JP5061167B2 - Cloud computing system - Google Patents

Description

  The present invention relates to a cloud computing technology.

  The trend in IT is cloud computing. In this specification, cloud computing (hereinafter abbreviated as “cloud” as appropriate) refers to a form in which resources (resources) such as storage resources and computing resources are provided or used as services on the Internet. . In a system (cloud computing system) that realizes a cloud-like service, elemental technologies include server virtualization technology (technology that operates multiple virtual servers on one physical server), distributed processing technology ( For example, a technique that distributes and processes one calculation by a plurality of nodes (computers) is used.

  Examples of cloud services (hereinafter also simply referred to as “services”) are as follows. A computer (terminal) such as a PC provided with a Web browser used by a user (client) accesses a service (content etc.) on the Internet. For example, there are electronic commerce (EC) services such as Amazon (registered trademark), information retrieval services such as Google (registered trademark), and the like, and a Web site (server) that provides the service is accessed. In the node group including the server, service processing (for example, distributed processing) is performed between a plurality of nodes, and the result is returned to the user terminal. Further, the user terminal does not need to know how the processing is performed in the node group.

  Further, as a technology related to the service by the cloud computing, for example, Amazon EC2 (Amazon Elastic Compute Cloud) (Non-Patent Document 1) is available.

“Amazon Elastic Compute Cloud (Amazon EC2)”, amazon web services (registered trademark), [Search September 1, 2009], Internet <URL: http://aws.amazon.com/ec2/>

  The provision of cloud services and systems is currently being led by some companies. In particular, companies such as Amazon and Google provide a cloud-like service system with a huge infrastructure (resources) including a large number of servers. A large number of users such as SMEs and individuals who do not have such infrastructure (resources) tend to remain on the cloud-side service system usage side. In other words, some companies' cloud-like service systems are often used in the form of pay-per-use.

  Various functions such as EC and information retrieval on the Internet have great influence as social and public infrastructure. Therefore, the provision of a cloud-like service system for such functions is not limited to a small number of companies, and it is desirable that a large number of diverse companies and individuals participate.

  In addition, when the implementation of a cloud system is by a specific company, there is a concern that the vulnerability of that implementation may adversely affect the entire system environment, for example, because a single implementation becomes dominant . Therefore, it is desirable that a cloud system can be configured by various implementations.

  In view of the above, a main object of the present invention is to provide a mechanism related to a cloud computing system, in which a large number of diverse users can participate, and the entire system environment can be developed satisfactorily.

  Of the inventions disclosed in the present application, the outline of typical ones will be briefly described as follows. In the present invention, in order to realize the above-described mechanism, an open and completely distributed system is considered as a configuration model of a cloud computing system. That is, in an information processing system (a network of nodes (computers) group) on a communication network, for example, the nodes of an unspecified number of users (participants) can freely participate / This is a mechanism in which each node can provide (deliver) computer resources for provision (configuration) of a cloud-like service, and the service can be used.

  As a model on the service providing side, each participant's node freely provides storage resources, computing resources, and the like, and configures and provides a cloud-like service by using resources (a combination thereof) of the plurality of nodes. Further, as a model on the service use side, each participant's node can access and use the cloud service described above.

  Here, in a system in which each node provides and uses a service (resource) as described above, the balance between the provision and use of the service (its resource) becomes one problem. In other words, it is acceptable for one user to be biased or free riding, etc., while the degree of provision is too large for the service (resource) usage, whereas the other user is too much for usage. A mechanism to do this is not desirable.

  In this respect, the present system has a mechanism that enables the use of services (resources) according to the degree of contribution (results, etc.) in the provision (delivery) of services (resources) in order to achieve fairness and the like. That is, each participant node obtains authority to use a service (resource) instead of providing (delivering) a resource for providing the service. In other words, as a condition for using the service (resource), the service (resource) itself must be provided. As a result, participation of appropriate nodes is encouraged, removal of inappropriate nodes is promoted, and implementation of the entire system environment is made efficient.

  As the above mechanism, in this system, the accuracy of the act of providing a service (resource) by a node is evaluated by another node, and the evaluation result is obtained by another service by the node that provided the service (resource). It has a mechanism for reflecting (resources) usage (resources).

  For example, as the evaluation process, the evaluation subject node evaluates the accuracy by determining the presence / absence of accurate response data in the act of providing the service (resource) for each node to be evaluated. As the evaluation (evaluation information), for example, the authority or points of use related to the node are increased or decreased. Then, as a reflection of the evaluation result, control (permission, etc.) relating to the use of the service (resource) by the node to be evaluated is executed according to the evaluation information.

  This system form includes, for example, a network to which a node (group) by a user's computer is communicatively connected, and the node provides a resource by hardware and software, thereby providing a cloud computing service (various services). ) Providing a function for providing a service, a use function for performing a process of requesting and using the service, a node using the use function (first node), and a node using the provision function (third node) And an execution function for executing (controlling, etc.) the service, and an operation of providing the service (its resource) by a node (third node) using the providing function. And an evaluation function for holding the evaluation information. For example, the first node (NA) uses a use function, the second node (NB) uses an execution function and an evaluation function, the third node (NC) uses a providing function, and the fourth node (ND) uses an evaluation function. Process.

  In this system, when the service (any of the various services) is executed (used), the usage function of the first node is passed through the execution function of the second node to the first group. A process is performed in which a provision function of a plurality of third nodes is accessed, and a response from the provision function is returned to a use function of the first node via an execution function of the second node. . Further, in accordance with the above processing, the evaluation function of the second node or the fourth node evaluates a response from each of the provision functions of the plurality of third nodes of the first group, and the evaluation information Save. In this system, based on the level of evaluation in the evaluation information, the third node uses the service (ie, the first service) when using the service (any service among various services). When the service is used (executed) from the same node use function), the availability of the service is controlled (the level of the evaluation is reflected in the condition for using the service).

  The effects obtained by typical ones of the inventions disclosed in the present application will be briefly described as follows. According to the present invention, it is related to a cloud computing system, a large number of various users can participate, and the entire system environment can be developed well.

