JP2007183708A - Server device, server accommodation method and server accommodation program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To safely operate a server device, connected to a network different from a network inside a certain organization, as a server inside the organization without using a local disk. <P>SOLUTION: The server device connected to the first network generates a public key and a private key for performing encryption communication with the second network, and transmits the public key. When receiving an OS starting program encrypted by the public key for starting an OS stored in a storage device on the second network, the server device decrypts it by use of the private key, writes received network setting information, the public key and the private key into data obtained as the result to generate the OS starting program, generates a save area wherein data are not erased by a restart of the server device inside a predetermined memory area, temporarily stores at least the OS starting program in the save area, and thereafter restarts the server device to start the OS starting program. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a server accommodation apparatus, a server accommodation method, and a server accommodation program that allocate a server apparatus to a user organization.

  In recent years, a server device utilization form called grid computing has been proposed in order to improve the utilization efficiency of the server device and to cope with a temporary high load / hardware failure. In a general grid computing system, a server is shared by a plurality of user organizations, and application programs of the plurality of user organizations are operated in parallel. However, in such a grid computing system based on a system in which one server is shared by a plurality of user organizations, it is possible to adjust the allocation of resources such as CPU time between user organizations and to ensure security between user organizations. I need it.

  Therefore, a grid computing system based on a server interchange system has been proposed. The server interchange method is a method that lends servers in a lump from another user organization that has sufficient servers to a user organization that lacks servers due to temporary high load or hardware failure. . For example, Non-Patent Document 1 discloses a method of using a grid technology to accommodate resources including servers (nodes) among a plurality of clusters. Note that server accommodation is a form of resource accommodation that handles accommodation of all computer resources such as disks and networks in addition to servers.

  The server accommodation method has an advantage that there is no problem of resource allocation adjustment and security caused by sharing by a plurality of user organizations because one server is accommodated between user organizations at a time. A cluster system that collectively manages server devices at the OS or middleware level is mainly assumed as a main body for server interchange. However, in addition to clusters, there are a plurality of systems such as a combination of a load balancer and a Web server. It is possible to make a system composed of the servers of the server as the main body of server accommodation. Further, in the server accommodation method, a method of lending from an organization that specializes in lending is possible in addition to a method of lending mutually between a plurality of user organizations.

  In such a server accommodation method, there may occur a case where a server device previously accommodated in a certain user organization is newly accommodated in another user organization. At that time, since the usage of the server device generally changes, it is necessary to reinstall the OS and applications. In the case of a model in which an OS or an application is automatically installed on a local disk of a server device, it is necessary to delete the data written on the local disk without fail when the server device is returned. Moreover, time is required for the writing process and the deleting process to the local disk each time it is accommodated.

  There is a diskless boot method as a method for starting the server device without using the local disk of the server device. This is because the OS and applications are stored in a storage external to the server device prepared in advance, and the OS startup program outside the server device is sent to the server device, and In this method, the OS is started by connecting the storage as a root file system. This can be realized with existing technology in the same organization where there is no risk of information leakage, that is, in the same network.

  When server interchange is to be realized without using a local disk, the OS or application is stored in a storage in the user organization prepared in advance, and the user organization is stored in the rented server device. The OS startup program owned by the client is sent, the server device is connected to the storage, and the OS must be started.

  However, the OS startup program owned by the user organization cannot be sent from outside the organization to which the server device belongs in the conventional method. This is because communication between organizations usually restricts communication contents within the organization from the viewpoint of security, and the location of the OS activation program of the user organization is not known from the server device side.

  In addition, since servers are interchanged between different organizations, there is a risk that data may be tampered with or intercepted if the organizations are connected by a communication network such as the Internet that may tamper or intercept the communication contents. Exists. In order to prevent this, it is necessary to encrypt the communication between the server and the user organization, and the means for sending the OS boot program after establishing the encrypted communication path is not possible with the existing diskless boot.

  When the OS program is transmitted after the encrypted communication path is established between the user organization and the borrowed server, it is necessary to restart (reboot) the borrowed server in order to activate the OS program. When rebooting, all the data in the memory in the borrowed server is cleared. Therefore, before rebooting, the encryption key stored in the memory, such as the encryption key used in the encrypted communication path, is built before rebooting. It is common to temporarily save the settings to the local disk of the borrowed server. As a result, after reboot, the settings before reboot can be inherited.

