power safety equipment, achieves the centralized control of the virtual instances by migrating the virtual instances, and can idle the physical nodes with low utilization rate and set the physical nodes in a dormant state, thereby reducing the energy consumption of the resource pool of the safety equipment and lowering the maintenance cost.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The present invention is not limited to the above embodiments, and any modifications, equivalent replacements, improvements, etc. made within the spirit and principle of the present invention are included in the scope of the claims of the present invention which are filed as the application.

Claims (10)

1. A virtualization instance control method based on electric power special security equipment is characterized by being realized based on an electric power security equipment virtualization instance control model, the model comprises a security equipment resource pool consisting of a plurality of clusters, each cluster consists of a plurality of physical hosts, data is shared among all the physical hosts, the electric power special security equipment runs on the physical hosts as virtual instances, and the method comprises the following steps:
monitoring the resource utilization rate of each physical host in real time, determining whether the physical host is overloaded, and if so, transferring part of virtual instances on the overloaded physical host to the physical host with lower resource utilization rate or idle;
predicting the resource use condition of the resource pool of the security equipment, judging whether to dynamically integrate resources of the physical host according to the prediction result, if so, migrating all virtual instances running on the physical host with lower resource utilization rate to other physical hosts which are not overloaded, and setting the original physical host to be in a dormant state.
2. The method of claim 1, further comprising: the method comprises the steps of calculating by taking the minimum use number of physical hosts in a security equipment resource pool as a target in advance and taking available physical resources of each physical host as constraint conditions to obtain a virtual instance deployment scheme, and deploying virtual instances to the physical hosts according to the deployment scheme to run.
3. The method of claim 2, wherein the available physical resources include CPU, memory, and network bandwidth, and wherein the constraints are: for any physical host, the sum of CPUs (central processing units), the sum of memories and the sum of network bandwidths occupied by all virtual instances running on the physical host are respectively less than or equal to the corresponding physical resource quantity of the physical host.
4. The method of claim 2, wherein the deployment of the virtual instance is solved using a constrained planning model with objective optimization, the model comprising an objective function:
Figure FDA0002774465810000021
constraint conditions are as follows:
Figure FDA0002774465810000022
Figure FDA0002774465810000023
Figure FDA0002774465810000024
Figure FDA0002774465810000025
wherein M is the using number of the physical hosts in the security equipment resource pool, q is the number of the physical hosts, and vm represents a virtual instance; v denotes the set of all currently running virtual instances, V ═ V (vm)1,vm2,...,vml,...,vmv),vmlRepresenting the ith virtual instance in V; h isjlFor determining virtual instances vmlWhether it runs on the jth physical host, when the virtual instance vmlRunning on the jth physical host, then hjl=1;mjIs used for judging whether a virtual instance runs on the jth physical host, and if only one virtual instance runs on the jth physical host, m isjWhen no virtual instance is running on the jth physical host, m is 1j0; v is the number of virtual instances, rl cpuFor virtual instances vmlRequired CPU, rl ramFor virtual instances vmlThe required memory of the memory is set as the memory,
Figure FDA0002774465810000026
for virtual instances vmlThe required bandwidth of the network is,
Figure FDA0002774465810000027
is available CPU of the jth physical host,
Figure FDA0002774465810000028
is the available memory of the jth physical host,
Figure FDA0002774465810000029
is the network bandwidth of the jth physical host.
5. The method of claim 1, wherein the monitoring resource utilization of each physical host in real time, determining whether the physical host is overloaded, and if so, migrating a portion of virtual instances on the overloaded physical host to a physical host with lower resource utilization or idle, comprises:
traversing each physical host of the security equipment resource pool, judging whether the physical host is overloaded, and if so, selecting a virtual instance to be migrated;
selecting a target physical host with low resource utilization rate or idle for a virtual instance to be migrated;