It is a figure which shows the structural example of a node network in the system (cloud computing system) of one embodiment of this invention. It is a figure which shows the structural example of a node in this system. It is a figure which shows the example (the 1) (particularly group G1 of the service provision node NC) of the connection relation etc. of the node at the time of service execution in this system. It is a figure which shows the example (the 2) (particularly group G2 of the service evaluation node ND) of the connection relation of the node in the case of service execution in this system. It is a figure which shows the example of a hash process in this system, (a) shows the process example at the time of node participation and registration, (b) shows the process example at the time of service execution. It is a figure which shows the structural example of the management information (M) which a node has in this system, (a) shows the example before update, (b) shows the example after update. It is a figure which shows the example of control using the variable X (A) and the variable Y (B) as an application example in this system, (a) is a processing example, (b) is the example of matching of a service and a group ( (1) and (c) show an example (part 2) of association between services and groups.

  A system (cloud computing system) according to an embodiment of the present invention will be described with reference to FIGS. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted. As explanatory symbols, node N, user (participant) U, node IP address A, hash value B, node evaluation information (point) P, cloud service S, management Information is represented as M, etc.

<Concept 1-Provision and use of services>
First, the basic concept, outline, and features of the system will be described below, and then detailed embodiments will be described.

  As shown in FIG. 1, in the system (cloud computing system) of the present embodiment, a network 100 is configured by connection (arrangement) of node N groups of computers by an unspecified number of participants (users U) on the Internet. The In this system, the resources (storage resources and computing resources) for the cloud-like service S are provided (delivered) at the node N, and the service S (resource) is mutually used between the nodes N. This is a fully distributed cloud computing information processing system. The fully distributed type means that each node has a similar function without having a special node such as a centralized management node.

  In this system, a service (resource) providing action (contribution) by a participant node is evaluated, and a service (resource) according to the evaluation result can be used. This balances the provision and use of services (resources) by nodes. In this system, it is possible to use services (resources) as consideration for the provision (delivery) of services (resources) to participants' nodes. In other words, as a condition for using the service (resource), the provision (delivery) of the service (resource) is requested (forced). The user obtains authority or points to use the service (resource) according to the evaluation of the service (resource) provision.

  Further, in this system, in order to avoid arbitrary evaluation and perform fair evaluation, from the node group of the participants of the network 100, for example, a plurality of nodes (groups based thereon) randomly arranged according to the service S Are set (selected) as evaluation targets (mutual evaluation targets). For example, using a hash process, a plurality of nodes in a predetermined range in which the hash value B such as the IP address A of the node is close to each other are set as one group.

  Further, in order to make a fair evaluation, a random node (an NB described later) selected by a predetermined algorithm, for example, according to the service S from the node group of the participants of the network 100 becomes the evaluation subject.

  In addition to the services S (storage services, etc.) used and provided by the user's node, the processing of specific services S (groups by a plurality of nodes) is also used for various processing functions such as evaluation constituting the system mechanism. This is realized as a process performed using

  The service S includes a basic storage service and a computing service (calculation service). The storage service is a service that can perform operations such as reading and writing on data (content) stored in a plurality of nodes (storage resources provided by them). The calculation service gives a set of data (content) and operation (operation) to a plurality of nodes (computation resources provided by them), and the result of applying the operation to the data at the node is new data. It can be returned as a service.

  As an evaluation function (evaluation process), for example, an evaluation subject node can determine whether or not correct response data has been normally received from each node (evaluation target node) of a group that provides storage services. Evaluate the accuracy of service (resource) provision by the node. The evaluation result (evaluation information P) is stored in a predetermined node (a plurality of nodes of the group related to the evaluation process), and is used for authority or points for using the service (resource) in each node (evaluation target node). Reflected.

  In this system, services (resources) are provided to users (participants) by providing resources by using a mechanism that fairly evaluates the results of providing services (resources) and reflects the results in the use of services (resources). Prompt. As the user (its identity) increases the performance and quality of service provision by providing resources at his / her node, the evaluation increases and the authority and points for using the service (resource) of other nodes improve. On the other hand, when the user (its identity) wants to use the service (resource) of another node more, it is necessary to improve the performance and quality of the service provision by providing the resource at the own node. With this system (fairness and incentive design), it is possible to encourage the participation of appropriate nodes and to promote the removal (withdrawal) of inappropriate nodes (arbitrary, for example, malicious nodes). . In other words, in this system environment, it is possible to promote the optimization of voluntary implementation by the nodes of the participants, and at the same time, a single implementation becomes dominant due to the configuration of various implementations of the node group. Implementation vulnerabilities can prevent the entire environment from being adversely affected.

<Concept 2-Rules>
In this system environment, in order to balance the provision and use of services (resources) of nodes, and to ensure fairness, etc., there are rules that must be observed by participants (nodes). As one of the goals of this agreement, the implementation (group) of participants 'nodes that do not comply with this agreement (inappropriate nodes) will be removed from this system environment when the majority of the participants' nodes comply with this agreement. May be automatically excluded. The node of this system has a configuration (module 10 in FIG. 2) reflecting (implementing) this agreement.

  This system has a mechanism for evaluating that a participant's node correctly observes the rules. As this mechanism, in particular, the contribution by the provision of services (resources) by nodes is evaluated by accuracy or the like.

<Concept 3-Identity>
Participants (users) of this system possess identities for balancing the provision and use of services (resources). One or more nodes belong to an identity (a plurality of nodes N can be arranged for one identity). An identity is associated with a user, node, offering resource, point (P), and so on. The identity (node belonging to it) is confirmed by predetermined authentication (certificate). Authentication (certificate) is based on, for example, a public key authentication method.

  For the sake of explanation, for the sake of simplicity, the evaluation target, the point P, and the like are considered in units of nodes, not in units of identities (considered as 1 identity-1 node). For example, the evaluation target is a node, and the node has a point P (and a certificate, etc.), but to be precise, the identity above the node is the target.

  This system is completely decentralized and does not have a mechanism for centrally managing identities. In this mechanism, the identity is associated with some finite resource in the real world in order to prevent forgery of identity or the like (for example, free riding only for service use). As this finite resource, the IP address A and the resource (storage resource, calculation resource) of the participant's node (computer) are associated with the identity. This prevents identity forgery and the like.

  The identity of the participant (user) is identified (authenticated) by, for example, a public key certificate issued by the participant. One or more nodes belonging to the identity are also identified (authenticated) by the certificate. A participant can join (belongs to) n (one or more) nodes that provide resources as an identity. One certificate (identity certificate) is issued to these n nodes. A different IP address A is set for each of the n nodes.