  However, if the local disk is not used, this conventional method cannot inherit the settings before rebooting after rebooting. This is because all data on the memory is cleared at the time of reboot. Considering the security of the encryption key, it is also dangerous to evacuate outside the server.

  Another issue is that after rebooting, the server cannot connect to a remote storage outside the organization that becomes the root file system. The OS boot program develops a temporary root file system on the server memory at the time of booting, and performs minimum settings necessary for booting the OS. After the minimum setting is completed, the activation program switches the root file system to the file system that originally has the root file system and starts the activation process.

  General applications are stored in the original root file system, and the programs and settings related to encrypted communication are the same.

However, if the storage serving as the root file system exists outside the server-side organization, the encrypted communication environment must be established before connecting the root file system. For example, even if an encrypted communication environment is established in the OS startup program, when the root file system is switched, there is no setting or encryption key required for encrypted communication in the storage that newly becomes the root file system. Will occur.
Hideki Yoshida, Nobuo Sakiyama, Toshifumi Tsuji, Tatsunori Kanai, Hideaki Hirayama “Resource interchange between clusters by grid technology” 66th National Convention of Information Processing Society of Japan, March 2004

  As described above, conventionally, it is impossible to operate safely as a server in the organization without using any local disk of a server (borrowed server) on a different network from the network in a certain organization. There was a problem.

  Therefore, in view of the above problems, the present invention provides a server device that can safely operate as a server in an organization without using any local disk even when connected to a network different from the network in the organization. To provide a server accommodation method and a server accommodation program for safely operating a server device connected to a network different from the network in the organization as a server in the organization without using any local disk. With the goal.

As for this invention, the server apparatus connected to the 1st network is:
(A) receiving network setting information necessary for connecting to the second network, transmitted from the borrowing control device connected to the second network and performing control for borrowing the server device;
(B) generating a pair of public key and secret key for performing encrypted communication with the second network;
(C) sending the public key to the borrowing control device;
(D) Using the public key necessary for generating an OS start program for starting an operating system program stored in the storage device on the second network, transmitted from the borrowing control device. Receive encrypted encrypted data,
(E) generating the OS boot program by writing the network setting information, the public key, and the secret key to data obtained by decrypting the encrypted data using the secret key;
(F) A save area in which data is not erased by restarting the server device is generated in a predetermined memory area, and at least the OS boot program is temporarily stored in the save area, and then the server The device is restarted to start the OS startup program.

The OS boot program is stored in the server device.
(G) Using the network setting information included in the OS boot program, the public key, and the secret key, perform encrypted communication with the storage device and operate a root file system on the storage device. A setting step to set;
(H) transmitting the public key and the secret key used for encrypted communication with the storage device after starting the operating system program stored in the storage device to the storage device;
(I) switching to a root file system on the storage device;
(J) a starting step of starting an operating system program stored in the storage device;
The process including is executed.

  According to the present invention, a server device connected to a network different from a network in a certain organization can be safely operated as a server in the organization without using any local disk.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  In the present embodiment, a resource interchange target cluster is a server, and a network (a borrowing side network) of a certain organization (a borrowing side organization) is a network (a lending side network) of an organization (a lending side organization) different from the organization. A case where the above server (computer) is borrowed will be described as an example.

  FIG. 1 shows a configuration example of a server accommodation system according to the present embodiment. The server accommodation system in FIG. 1 includes a medium borrowing network 100 and a lending network 200, which are different in communication medium and transmission method (protocol), and are connected to the public via gateways 10 and 20 connected to each. Connected to the network.

  A borrowing control device 11, a server group 13 and a server manager 12 used in the borrowing organization are connected to the borrowing network 100.

  The server manager 12 monitors the presence / absence and load status of the server group 13, and the presence / absence and load status of each server (server 13 (1) to server 13 (i), i is a positive integer of 2 or more). And controls the operation of each server and the application running on each server.

  The borrowing control apparatus 11 performs setting / control processing necessary for using a lending server (borrowing server) borrowed from the lending side network 200 as a server of the borrowing side organization.

  In FIG. 1, the server manager 12 and the borrowing control device 11 are shown as separate components, but the present invention is not limited to this, and the server manager 12 may have the function of the borrowing control device 11.

  Connected to the lending-side network 200 are a boot control device 21, a lending server group 23 for lending to a borrowing-side organization, and a lending server manager 22.

  The lending server manager 22 monitors the lending server group 23 for failure and lending status, and each server (lending server 23 (1) to lending server 23 (i), i is a positive integer of 2 or more. ) And the lending status, and control the operation of each server and the accommodation program running on each server.

  The boot control device 21 communicates between the borrowing server and the borrowing control device 11 until encrypted communication is performed between the lending server (borrowing server) lent to the borrowing network 200 and the gateway 10 of the borrowing network 100. To relay the information transfer.

  In FIG. 1, the lending server manager 22 and the boot control device 21 are shown as separate components. However, the lending server manager 22 has the function of the boot control device 21. Also good.

  When the server manager 12 detects that the resources of the server group 13 are insufficient, the server manager 12 performs communication via the borrowing control device 11 and the boot control device 21 between the server manager 12 and the lending server manager 22. A server (borrowing server) to be lent to the borrowing side network 100 is searched from the renting server group 23.

  The server search method here is, for example, a lending server group on condition of information (resource information) about resources such as a CPU type, a CPU clock number, and an OS type requested by an application operating on the borrowed server. A server that matches the condition is searched as a borrowed server from among 23.

  Here, it is assumed that the lending server 23 (1) is searched as the borrowing server. After the borrowed server is determined by the server search, an accommodation request is issued from the borrowing control device 11, and the accommodation processing described later is started.

  FIG. 1 shows a case where the resources of the server group 13 managed by the server manager 12 are insufficient and the renting server 23 (1) is determined as the borrowing server from the renting side network 200. The borrowing server 23 (1) to be borrowed is hereinafter referred to as a borrowing server 23 (1).

  Next, server accommodation processing for operating the borrowing server 23 (1) as a server of the borrowing organization will be described.

  FIG. 2 shows an example of the functional configuration of the main parts of the borrowing control device 11, the boot control device 21, and the borrowing server 23 (1) related to the server accommodation processing, and the information flow in the server accommodation processing.

  4 to 5 are sequence diagrams for explaining the server accommodation processing.

  Hereinafter, the server accommodation process executed between the borrowing control device 11, the boot control device 21, and the borrowing server 23 (1) according to the procedure shown in FIGS. 4 to 5 will be described.

  First, the accommodation request transmission unit 31 of the borrowing control device 11 transmits the accommodation request and network setting information to the boot control device 21 (step S1). The network setting information is information necessary for connecting the borrowing server 23 (1) to the borrowing network 100, and specifically, the IP address of the gateway (GW) 10 on the borrowing network 100, and lending The IP address of the gateway (GW) 20 on the side network 200, the IP address on the lending side network 200 of the borrowing server 23 (1) and the IP address on the borrowing side network 100 are included.

  When the accommodation request processing unit 41 of the boot control device 21 receives the accommodation request and network setting information transmitted from the borrowing control device 11, the accommodation request processing unit 41 transmits a boot instruction to the borrowing server 23 (1) (step S2).

  Furthermore, the interchange intermediary system transfer unit 42 of the boot control device 21 uses the general-purpose remote boot function to transfer and activate the intermediary intermediary system program 51 to the borrowing server 23 (1) (Step S1). S3). For example, in the case of remote boot using PXE (Preboot eXecution Environment), if DHCP (Dynamic Host Configuration Protocol) and TFTP (Trivial File Transfer Protocol) are combined, the program 51 of the interchange mediation system can be used as the borrowing server 23 (1). Is acquired and activated.

  The borrowing server 23 (1) implements each function as the accommodation intermediary system by developing the program 51 of the accommodation intermediary system on the memory 50 and executing the program 51.

  The accommodation intermediary system includes an accommodation information receiving unit 52, a key pair generation unit 53, a software encryption / decryption unit 54, an accommodation OS startup program generation unit 55, and a system fast switching unit 56.

  After the transfer intermediary system is transferred and activated, the accommodation request processing unit 41 of the boot control device 21 transmits the network setting information to the borrowing server 23 (1) (step S4). The accommodation information receiving unit 52 of the accommodation intermediary system operating on the borrowing server 23 (1) receives the network setting information transmitted from the boot control device 21.

  On the other hand, the key pair generation unit 53 generates a pair of public key Kp and secret key Ks in the public key cryptosystem (step S5). The pair of public key Kp and secret key Ks is used while the lending server 23 (1) is lent to the borrowing side network 200 (server accommodation period). The key pair generation unit 53 stores the generated secret key Ks and public key Kp in a predetermined address area in the memory 50 (step S6), and transfers the public key Kp to the boot control device 21 (step S7). ).

  When the public key transfer unit 43 of the boot control device 21 receives the public key Kp transferred from the borrowing server 23 (1), the public key transfer unit 43 transfers the public key Kp to the borrowing control device 11. When receiving the public key Kp transmitted from the boot control device 21, the public key transmission / reception unit 32 of the borrowing control device 11 stores the public key Kp in a predetermined storage area.

  On the other hand, the borrowing control device 11 holds a pair of public key Kpp and secret key Kss in advance for encrypted communication. For example, here, it is assumed that the software encryption / decryption unit 33 stores a pair of public key Kpp and secret key Kss. In order to perform encrypted communication from the borrowing server 23 (1) to the borrowing control device 11 and a storage 35 connected to the borrowing control device 11 described later, the public key transmitting / receiving unit 32 of the borrowing control device 11 is made public. The key Kpp is transmitted to the boot control device 21, and the boot control device 21 transfers this public key Kpp to the borrowing server 23 (1). Upon receiving the public key Kpp transmitted from the boot control device 21, the software encryption / decryption unit 54 of the borrowing server 23 (1) stores it in a predetermined storage area (step S8).

  Here, the case where the public key Kpp of the borrowing control device 11 is transmitted to the borrowing server 23 (1) in step S8 is shown. However, the present invention is not limited to this, and the public key Kpp is used in step S1. 11 may be included in the network setting information transmitted from the network 11. Further, at the time of the aforementioned borrowed server search, the boot control device 21 acquires the public key Kpp from the borrowed control device 11 through communication between the borrowed control device 11 and the boot control device 21, so step S4 in FIG. Thus, the boot control device 21 may transmit the public key Kpp together with the network setting information to the borrowing server 23 (1).

  With the above processing, preparation for encrypted communication to the borrowing control device 11 and the borrowing server 23 (1) is completed.

  Next, the software encryption / decryption unit 33 of the borrowing control apparatus 11 encrypts the server accommodation OS activation program template stored in the storage unit 34 with the public key Kp, and Transfer to the software encryption / decryption unit 54 (step S9).

  The server accommodation OS boot program template is executed by embedding (writing) the network setting information and the private key Ks and public key Kp generated in step S5 in a predetermined area in the template. This is an incomplete and incomplete server accommodation OS startup program necessary to generate a flexible OS startup program that completes a possible server accommodation OS startup program.

  The server accommodation OS startup program mounts the root file system built in the storage (storage device) 35 on the borrowing side network 100 on the borrowing server 23 (1) (the root file system of the borrowing server 23 (1) is mounted). Switch to the root file system of the storage device 35, set the root file system of the storage device 35 to be operable from the borrowing server 23 (1)), and the operating system (OS) program stored in the storage device 35 The borrowing server 23 (1) executes the processing necessary for starting the server.

  The borrowing server 23 (1) mounts the root file system built in the storage 35 and starts the operating system (OS) program stored in the storage device 35, so that it is stored in the storage device 35. Various application programs can also be started, and thereafter, the borrowing server 23 (1) on the lending side network 200 operates as a server of the borrowing side organization.

  When the borrowed server 23 (1) receives the encrypted server interchange OS boot program template transmitted from the borrowing control device 11, the software encryption / decryption unit 54 generates the template in step S5. Decryption is performed using the secret key Ks thus obtained (step S10).

  Thereafter, the accommodation startup program generation unit 55 of the borrowing server 23 (1) obtains the network setting information obtained in step S4 in a predetermined area in the template of the server accommodation OS activation program obtained as a result of decryption. By embedding the secret key Ks and public key Kp generated in step S5, an executable server interchange OS boot program is generated (step S11). The generated server accommodation OS startup program is passed to the system fast switching execution unit 56. The public key Kpp may also be written in a predetermined area of the server accommodation OS startup program.

  Then, the system fast switching execution unit 56 executes a system fast switching process as shown in FIG. 6 (step S12). That is, a save area in which data is not erased even when the computer is restarted is generated in a predetermined address area on the memory 50 (step S101), and generated in step S11. The server accommodation setting information including the server accommodation OS startup program saved so far is saved (temporarily stored) (step S102), and the borrowing server 23 (1) is restarted (step S103). In the system fast switching process, the information stored in the save area is not cleared even when the borrowing server 23 (1) is restarted.

  As a result (the result of executing the system high-speed switching), on the borrowing server 23 (1), the server accommodation OS startup program temporarily stored in the save area of the memory 50 is stored in a predetermined address area in the work area of the memory 50. And activated (step S13). At this time, the secret key Ks, the public key Kp, and the network setting information included in the server accommodation OS activation program (and the public key Kpp) are also stored in the work area of the memory 50 together with the server accommodation OS activation program. It is returned to a predetermined address area.

At this time (after executing the system high-speed switching), the borrowing server 23 (1) has a functional configuration example provided by executing the server accommodation OS startup program, and the functional configuration of the main part of the borrowing control device 11. An example is shown in FIG.

  Hereinafter, according to the procedure shown in FIG. 5, the server accommodation processing between the borrowing control apparatus 11 after executing the system fast switching and the borrowing server 23 (1) shown in FIG. 3 will be described. The borrowing control device 11 shown in FIG. 3 shows a configuration example of main parts necessary for processing after system high-speed switching.

  As shown in FIG. 3, the borrowing server 23 (1) executes the server accommodation OS startup program 61 expanded in the memory 50, thereby providing a key pair management unit 62, a software encryption / decryption unit 63, Each function of the software encryption / decryption setting adjustment unit 64 is realized.

  The key pair management unit 62 reads the secret key Ks and the public key Kp (in the server accommodation OS startup program 61) generated by the key pair generation unit 53 and stored in a predetermined address area as necessary.

  The software encryption / decryption setting adjustment unit 64 does not use a local disk in the borrowing server 23 (1), and various settings for functioning as a server of the borrowing organization (as one of the server groups 13). I do.

  The software encryption / decryption unit 63 encrypts information data to be transmitted to the borrowing control apparatus 11 (the storage 35), and decrypts the encrypted data transmitted from the borrowing control apparatus 11 (the storage 35).

  The software encryption / decryption setting adjustment unit 64 of the borrowing server 23 (1) having such a function should first be mounted as a root file system using the network setting information included in the server accommodation OS boot program. Attempt to connect to storage 35. In other words, the software encryption / decryption setting adjustment unit 64 establishes a communication path for setting the mount of the storage 35 (its root file system), and then performs encryption communication using this communication path to store the storage 35 ( Various settings for mounting the root file system) are performed (step S14 in FIG. 5). Note that the public key Kp is used for communication from the borrowing control device 11 to the borrowing server 23 (1) as the encryption key used in the communication path set here, and the borrowing control device 11 from the borrowing server 23 (1). The public key Kpp is used for communication with the Internet. The software encryption / decryption unit 33 of the borrowing control device 11 transmits the data encrypted with the public key Kp to the borrowing server 23 (1), and the software encryption / decryption unit 63 of the borrowing server 23 (1) Is decrypted using the secret key Ks. The software encryption / decryption unit 63 of the borrowing server 23 (1) transmits the data encrypted with the public key Kpp to the borrowing control device 11, and the software encryption / decryption unit 33 uses the secret key Kss. Decrypt.

  Using this encrypted communication path, various settings for mounting the storage 35 (the root file system) are performed. For example, the language, time zone, etc. depending only on the usage form of the borrowing organization use the settings as they are, and the communication protocol and device used between the storage 35 and the borrowing server 23 (1), the disk partition ( For example, the size of the boot partition and the user partition) is set.

  After this setting is completed, the software encryption / decryption setting adjustment unit 64 issues to the storage 35 an instruction for enabling access to the data held in the storage 35.

  When the storage 35 is accessible, the software encryption / decryption unit 63 acquires the public key Kp and the secret key Ks from the key pair management unit 62, and obtains them from the borrowing server 23 (1). The data is encrypted with the public key kpp for encrypted communication to and transmitted to the storage 35 (step S15 in FIG. 5). The software encryption / decryption unit 33 decrypts the encrypted public key Kp and secret key Ks using the secret key Kss and passes them to the storage 35. After the borrowing server 23 (1) starts the OS program on the storage 35 (when the borrowing server 23 (1) operates as a server of the borrowing organization), the storage 35 and the borrowing server 23 (1) The public key Kp and the secret key Ks used for the encrypted communication with the server are acquired. The storage 35 stores the acquired public key Kp and secret key Ks in a predetermined storage area.

  Further, the borrowing server 23 (1) adds a directory necessary for encrypted communication using the public key Kp and the private key Ks after switching to the root file system on the storage 35 to the root file system. Processing is also performed. The acquired public key Kp and secret key Ks may be stored in one of the added directories.

  Thereafter, the root file system is switched according to a general-purpose OS mechanism (step S16 in FIG. 5), the root file system is switched to the storage 35 (specifically, a root file system switching command is transmitted), and the storage The root file system of 35 is mounted on the borrowing server 23 (1), and the OS program on the root file system of the storage 35 is activated by the borrowing server 23 (1) (step S17 in FIG. 5).

  As a method of mounting the root file system of the storage 35 on the borrowing server 23 (1), that is, a method of causing the borrowing server 23 (1) executing the flexible OS startup program to recognize the storage 35 as the root file system, Actually, for example, in the case of a Linux (registered trademark) environment, NFS (Network File System) or iSCSI (Internet SCSI) is used. When comparing NFS and iSCSI, since NFS is recognized as a file system that exists remotely, and iSCSI is recognized as a file system that exists locally, the appearance of the file system is different. However, in either method, the root file system can be switched by the configuration of FIG. 3 and the processing flow of steps S13 to S17 of FIG.

  In the above embodiment, the storage 35 has been described as being connected to the borrowing control device 11. However, the present invention is not limited to this case, and the storage 35 may be directly connected to the borrowing network 100. Good. The storage in this case (hereinafter referred to as a storage device) has a configuration including the public key transmission / reception unit 32, the software encryption / decryption unit 33, and the storage 35 of FIG. 5, and in FIG. The processing operation between the borrowing control device 11 and the borrowing server 23 (1) is replaced with the processing operation between the storage device and the borrowing server 23 (1), and further from the borrowing server 23 (1). By using a pair of public key and private key held in advance in the storage device for encrypted communication to the storage device, the present invention can be applied as described above. The public key held in advance in the storage device is transmitted to the borrowing server 23 (1) by the public key transmission / reception unit 32 of the storage device, for example, before the step S14 in FIG. Using the public key transmitted from the storage 35, the software encryption / decryption unit 63 of the borrowing server 23 (1) encrypts and transmits the data to be transmitted to the storage 35 in step S14 and subsequent steps.

As described above, according to the above embodiment, the borrowing server 23 (1) connected to the borrowing network 200 is
(A) receiving network setting information necessary for connecting to the lending-side network 100;
(B) generating a pair of public key and secret key for performing encrypted communication with the lending-side network;
(C) send the public key,
(D) Encrypted data encrypted using the public key necessary for generating an OS activation program for activating an operating system program stored in a storage device (storage 35) on the lending side network Receive
(E) generating the OS startup program by writing the network setting information, the public key, and the secret key to data obtained by decrypting the encrypted data using the secret key;
(F) A save area where data is not erased by restarting the server device is generated in a predetermined memory area, and at least the OS boot program is temporarily stored in the save area, and then the server The device is restarted to start the OS startup program.

  With such a configuration, the key pair used for encrypted communication with the storage (generated on the borrowing server) embedded in the OS boot program without using the disk of the borrowing server 23 (1) at all. The OS on the storage 35 can be activated while inheriting.

  For this reason, when the borrowing server 23 (1) is returned, there is no need to perform a process for deleting information on the disk of the borrowing server 23 (1), and information leakage can be avoided. Also, since there is no time to write data to the disk, the server transfer time can be shortened.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the components without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

The figure which showed the structural example of the whole system which concerns on embodiment of this invention. The figure which shows the structural example of the principal part of a borrowing control apparatus, a boot control apparatus, and a borrowing server. The figure which shows the structural example of the principal part of a borrowing control apparatus and a borrowing server. The sequence diagram for demonstrating the process sequence between a borrowing control apparatus, a boot control apparatus, and a borrowing server. The sequence diagram for demonstrating the process sequence between a borrowing control apparatus and a borrowing server. The flowchart for demonstrating the system fast switching process of a borrowing server.

Explanation of symbols

DESCRIPTION OF SYMBOLS 11 ... Borrowing control apparatus 12 ... Server manager 13 ... Server group 21 ... Boot control apparatus 22 ... Lending side server manager 23 (1) ... Borrowing server 31 ... Accommodation request transmission part 32 ... Public key transmission / reception part 33 ... Software encryption / decryption Unit 34 ... Storage unit 35 ... Storage (storage device)
DESCRIPTION OF SYMBOLS 50 ... Memory 52 ... Accommodation information receiving part 53 ... Key pair production | generation part 54 ... Software encryption / decryption part 55 ... Interchange OS starting program production | generation part 56 ... System high-speed switching execution part,
62 ... Key pair management unit 63 ... Software encryption / decryption unit 64 ... Software encryption / decryption setting adjustment unit 100 ... Borrowed side network 200 ... Lending side network

Claims (5)

A server device connected to the first network,
First receiving means for receiving network setting information necessary for connecting to the second network, transmitted from the borrowing control apparatus connected to the second network and performing control for borrowing the server apparatus When,
Key pair generating means for generating a pair of public key and secret key for performing encrypted communication with the second network;
Public key transmitting means for transmitting the public key to the borrowing control device;
Encrypted using the public key, which is necessary for generating an OS boot program that is sent from the borrowing control device and boots an operating system program stored in the storage device on the second network. Second receiving means for receiving the encrypted data,
Generating means for generating the OS boot program by writing the network setting information, the public key and the secret key into data obtained by decrypting the encrypted data using the secret key;
A save area in which data is not erased by restarting the server apparatus is generated in a predetermined memory area, and at least the OS boot program is temporarily stored in the save area, and then the server apparatus is re-started. Booting means for booting and launching the OS booting program;
A server apparatus comprising: The OS boot program is stored in the server device.
Setting that performs encrypted communication with the storage device using the network setting information included in the OS boot program, the public key, and the secret key, and sets the root file system on the storage device to be operable. Steps,
Transmitting the public key and the secret key used for encrypted communication with the storage device after starting the operating system program stored in the storage device to the storage device;
Switching to a root file system on the storage device;
An activation step of activating an operating system program stored in the storage device;
The server apparatus according to claim 1, wherein a process including: is executed. Network setting information necessary for connecting to the second network, transmitted from the borrowing control apparatus connected to the second network that performs control for borrowing the server apparatus connected to the first network. Receiving the server device;
The server device generating a pair of public key and secret key for performing encrypted communication with the second network;
The server device transmitting the public key to the borrowing control device;
Encryption encrypted using the public key necessary for the borrowing control device to generate an OS boot program for booting an operating system program stored in the storage device on the second network Generating data; and
The server device receives the encrypted data transmitted from the borrowing control device;
The server device generates the OS boot program by writing the network setting information, the public key, and the secret key into data obtained by decrypting the encrypted data using the secret key. And steps to
After the server device generates a save area in which data is not erased by restarting the server device in a predetermined memory area, and temporarily stores at least the OS boot program in the save area, Restarting the server device and starting the OS boot program;
A server accommodation method. The OS boot program is stored in the server device.
Setting that performs encrypted communication with the storage device using the network setting information included in the OS boot program, the public key, and the secret key, and sets the root file system on the storage device to be operable. Steps,
Transmitting the public key and the secret key used for encrypted communication with the storage device after starting the operating system program stored in the storage device to the storage device;
Switching to a root file system on the storage device;
An activation step of activating an operating system program stored in the storage device;
The server accommodation method according to claim 3, wherein a process including: is executed. On a computer connected to the first network,
Receiving network setting information necessary for connecting to the second network, transmitted from the borrowing control device connected to the second network and performing control for borrowing the server device;
Generating a pair of public and private keys for performing encrypted communication with the second network;
Transmitting the public key to the borrowing control device;
Encrypted using the public key, which is necessary for generating an OS boot program that is sent from the borrowing control device and boots an operating system program stored in the storage device on the second network. Receiving the encrypted data,
Generating the OS boot program by writing the network setting information, the public key, and the secret key to data obtained by decrypting the encrypted data using the secret key;
A save area in which data is not erased by restarting the computer is generated in a predetermined memory area, and at least the OS boot program is temporarily stored in the save area, and then the computer is restarted. Starting the OS boot program;
Server interchange program that executes

Images