migrating the virtual instance to be migrated to the target physical host.
6. The method of claim 1, wherein the predicting the resource usage of the resource pool of the security device and determining whether dynamic resource integration of the physical host is required according to the prediction result comprises:
calculating the maximum resource utilization rate of all physical hosts of the next time window according to the initial resource utilization rate, the maximum resource utilization rate and the current resource utilization rate of all the physical hosts of the previous time window, wherein the time window is a time interval of dynamic integration of two continuous virtual resources;
and deducing the number of the physical hosts required by the next time window according to the maximum resource utilization rate of all the physical hosts of the next time window, and dynamically integrating the resources of the physical hosts when the number of the physical hosts required by the next time window is less than the number of the physical hosts used by the previous time window.
7. The method of claim 1, wherein the dynamic integration of resources comprises:
according to the resource utilization rate of each physical host, sorting all the physical hosts in an ascending order, and selecting the physical host with the lowest physical resource utilization rate;
selecting a target physical host with a resource utilization rate higher than that of the physical host for the virtual instance on the physical host;
and after all the virtual instances on the physical host are redistributed, executing a virtual instance redistribution migration scheme, migrating all the virtual instances on the physical host to the target physical host, and setting the original physical host to be in a dormant state.
8. The utility model provides a virtualization example management and control system based on electric power special security protection equipment, its characterized in that, the system is realized based on electric power security protection equipment virtualization example management and control model, the model includes the security protection equipment resource pool that comprises a plurality of clusters, and every cluster comprises a plurality of physical host computer, shares data between all physical host computers, electric power special security protection equipment moves on physical host computer as virtual example, the system includes:
the virtual instance dynamic scheduling module is configured to monitor the resource utilization rate of each physical host in real time, determine whether the physical host is overloaded, and if the physical host is overloaded, migrate part of virtual instances on the overloaded physical host to the physical host with lower resource utilization rate or idle physical host;
and the virtual instance dynamic integration module is configured to predict the resource use condition of the resource pool of the security equipment, judge whether to perform resource dynamic integration on the physical host according to the prediction result, and if so, migrate all virtual instances running on the physical host with lower resource utilization rate to other non-overloaded physical hosts and set the original physical host in a dormant state.
9. The system of claim 8, further comprising:
the virtual resource initial allocation module is configured to calculate to obtain a virtual instance deployment scheme by taking the minimum use number of the physical hosts in the resource pool of the security equipment as a target in advance and taking the available physical resources of each physical host as a constraint condition, and deploy the virtual instance to the physical hosts to run according to the deployment scheme.
10. The system of claim 9, wherein the available physical resources include CPU, memory, and network bandwidth, and wherein the constraints are: for any physical host, the sum of CPUs (central processing units), the sum of memories and the sum of network bandwidths occupied by all virtual instances running on the physical host are respectively less than or equal to the corresponding physical resource quantity of the physical host.
CN202011260423.9A 2020-11-12 2020-11-12 Virtualization instance management and control method and system based on electric power special security and protection equipment Pending CN112559122A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011260423.9A CN112559122A (en) 2020-11-12 2020-11-12 Virtualization instance management and control method and system based on electric power special security and protection equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011260423.9A CN112559122A (en) 2020-11-12 2020-11-12 Virtualization instance management and control method and system based on electric power special security and protection equipment