  The node also has (provides) a function for proving that it belongs to an identity (certificate issued by the identity) (certification function 11 in FIG. 2).

  The identity of the participant (node) using the service is issued as a certificate (message) electronically signed by the participant's certificate. When an identity (its proof) is requested from a certain node (other node certification function) to a certain node (own node certification function), a signed message digitally signed with the private key of the certificate of that node (its identity) returned. This signed message is a message describing that “the executor of this node is the owner of this public key (private key)”. Thereby, for example, even after the IP address A of the node belonging to the identity is changed, the contribution (evaluation information P or the like) at the node of the previous IP address A can be taken over. The node identity certificate remains unchanged even if the node IP address A changes.

  The participant's identity (its node) publishes the public key in advance. The identity (the node) keeps the secret key (the certificate secret key) secret. The identity (that node) uses the private key (the resulting signed message) to prove the identity of the node. Thereby, the identity (the node) is identified (authenticated as a correct node) from others.

  Evaluation information (points) P in the evaluation of service provision is managed in units of identities (its nodes) based on the certificate.

  By managing the identity (certification function 11), the node can inherit the identity of the user and the rights associated therewith.

<Concept 4-Evaluation Method>
On the network 100 of this system, a mechanism (evaluation method) and its subject (node and its function) are provided to ensure and manage the balance between the provision and use of services (resources) in the identity (nodes associated therewith).

  In this system, as shown in FIG. 3 and FIG. 4, processing is performed between nodes in each node state (function) such as use (NA), execution, etc. (NB), provision (NC), evaluation, etc. (ND) related to the service S. Is done. Each node switches functions (21 to 24 in FIG. 2) according to the processing / state of each time. For example, the node NB switches to perform processing using the NB function 22 when controlling execution of the service, and to perform processing using the ND function 24 when performing processing related to evaluation.

  In order to correctly and fairly evaluate the act (accuracy, etc.) of providing the service S (resource) by the node (service providing node NC), the service using node NA is determined according to a predetermined algorithm (NB, ND, etc.) ) To use the service S by the service providing node NC.

  In the present embodiment, using the predetermined node (NB, ND, etc.) as an evaluation subject, the service (resource) provided by the service providing node NC with the final service providing node NC (its identity) as an evaluation target Evaluation (evaluation process) related to provision of In particular, in the first evaluation method, evaluation processing is performed by the service execution node NB, and in the second evaluation method, evaluation processing is performed by the service evaluation node ND.

  The object of the evaluation (evaluation process) is the accuracy in the act of providing the service S (resource) by the node (each node of the group). This evaluation of accuracy is simply based on, for example, binary determination of the presence or absence of an accurate response between the nodes NB and NC. Moreover, you may evaluate the quality of the said provision (response) not only with binary but with multiple values. For example, it is based on determination of response time (time required for request-response) or determination of the degree of difference when the content of response data is compared with accurate response data.

  In the evaluation process, the evaluation subject node (NB) determines the majority by comparing the response results (for example, data D) by the plurality of nodes NC of the group corresponding to the service S (for example, storage service). Judge and evaluate accuracy. That is, for example, the largest number of response results are regarded as correct responses, and the other (small number) response results are regarded as incorrect responses.

  Then, according to the response result, for example, the evaluation value (point) of the node (NC) of the correct response is increased (or maintained). Further, the evaluation value (point) of the node (NC) of the erroneous response is maintained (or lowered). The evaluation method may be a mode in which the evaluation value of a node with a correct response is increased (a mode in which authority or points for using a service is increased accordingly), or a mode in which an evaluation value of a node with an incorrect response is decreased (a service in accordance therewith) It is also possible to use a form in which authority and points for use are lowered.

  Further, as an evaluation method (a form of evaluation information P and a form of control of service use / execution), the points or levels of the service (resource) provided by the evaluation are stored as evaluation information P, and the points and levels The authority to use the service (resource) (others, for example, quality) is given according to the level of the service (points are not increased or decreased according to the service usage). In other words, for example, in normal times, it is conceivable to control the use of the service if the point is equal to or greater than a threshold, and to disallow the use of the service if the point is less than the threshold (due to a decrease in evaluation). In addition, for example, control of changing the level of service use (provided quality, priority, etc.) according to the point and level is also conceivable.

  As another evaluation method, a point (evaluation value) based on evaluation of the service (resource) provision may be regarded as a point (method like a point service) related to use of the service (resource). That is, the points are increased for each service provision unit (improvement of evaluation), and the points are decreased (consumed) for each service use.

  Further, the mechanism that does not hold evaluation information (points) P related to the own node in the own node prevents, for example, malicious participants from tampering with the point and using the service. If information security problems such as tampering can be solved, the evaluation information P related to the own node may be held and referred to in the own node.

<Network>
Based on the above, detailed embodiments will be described below. FIG. 1 shows a network 100 according to node N (group) of participants (user U-identity) in the present system. Only a few nodes N (eg N1-N8) are shown schematically. It is assumed that the user Ui (identity, certificate), IP address Ai, its hash value Bi, evaluation information (point) Pi, management information Mi, and the like are associated with each node Ni, not limited to N1. Note that the evaluation information (point) Pi for each node Ni is held and managed not in the node Ni but in another node (ND described later), and the information is referred to as necessary.

  The network 100 can communicate with each other by directly or indirectly connecting the nodes N with a communication link (broken line) through an IP network or the like. A user U (its identity) who is a participant in the system can place (participate) one or more nodes N. In a simple case, it can be considered as 1 identity-1 node.

<Node, Module>
In FIG. 2, a configuration example of the node N is shown. The node N of each participant (user U) is a computer such as a PC in which the module 10 that implements the mechanism of the present system is installed. The module 10 is configured by a program or the like, and is executed by the node N. The user provides a cloud-like service (resource) to the outside (another node N) in a state where the node N (module 10) is operating (a state connected to the network 100), and the outside (another node N) Using cloud services (resources). Its provision and use can be selected and set by the user each time.

  The node N has a set of an IP address A and a port, can be identified by the value, and can communicate between the nodes.

  The node N includes hardware 101 (CPU, memory, disk, IO (peripheral device), etc.) and software 102 (OS, middleware, server, browser, application, etc.). These correspond to the storage resource 103 and the calculation resource 104.

  The module 10 has a certification function 11, a hash processing function 12, a service function 13, a resource delivery function (setting function) 14, an information management function 15, and the like. The module 10 includes a service use function (NA function) 21, a service execution function (NB function) 22, and a service provision function (NC function) 23 as processing functions corresponding to each node state (NA to ND described later). Service evaluation function (ND function) 24 and the like. The node N also holds information data such as a management information table (M) 50, a certificate (identity / node certificate) 51, log information (L) 53, evaluation information (P) 54, and the like.

  The certification function 11 is a processing function related to certification (authentication) related to the node N and its identity, and includes a local node certification function 11a, another node certification function 11b, and the like. The own node certification function 11a performs a process of issuing the own node certificate 51 (when the own node is certified in response to a request from another node). The other node certification function 11b performs a process of authenticating (confirming) the certificate 51 of the other node (when requesting from the own node to prove the other node). Note that the private key information in the certificate 51 is concealed within its own node.

  The certification function 11 is a part that constitutes a function that allows the node to inherit the user's identity and the rights associated therewith. By using the certification function 11, a node (for example, a new participating node) can inherit the identity associated with the node and its right (evaluation information P, authority to use a service based thereon).

  The hash processing function 12 performs hash processing (processing using a hash function) for associating various services S (its service type T) with the group of the node N that is the processing subject (access destination). Do.

  The service function 13 performs basic storage service 13a (service type T1) processing, computing service 13b (service type T2) processing, and applied service 13c (service type Tx) processing using them. , Using the provided resources (storage resources 43, computing resources 44, etc.). For example, in the processing of the storage service (T1) 13a in the storage resource 43, communication (request-response) with an external node N is performed (a), and data D (content) identified by the key K is read / written. Etc. are performed. For example, in the processing of the calculation service (T2) 13b in the calculation resource 44, communication (request-response) with an external node N is performed (b), and an operation (operation) on the data D (content) identified by the key K is performed. O) is performed and the resulting data D ′ is returned.

  The resource supply function 14 is a resource (storage resource 43, calculation resource) provided for providing the service S based on the resource (storage resource 103, calculation resource 104, etc.) by the hardware 101 and software 102 of the own node N. 44) is set. For example, the participant (user U) can freely set the amount of the resource to be delivered, the amount of resources, the operation time, and the like.

  The information management function 15 creates and manages management information (M) 50 and the like for managing the system mechanism. Further, the information management function 15 communicates with an external node N to exchange information data of the management information (M) 50 (c).

  Further, the service execution function 22 and the service evaluation function 24 exchange log information (L) 53 and evaluation information (P) 54 by communicating with external nodes (d).

<Cloud computing service>
In this system, functions of a basic cloud computing service (cloud service S) will be described. The mechanism of the service S itself is basically the same as that of the existing technology.

  The service S basically includes a storage service 13a and a computing service (calculation service) 13b. The service types T for identification are T1 and T2. Information such as service type T that is different for each service is set and managed in management information M.

  (1) Storage service 13a (T1): To perform operations such as reading / writing (creation / reference / update / deletion, etc.) on the target content (data D) (key K uniquely identifying it). It is a service that can be done. The target data D is stored using the storage resource 43 provided by the service providing node NC. The target data D (replication) is stored in a plurality of nodes NC in the same group.

  (2) Computing service 13b (T2): A set (calculation request) of the target content (data D) and operation (operation O) is given to the service providing node NC (the computing resource 44 to be delivered), In this service, the result (calculation result) of applying the operation O to the data D at the node is returned as new content (data D ′).

  At least the basic services (T1, T2) are provided by providing resources at the node (IP address + port) of the participant. Further, by using a combination of the basic services (T1, T2), it is possible to configure and provide an applied service 13c (Tx). The accuracy of the provision of these services (resources) is subject to evaluation.

  Various services and processes in this system are services S realized by cloud computing. That is, in any service S, the same processing relating to the service is performed in a plurality (three or more) of nodes in the range / group to be accessed. The group / range is determined by a predetermined algorithm (hash process) described later. Processing such as an evaluation function, which is characteristic in this system, is also processed in the form of a specific service S (service type T).

  When using the service S, it is possible to specify and request the service type T, the target data D (its key K), its operation, and the like. It is not necessary to designate and be aware of the specific IP address A of the service providing node NC (managed by the management information M, and the node of the access destination group is automatically determined and determined).

<Model and process flow>
A series of processing flows and models at the time of execution (use (request), provision (response), evaluation, etc.) of the service S by the nodes in the system (network 100) will be described with reference to FIGS. 3 and 4, the connection relationship of the nodes (NA, NB, NC, ND) in each state when the service S (for example, the storage service (T1)) is used from the node N1 (NA) of the user U1. An example is shown. FIG. 3 shows a group G1 that serves as the service providing node NC. FIG. 4 particularly shows a group G2 which is a service evaluation node ND.

  The node NA (for example, N1) is a node that requests and uses the cloud service S by the NA function 21, and is referred to as a “service use node”. The nodes NC (for example, N3 (NC1), N4 (NC2), N5 (NC3)) are nodes that provide the cloud-like service S by the NC function 23, and are referred to as “service providing nodes”.

  The node NB (for example, N2) is a node that is interposed between the use of the service S by the node NA and the provision of the service S by the node NC, and is referred to as a “service execution node”. The node NB controls the execution of the service S by the NB function 22, grasps the provision of the service S by the node NC, records it as log information L, evaluates the provision (response), and evaluates it as the evaluation information P. Record and send this information to the node ND for storage.

  The node ND (NDa, NDc) holds the evaluation information P related to the service providing node NC by the ND function 23 and confirms or provides the evaluation information P according to a request (reference) from the node NB And is referred to as a “service evaluation node”. The node NDc (for example, N6) is a node that holds log information L (Lc) and evaluation information P (Pc) regarding the node NC (group G1) in FIG. The evaluation information Pc includes evaluation information (points) (P3 to P5) of each node (N3 to N5) of the group G1. Similarly, the node NDa (for example, N8) is a node that holds log information L (La) and evaluation information P (Pa) regarding the node NA (N1) in FIG. 3 (when the node is in the NC state). The evaluation information Pa includes evaluation information (points) P1 of the node N1.

  As an example, the flow (201 to 204) in the case of executing the storage service (T1) will be described below. The target data (content) is Da, and its key is Ka. The operation is the same in any case, such as storage (writing) or reference (reading) of the target data Da. It has a plurality (for example, three) of node NCs (for example, N3 to N5) that hold data Da (replication) of the key Ka. The evaluation method is a case where the evaluation process is performed at the node NB, and the evaluation information P is stored in the node ND and can be referred to. Further, there is one node NA, NB, and there are a plurality (three or more) nodes NC, ND. In addition, although certification (authentication) of each node is performed at any time using the above-described certification function 11, description thereof is omitted.

  First, the flow of 201 (a1, a4), 203 (a2 (a2-1 to 3), a3 (a3-1 to 3)) is a request-execution of service S between NA-NB-NCs. Indicates response processing. On the other hand, secondly, the flow of 202 (b1, b2), 204 (b3 (b3-1 to 3)) is a process related to the evaluation between NB-ND (NDa, NDc) associated with the first process. Show. NDa is related to the process of confirming (referring to) evaluation information (Pa) related to NA (N1), and NDc is related to the process of storing evaluation information (Pc) related to NC (G1). An example of the processing order is {a1, b1, b2, a2, a3, a4, b3}.

  (1) (a1: Service request): The service use node NA (N1) (its NA function 21) issues and transmits a service S use request to the service execution node NB (N2) (its NB function 22). . This request includes information such as [service type (T1) + key (Ka)] (and other information such as write data and operation instructions as appropriate). For example, NA (N1) determines and accesses an NB as an access destination based on reference to management information M (M1).

  (2) (b1, b2: Evaluation information confirmation): The service execution node NB (N2) first determines the node ND (NDa: ND) based on the management information M (M2) reference to the access (a1) from the NA. An access / request (b1) for confirming (referring to) the evaluation information Pa (P1) related to the NA (N1) is performed on the node holding the evaluation information Pa (P1) related to the NA (N1). . In the present embodiment, the NB function 22 (or ND function 24) of the node NB accesses the node NDa (ND function 24), confirms the evaluation information Pa of the node NA, and controls the execution of the service S. . Note that the process of checking the evaluation information P is also realized as a predetermined service, and the access destination is a plurality of nodes NDa of the predetermined group G3.

  For the access (b1), for example, the NDa (N8) determines that the node NA (N1) (its identity) is the current point P1 based on the reference to the management information M (M8) and the evaluation information Pa (P1). Whether or not the use (execution) of the service S is permitted is confirmed. Alternatively, in another method, the NDa performs a process of consuming (decreasing) the point Pa (P1) of the node NA (N1) in order to use the service S.

  Then, the confirmation result (for example, OK (permitted) / NG (not permitted)) is transmitted from NDa to NB (b2). If OK (permitted), the subsequent processing (after a2) is performed. The confirmation with NDa may be performed with NB after b2 (obtains Pa).

  (3) (Determination of G1 (NC)): Next, the node NB (N2) (its NB function 22) provides the service S (T1) (target data Da) based on the reference of the management information M2. A group G1 of a plurality of node NCs to be accessed is determined (confirmed) by hash processing (input value [T1 + Ka]). This uses the hash processing function 12 (details will be described later). As a result, the IP address A (A3 to A5) of each node NC (eg, NC1 to NC3) to be accessed is recognized.

  In the management information M2 referred to by the NB (N2) in the above process, for example, a group G1 of a plurality of nodes NC is associated with each IP address A by hash processing using information including [T1 + Ka] as an input value. (A3 to A5) are obtained.

  (4) (a2: Service execution (request)): The NB (NB function 22) holds a plurality of (three) nodes NC (NC1 to NC3) (data Ka of the key Ka) of the access destination group G1. A request for providing the service S is transmitted in parallel to the node (a2-1 to 3). The request includes information such as service type T1, key Ka, and operation instruction. For example, it is a request for reference (reading) of the data Da itself.

  The parallel access can be executed simultaneously or sequentially depending on the service type T. The service itself can send a response (a4) to the NA if at least one correct response is obtained from the NC.

  (5) (a3: Service provision (response)): Each node NC (NC function 23) that has received the request (a2) from the NB, in the operating state, uses the key Ka in the storage resource 43 of its own node. A designated operation (eg, reading) is performed on the designated data Da, and the result (eg, data Da itself) is transmitted as a response to the NB (a3-1 to 3). The NB receives a response from each NC (NC1 to NC3). However, an accurate and quick response cannot be obtained when the NC is not operating, the load is high, or the communication link between the NB and the NC is in a failure state. In addition, depending on the state of the node NC at that time (for example, the non-operating state), the target data Da may not be updated. However, if the data can be updated by at least one node NC, then the nodes in the group G1 By transferring (copying) the data between the NCs (205), the data Da can be held in each node NC.

  (6) (a4: Service response): The NB (NB function 22) sends the response (accurate response data) to the requesting node NA based on the response from each NC (NC1 to NC3) of the group G1. ). The NA (NA function 21) receives the response.

  (7) (Evaluation Process): The node NB performs the above processes (a3, a4), and also performs a process related to the evaluation regarding the node NC (providing the service S) with the node ND (group G2). First, the NB (NB function 22) logs information L (Lc) on the status / result (actual) of execution (201, 203) of the service S (T1) including the status / result of response by each NC of G1. ). Moreover, NB (ND function 24) performs an evaluation process about the response result (a3-1 to 3) of each NC of G1. Specifically, for example, the NB aggregates the response results of each NC and evaluates the accuracy of the response of each NC based on a majority decision. For example, it can be confirmed that the response contents are correct when the response results from the NCs are the same. Also, the NB determines, for example, whether or not an accurate response (its data) from each NC has been received normally (rapidly) (OK) or not (NG) by binary, and thereby the evaluation value (points) of the node NC ) In the case of the calculation service (T2) and in the case of other applied services (Td), evaluation can be made in the same way. The NB creates evaluation information P (Pc) based on the result of the evaluation process, and records it, for example, with or as part of the log information L (Lc).

  It should be noted that not only relative comparison and evaluation among a plurality of nodes NC in parallel, but also absolute evaluation of responses in units of individual nodes NC may be performed. Further, the quality of the service S may be determined according to the content of the service S (service type T) (for example, in the case of a moving image distribution service, the quality of the moving image data, the length of response time, etc.).

  The evaluation information P by the NB is information indicating increase / decrease in the evaluation value (point) of the node NC, for example, according to the evaluation method. For example, the node whose response is OK is +1.

  (B3: Storage of evaluation information): Based on the evaluation process, the NB (the ND function 24) converts the log information Lc and the evaluation information Pc into a plurality of nodes ND (NDc) (the ND of the predetermined group G2). Send (copy) to function 24) and save. Each ND may return a response to b3 to the NB. The process of storing the evaluation information P and the like is also realized as a predetermined service S (service type is Td), and a group G2 (for example, 3 in FIG. 4) by a plurality of nodes NDc to be accessed at the time of the process. The two nodes ND1 to ND3) are determined by a predetermined hash process (input value: including [Td], for example) as described above. Note that a node different from the NC is selected and determined as the ND.

  Each node NDc (for example, N6) (the ND function 24) of the group G2 stores (registers) log information Lc and evaluation information Pc related to NC (G1) therein. The evaluation information Pc includes points (for example, P3 to P5) regarding each NC (for example, N3 to N5). The log information Lc and the evaluation information Pc may not be stored depending on the status of the node ND at that time (for example, the non-operating state). However, if the information can be stored in at least one node NDc, then the group By exchanging (copying) the information between the nodes NDc in G2 (305), the information can be held at each node NDc.

  The evaluation information P by the ND is, for example, the absolute value (current value) of the evaluation value (point) of the node NC according to the evaluation method, and by adding the evaluation information P (increase / decrease amount) from the NB. Updated.

  In FIG. 4, the access (b3, 204) from the NB to the NDc is the access b3-1 to b3-1 to each node NDc (for example, ND1 (Nx), ND2 (Ny), ND3 (Nz)) of the group G2. . In NDc (Nx to Nz), IP address A is Ax to Az and hash value B is Bx to Bz, respectively. In the management information M2 referred to by the NB (N2) during the storage process (Td), for example, a group G2 of a plurality of nodes NDc is obtained by hash processing using information including a predetermined service type (Td) as an input value. Are associated with each other, and each IP address A (Ax to Az) is obtained.

  Since the evaluation information Pc held in the NDc (G2) is related to the NC (N3 etc.), the NC (N3 etc.) is in the NA state by the NA function 21 as a NA state through another NB (eg N9). When the service S is used (311), the service S is referred to in the same manner as 202 (312).

  In the above example, in the other evaluation methods, the NB does not perform the evaluation process but records and stores the log information Lc, and the NDc performs the evaluation process based on the log information Lc and stores the evaluation information Pc. It becomes the form.

<Hash processing (service and node mapping)>
Next, the hash process will be described with reference to FIG. FIG. 5A shows an example of hash processing for the configuration of the management information M at the time of participation / registration of a node in this system. FIG. 5B shows an example of hash processing based on reference to the management information M at the time of service execution (use / provision) after the registration.

  In the present embodiment, a plurality of nodes (ranges / groups (G1, G2, etc.) described above) that are targets (access destinations) for processing the service S on the network 100 are selected and associated (mapped). As a mechanism, processing using a hash function (hash processing) is used.

  As basic control, a hash value B with the IP address value A or the like of the participating node as an input value is taken and registered in the management information M. Further, using the hash value B with the service type T, the key K, and the like as input values, the service S is associated with a plurality of nodes that are the range / group (G) for processing the service S. By using the hash processing, depending on the characteristics of the hash function, a plurality of nodes (for example, NCs) of the group on the network 100 have a generally random and distributed distribution (arrangement) (still arranged near by chance). Sometimes). That is, processing is distributed in the network 100 (node group).

  When using the service S, different output values can be obtained by using information such as different service types T as input values of the hash function. That is, a plurality of nodes in different access destination ranges / groups (G) for each service S are selected and determined.

  Needless to say, the information used as the input value of the hash function is not limited to the service type T, the IP address A, or the like, and various information can be used. Also, if different types of functions (such as hash functions) are prepared for mapping, different output values can be obtained even with the same input value.

<Hash processing (a)>
In FIG. 5A, when a node (identity) that newly participates in the network 100 is registered (arranged), information related to the node is registered in the management information M (the management information M of each node is updated). ).

  The IP address value A of the node is input to a predetermined hash function (H1), and the output hash value B (IP address hash value) is obtained. The hash value B by H1 is normalized to a predetermined numerical range (for example, 0 ≦ B ≦ 1) (mapped to the ring buffer). In FIG. 5A, each point on a ring (ring buffer) in a predetermined numerical range indicates a B value. A continuous IP address A (group) representing physical perspective on the network 100, which is an input value by the hash (H1), is converted into a discrete (discontinuous) hash value B (group) which is an output value. Converted (mapped).

  The hash function H1 is a function having a predetermined characteristic that obtains a representative numerical value as an output value (hash value) from an input data value (key). In the present embodiment, as a characteristic of H1, there is discontinuity that obtains a discontinuous output value group from a continuous input value group. Also, it has determinism to obtain the same output value from the same input value (different from the random number function). In addition, the mapping (distribution of output values) is uniform so that it is distributed over the entire output value range as much as possible.

  As another form, not only a hash function but also other predetermined functions having characteristics such as mapping a continuous value (A) to a discontinuous value (B) as described above can be applied.

  In the example of FIG. 5A, as the random IP address value A on the network 100, the IP addresses (A3 to A5) of the three nodes NC (N3 to N5) in the example of FIG. Assume that B3 to B5 (neighbor values of B4) are reached. In other words, when a predetermined neighborhood range 501 in the B value space (for example, B3 to B5, which are neighbor values of B4) is taken, disjoint IP addresses A (A3 to A5) are obtained. .

  The information of the A → B mapping by the hash processing is registered in the management information M as the information of the bi-directional mapping of AB (that is, A can be obtained from B). Each node may hold management information M relating to the entire node group of the network 100, but it is not necessary to have information relating to all nodes in particular, and each node holds information relating to nodes in the neighborhood range (group) of the own node. Then, it may be configured to update to the latest information as appropriate by performing communication for exchanging the management information M between the nodes. As the neighborhood range (group) of the own node, for example, a predetermined neighborhood range in a B-value space as shown in FIG.

<Hash processing (b)>
With reference to FIG. 5B, the hash processing at the time of service execution after the above setting will be described. For example, in FIG. 3, the NB (N2) refers to the management information M2 in response to the request for the service S (T1) from the NA (N1), and the target data Da (key Ka) in the requested service (T1). A plurality of service providing nodes NC (group G1) as access destinations for operating (referring to) are determined (confirmed) by hash processing.

  The NB (hash processing function 12), for example, inputs [T1 + Ka] to the hash function H1 and obtains its output value h (normalized to a predetermined range (0 ≦ h ≦ 1) similarly to B). The h value is associated with the B value on the ring in FIG. Then, a predetermined neighborhood range 502 (for example, three neighborhood values including front and rear) regarding the h≈B value is taken. For example, it is assumed that the B value closest to the h value is B4 and the closest values before and after that are B3 and B5. This is associated as a predetermined range / group = G1. That is, G1 = {B3 (A3), B4 (A4), B5 (A5)}.

  By referring to the management information M, a plurality of nodes (for example, N3 to N5) having corresponding IP address values A are obtained for a plurality (three) of B values of G1. The G1 is associated as a plurality of service providing nodes NC (NC1 to NC3) serving as access destinations that hold and provide the data Da (key Ka) with the storage service (T1).

  The association (T1, Ka, G1 (NC), etc.) may be registered in the management information M and referred to as appropriate (the omission of each hash process), or every time the service is executed. It is good also as a form (it can reproduce by making it the same hash input value etc.) reproduced by calculating.

  By changing the input value (for example, service type T) to the hash function (H1) and processing in the same manner as described above, it is possible to select and associate ranges / groups (G) with different nodes.

<Management information structure and update example>
FIG. 6 shows an example of management information M update processing when each node has management information M related to nodes in the neighborhood range (group) of the node. FIG. 6A shows an example before update, and FIG. 6B shows an example after update. As an example of the data structure of the management information M, an array (link list or the like) related to hash processing (ring buffer in FIG. 5) is used.

  As described above, as the management information M of each node, information on several nodes in the neighborhood range of the own node (neighboring range in the B-value space) is held. By using the function (15) for communicating the management information M between the nodes, the contents of the management information M of each node can be synchronized (updated). For simplicity, assume that the neighborhood range (group) is three nodes including before and after the own node in the B-value space. As an array of node information in the management information M of each node, each node information of the previous node, the own node, and the subsequent node is included.

  As an example, in FIG. 6A, the node N4 [A4, B4] has, as management information M4, each node information (record) of the neighborhood range {N3, N4, N5} including the preceding and following nodes N3, N5. Each node information (record) includes information such as an IP address A and a corresponding hash value B. For example, the N3 record held by M4 of N4 includes a link (A3, etc.) for the relationship with the N3 record held by M3 of the other (previous) node N3. Similarly, N5 [A5, B5] has each node information of the neighborhood range {N4, N5, Nb} as M5 (Nb is a subsequent node of N5).

  In FIG. 6B, a new participating node Np is assumed for the state of FIG. Let each value of Np be [Ap, Bp]. Assume that a new Np Bp is inserted between B4 of N4 and B5 of N5 on the ring of B values. In that case, the relationship between neighboring ranges in the node group changes. Therefore, new Np management information Mp is created, and management information M (M4, M5) of the node (N4, N5) corresponding to the change is updated.

  That is, it is as follows before and after the update. M4 of N4: {N3, N4, N5} → {N3, N4, Np}, Mp of Np: {N4, Np, N5}, M5 of N5: {N4, N5, Nb} → {Np, N5, Nb }.

<Application example (X, Y control)>
In the above embodiment, as a basic control, the hash value B of the IP address A of the node is used to associate the service S with a plurality of nodes in the range / group (G) for processing it. As an applied form, variable X: hash value B of IP address A, variable Y: node IP address A, variable X (B) is used as basic control, and variable Y (A) is further controlled Used in. Regarding the arrangement (distribution) of the nodes of the group on the network 100, Y (A) is regarded as a variable indicating physical perspective, and X (B) is regarded as a variable indicating randomness (various distribution). Considering Y (A) in addition to X (B), the association of a plurality of node groups (distribution ranges) is changed according to the service (type, characteristics, etc.) The range of the group is controlled by determining in consideration of the perspective of Y (A) on the network.

  As an example of the control process, for example, when determining the access destination node NC (group G1) by the node NB at the time of service execution, it is determined in consideration of not only X (B) but also Y (A). As shown in FIG. 7A, first, neighborhood values (neighboring ranges) in a predetermined X (B) space are obtained, and these are set as selection candidates (priority selection targets, etc.) of nodes to be accessed. Further, a group of nodes to be accessed is determined from the selection candidates using the value of the Y (A) space. Depending on the service type T, a neighborhood value or a distant value in the Y (A) space is selected and determined.

  FIGS. 7B and 7C show examples of correspondence between X (B) and Y (A). FIG. 7B shows a case where a group Ga (701) by nodes as far away as possible is associated with a certain service Sa, and priority is given to, for example, high reliability. FIG. 7C shows a case where a group Gb (702) by nodes as close as possible is associated with a certain service Sb, and for example, high speed is prioritized.

  For example, in the storage service T1, when determining a plurality of nodes NC (group G1) that are to hold the same data Da (replication), the reliability (fault tolerance) is increased by increasing the distance between the nodes as much as possible. It is conceivable that priority is given to (for example, reducing the risk of data loss due to a disaster). In this case, as shown in FIG. 7B, by using Y (A) in addition to X (B), a plurality of nodes NC separated as far as possible in the area (701) extending over the entire network (700). Group Ga is selected and determined.

  Further, for example, there may be a case where priority is given to improving convenience and high speed by making the distance between the nodes of the group as close as possible. In this case, as shown in FIG. 7C, by using Y (A) in addition to X (B), a group Gb composed of a plurality of nodes NC in a narrow area (702) as close as possible to the entire network (700). Select and confirm.

  It is also conceivable to control the above range by changing the characteristics of the hash function to be used in the control using only X (B). For example, a hash function with high / low distribution uniformity is used.

<Effects of the embodiment>
According to the system of the present embodiment, the evaluation increases according to the provision (contribution) of the service (resource) at the node of the participant (user), and the authority to use the service (resource) increases according to the evaluation. As mentioned above, a system that considers fairness and participation incentives can encourage the participation of a large number of diverse users and improve efficiency by balancing the use and provision of services (resources). Can be developed.

  Further, the present invention is not limited to the storage service and can be effectively applied to a case where a large amount of processing is required in real time, such as an applied service such as a moving image reproduction service.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.

  The present invention can be used for cloud computing.

  DESCRIPTION OF SYMBOLS 10 ... Module, 11 ... Proof function, 11a ... Own node proof function, 11b ... Other node proof function, 12 ... Hash processing function, 13 ... Service function, 14 ... Resource supply function, 15 ... Information management function, 21 ... Service use Function (NA function), 22 ... Service execution function (NB function), 23 ... Service providing function (NC function), 24 ... Service evaluation function (ND function), 43 ... Storage resource, 44 ... Calculation resource, 50 ... Management information Table ... 51 ... Certificate 53 ... Log information 54 ... Evaluation information 100 ... Network 101 ... Hardware 102 ... Software 103 ... Storage resource 104 ... Computation resource 201-205,305,311,312 ... Processing, 501, 502 ... Neighborhood range, 700 ... Entire network, 701, 702 ... Group.

Claims (13)

It has a network in which nodes of user computers are connected by communication,
The node is
A providing function for performing a process of providing a service by cloud computing by providing resources by hardware and software;
A use function for performing processing to request and use the service;
An execution function for performing a process of executing the service, interposed between a first node using the use function and a third node using the provision function;
An evaluation function for evaluating the act of providing the service by a third node using the providing function and holding the evaluation information;
The use function of the first node that uses the service accesses the provision function of the plurality of third nodes of the first group that provides the service via the execution function of the second node, and The response from the providing function is returned to the use function of the first node via the execution function of the second node,
Accordingly, the evaluation function of the second node or the fourth node evaluates a response from each of the provision functions of the plurality of third nodes in the first group, and stores the evaluation information. ,
The execution function of the second node or the evaluation function of the fourth node is performed when the third node uses the service using the use function based on the evaluation level in the evaluation information. Control the execution of the service ,
The node has a function of performing a hash process using a predetermined hash function,
The node holds management information including a bidirectional association between the IP address value of the node and a hash value that is an output value of the hash process using the IP address value as an input value;
When determining a plurality of third nodes of the first group associated with the service, the node uses a hash value that is an output value of the hash function according to an input value corresponding to the service, and Using a predetermined range including a hash value as a candidate, and using the IP address value associated with the hash value in the management information as the candidate, the predetermined range according to the distance on the network is defined as the first group. Decide
When priority is given to high speed as the service , a cloud computing system is characterized in that a range in which the IP address value is close among the hash value range candidates is determined as the first group . The cloud computing system according to claim 1,
When reliability is given priority as the service, a range in which the IP address value is far from the hash value range candidates is determined as the first group. The cloud computing system according to claim 1,
The evaluation function of the second node evaluates a response from each of the provision functions of the plurality of third nodes of the first group, and uses the evaluation information as a plurality of fourth groups of the second group. A cloud computing system characterized by accessing and storing a node evaluation function. The cloud computing system according to claim 1,
The evaluation function of the second node records log information including a result of a response from each of the provision functions of the plurality of third nodes of the first group, and the log information is recorded in the second group. Access and save multiple fourth node evaluation functions,
The evaluation function of the plurality of fourth nodes in the second group evaluates responses from each of the provision functions of the plurality of third nodes in the first group based on the log information, and the evaluation A cloud computing system characterized by retaining information. In the cloud computing system according to claim 3 or 4 ,
When using the service from the use function of the first node, the execution function of the second node holds evaluation information on the first node from the execution function of the second node. 4. A cloud computing system comprising: accessing an evaluation function of the node 4 to confirm the evaluation information, and controlling use and execution of the service based on the result. The cloud computing system according to claim 1,
The providing function provides resources including storage resources and calculation resources by hardware and software, thereby providing at least a storage service for storing data as a service by cloud computing and a computer for performing calculation processing by operations on the data. A cloud computing system characterized by performing a process of providing an operating service. The cloud computing system according to claim 1,
The node has a function of setting the amount of resources and operating time provided by the user, and a cloud computing system. The cloud computing system according to claim 1,
The node has a proof function for proof of the identity of the user to be a participant and one or more nodes belonging to the user,
The cloud computing system characterized in that the certification function has a function of issuing a certificate of its own node and a function of authenticating a certificate of another node. The cloud computing system according to claim 1,
The evaluation function of the second node or the fourth node binaryly determines whether or not there is accurate response data with respect to responses from each of the provision functions of the plurality of third nodes in the first group. A cloud computing system characterized by evaluating the accuracy of provision of the service by the third node. The cloud computing system according to claim 1,
The evaluation function of the second node or the fourth node is to aggregate responses from each of the provision functions of the plurality of third nodes in the first group, and to perform a comparative evaluation by majority decision. A featured cloud computing system. The cloud computing system according to claim 1,
Before Symbol nodes, along with participation in the network, the IP address value of the node, the hash value as the output value of the hash processing an input value to it, the management information including a two-way correspondence Hold and
When the service is executed, the execution function of the second node obtains a predetermined range including a hash value that is an output value of the hash process based on an input value corresponding to the type of the service, and the predetermined range of the hash value Determining a plurality of third nodes of the first group to be an access destination by obtaining an IP address value by bidirectional association of the management information with respect to
At the time of the evaluation, the evaluation function of the second node obtains a predetermined range including a hash value that is an output value of the hash process based on an input value corresponding to the type of the process of the evaluation, and the predetermined range of the hash value A plurality of fourth nodes of the second group to be accessed by determining an IP address value based on bidirectional association of the management information with respect to the cloud computing system . The cloud computing system according to claim 1 ,
The node has information regarding a plurality of nodes within a predetermined range including its own node as the management information, and has a function of communicating and exchanging the management information with other nodes. Cloud computing system. The cloud computing system according to claim 8 .
The node, by using the certification function, that inherits the identity of the user associated with the node, and the right based on the evaluation information or the evaluation information about nodes belonging to the identity, and characterized by Cloud computing system.

Images