JP2015204026A - Resource use permission system and resource use permission method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To set a resource amount and permit a third person to use it.SOLUTION: Provided is a resource management device included in a resource use permission system and the resource management device comprises: a determination unit for determining if a requested resource can be allocated on the basis of policy information comprising types of resources associated with allocable quantity of each resource, and resource management information indicating types of resources and their quantity already allocated; and an allocation unit for allocating the requested resource to a second terminal if the determination unit determines that the requested resource can be allocated. If the determination unit determines that the requested resource cannot be allocated and the requested resource quantity is less than a predetermined upper limit of the resource quantity allocable only for a fixed period, the allocation unit allocates the requested resource to the second terminal only for the fixed period.

Description

  The present invention relates to a resource use permission system and a resource use permission method.

  2. Description of the Related Art Conventionally, in cloud services, it is common to provide a window called API (Application Programming Interface) that accepts external operation requests. The API is provided according to various resources provided by the cloud service and processing for the resources. For example, the API accepts processes such as “create new virtual machine”, “delete virtual machine”, and “create virtual disk”.

  In general, there is a charge for using these resources, and the responsible entity that uses these resources needs to be clarified. For this reason, the user cannot use the API freely, and uses only the function for which the authenticated user is recognized (authorized) within the scope of his / her responsibility.

  Until now, in cloud services, API use has been authorized in user units, groups to which users belong, or attribute units called roles. In addition, for authorized functions, whether or not authority is permitted is defined in units of operations for resources and their sets.

  In recent years, it has become common to automatically perform various operations performed on a cloud service by a program by using this API. These operations include, for example, a test process using a virtual machine. In the test process using a virtual machine, when testing an application under development, a test environment is created by automatically calling "Create Virtual Machine". When the test is completed, "Delete Virtual Machine" is automatically executed. Discard the test environment that is no longer needed by calling. By acquiring resources when necessary and discarding them when they are no longer needed, it is possible to cost-effectively use cloud services that are charged on an hourly basis.

  The test process using such a virtual machine involves complicated and advanced processing. For this reason, the provision of the system itself can be a service. For example, a test service provider provides a service using resources for which the test service provider is responsible based on its own authentication and authorization. In other words, the test service provider pays the usage fee for resources such as virtual machines to the cloud service provider, and the user collects an amount obtained by adding the usage fee for the test service itself to the resource usage fee paid by the user. Profit.

  In addition, the test service provider may use a resource for which the user is responsible, using a resource permitted to be used by the user. In other words, the user may delegate authority to the test service provider, and the test service provider may use resources that the user is responsible for with authority delegated by the user. In this case, the user pays the resource usage fee of the cloud service itself to the cloud service provider, and pays only the usage fee of the test service to the test service provider. In such a case, the test service provider does not pay the cloud service provider.

The OAuth 2.0 Authorization Framework, [Search March 27, 2014], Internet (URL: http://tools.ietf.org/html/rfc6749) aws documentation, [Search on March 27, 2014], Internet (URL: http://docs.aws.amazon.com/IA_jp/IAM/latest/UserGuide/IAM_Introduction.html)

  However, the above-described conventional technology has a problem that it is not possible to set a resource amount and permit the use to a third party.

  Specifically, a technique for allowing a third party to use a resource includes OAtuh, which is widely used on the web. OAuth has been standardized as RFC (Request For Comment) and is used in sites such as Google (registered trademark) and Facebook (registered trademark). In OAuth 2.0, the concept of Scope is introduced, and a unit that can be used can be specified. On the other hand, Scope in OAuth can only take binary values (boolean values) that are permitted or not permitted. In other words, it is impossible to set the resource amount and permit the use to a third party.

  In addition, AWS (Amazon Web Service), an existing cloud service, provides an access control structure called IAM (Identity and Access Management), which allows third parties to partially use it. . However, even in the IAM, permission for use is performed in units of whether or not operations can be performed on the system or object. In other words, it is impossible to set the resource amount and permit the use to a third party.

  The disclosed technology has been made in view of the above, and has an object of setting a resource amount and permitting a third party to use it.

  A resource use permission system disclosed in the present application includes a resource management device that manages resources, a first terminal that uses an authorized resource among resources managed by the resource management device, and at least a part of the authorized resources. And a second terminal that is permitted from the first terminal. The second terminal includes a request unit that specifies a resource type and a resource quantity and requests the resource management apparatus to allocate a resource when use of a part of the resource is permitted by the first terminal. . The resource management device includes a determination unit and an allocation unit. The determination unit refers to the policy information in which the resource type is associated with the assignable resource quantity, and the resource management information indicating the already assigned resource type and the resource quantity, and allocates the requested resource. It is determined whether or not it is possible. When it is determined that the resource requested by the determination unit can be allocated, the allocation unit allocates the requested resource to the second terminal, and the resource requested by the determination unit cannot be allocated. And if it is less than or equal to a predetermined upper limit value of the number of resources that can be allocated only for a certain period, the requested resource is allocated to the second terminal only for a certain period.

  According to one aspect of the resource use permission system and the resource use permission method to be disclosed, there is an effect that the resource amount can be set and the use can be permitted to a third party.

FIG. 1 is a diagram illustrating a configuration example of a resource use permission system according to the first embodiment. FIG. 2 is a functional block diagram showing the configuration of the resource use permission system according to the first embodiment. FIG. 3A is a diagram illustrating an example of a data structure stored in the group management table according to the first embodiment. FIG. 3B is a diagram illustrating an example of a data structure stored in the default policy management table according to the first embodiment. FIG. 3C is a diagram illustrating an example of a data structure stored in the operation availability management table according to the first embodiment. FIG. 4A is a diagram illustrating an example of a data structure stored in the quota management table according to the first embodiment. FIG. 4B is a diagram illustrating an example of a data structure stored in the departure action management table according to the first embodiment. FIG. 5 is a diagram illustrating an example of a data structure stored in the resource management table according to the first embodiment. FIG. 6 is a flowchart illustrating a processing procedure performed by the resource management apparatus 100 according to the first embodiment. FIG. 7 is a diagram for explaining a setting unit according to a modification of the first embodiment. FIG. 8 is a diagram illustrating a computer that executes a resource use permission program.

  Hereinafter, embodiments of a resource use permission system and a resource use permission method disclosed will be described in detail based on the drawings. The invention disclosed by this embodiment is not limited.

(First embodiment)
FIG. 1 is a diagram illustrating a configuration example of a resource use permission system 1 according to the first embodiment. As shown in FIG. 1, the resource use permission system 1 includes a user terminal 10, a service provider terminal 20, and a resource management device 100.

  The user terminal 10 is a terminal operated by the user A. This user A is a contractor of a cloud service provided by the resource management device 100. The types of resources provided as cloud services include, for example, virtual machines, virtual disks, IP (Internet Protocol) addresses, snapshots, DNS (Domain Name System), and the like.

  Further, when using the cloud service, the user A defines, for example, the upper limit value of the resource type and quantity as a “policy” in association with the subject of the operation permitted to use, and sets it in the resource management apparatus 100. . Here, the subject of the operation indicates an entity that handles resources such as virtual machines and virtual disks on the cloud service. For example, the subject of the operation includes “project”, “subproject”, “group”, “role”, “user”, “API key (also referred to as“ key ”)”, and the like. Note that “user name” and “password” are set as authentication information for the subject of each operation. In addition, it is not necessary to set a password for the “API key”.

  The service provider terminal 20 is a terminal operated by the service provider. For example, this service provider executes a software testing process using a virtual machine in response to a user request. Note that the service provider may execute the test process in the cloud service contracted by the service provider, or may execute the test process in the cloud service contracted by the user by obtaining use permission from the user. Also good. In the first embodiment, it is assumed that the service provider executes a test process in a cloud service contracted by the user A by obtaining a use permission from the user A.

  The resource management device 100 realizes a virtual environment and provides a cloud service to a contractor. For this reason, the user terminal 10 and the service provider terminal 20 that use the service are connected to the resource management apparatus 100 via a network (not shown).

  In the resource use permission system 1 configured as described above, the user terminal 10 sets, in the resource management apparatus 100, for example, the upper limit value of the type and quantity of the resource permitted to be used in association with the API key A ( Step S1). Subsequently, the user terminal 10 requests the service provider terminal 20 to execute a test process using a virtual machine (step S2). Here, the user terminal 10 delivers to the service provider terminal 20 the API key A in which the upper limit value of the resource type and quantity permitted to be used is associated.

  Then, the service provider terminal 20 requests the resource management apparatus 100 to allocate resources permitted for use by the user terminal 10 (step S3). Here, the service provider terminal 20 performs authentication using the API key A, specifies the type and quantity of the resource used for execution of the test process, and requests resource allocation. In such a case, the resource management apparatus 100 performs authentication using the API key A. Then, if the authentication is successful, the resource management apparatus 100 determines whether or not to assign the specified resource. For example, the resource management device 100 is requested with reference to policy information in which a resource type and an allocatable resource quantity are associated with each other, and resource management information indicating a resource type and a resource quantity that have already been assigned. It is determined whether the allocated resource can be allocated. When the resource management device 100 determines that the requested resource can be allocated, the resource management device 100 allocates the requested resource to the service provider terminal 20. On the other hand, the resource management apparatus 100 determines that the requested resource cannot be allocated, and if it is less than a predetermined upper limit value of the number of resources allowed to be allocated for a certain period, the requested resource Is assigned to the service provider terminal 20 only for a certain period.

  Next, details of each device included in the resource use permission system 1 will be described. FIG. 2 is a functional block diagram showing the configuration of the resource use permission system 1 according to the first embodiment. As shown in FIG. 2, the user terminal 10, the service provider terminal 20, and the resource management device 100 are connected to each other via a network 2 so that they can communicate with each other. In FIG. 2, the user terminal 10, the service provider terminal 20, and the resource management apparatus 100 are illustrated. However, the number of user terminals and service provider terminals included in the resource use permission system 1 is illustrated in FIG. It is not limited to the number shown. Further, the user terminal 10 may be referred to as a “first terminal”, and the service provider terminal 20 may be referred to as a “second terminal”.

  As illustrated in FIG. 2, the user terminal 10 includes an input unit 11, an output unit 12, a communication control unit 13, a storage unit 14, and a control unit 15. The input unit 11 receives various information input operations from an operator of the user terminal 10. For example, the input unit 11 receives the setting of the resource type and the upper limit value of the quantity from the user A in association with the subject of the operation permitted to be used. For example, the input unit 11 receives a request from the user A to execute a test process using a virtual machine to the service provider terminal 20. Here, the input unit 11 receives, for example, designation of “API key A” from the user A as the subject of the operation permitted to be used. The output unit 12 is a display device that displays various types of information, such as a liquid crystal display.

  The communication control unit 13 is a communication interface such as a LAN card, for example, and controls transmission / reception of various data with the service provider terminal 20 and the resource management apparatus 100. The storage unit 14 is, for example, a storage device such as a semiconductor memory device or a hard disk, and stores data used for various processes executed by the user terminal 10.

  The control unit 15 is, for example, an electronic circuit such as a CPU (Central Processing Unit) or an MPU (Micro Processing Unit), and includes a setting reception unit 15a and a request unit 15b. The setting accepting unit 15a receives the “operation subject” and “resource type” received from the user A when the setting of the resource type and the upper limit value of the quantity is received from the user A in association with the subject of the operation permitted to be used. In addition, the resource management apparatus 100 is set with the “upper limit value of quantity”. For example, when the setting reception unit 15a receives a setting that sets the upper limit of 10 virtual machines as a resource used by the user A, the “user A” as the “operation subject” and the “virtual type” as “virtual type” “10” is set in the resource management apparatus 100 as “machine” and “upper limit value of quantity”. Similarly, when the setting reception unit 15a receives a setting that sets the upper limit value of the virtual machine to 10 as resources used by the API key A, “API key A”, “resource type” as “operation subject” The resource management apparatus 100 is set to “virtual machine” and “10” as the “quantity upper limit”.

  When the request unit 15b receives a request from the user A to execute the test process using the virtual machine to the service provider terminal 20, the request unit 15b sends the authentication information set by the setting reception unit 15a to the service provider terminal 20. By handing over, the service provider terminal 20 is requested to execute the test process. For example, the request unit 15 b delivers “API key A” as authentication information to the service provider terminal 20.

  The service provider terminal 20 includes a communication control unit 23, a storage unit 24, and a control unit 25. The communication control unit 23 is a communication interface such as a LAN card, for example, and controls transmission / reception of various data with the user terminal 10 and the resource management apparatus 100. The storage unit 24 is, for example, a storage device such as a semiconductor memory element or a hard disk, and stores data used for various processes executed by the service provider terminal 20.

  The control unit 25 is, for example, an electronic circuit such as a CPU or MPU, and includes an allocation request unit 25a. When the allocation request unit 25a receives a request for execution of the test process from the user terminal 10, the allocation request unit 25a requests the resource management apparatus 100 to allocate resources used for execution of the test process. For example, the allocation request unit 25 a generates a resource allocation request including the authentication information delivered from the user terminal 10, the requested operation, the type and quantity of the allocated resource, and transmits the resource allocation request to the resource management apparatus 100.

  The resource management device 100 includes a communication control unit 103, a storage unit 104, and a control unit 108. The communication control unit 103 is, for example, a communication interface such as a LAN card, and controls transmission / reception of various data with the user terminal 10 and the service provider terminal 20. The storage unit 104 is a storage device such as a semiconductor memory element or a hard disk, and stores data used for various processes executed by the resource management device 100. For example, the storage unit 104 includes an operation availability management DB (Data Base) 105, a policy DB 106, and a resource management DB 107.

  The operation availability management DB 105 includes a group management table 105a, a default policy management table 105b, and an operation availability management table 105c, and stores information indicating whether the subject of the operation is authorized to operate on the resource. .

  The group management table 105a stores information indicating the group to which the user belongs. FIG. 3A is a diagram illustrating an example of a data structure stored in the group management table 105a according to the first embodiment. As illustrated in FIG. 3A, the group management table 105a stores information in which “user” and “group” are associated with each other.

  Here, “user” stored in the group management table 105a indicates a user identifier. For example, data values such as “user B” and “user C” are stored in “user”. The “group” stored in the group management table 105a indicates a group identifier. For example, data values such as “Group A” are stored in “Group”. As an example, the group management table 105a illustrated in FIG. 3A indicates that the user B and the user C belong to the group A.

  The default policy management table 105b stores information indicating whether or not the resource pool can be operated in the default state. FIG. 3B is a diagram illustrating an example of a data structure stored in the default policy management table 105b according to the first embodiment. As illustrated in FIG. 3B, the default policy management table 105b stores information in which “target”, “subject”, and “default policy” are associated with each other.

  Here, “target” stored in the default policy management table 105b indicates an identifier of the resource pool. For example, data values such as “resource pool A” and “resource pool B” are stored in “target”.

  The “subject” stored in the default policy management table 105b indicates a subject having the target operation authority. For example, data values such as “user A” and “group A” are stored in “subject”.

  The “default policy” stored in the default policy management table 105b indicates whether or not an operation is possible. For example, the “default policy” stores data values such as “permitted” indicating that the operation is permitted in the default state, and “impossible” indicating that the operation is not permitted in the default state.

  As an example, the default policy management table 105b illustrated in FIG. 3B indicates that the operation of the user A for the resource pool A is permitted in the default state. Similarly, the default policy management table 105b illustrated in FIG. 3B indicates that the group A operation on the resource pool B is not permitted in the default state.

  The operation availability management table 105c stores information indicating availability of an operation for a resource type for each operation subject. FIG. 3C is a diagram illustrating an example of a data structure stored in the operation availability management table 105c according to the first embodiment. As illustrated in FIG. 3B, the operation availability management table 105c stores information in which “user”, “resource type”, “operation”, “possibility”, and “target” are associated with each other.

  Here, “user” stored in the operation availability management table 105c indicates a user identifier. For example, “user” stores data values such as “user A”, “user B”, and “user C”. The “resource type” stored in the operation availability management table 105c indicates the type of resource. For example, “resource type” stores data values such as “virtual disk” and “virtual machine”.

  The “operation” stored in the operation availability management table 105c indicates the operation content for the resource type. For example, data values such as “create” and “delete” are stored in “operation”. “Permitted” stored in the operational availability management table 105c indicates whether an operation is possible. For example, “allowed” stores data values such as “permitted” permitting the operation and “impossible” not allowing the operation. The “target” stored in the operation availability management table 105c indicates an identifier of the resource pool. For example, data values such as “resource pool A” and “resource pool B” are stored in “target”.

  As an example, in the operation availability management table 105c shown in FIG. 3C, the operation of the resource pool A is permitted in the default state, but the “user A” uses this resource pool A to create a virtual disk. Indicates that you are not authorized to delete or delete. Similarly, in the operation availability management table 105c shown in FIG. 3C, the operation of the resource pool B is not permitted in the default state, but the “user B” creates or deletes a virtual machine using the resource pool B. Indicates that you are allowed to

  Returning to FIG. The policy DB 106 includes a quota management table 106a and a deviation action management table 106b, and each type of resource permitted to the subject of the operation at the time of deviation during normal time and when resource usage increases temporarily. Information indicating the quantity of the resource is stored.

  The quota management table 106a stores information indicating the usage amount for each type of resource permitted to the subject of the operation. FIG. 4A is a diagram illustrating an example of a data structure stored in the quota management table 106a according to the first embodiment. As shown in FIG. 4A, the quota management table 106a includes “subject”, “resource type”, “limit type”, “value”, “temporary overcommit factor”, “temporary overcommit limit time (minutes)”, and “ Information associated with “departure action ID” is stored.

  Here, the “subject” stored in the quota management table 106a indicates the identifier of the user who is the subject of the operation. For example, data values such as “user A”, “API key A”, and “subproject A” are stored in “subject”. The “resource type” stored in the quota management table 106a indicates the type of resource. For example, “resource type” stores data values such as “virtual disk” and “virtual machine”.

  The “restriction type” stored in the quota management table 106a indicates a restriction on the amount of resource used. For example, the “limit type” stores a data value such as “quantity upper limit” indicating that the upper limit is limited by quantity. The “value” stored in the quota management table 106a indicates a numerical value of the resource usage. For example, a data value such as “10” is stored in “value”.

  The “temporary overcommit coefficient” stored in the quota management table 106a indicates a coefficient with respect to the number of resources that can be allocated only for a certain period when the resource usage amount temporarily increases. For example, data values such as “2” and “3” are stored in the “temporary overcommit coefficient”. That is, a value obtained by multiplying “value” by “coefficient” indicates a predetermined upper limit value of the number of resources that are allowed to be allocated only for a certain period when the resource usage amount temporarily increases.

  The “temporary overcommit time limit (minutes)” stored in the quota management table 106a indicates a certain period of time during which a resource allocation is permitted when the resource usage amount temporarily increases. For example, data values such as “60”, “10”, and “30” are stored in “temporary overcommit time limit (minutes)”. The “departure action ID” stored in the quota management table 106a indicates an identifier of a process to be executed when the temporary overcommit time limit is exceeded. For example, data values such as “1”, “1,2”, “1,3” are stored in the “departure action ID”. The process associated with the “departure action ID” will be described later.

  For example, in the quota management table 106a shown in FIG. 4A, when the operation subject is “user A”, the operation on the virtual machine is normally limited to 10 units, and the resource usage temporarily increases. In the case of a deviation, the operation is permitted up to 20 units for 60 minutes. Note that the quota management table 106a shown in FIG. 4A indicates that when the subject of the operation is “user A”, the process of “1” is executed when the temporary overcommit time limit is exceeded.

  Similarly, in the quota management table 106a shown in FIG. 4A, when the subject of the operation is “API key A”, the operation on the virtual machine is normally limited to 10 units and the resource usage is temporarily limited. This means that up to 30 units can be operated for 10 minutes at the time of increasing deviation. Note that the quota management table 106a shown in FIG. 4A executes the processes “1” and “2” when the subject of the operation is “API key A” and the temporary overcommit time limit is exceeded. Indicates.

  The departure action management table 106b stores information indicating processing to be executed when the temporary overcommit time limit is exceeded. FIG. 4B is a diagram illustrating an example of a data structure stored in the departure action management table 106b according to the first embodiment. As illustrated in FIG. 4B, the departure action management table 106b stores information in which “ID” and “action type” are associated with each other.

  Here, “ID” stored in the departure action management table 106 b indicates an identifier of the departure action. For example, data values such as “0”, “1”, and “2” are stored in “ID”. The “action type” stored in the deviation action management table 106b indicates processing executed when the temporary overcommit time limit is exceeded. For example, the “action type” stores data values such as “do nothing” and “send mail”.

  As an example, the deviation action management table 106b shown in FIG. 4B indicates “do nothing” when “ID” is “0”. Further, the deviation action management table 106b shown in FIG. 4B indicates that when “ID” is “1”, the user is notified that the temporary overcommit time limit has been exceeded by sending an email, and “ID”. “2” indicates that a voice message is transmitted to the user to notify the user that the temporary overcommit time limit has been exceeded. Further, the deviation action management table 106b shown in FIG. 4B indicates that a predetermined program is executed when “ID” is “3”, and compulsory when “ID” is “99”. Indicates that the resource assigned to is to be deleted.

  Returning to FIG. The resource management DB 107 has a resource management table 107a and stores information indicating the type and quantity of allocated resources. The resource management table 107a stores information indicating the type and quantity of resources allocated for each operation subject. FIG. 5 is a diagram illustrating an example of a data structure stored in the resource management table 107a according to the first embodiment.

  As shown in FIG. 5, the resource management table 107a stores information in which “resource”, “resource type”, and “owner” are associated with each other.

  Here, “resource” stored in the resource management table 107a indicates the name of the resource. For example, data values such as “virtual machine A”, “virtual machine B”, and “virtual disk A” are stored in “resource”. The “resource type” stored in the resource management table 107a indicates the type of resource. For example, the “resource type” stores data values such as “virtual machine” and “virtual disk”. The “owner” stored in the resource management table 107a indicates the subject of the operation to which the resource is allocated. For example, data values such as “user A” and “API key A” are stored in “owner”.

  As an example, the resource management table 107a shown in FIG. 5 indicates that a total of two virtual machines, a virtual machine A and a virtual machine C, are assigned to the user A, and the API key A contains a virtual machine. Indicates that only one B is assigned.

  Returning to FIG. The control unit 108 is, for example, an electronic circuit such as a CPU or MPU, and controls processing related to provision of a cloud service. For example, the control unit 108 includes an API processing unit 110 that controls allocation of resources provided by the cloud service. As shown in FIG. 2, the API processing unit 110 includes an authentication unit 111, a determination unit 112, an allocation unit 113, a setting unit 114, a first execution unit 115, and a second execution unit 116. Have.

  When the authentication unit 111 receives a resource allocation request from another device, the authentication unit 111 uses the authentication information included in the resource allocation request to authenticate the device that requested the resource allocation. For example, when the authentication unit 111 receives a resource allocation request from the user terminal 10 that is a contractor of the cloud service, the authentication unit 111 authenticates the user terminal 10 using a user name and a password as authentication information. Further, for example, when the authentication unit 111 receives a resource allocation request from the service provider terminal 20 permitted to use the resource from the contractor of the cloud service, the authentication unit 111 uses the API key A as the authentication information and uses the service provider terminal 20 authentications are performed.

  If the authentication unit 111 determines that the authentication is successful, the authentication unit 111 passes the resource allocation request to the determination unit 112. On the other hand, when the authentication unit 111 does not determine that the authentication is successful, the control unit 108 notifies the device that requested the resource allocation of an error.

  The determination unit 112 refers to the operation availability management DB 105 to determine whether or not the device that has requested resource allocation is authorized to operate the resource that has requested allocation. For example, the determination unit 112 refers to the default policy management table 105b and reads the default policy of the device that has requested resource allocation.

  Here, when the read default policy is “permitted”, the determination unit 112 uses the authentication information used for authentication by the device that requested resource allocation to the operation availability management table 105c, the type of resource requested for allocation, and the request. It is determined whether the performed operation is registered. When the determination unit 112 determines that the authentication information used for authentication by the device that requested the resource allocation, the type of the resource that requested the allocation, and the requested operation are registered, the device that requested the resource allocation It is determined that the operation for the requested resource is not authorized. On the other hand, if the determination unit 112 determines that the authentication information used for authentication by the device that requested the resource allocation, the type of the resource that requested the allocation, and the requested operation are not registered, the determination unit 112 requests the resource allocation. It is determined that the assigned device is authorized to operate on the resource that requested the allocation.

  In addition, when the read default policy is “impossible”, the determination unit 112 requests authentication information used for authentication by the device that requested resource allocation to the operation availability management table 105c, the type of resource requested for allocation, and the requested resource type. It is determined whether or not the operation is registered. When the determination unit 112 determines that the authentication information used for authentication by the device that requested the resource allocation, the type of the resource that requested the allocation, and the requested operation are registered, the device that requested the resource allocation It is determined that the operation for the resource that requested the allocation is authorized. On the other hand, if the determination unit 112 determines that the authentication information used for authentication by the device that requested the resource allocation, the type of the resource that requested the allocation, and the requested operation are not registered, the determination unit 112 requests the resource allocation. It is determined that the assigned device is not authorized to operate on the resource that requested the allocation.

  If the determination unit 112 determines that the device that requested the resource allocation is authorized, the determination unit 112 determines whether the requested resource can be allocated. For example, the determination unit 112 is requested with reference to the policy DB 106 that associates the resource type with the assignable resource quantity, and the resource management DB 107 that indicates the already assigned resource type and the resource quantity. It is determined whether resources can be allocated.

  Here, the determination unit 112 determines the resource type associated with the “subject” in the quota management table 106 a of the policy DB 106 and the number of resources that can be allocated, and the “owner” in the resource management table 107 a of the resource management DB 107. The resource type and the quantity of the resource that have already been assigned to each other are referred to, and it is determined whether or not the requested quantity can be assigned to the requested type of resource.

  More specifically, the determination unit 112 reads “restricted type” and “value” for the requested “resource type” among the “resource types” associated with the “subject” in the quota management table 106a. Thus, the type of resource and the number of resources that can be allocated are specified. In addition, by specifying the number of requested “resource types” among the “resource types” associated with “owner” in the resource management table 107a, the type of resource already allocated and the quantity of resources are specified. To do. Then, the determination unit 112 specifies the number of resources that can be allocated at the present time by subtracting the number of resources that have already been allocated from the number of resources that can be allocated.

  Then, the determination unit 112 determines whether or not the requested quantity of the resource of the type is equal to or less than the quantity of the resource that can be allocated at the present time. Here, the determination unit 112 determines that the requested resource can be allocated when it is determined that the quantity of the requested type of resource is equal to or less than the quantity of resources that can be allocated at the present time. On the other hand, if the determination unit 112 does not determine that the quantity of the requested type of resource is equal to or less than the quantity of resources that can be allocated at the present time, the determination unit 112 determines that the requested resource cannot be allocated. A state where the quantity of the requested type of resource is not less than or equal to the number of resources that can be allocated at the present time is a situation that deviates from the policy, and this state is simply described as “policy deviation”. There is.

  As an example, a case where creation of a virtual machine is requested using the API key A will be described. Here, a case will be described in which the upper limit value of the assignable virtual machines is 10 and the number of already assigned virtual machines is 3. In such a case, the determination unit 112 specifies that the upper limit of the number of virtual machines that can be allocated at the present time is seven. When the service provider terminal 20 requests the creation of two virtual machines, the determination unit 112 is requested because the quantity of the requested type of resource is equal to or less than the quantity of resources that can be allocated at the present time. It is determined that a virtual machine can be created. On the other hand, when the service provider terminal 20 requests the creation of eight virtual machines, the determination unit 112 is requested because the requested type of resource quantity is not less than or equal to the quantity of resources that can be allocated at the present time. It is determined that it is not possible to create a virtual machine.

  If the determination unit 112 determines that the requested resource cannot be allocated, the determination unit 112 determines whether the requested resource can be allocated only for a certain period. For example, the determination unit 112 sets a value obtained by multiplying the resource quantity by a coefficient as a predetermined upper limit value, and for the requested type of resource, the requested resource quantity and the total number of already allocated quantities are predetermined upper limit values. If it is less, it is determined that the requested resource can be allocated only for a certain period. Note that, when a policy deviates, allocating a requested resource for a certain period is also called overcommitment.

  More specifically, the determination unit 112 sets the “value” and “overcommit coefficient” for the requested “resource type” among the “resource types” associated with the “subject” in the quota management table 106a. Read. Then, the determination unit 112 specifies a value obtained by multiplying the read “value” and “overcommit coefficient” as the upper limit value of the resource quantity at the time of temporary overcommitment. Subsequently, the determination unit 112 specifies the quantity of resources that can be allocated at the time of temporary overcommitment by subtracting the quantity of resources that have already been allocated from the upper limit value of the resource quantity at the time of temporary overcommitment.

  Then, the determination unit 112 determines whether the requested type of resource quantity is equal to or less than the resource quantity that can be allocated at the time of temporary overcommitment. Here, when the determination unit 112 determines that the quantity of the requested type of resource is equal to or less than the quantity of resources that can be allocated at the time of temporary overcommitment, the requested resource can be allocated only for a certain period. judge. On the other hand, if the determination unit 112 does not determine that the quantity of the requested type of resource is equal to or less than the quantity of resources that can be allocated at the time of temporary overcommitment, the determination unit 112 determines that the requested resource cannot be allocated. To do.

  As an example, a case where creation of a virtual machine is requested using the API key A will be described. Here, a case will be described in which the upper limit value of the assignable virtual machines is 10, the overcommit factor is 3, and the number of already assigned virtual machines is 3. In such a case, the determination unit 112 specifies that the upper limit value of the virtual machine quantity at the time of temporary overcommitment is 30 units, and the upper limit value of the number of virtual machines that can be allocated at the time of temporary overcommitment is 27 units. Is specified. When the determination unit 112 is requested by the service provider terminal 20 to create eight virtual machines, the requested quantity of the resource type is the upper limit value of the number of virtual machines that can be allocated at the time of temporary overcommitment. Since it is the following, it is determined that the requested virtual machine can be created only for a certain period.

  In addition, the determination unit 112 sets the resource name, the resource type, and the operation subject to which the resource is assigned for the allocated resource in the resource management table 107a of the resource management DB 107 as “resource”, “resource type”, and Store in association with “owner”. If the determination unit 112 determines that the requested virtual machine can be created only for a certain period of time, the determination unit 112 records an event log indicating that resources are allocated beyond the quota range. In other words, if an event log is recorded, it indicates that overcommit has been performed.

  If the determination unit 112 determines that the requested resource can be allocated, the allocation unit 113 allocates the requested resource to the device that requested the resource allocation. For example, the assigning unit 113 assigns the requested resource to the service provider terminal 20 that has received a request from the user terminal 10 on the cloud service contracted by the user A.

  The allocation unit 113 determines that the resource requested by the determination unit 112 is not allocated and is less than a predetermined upper limit value of the number of resources allowed to be allocated for a certain period of time. The allocated resource is allocated to a device that has requested the allocation of the resource for a certain period. For example, the assigning unit 113 assigns the requested resource to the service provider terminal 20 that has received a request from the user terminal 10 for a certain period of time on the cloud service contracted by the user A.

  When the setting unit 114 receives a policy definition from the user terminal 10, the setting unit 114 stores the received policy definition in the quota management table 106a. Here, for example, the setting unit 114 stores, in the quota management table 106a, a policy in which an operation subject such as an API key is further associated with a resource type and an allocatable resource quantity.

  The first execution unit 115 executes a predetermined process when the policy deviation continues even after a predetermined period has elapsed when overcommitment is performed. For example, when the event log is recorded, the first execution unit 115 determines whether or not a certain period has elapsed. Here, when the policy deviation continues even after the elapse of a certain period, the first execution unit 115 executes a predetermined process with reference to the quota management table 106a and the deviation action management table 106b. For example, the first execution unit 115 reads the value of “departure action ID” corresponding to the authentication subject in the quota management table 106a, and identifies the process corresponding to the read value from the deviation action management table 106b. Then, the first execution unit 115 executes specified processes such as mail transmission, voice message transmission, and program execution.

  The second execution unit 116 executes a predetermined process when the number of already allocated resources reaches a predetermined threshold. For example, the second execution unit 116 refers to the resource management table 107a and determines whether or not the number of resources already allocated has reached a predetermined threshold. Here, when the second execution unit 116 determines that the number of already allocated resources has reached a predetermined threshold, the second execution unit 116 refers to the quota management table 106a and the deviation action management table 106b and executes predetermined processing. To do. For example, the second execution unit 116 reads the “departure action ID” value corresponding to the authentication subject in the quota management table 106a, and identifies the process corresponding to the read value from the deviant action management table 106b. Then, the second execution unit 116 executes specified processes such as mail transmission, voice message transmission, and program execution.

  Next, a processing procedure performed by the resource management apparatus 100 will be described with reference to FIG. FIG. 6 is a flowchart illustrating a processing procedure performed by the resource management apparatus 100 according to the first embodiment. As shown in FIG. 6, the authentication unit 111 receives a resource allocation request (step S101). Here, the authentication unit 111 receives a resource allocation request including the user name and password, the requested operation, and the type and quantity of the resource to be allocated.

  Subsequently, the authentication unit 111 receives input of a user name and a password (Step S102), and determines whether or not the authentication is successful (Step S103). Here, when the authentication unit 111 determines that the authentication is successful (step S103, Yes), the determination unit 112 reads a policy associated with the authentication subject (step S104). If the authentication unit 111 does not determine that the authentication has succeeded (No in step S103), the control unit 108 notifies the device that requested the resource allocation of an error (step S118).

  The determination unit 112 refers to the operation availability management DB 105 to determine whether or not the operation requested by the authentication subject is authorized (step S105). Here, when it is not determined by the determination unit 112 that the operation requested by the authentication subject is authorized (No at Step S105), the control unit 108 notifies an error to the device that has requested the resource allocation (Step S118). ).

  On the other hand, when determining that the operation requested by the authentication subject is authorized (Yes in step S105), the determining unit 112 determines whether the operation is an operation for increasing or decreasing the resource amount (step S106). Here, if the determination unit 112 does not determine that the operation is an operation for increasing or decreasing the resource amount (No in step S106), the resource management apparatus 100 starts the requested process (step S119).

  Here, when the determination unit 112 determines that the operation is to increase or decrease the resource amount (Yes in step S106), the resource management DB 107 is referred to read the resource amount that is currently used by the authentication target (step S107). ). Then, the determination unit 112 determines whether or not it is within the quota range obtained for the authentication target (step S108). Here, when the determination unit 112 determines that it is within the quota range obtained for the authentication target (step S108, Yes), it updates the resource management DB 107 (step S109). Subsequently, the allocation unit 113 starts resource allocation (step S110).

  On the other hand, if the determination unit 112 does not determine that it is within the quota range obtained for the authentication target (No at Step S108), it determines whether it is within the range of temporary overcommitment (Step S111). If the determination unit 112 determines that it is within the range of temporary overcommitment (step S111, Yes), it updates the resource management DB 107 (step S112). The determination unit 112 records an event log (step S113). Note that if the determination unit 112 does not determine that it is within the range of temporary overcommitment (step S111, No), the control unit 108 notifies an error to the device that has requested resource allocation (step S118).

  Subsequently, the allocation unit 113 starts resource allocation (step S114). After starting the resource allocation, the first execution unit 115 determines whether or not a predetermined period has elapsed (step S115). Here, if the first execution unit 115 does not determine that the predetermined period has elapsed (No in step S115), the first execution unit 115 continues to determine whether the predetermined period has elapsed. On the other hand, if the first execution unit 115 determines that the predetermined period has elapsed (step S115, Yes), the first execution unit 115 determines whether or not the policy deviation continues (step S116).

  When the first execution unit 115 does not determine that the policy deviation continues (No in Step S116), the resource management device 100 ends the process. On the other hand, if the first execution unit 115 determines that the policy deviation continues (step S116, Yes), the first execution unit 115 executes a predetermined process (step S117). After the end of step S117, the resource management device 100 ends the process.

  As described above, as a general use case, the resource management apparatus 100 according to the first embodiment generates a key for the third party when the user entrusts resource management to the third party. After setting an appropriate policy for the key, the key is delivered to a third party. A third party uses this key to operate the cloud service on behalf of the user. Thereby, the user can minimize the range of resources permitted to be used by a third party. In addition, since it becomes possible to safely delegate the responsibility for managing resources to a third party, the use of third-party services is simplified.

  In the conventional method, the resources actually used are black boxed by the service provider. On the other hand, in the resource management apparatus 100 according to the first embodiment, the user can directly check the resource, or can acquire the management authority with stronger authority as necessary.

  In addition, since temporary resource usage may be increased during update work, the policy also includes a temporary deviation. For example, an upper limit value of policy deviation is set by a coefficient or a real number, and an upper limit time for which the state continues is set. As a result, even when the resources used temporarily increase due to update work or the like, the operation can be performed without changing the policy.

  Also, when the policy deviates when the policy deviates and when the time exceeds the upper limit time, the processing designated in the policy is also executed. Examples include sending mail, notification by phone, executing arbitrary programs, and forcibly deleting resources.

(Modification of the first embodiment)
In the first embodiment, the request unit 15b has been described as requesting the service provider terminal 20 to execute the test process by handing over the API key. However, the embodiment is not limited thereto. Absent. For example, the request unit 15b may request the service provider terminal 20 to execute the test process by handing over a user name and a password associated with the subject of the operation. In such a case, the service providing apparatus 20 requests the resource management apparatus 100 to allocate resources using the user name and password.

  In addition, the operation availability management table 105c illustrated in FIG. 3C and the quota management table 106a illustrated in FIG. 4A may be integrated. In the quota management table 106a, the “limit type” has been described as storing the upper limit of the quantity, but the embodiment is not limited to this. For example, the “restriction type” may store the minimum quantity.

  Further, in the first embodiment, the setting unit 114 has been described as receiving a policy definition from the user terminal 10 and storing the received policy definition in the quota management table 106a. Generally, setting a policy is complicated. For this reason, at first, the use of the cloud service may be started without accepting the policy definition, and the resource usage may be set in the policy when the resource usage is stabilized. In such a case, for example, the setting unit 114 refers to the resource usage when the resource usage is stabilized, and sets the number of resources that can be allocated in the policy.

  FIG. 7 is a diagram for explaining the setting unit 114 according to a modification of the first embodiment. As illustrated in FIG. 7, the setting unit 114 displays a graph indicating the transition of the resource usage amount for each hour. In FIG. 7, the horizontal axis represents time, and the vertical axis represents the number of created virtual machines. FIG. 7 shows the transition of the number of virtual machines over approximately one month.

  In the example shown in FIG. 7, about 60 virtual machines are created at the peak time, but the number of virtual machines is within 30 in normal times. For this reason, the setting unit 114 accepts designation of the quantity of resources that can be allocated from the user terminal 10 in the displayed graph. For example, as illustrated in FIG. 7, the setting unit 114 accepts designation of 30 units as the number of assignable virtual machines and accepts designation of 2 as the temporary overcommit factor. As described above, it is possible to easily set a policy by providing a function for defining a policy based on the current resource usage.

  In addition, when calculating the policy backwards, not only the current resource usage, but also the maximum, minimum, average, median, etc. of the resource usage used in the time frame specified by the user. It may be used as a value.

  Further, a uniform margin may be provided for the value of the quantity system when the policy is calculated backward. For example, a uniform 10% is added to the stored value in the quota management table 106a to create a policy. Thereby, even when fluctuations occur in the resource usage, deviation from the policy can be prevented.

(Second Embodiment)
Although the embodiments of the present invention have been described so far, the present invention may be implemented in other embodiments besides the above-described embodiments. Therefore, other embodiments will be described below.

(System configuration)
Also, among the processes described in this embodiment, all or part of the processes described as being performed automatically can be performed manually, or the processes described as being performed manually can be performed. All or a part can be automatically performed by a known method. In addition, the processing procedures, control procedures, specific names, and information including various data and parameters shown in the above-mentioned documents and drawings (for example, FIGS. 1 to 7) are optional except as otherwise noted. Can be changed.

  Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. That is, the specific form of distribution / integration of each device is not limited to the one shown in the figure, and all or a part of the distribution / integration may be functionally or physically distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured.

(program)
It is also possible to create a resource use permission program in which the processing executed by the resource management apparatus 100 according to the first embodiment is described in a language that can be executed by a computer. In this case, when the computer executes the resource use permission program, the same effect as in the above embodiment can be obtained. Furthermore, the resource use permission program is recorded on a computer-readable recording medium, and the resource use permission program recorded on the recording medium is read by the computer and executed, thereby realizing the same processing as in the above embodiment. May be. Hereinafter, an example of a computer that executes a resource use permission program that realizes the same function as the resource management apparatus 100 shown in FIG.

  FIG. 8 is a diagram illustrating a computer 1000 that executes a resource use permission program. As illustrated in FIG. 8, the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1031. The disk drive interface 1040 is connected to the disk drive 1041. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1041. For example, a mouse 1051 and a keyboard 1052 are connected to the serial port interface 1050. For example, a display 1061 is connected to the video adapter 1060.

  Here, as shown in FIG. 8, the hard disk drive 1031 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. The resource use permission program described in the above embodiment is stored in the hard disk drive 1031 or the memory 1010, for example.

  The resource use permission program is stored in, for example, the hard disk drive 1031 as a program module in which a command executed by the computer 1000 is described. Specifically, a program module in which a determination procedure for executing information processing similar to that of the determination unit 112 described in the embodiment and an allocation unit procedure for executing information processing similar to the allocation unit 113 are described Stored in the drive 1031.

  Further, data used for information processing by the resource use permission program is stored in the hard disk drive 1031 as program data, for example. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the hard disk drive 1031 to the RAM 1012 as necessary, and executes the above-described procedures.

  The program module 1093 and the program data 1094 related to the resource use permission program are not limited to being stored in the hard disk drive 1031. For example, the program module 1093 and the program data 1094 are stored in a removable storage medium and are stored in the removable storage medium by the CPU 1020 via the disk drive 1041 or the like. It may be read out. Alternatively, the program module 1093 and the program data 1094 related to the resource use permission program are stored in another computer connected via a network such as a LAN (Local Area Network) or a WAN (Wide Area Network), and the network interface 1070 is stored. Via the CPU 1020.

(Other)
The resource use permission program described in the present embodiment can be distributed via a network such as the Internet. The specific program can also be executed by being recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, an MO, or a DVD, and being read from the recording medium by the computer.

DESCRIPTION OF SYMBOLS 1 Resource use permission system 2 Network 10 User terminal 11 Input part 12 Output part 13 Communication control part 14 Storage part 15 Control part 15a Setting reception part 15b Request part 20 Service provider terminal 23 Communication control part 24 Storage part 25 Control part 25a Assignment Request unit 100 Resource management device 103 Communication control unit 104 Storage unit 105 Operation availability management DB
105a Group management table 105b Default policy management table 105c Operation availability management table 106 Policy DB
106a quota management table 106b deviation action management table 107 resource management DB
107a resource management table 108 control unit 110 API processing unit 111 authentication unit 112 determination unit 113 allocation unit 114 setting unit 115 first execution unit 116 second execution unit 1000 computer 1010 memory 1011 ROM
1012 RAM
1020 CPU
1030 Hard disk drive interface 1031 Hard disk drive 1040 Disk drive interface 1041 Disk drive 1050 Serial port interface 1051 Mouse 1052 Keyboard 1060 Video adapter 1061 Display 1070 Network interface 1080 Bus 1091 OS
1092 Application program 1093 Program module 1094 Program data

Claims (8)

A resource management device that manages resources, a first terminal that uses an authorized resource among resources managed by the resource management device, and a first terminal that uses at least a part of the authorized resource. A resource use permission system having a second terminal permitted from
The second terminal is
A request unit for requesting resource allocation to the resource management device by designating a resource type and a quantity of the resource when use of a part of the resource is permitted by the first terminal;
The resource management device includes:
The requested resource can be allocated by referring to the policy information in which the resource type is associated with the assignable resource quantity and the resource management information indicating the already assigned resource type and the resource quantity. A determination unit for determining whether or not
When the determination unit determines that the requested resource can be allocated, the requested resource is allocated to the second terminal, and the requested resource can be allocated by the determination unit. An allocation unit that allocates the requested resource to the second terminal only for a certain period when it is determined that the resource is not more than a predetermined upper limit value of the resource that is allowed to be allocated only for a certain period; A resource use permission system characterized by comprising: The policy information further associates a coefficient with the resource type and the resource quantity,
When the determination unit determines that the requested resource allocation is not possible, a value obtained by multiplying the quantity of the resource by the coefficient is set as the predetermined upper limit value, and for the resource of the requested type, 2. The method according to claim 1, wherein when the quantity of requested resources and the total number of already assigned quantities are equal to or less than the predetermined upper limit value, it is determined that the requested resources can be allocated only for a certain period. Resource usage authorization system. The resource management device includes:
The policy information further associates a key with the type of resource and the number of resources that can be allocated,
The request unit includes:
Using the key, request resource allocation to the resource management device,
The determination unit
Refer to the resource type associated with the key and the number of allocatable resources in the policy information, and the already assigned resource type and the resource quantity associated with the key in the resource management information. The resource use permission system according to claim 1, wherein it is determined whether or not the requested quantity can be allocated to the requested type of resource. The resource management device includes:
A setting unit for referring to the resource usage at the time when the resource usage is stabilized, setting the number of resources that can be allocated in the policy information, and storing the policy information in a predetermined storage unit; The resource use permission system according to claim 3, wherein:   The said setting part displays the graph which shows transition of the resource usage amount for every time, and receives designation | designated of the quantity of the said resource which can be allocated from the said 1st terminal in the said graph. The resource use authorization system described. The resource management device includes:
The apparatus according to claim 1, further comprising a first execution unit that executes a predetermined process when it is determined that the requested resource cannot be allocated even after the predetermined period has elapsed. Resource usage authorization system. The resource management device includes:
2. The resource use permission system according to claim 1, further comprising a second execution unit that executes a predetermined process when the number of already allocated resources reaches a predetermined threshold value. A resource management device that manages resources, a first terminal that uses an authorized resource among resources managed by the resource management device, and a first terminal that uses at least a part of the authorized resource. A resource use permission method executed in a resource use permission system having a second terminal permitted from
The second terminal is
Including a requesting step of requesting the resource management device to allocate a resource by designating a resource type and a quantity of the resource when use of a part of the resource is permitted by the first terminal;
The resource management device is
The requested resource can be allocated by referring to the policy information in which the resource type is associated with the assignable resource quantity and the resource management information indicating the already assigned resource type and the resource quantity. A determination step of determining whether or not,
When it is determined that the requested resource can be allocated by the determining step, the requested resource is allocated to the second terminal, and the requested resource can be allocated by the determining step. An allocation step of allocating the requested resource to the second terminal only for a certain period when it is determined that the resource is not more than a predetermined upper limit value of the resource that is allowed to be allocated only for a certain period; A resource use permission method characterized by including:

Images