Publications (1)

Publication Number Publication Date
CN112559122A true CN112559122A (en) 2021-03-26

Family

ID=75042967

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011260423.9A Pending CN112559122A (en) 2020-11-12 2020-11-12 Virtualization instance management and control method and system based on electric power special security and protection equipment

Country Status (1)

Country Link
CN (1) CN112559122A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113722100A (en) * 2021-09-02 2021-11-30 上海仪电(集团)有限公司中央研究院 Dynamic super-allocation method and device for cloud platform memory resources based on trend prediction
CN115134232A (en) * 2022-07-04 2022-09-30 深信服科技股份有限公司 Virtual router management method, equipment, system and storage medium
CN115529242A (en) * 2022-09-23 2022-12-27 浙江大学 Method for realizing cloud network resource allocation under optimal water level

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102279771A (en) * 2011-09-02 2011-12-14 北京航空航天大学 Method and system for adaptively allocating resources as required in virtualization environment
CN104657215A (en) * 2013-11-19 2015-05-27 南京鼎盟科技有限公司 Virtualization energy-saving system in Cloud computing
CN105159751A (en) * 2015-09-17 2015-12-16 河海大学常州校区 Energy-efficient virtual machine migration method in cloud data center
CN106598733A (en) * 2016-12-08 2017-04-26 南京航空航天大学 Three-dimensional virtual resource scheduling method of cloud computing energy consumption key
CN106970831A (en) * 2017-05-15 2017-07-21 金航数码科技有限责任公司 The resources of virtual machine dynamic scheduling system and method for a kind of facing cloud platform
CN110389838A (en) * 2019-07-24 2019-10-29 北京邮电大学 A kind of Real-Time Scheduling suitable for virtual resource and online migration management-control method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102279771A (en) * 2011-09-02 2011-12-14 北京航空航天大学 Method and system for adaptively allocating resources as required in virtualization environment
CN104657215A (en) * 2013-11-19 2015-05-27 南京鼎盟科技有限公司 Virtualization energy-saving system in Cloud computing
CN105159751A (en) * 2015-09-17 2015-12-16 河海大学常州校区 Energy-efficient virtual machine migration method in cloud data center
CN106598733A (en) * 2016-12-08 2017-04-26 南京航空航天大学 Three-dimensional virtual resource scheduling method of cloud computing energy consumption key
CN106970831A (en) * 2017-05-15 2017-07-21 金航数码科技有限责任公司 The resources of virtual machine dynamic scheduling system and method for a kind of facing cloud platform
CN110389838A (en) * 2019-07-24 2019-10-29 北京邮电大学 A kind of Real-Time Scheduling suitable for virtual resource and online migration management-control method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113722100A (en) * 2021-09-02 2021-11-30 上海仪电(集团)有限公司中央研究院 Dynamic super-allocation method and device for cloud platform memory resources based on trend prediction
CN113722100B (en) * 2021-09-02 2023-12-15 上海仪电(集团)有限公司中央研究院 Dynamic super-allocation method and equipment for cloud platform memory resources based on trend prediction
CN115134232A (en) * 2022-07-04 2022-09-30 深信服科技股份有限公司 Virtual router management method, equipment, system and storage medium
CN115134232B (en) * 2022-07-04 2024-02-23 深信服科技股份有限公司 Virtual router management method, device, system and storage medium
CN115529242A (en) * 2022-09-23 2022-12-27 浙江大学 Method for realizing cloud network resource allocation under optimal water level
CN115529242B (en) * 2022-09-23 2023-07-18 浙江大学 Method for realizing cloud network resource allocation under optimal water level

Similar Documents

Publication Publication Date Title
CN110389838B (en) Real-time scheduling and online migration control method suitable for virtual resources
CN112559122A (en) Virtualization instance management and control method and system based on electric power special security and protection equipment
CN102279771B (en) Method and system for adaptively allocating resources as required in virtualization environment
CN110231976B (en) Load prediction-based edge computing platform container deployment method and system
Ren et al. The load balancing algorithm in cloud computing environment
WO2017167025A1 (en) Method and device for realizing task scheduling, and computer storage medium
CN102388381B (en) System and methods for allocating shared storage resources
CN108182105B (en) Local dynamic migration method and control system based on Docker container technology
CN106020934A (en) Optimized deploying method based on virtual cluster online migration
CN104657221A (en) Multi-queue peak-alternation scheduling model and multi-queue peak-alteration scheduling method based on task classification in cloud computing
CN107346264A (en) A kind of method, apparatus and server apparatus of virtual machine load balance scheduling
CN104679594B (en) A kind of middleware distributed computing method
WO2011088261A2 (en) Methods and apparatus for coordinated energy management in virtualized data centers
KR101432751B1 (en) Load balancing method and system for hadoop MapReduce in the virtual environment
CN110221920B (en) Deployment method, device, storage medium and system
CN111966453B (en) Load balancing method, system, equipment and storage medium
CN111221624A (en) Container management method for regulation cloud platform based on Docker container technology
CN108572873A (en) A kind of load-balancing method and device solving the problems, such as Spark data skews
Farahnakian et al. Self-adaptive resource management system in IaaS clouds
CN104537682A (en) Medical image segmenting and dispatching method
Ma et al. Dynamic task scheduling in cloud computing based on greedy strategy
CN106909462A (en) A kind of cloud resource regulating method and device
CN112380005A (en) Data center energy consumption management method and system
CN105607943A (en) Dynamic deployment mechanism of virtual machine under cloud environment
Rajabzadeh et al. New comprehensive model based on virtual clusters and absorbing Markov chains for energy-efficient virtual machine management in cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination