CN109783196A - A kind of moving method and device of virtual machine - Google Patents

A kind of moving method and device of virtual machine Download PDF

Info

Publication number
CN109783196A
CN109783196A CN201910044144.XA CN201910044144A CN109783196A CN 109783196 A CN109783196 A CN 109783196A CN 201910044144 A CN201910044144 A CN 201910044144A CN 109783196 A CN109783196 A CN 109783196A
Authority
CN
China
Prior art keywords
security engine
engine group
virtual machine
configuration file
target virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910044144.XA
Other languages
Chinese (zh)
Other versions
CN109783196B (en
Inventor
周帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN201910044144.XA priority Critical patent/CN109783196B/en
Publication of CN109783196A publication Critical patent/CN109783196A/en
Application granted granted Critical
Publication of CN109783196B publication Critical patent/CN109783196B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Stored Programmes (AREA)

Abstract

The embodiment of the present application provides the moving method and device of a kind of virtual machine, is related to field of communication technology.The described method includes: receiving virtual machine (vm) migration order, the virtual machine (vm) migration order, which is used to indicate, is migrated target virtual machine to the second security engine group by the first security engine group;If the second security engine group meets preset transition condition, then the configuration file for the target virtual machine being stored in advance in the first security engine group is copied in the second security engine group, and establishes the corresponding relationship between the configuration file and the target virtual machine.The transport efficiency of virtual machine can be improved using the moving method of virtual machine provided by the embodiments of the present application, and reduce virtual machine (vm) migration in the process because of various problems caused by operation error.

Description

A kind of moving method and device of virtual machine
Technical field
This application involves fields of communication technology, more particularly to the moving method and device of a kind of virtual machine.
Background technique
Currently, safety equipment, which generallys use the shared virtual machine mode of multi-tenant, provides service, in this approach, one for user Platform safety equipment can be virtualized into more logical device (i.e. virtual machine).Each virtual machine possesses oneself exclusive software and hardware money Source, independent operating.For a user, each virtual machine is exactly an independent equipment, is conveniently managed and maintained;For management For person, a physical equipment is virtually that more logical device are used for different branches, can protect existing investment, mentions High networking flexibility.
It is provided in safety equipment business processing board (can be described as security engine), technical staff can will be in safety equipment Security engine be divided into multiple security engine groups, for example, a business processing board (i.e. security engine) can be divided into Multiple security engine groups, alternatively, multiple business processing boards (i.e. security engine) can also be divided into a security engine group. After each virtual machine creating, technical staff needs to distribute security engine group for the virtual machine, and by the configuration file of the virtual machine It stores in the corresponding security engine group of the virtual machine.Then, the configuration file of the virtual machine is run by the security engine group, The operation such as started, configure, restart to the virtual machine to realize, to provide the environment of actual motion for the virtual machine.Its In, it can store the configuration file of multiple virtual machines in a security engine group.
When on safety equipment there are when multiple security engine groups, if necessary to moving the virtual machine in security engine group A It moves on in security engine group B, then technical staff needs to migrate the configuration file of virtual machine manually in security engine group B, causes The transport efficiency of virtual machine is lower.For example, being configured with security engine group A in certain safety equipment, enter to have 30 stationed in security engine group A A virtual machine, that is, being stored with the configuration file of 30 virtual machines in security engine group A.Based on business demand, technical staff increases Security engine group B is added, and has needed by 15 virtual machine (vm) migrations in security engine group A into security engine group B, at this point, skill Art personnel need to copy the configuration file of this 15 virtual machines one by one in security engine group B, and transport efficiency is lower.
Summary of the invention
In view of this, improving moving for virtual machine this application provides a kind of moving method of virtual machine and device to realize The technical effect of efficiency is moved, and reduces virtual machine (vm) migration in the process because of various problems caused by operation error.Particular technique side Case is as follows:
In a first aspect, providing a kind of moving method of virtual machine, which comprises
Virtual machine (vm) migration order is received, the virtual machine (vm) migration order, which is used to indicate, is drawn target virtual machine by the first safety Group is held up to migrate to the second security engine group;
If the second security engine group meets preset transition condition, first safety will be stored in advance in and drawn The configuration file for holding up the target virtual machine in group copies in the second security engine group, and establishes the configuration file With the corresponding relationship between the target virtual machine.
Optionally, if the second security engine group meets preset transition condition, institute will be stored in advance in The configuration file for stating the target virtual machine in the first security engine group copies in the second security engine group, comprising:
It detects in the second security engine group with the presence or absence of security engine;
If there are security engines in the second security engine group, the first security engine group will be stored in advance in In the configuration file of the target virtual machine copy in the second security engine group.
Optionally, the method also includes:
If security engine is not present in the second security engine group, the first prompt information is shown, described first mentions Showing information, there is no security engines for prompting in the second security engine group.
Optionally, if there are security engines in the second security engine group, described will be stored in advance in The configuration file of the target virtual machine in one security engine group copies in the second security engine group, comprising:
If there are security engines in the second security engine group, the configuration file institute of the target virtual machine is judged Whether the memory space of occupancy is greater than the current residual memory space of the second security engine group;
If the occupied memory space of the configuration file of the target virtual machine is not more than the second security engine group Current residual memory space will then be stored in advance in the configuration text of the target virtual machine in the first security engine group Part copies in the second security engine group.
Optionally, the method also includes:
If the occupied memory space of the configuration file of the target virtual machine is greater than the second security engine group and works as Preceding residual memory space then shows the second prompt information, and second prompt information is for prompting second security engine Group memory space inadequate.
Optionally, the configuration file that the target virtual machine in the first security engine group will be stored in advance in Before copying in the second security engine group, further includes:
Judge the corresponding configuration text of device identification in the second security engine group with the presence or absence of the target virtual machine Part;
If there are the corresponding configuration file of the device identification of the target virtual machine in the second security engine group, Show the covering prompt information of configuration file;
If receive user's input forbids covering to instruct, equipment mark described in the second security engine group is established Know the corresponding relationship between corresponding configuration file and the target virtual machine;
If receiving the covering instruction of user's input, device identification pair described in the second security engine group is deleted The configuration file answered, and execute the configuration that will be stored in advance in the target virtual machine in the first security engine group File copies to the step in the second security engine group.
Second aspect, provides a kind of moving apparatus of virtual machine, and described device includes:
Receiving module, for receiving virtual machine (vm) migration order, the virtual machine (vm) migration order is used to indicate destination virtual Machine is migrated by the first security engine group to the second security engine group;
Transferring module will be stored in advance in if meeting preset transition condition for the second security engine group The configuration file of the target virtual machine in the first security engine group copies in the second security engine group, and builds Found the corresponding relationship between the configuration file and the target virtual machine.
Optionally, the transferring module, is specifically used for:
It detects in the second security engine group with the presence or absence of security engine;
If there are security engines in the second security engine group, the first security engine group will be stored in advance in In the configuration file of the target virtual machine copy in the second security engine group.
Optionally, described device further include:
First display module, if for security engine to be not present in the second security engine group, display first is mentioned Show information, there is no security engines for prompting in the second security engine group for first prompt information.
Optionally, the transferring module, is specifically used for:
If there are security engines in the second security engine group, the configuration file institute of the target virtual machine is judged Whether the memory space of occupancy is greater than the current residual memory space of the second security engine group;
If the occupied memory space of the configuration file of the target virtual machine is not more than the second security engine group Current residual memory space will then be stored in advance in the configuration text of the target virtual machine in the first security engine group Part copies in the second security engine group.
Optionally, described device further include:
Second display module, if the occupied memory space of configuration file for the target virtual machine is greater than described The current residual memory space of second security engine group then shows the second prompt information, and second prompt information is for prompting The second security engine group memory space inadequate.
Optionally, described device further include:
Judgment module, the device identification for judging to whether there is the target virtual machine in the second security engine group Corresponding configuration file;
If there are the corresponding configuration file of the device identification of the target virtual machine in the second security engine group, Trigger the covering prompt information that third display module shows configuration file;
If receive user input forbid covering instruct, trigger the transferring module establish it is described second safety draw Hold up the corresponding relationship between the corresponding configuration file of device identification described in group and the target virtual machine;
If receiving the covering instruction of user's input, triggers the transferring module and delete the second security engine group Described in the corresponding configuration file of device identification, and execute described in described will be stored in advance in the first security engine group The configuration file of target virtual machine copies to the step in the second security engine group.
The third aspect provides a kind of electronic equipment, including processor, communication interface, memory and communication bus, In, processor, communication interface, memory completes mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes method and step described in first aspect.
Fourth aspect provides a kind of computer readable storage medium, is stored in the computer readable storage medium Computer program realizes method and step described in first aspect when the computer program is executed by processor.
5th aspect, provides a kind of computer program product comprising instruction, when run on a computer, so that Computer executes method and step described in above-mentioned first aspect.
Therefore, by the moving method and device of application virtual machine provided by the present application, the network equipment be can receive virtually Machine migration order, which, which is used to indicate, is migrated target virtual machine to the second safety by the first security engine group Engine group.If the network equipment determines that the second security engine group meets preset transition condition, the first peace will be stored in advance in The configuration file of target virtual machine in full engine group copies in the second security engine group, and establishes configuration file and target void Corresponding relationship between quasi- machine.In this manner it is achieved that the automatic duplication of the configuration file of virtual machine, without technical staff in safety The configuration file for migrating virtual machine in engine group manually, improves the transport efficiency of virtual machine.In addition, since this programme can be real The automatic duplication of the configuration file of existing virtual machine, is not necessarily to technical staff's manual configuration, it is thus possible to enough reduce virtual machine (vm) migration mistake Because of various problems caused by operation error in journey.
Certainly, implement the application any product or method it is not absolutely required to and meanwhile reach all the above excellent Point.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is the schematic diagram of network system provided by the embodiments of the present application;
Fig. 2 is the moving method flow chart of virtual machine provided by the embodiments of the present application;
Fig. 3 is the moving method flow chart of virtual machine provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of the moving apparatus of virtual machine provided by the embodiments of the present application;
Fig. 5 is a kind of structural schematic diagram of the moving apparatus of virtual machine provided by the embodiments of the present application;
Fig. 6 is a kind of structural schematic diagram of the moving apparatus of virtual machine provided by the embodiments of the present application;
Fig. 7 is a kind of structural schematic diagram of the moving apparatus of virtual machine provided by the embodiments of the present application;
Fig. 8 is the structural schematic diagram of the network equipment provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.
The embodiment of the present application provides a kind of moving method of virtual machine, and this method can be applied to the network equipment, the net Network equipment can be the safety equipments such as firewall box, or routing device.The network equipment can be virtualized into more Logical device (i.e. virtual machine).Each virtual machine possesses oneself exclusive software and hardware resources, independent operating.In this way, for user For, each virtual machine is exactly an independent equipment, is conveniently managed and maintained;It, can be by an object for manager Reason equipment invents more logical device and uses for different branches, can protect existing investment, improves networking flexibility.
As shown in Figure 1, being a kind of schematic diagram of network system provided by the embodiments of the present application, exist in the network system These three different local area networks of LAN 1, LAN 2 and LAN 3, they are connected to outer net by the same network equipment.Pass through void Quasi-ization technology creates three virtual machines (i.e. virtual machine 1, virtual machine 2, virtual machine 3) on network devices, and each virtual machine is being patrolled It is equivalent to an autonomous device on volume, has independent configuration file, is each responsible for LAN (Chinese: local area network) 1, LAN 2, LAN 3 secure accessing.In this way, the equipment that the network administrator of LAN 1, LAN 2, LAN 3 can log on to oneself respectively is (virtual Machine) operation, the use such as one independent equipment of biconditional operation without will affect other networks such as configured, saved, being restarted.
It is provided in the network equipment business processing board (can be described as security engine), technical staff can will be in the network equipment Security engine be divided into multiple security engine groups, for example, a business processing board (i.e. security engine) can be divided into Multiple security engine groups, alternatively, multiple business processing boards (i.e. security engine) can also be divided into a security engine group. After each virtual machine creating, technical staff needs to distribute security engine group for the virtual machine, and by the configuration file of the virtual machine It stores in the corresponding security engine group of the virtual machine.Then, the configuration file of the virtual machine is run by the security engine group, The operation such as started, restarted to the virtual machine to realize, and provides the environment of actual motion for the virtual machine.In practical application In, the configuration file of multiple virtual machines would generally be stored in a security engine group.
It is detailed to a kind of moving method progress of virtual machine provided by the embodiments of the present application below in conjunction with specific embodiment Thin explanation, as shown in Fig. 2, specific step is as follows.
Step 201, virtual machine (vm) migration order is received.
Wherein, virtual machine (vm) migration order, which is used to indicate, is migrated target virtual machine to the second safety by the first security engine group Engine group.
In embodiments of the present invention, management function of virtual machine can be set in the network equipment, technical staff can pass through The management function of virtual machine is managed and configures to the virtual machine created in the network equipment.When technical staff needs to pacify certain Target virtual machine in full engine group (can be described as the first security engine group) moves to another security engine group and (can be described as second Security engine group) when, technical staff can modify the security engine group that target virtual machine is entered by management function of virtual machine.
In one possible implementation, the network equipment can show Virtual Machine Manager interface, can in the administration interface To include the device identification and the mark of security engine group entered of each virtual machine of each virtual machine.Technical staff can be at this In administration interface, by the mark of the corresponding first security engine group of target virtual machine, it is revised as the mark of the second security engine group. Correspondingly, the network equipment, which can then receive, receives virtual machine (vm) migration order, which includes target virtual machine Mark, the mark of the mark of the first security engine group and the second security engine group, be used to indicate target virtual machine by One security engine group is migrated to the second security engine group.
In alternatively possible implementation, technical staff can be by way of inputting order line, directly in network Virtual machine (vm) migration order is inputted in equipment, which is used to indicate target virtual machine by the first security engine group It migrates to the second security engine group, correspondingly, the network equipment can then receive the virtual machine (vm) migration order of technical staff's input.This Apply embodiment to the input mode of virtual machine (vm) migration order without limitation.
Step 202, if the second security engine group meets preset transition condition, the first safety will be stored in advance in and drawn The configuration file for holding up the target virtual machine in group copies in the second security engine group, and establishes configuration file and target virtual machine Between corresponding relationship.
It in embodiments of the present invention, can be to the second security engine group after the network equipment receives virtual machine (vm) migration order It is detected, to judge whether the second security engine group meets preset transition condition.If the second security engine group meets pre- If transition condition, then the network equipment can will be stored in advance in the configuration file of the target virtual machine in the first security engine group It copies in the second security engine group, and establishes the corresponding relationship between configuration file and target virtual machine.
For example, can store the corresponding relationship of the mark of the configuration file and the mark of target virtual machine, alternatively, can root The filename of configuration file is generated according to the device identification of target virtual machine, for example the device identification of target virtual machine is aa, then should The filename of configuration file can be aa1.If the second security engine group is unsatisfactory for preset transition condition, the network equipment can To terminate target virtual machine migration, that is, without subsequent processing.
For example, after the configuration file A of virtual machine 1 is copied to security engine group 2 from security engine group 1 by the network equipment, net Network equipment can in security engine group 2 storage configuration file A and virtual machine 1 corresponding relationship.In addition, the network equipment can be with The configuration file of the target virtual machine stored in the first security engine group is deleted, meanwhile, it deletes and is stored in the first security engine group The configuration file and target virtual machine between corresponding relationship.
In the embodiment of the present application, the network equipment can receive virtual machine (vm) migration order, and the virtual machine (vm) migration order is for referring to Show and migrates target virtual machine to the second security engine group by the first security engine group.If the network equipment determines that the second safety is drawn It holds up group and meets preset transition condition, then answer the configuration file for the target virtual machine being stored in advance in the first security engine group It makes into the second security engine group, and establishes the corresponding relationship between configuration file and target virtual machine.In this manner it is achieved that empty The automatic duplication of the configuration file of quasi- machine, the configuration file of virtual machine is migrated without technical staff manually in security engine group, Improve the transport efficiency of virtual machine.In addition, being not necessarily to since the automatic duplication of the configuration file of virtual machine may be implemented in this programme Technical staff's manual configuration, it is thus possible to because of various problems caused by operation error during enough reducing virtual machine (vm) migration.
Optionally, the network equipment can detect the second security engine group, to determine whether to migrate virtual machine.Accordingly , if present invention the second security engine group meets preset transition condition, the first peace will be stored in advance in The configuration file of target virtual machine in full engine group copies in the step in the second security engine group, specific treatment process It can be with are as follows: whether there is security engine in the second security engine group of detection;If there are security engine in the second security engine group, Then the configuration file for the target virtual machine being stored in advance in the first security engine group is copied in the second security engine group.
In embodiments of the present invention, technical staff can configure security engine group in the network device, specifically, technology people Member can be set the security engine for including in security engine group, and the network equipment then can store security engine group and security engine Corresponding relationship.For example, including security engine A, security engine B and security engine C in the network equipment, technical staff can configure peace Full engine group 1 includes security engine B and security engine C comprising security engine A, security engine group 2.
After the network equipment receives virtual machine (vm) migration order, it can be closed according to above-mentioned security engine group and the corresponding of security engine System inquires and whether there is security engine in the second security engine group, if inquiring the second security engine in the corresponding relationship The corresponding security engine of group, then can be determined that, there are security engine in the second security engine group, the network equipment will can be deposited in advance The configuration file stored up in the target virtual machine in the first security engine group copies in the second security engine group.If in the correspondence The second security engine group is not inquired in relationship, alternatively, inquiring the corresponding security engine of the second security engine group as sky, then may be used To determine that security engine is not present in the second security engine group, the second security engine group is unsatisfactory for preset transition condition.
Optionally, if security engine is not present in the second security engine group, the network equipment can also show the first prompt Security engine is not present for prompting in information, the first prompt information in the second security engine group.Also, the network equipment can terminate Target virtual machine migration, that is, without subsequent processing.Technical staff can know target by checking the first prompt information Virtual machine (vm) migration failure, and the reason of target virtual machine migration fails can be known for there is no safety in the second security engine group Engine.
Optionally, there are in the case where security engine in the second security engine group, the network equipment can also further be sentenced Whether the residual memory space of disconnected second security engine group is sufficient, and specific treatment process can be such that if the second safety is drawn It holds up in group that there are security engines, then judges whether the occupied memory space of the configuration file of target virtual machine is greater than the second safety The current residual memory space of engine group;If the occupied memory space of the configuration file of target virtual machine is no more than the second peace The current residual memory space of full engine group will then be stored in advance in the configuration text of the target virtual machine in the first security engine group Part copies in the second security engine group.
In embodiments of the present invention, if the network equipment determines that there are security engine, networks in the second security engine group Equipment can further obtain the current residual memory space of the second security engine group, for example, the network equipment available second The free disk space for the business processing board that security engine group includes.
Then, the network equipment judges whether the occupied memory space of the configuration file of target virtual machine is greater than the second safety The current residual memory space of engine group.If the occupied memory space of the configuration file of target virtual machine is no more than the second peace The current residual memory space of full engine group, then illustrate that the residual memory space of the second security engine group can store destination virtual The configuration file of machine, the network equipment can answer the configuration file for the target virtual machine being stored in advance in the first security engine group It makes into the second security engine group.If the occupied memory space of the configuration file of target virtual machine is greater than the second security engine The current residual memory space of group, then illustrate that the residual memory space of the second security engine group not enough stores matching for target virtual machine File is set, the network equipment determines that the second security engine group is unsatisfactory for preset transition condition.
Optionally, if the occupied memory space of the configuration file of target virtual machine is current greater than the second security engine group Residual memory space, then show the second prompt information, the second prompt information is for prompting the second security engine group memory space It is insufficient.Also, the network equipment can terminate target virtual machine migration, that is, without subsequent processing.Technical staff is by checking Second prompt information can know target virtual machine migration failure, and can know that the reason of target virtual machine migration fails is The memory space inadequate of second security engine group.
Furthermore it is also possible to judge whether the second security engine group meets preset transition condition using other modes, this Shen Please embodiment without limitation.For example, the operating status of each business board in available second security engine group, and judge Whether each business board in two security engine groups is activation (active) state, if each business board is state of activation, Then determine that the second security engine group meets preset transition condition, if the operating status unactivated state of certain business board, Determine that the second security engine group is unsatisfactory for preset transition condition.For another example, technical staff can be set certain security engine groups and be The security engine group that can not be moved into, the network equipment may determine that whether the second security engine group is the preset safety that can not be moved into Engine group, if it is, determining that the second security engine group is unsatisfactory for preset transition condition;If it is not, then determining the second peace Full engine group meets preset transition condition.
Optionally, before the network equipment copies to the configuration file of target virtual machine in the second security engine group, may be used also First to judge to whether there is the corresponding configuration file of device identification of target virtual machine in the second security engine group.If the second peace There are the corresponding configuration files of the device identification of target virtual machine in full engine group, then show the covering prompt letter of configuration file Breath;If receive user's input forbids covering to instruct, the corresponding configuration of device identification in the second security engine group is established Corresponding relationship between file and target virtual machine;If receiving the covering instruction of user's input, deletes the second safety and draw Hold up the corresponding configuration file of device identification in group, and the configuration that the target virtual machine in the first security engine group will be stored in advance in File copies in the second security engine group.
In embodiments of the present invention, as the device identification of virtual machine usually only in the network equipment belonging to it is unique, Therefore, in the different network equipments, there may be the identical virtual machine of device identification.For example, including 3 in the network equipment 1 Virtual machine, corresponding device identification are respectively aa, bb and cc, include 2 virtual machines, corresponding device identification in the network equipment 2 Respectively aa and bb.In this way, after the business processing board in the network equipment 2 is installed in the network equipment 1, if at the business Configuration file in reason board is not deleted, then device identification corresponding to the configuration file stored in the business processing board In, it may the device identification (can be described as target device mark) comprising target virtual machine.
Therefore, after the network equipment determines that the second security engine group meets preset transition condition, it can further judge the Corresponding configuration file is identified with the presence or absence of target device in two security engine groups.If in the second security engine group, there are targets The corresponding configuration file of device identification, then the network equipment can show the covering prompt information of configuration file, covering prompt letter Breath is for prompting the user whether that current stored target device identifies corresponding configuration file in the second security engine group of covering. If user, which wants current stored target device in the second security engine group of covering, identifies corresponding configuration file, user It can choose covering option, correspondingly, the network equipment can receive the covering instruction of user's input, then, by destination virtual The configuration file of machine copies in the second security engine group, and deletes target device in the second security engine group and identify corresponding match Set file.That is, target device in the second security engine group is identified corresponding configuration file by the network equipment, the first peace is replaced with Target device identifies corresponding configuration file in full engine group.
If user, which wants to forbid covering current stored target device in the second security engine group, identifies corresponding match Set file, then user can choose forbids cover option, correspondingly, the network equipment can receive user input forbid cover Instruction, then establish target device in the second security engine group identify it is corresponding between corresponding configuration file and target virtual machine Relationship.In this case, target virtual machine can Successful migration into the second security engine group, but target virtual machine may occur Configuration variation.
In the embodiment of the present application, the network equipment can receive virtual machine (vm) migration order, and the virtual machine (vm) migration order is for referring to Show and migrates target virtual machine to the second security engine group by the first security engine group.If the network equipment determines that the second safety is drawn It holds up group and meets preset transition condition, then answer the configuration file for the target virtual machine being stored in advance in the first security engine group It makes into the second security engine group, and establishes the corresponding relationship between configuration file and target virtual machine.In this manner it is achieved that empty The automatic duplication of the configuration file of quasi- machine, the configuration file of virtual machine is migrated without technical staff manually in security engine group, Improve the transport efficiency of virtual machine.In addition, being not necessarily to since the automatic duplication of the configuration file of virtual machine may be implemented in this programme Technical staff's manual configuration, it is thus possible to because of various problems caused by operation error during enough reducing virtual machine (vm) migration.
The embodiment of the present application also provides a kind of examples of the moving method of virtual machine, as shown in figure 3, can specifically include Following steps.
Step 301, virtual machine (vm) migration order is received.
Wherein, virtual machine (vm) migration order, which is used to indicate, is migrated target virtual machine to the second safety by the first security engine group Engine group.
Step 302, detecting whether there is security engine in the second security engine group.
If security engine is not present in the second security engine group, 303 are thened follow the steps.
If in the second security engine group, there are security engines, then follow the steps 304.
Step 303, it shows the first prompt information, and stops virtual machine (vm) migration.
Wherein, security engine is not present for prompting in the first prompt information in the second security engine group
Step 304, judge whether the occupied memory space of the configuration file of target virtual machine is greater than the second security engine The current residual memory space of group.
It is remained if the occupied memory space of the configuration file of target virtual machine is current no more than the second security engine group Remaining memory space, thens follow the steps 305.If the occupied memory space of the configuration file of target virtual machine is greater than the second safety The current residual memory space of engine group, thens follow the steps 306.
Step 305, judge the corresponding configuration text of device identification in the second security engine group with the presence or absence of target virtual machine Part.
If thened follow the steps in the second security engine group there are the corresponding configuration file of the device identification of target virtual machine 307。
If the corresponding configuration file of device identification of target virtual machine is not present in the second security engine group, step is executed Rapid 310.
Step 306.It shows the second prompt information, and stops virtual machine (vm) migration.
Wherein, the second prompt information is for prompting the second security engine group memory space inadequate
Step 307, the covering prompt information of configuration file is shown.
If receive user's input forbids covering to instruct, 308 are thened follow the steps.
If receiving the covering instruction of user's input, 309 are thened follow the steps.
Step 308, it establishes in the second security engine group between the corresponding configuration file of the device identification and target virtual machine Corresponding relationship.
Step 309, the corresponding configuration file of device identification in the second security engine group is deleted, and first will be stored in advance in The configuration file of target virtual machine in security engine group copies in the second security engine group, establishes configuration file and target is empty Corresponding relationship between quasi- machine.
Step 310, the configuration file for the target virtual machine being stored in advance in the first security engine group is copied to second In security engine group, the corresponding relationship between configuration file and target virtual machine is established.
Based on the same technical idea, as shown in figure 4, the embodiment of the present application also provides a kind of migration of virtual machine dresses It sets, described device includes:
Receiving module 410, for receiving virtual machine (vm) migration order, the virtual machine (vm) migration order is used to indicate target void Quasi- machine is migrated by the first security engine group to the second security engine group;
Transferring module 420 will be stored in advance if meeting preset transition condition for the second security engine group It is copied in the second security engine group in the configuration file of the target virtual machine in the first security engine group, and Establish the corresponding relationship between the configuration file and the target virtual machine.
Optionally, the transferring module 420, is specifically used for:
It detects in the second security engine group with the presence or absence of security engine;
If there are security engines in the second security engine group, the first security engine group will be stored in advance in In the configuration file of the target virtual machine copy in the second security engine group.
Optionally, as shown in figure 5, described device further include:
First display module 430, if showing first for security engine to be not present in the second security engine group Prompt information, there is no security engines for prompting in the second security engine group for first prompt information.
Optionally, the transferring module 420, is specifically used for:
If there are security engines in the second security engine group, the configuration file institute of the target virtual machine is judged Whether the memory space of occupancy is greater than the current residual memory space of the second security engine group;
If the occupied memory space of the configuration file of the target virtual machine is not more than the second security engine group Current residual memory space will then be stored in advance in the configuration text of the target virtual machine in the first security engine group Part copies in the second security engine group.
Optionally, as shown in fig. 6, described device further include:
Second display module 440, if the occupied memory space of configuration file for the target virtual machine is greater than The current residual memory space of the second security engine group then shows that the second prompt information, second prompt information are used for Prompt the second security engine group memory space inadequate.
Optionally, as shown in fig. 7, described device further include:
Judgment module 450, the equipment for judging to whether there is the target virtual machine in the second security engine group Identify corresponding configuration file;
If there are the corresponding configuration file of the device identification of the target virtual machine in the second security engine group, Trigger the covering prompt information that third display module 460 shows configuration file;
If receive user's input forbids covering to instruct, triggers the transferring module 420 and establish second peace Corresponding relationship described in full engine group between the corresponding configuration file of device identification and the target virtual machine;
If receive user input covering instruction, trigger the transferring module 420 delete it is described second safety draw The corresponding configuration file of device identification described in group is held up, and executes described will be stored in advance in the first security engine group The configuration file of the target virtual machine copies to the step in the second security engine group.
In the embodiment of the present application, the network equipment can receive virtual machine (vm) migration order, and the virtual machine (vm) migration order is for referring to Show and migrates target virtual machine to the second security engine group by the first security engine group.If the network equipment determines that the second safety is drawn It holds up group and meets preset transition condition, then answer the configuration file for the target virtual machine being stored in advance in the first security engine group It makes into the second security engine group, and establishes the corresponding relationship between configuration file and target virtual machine.In this manner it is achieved that empty The automatic duplication of the configuration file of quasi- machine, the configuration file of virtual machine is migrated without technical staff manually in security engine group, Improve the transport efficiency of virtual machine.In addition, being not necessarily to since the automatic duplication of the configuration file of virtual machine may be implemented in this programme Technical staff's manual configuration, it is thus possible to because of various problems caused by operation error during enough reducing virtual machine (vm) migration.
The embodiment of the present application also provides a kind of electronic equipment, as shown in figure 8, include processor 801, communication interface 802, Memory 803 and communication bus 804, wherein processor 801, communication interface 802, memory 803 are complete by communication bus 804 At mutual communication,
Memory 803, for storing computer program;
Processor 801 when for executing the program stored on memory 803, realizes the moving method of above-mentioned virtual machine, The described method includes:
Virtual machine (vm) migration order is received, the virtual machine (vm) migration order, which is used to indicate, is drawn target virtual machine by the first safety Group is held up to migrate to the second security engine group;
If the second security engine group meets preset transition condition, first safety will be stored in advance in and drawn The configuration file for holding up the target virtual machine in group copies in the second security engine group, and establishes the configuration file With the corresponding relationship between the target virtual machine.
Optionally, if the second security engine group meets preset transition condition, institute will be stored in advance in The configuration file for stating the target virtual machine in the first security engine group copies in the second security engine group, comprising:
It detects in the second security engine group with the presence or absence of security engine;
If there are security engines in the second security engine group, the first security engine group will be stored in advance in In the configuration file of the target virtual machine copy in the second security engine group.
Optionally, the method also includes:
If security engine is not present in the second security engine group, the first prompt information is shown, described first mentions Showing information, there is no security engines for prompting in the second security engine group.
Optionally, if there are security engines in the second security engine group, described will be stored in advance in The configuration file of the target virtual machine in one security engine group copies in the second security engine group, comprising:
If there are security engines in the second security engine group, the configuration file institute of the target virtual machine is judged Whether the memory space of occupancy is greater than the current residual memory space of the second security engine group;
If the occupied memory space of the configuration file of the target virtual machine is not more than the second security engine group Current residual memory space will then be stored in advance in the configuration text of the target virtual machine in the first security engine group Part copies in the second security engine group.
Optionally, the method also includes:
If the occupied memory space of the configuration file of the target virtual machine is greater than the second security engine group and works as Preceding residual memory space then shows the second prompt information, and second prompt information is for prompting second security engine Group memory space inadequate.
Optionally, the configuration file that the target virtual machine in the first security engine group will be stored in advance in Before copying in the second security engine group, further includes:
Judge the corresponding configuration text of device identification in the second security engine group with the presence or absence of the target virtual machine Part;
If there are the corresponding configuration file of the device identification of the target virtual machine in the second security engine group, Show the covering prompt information of configuration file;
If receive user's input forbids covering to instruct, equipment mark described in the second security engine group is established Know the corresponding relationship between corresponding configuration file and the target virtual machine;
If receiving the covering instruction of user's input, device identification pair described in the second security engine group is deleted The configuration file answered, and execute the configuration that will be stored in advance in the target virtual machine in the first security engine group File copies to the step in the second security engine group.
The communication bus that above-mentioned electronic equipment is mentioned can be Peripheral Component Interconnect standard (English: Peripheral Component Interconnect, referred to as: PCI) bus or expanding the industrial standard structure (English: Extended Industry Standard Architecture, referred to as: EISA) bus etc..The communication bus can be divided into address bus, data/address bus, control Bus processed etc..Only to be indicated with a thick line in figure convenient for indicating, it is not intended that an only bus or a type of total Line.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory may include random access memory (English: Random Access Memory, abbreviation: RAM), can also To include nonvolatile memory (English: Non-Volatile Memory, abbreviation: NVM), for example, at least a disk storage Device.Optionally, memory can also be that at least one is located remotely from the storage device of aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (English: Central Processing Unit, referred to as: CPU), network processing unit (English: Network Processor, referred to as: NP) etc.;It can also be digital signal Processor (English: Digital Signal Processing, abbreviation: DSP), specific integrated circuit (English: Application Specific Integrated Circuit, referred to as: ASIC), field programmable gate array (English: Field- Programmable Gate Array, referred to as: FPGA) either other programmable logic device, discrete gate or transistor logic Device, discrete hardware components.
In another embodiment provided by the present application, a kind of computer readable storage medium is additionally provided, which can It reads to be stored with computer program in storage medium, the computer program realizes any of the above-described virtual machine when being executed by processor The step of moving method.
In another embodiment provided by the present application, a kind of computer program product comprising instruction is additionally provided, when it When running on computers, so that computer executes the moving method of any virtual machine in above-described embodiment.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program Product includes one or more computer instructions.When loading on computers and executing the computer program instructions, all or It partly generates according to process or function described in the embodiment of the present application.The computer can be general purpose computer, dedicated meter Calculation machine, computer network or other programmable devices.The computer instruction can store in computer readable storage medium In, or from a computer readable storage medium to the transmission of another computer readable storage medium, for example, the computer Instruction can pass through wired (such as coaxial cable, optical fiber, number from a web-site, computer, server or data center User's line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or Data center is transmitted.The computer readable storage medium can be any usable medium that computer can access or It is comprising data storage devices such as one or more usable mediums integrated server, data centers.The usable medium can be with It is magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk Solid State Disk (SSD)) etc..
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.
The foregoing is merely the preferred embodiments of the application, are not intended to limit the protection scope of the application.It is all Any modification, equivalent replacement, improvement and so within spirit herein and principle are all contained in the protection scope of the application It is interior.

Claims (12)

1. a kind of moving method of virtual machine, which is characterized in that the described method includes:
Virtual machine (vm) migration order is received, the virtual machine (vm) migration order is used to indicate target virtual machine by the first security engine group It migrates to the second security engine group;
If the second security engine group meets preset transition condition, the first security engine group will be stored in advance in In the configuration file of the target virtual machine copy in the second security engine group, and establish the configuration file and institute State the corresponding relationship between target virtual machine.
If 2. the method according to claim 1, wherein the second security engine group meet it is preset The configuration file for the target virtual machine being stored in advance in the first security engine group is then copied to institute by transition condition It states in the second security engine group, comprising:
It detects in the second security engine group with the presence or absence of security engine;
If there are security engines in the second security engine group, will be stored in advance in the first security engine group The configuration file of the target virtual machine copies in the second security engine group.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
If security engine is not present in the second security engine group, the first prompt information, the first prompt letter are shown There is no security engines for prompting in the second security engine group for breath.
4. if according to the method described in claim 2, it is characterized in that, there is safety in the second security engine group The configuration file for the target virtual machine being stored in advance in the first security engine group is then copied to described by engine In two security engine groups, comprising:
If there are security engine in the second security engine group, occupied by the configuration file for judging the target virtual machine Memory space whether be greater than the current residual memory space of the second security engine group;
If the occupied memory space of the configuration file of the target virtual machine is current no more than the second security engine group Residual memory space, then the configuration file for the target virtual machine being stored in advance in the first security engine group is answered It makes in the second security engine group.
5. according to the method described in claim 4, it is characterized in that, the method also includes:
If it is current that the occupied memory space of the configuration file of the target virtual machine is greater than the second security engine group Residual memory space then shows the second prompt information, and second prompt information is for prompting the second security engine group to deposit Store up insufficient space.
6. the method according to claim 1, wherein described will be stored in advance in the first security engine group The target virtual machine configuration file copy in the second security engine group before, further includes:
Judge the corresponding configuration file of device identification that whether there is the target virtual machine in the second security engine group;
If shown in the second security engine group there are the corresponding configuration file of the device identification of the target virtual machine The covering prompt information of configuration file;
If receive user's input forbids covering to instruct, device identification pair described in the second security engine group is established The corresponding relationship between configuration file and the target virtual machine answered;
If receiving the covering instruction of user's input, it is corresponding to delete device identification described in the second security engine group Configuration file, and execute the configuration file that will be stored in advance in the target virtual machine in the first security engine group Copy to the step in the second security engine group.
7. a kind of moving apparatus of virtual machine, which is characterized in that described device includes:
Receiving module, for receiving virtual machine (vm) migration order, the virtual machine (vm) migration order be used to indicate by target virtual machine by First security engine group is migrated to the second security engine group;
Transferring module will be stored in advance in described if meeting preset transition condition for the second security engine group The configuration file of the target virtual machine in first security engine group copies in the second security engine group, and establishes institute State the corresponding relationship between configuration file and the target virtual machine.
8. device according to claim 7, which is characterized in that the transferring module is specifically used for:
It detects in the second security engine group with the presence or absence of security engine;
If there are security engines in the second security engine group, will be stored in advance in the first security engine group The configuration file of the target virtual machine copies in the second security engine group.
9. device according to claim 8, which is characterized in that described device further include:
First display module, if for security engine, display the first prompt letter to be not present in the second security engine group Breath, there is no security engines for prompting in the second security engine group for first prompt information.
10. device according to claim 8, which is characterized in that the transferring module is specifically used for:
If there are security engine in the second security engine group, occupied by the configuration file for judging the target virtual machine Memory space whether be greater than the current residual memory space of the second security engine group;
If the occupied memory space of the configuration file of the target virtual machine is current no more than the second security engine group Residual memory space, then the configuration file for the target virtual machine being stored in advance in the first security engine group is answered It makes in the second security engine group.
11. device according to claim 10, which is characterized in that described device further include:
Second display module, if the occupied memory space of configuration file for the target virtual machine is greater than described second The current residual memory space of security engine group then shows that the second prompt information, second prompt information are described for prompting Second security engine group memory space inadequate.
12. device according to claim 7, which is characterized in that described device further include:
Judgment module, it is corresponding with the presence or absence of the device identification of the target virtual machine in the second security engine group for judging Configuration file;
If triggered in the second security engine group there are the corresponding configuration file of the device identification of the target virtual machine Third display module shows the covering prompt information of configuration file;
If receive user's input forbids covering to instruct, triggers the transferring module and establish the second security engine group Described in corresponding relationship between the corresponding configuration file of device identification and the target virtual machine;
If receiving the covering instruction of user's input, triggers the transferring module and delete institute in the second security engine group The corresponding configuration file of device identification is stated, and executes and described will be stored in advance in the target in the first security engine group The configuration file of virtual machine copies to the step in the second security engine group.
CN201910044144.XA 2019-01-17 2019-01-17 Virtual machine migration method and device Active CN109783196B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910044144.XA CN109783196B (en) 2019-01-17 2019-01-17 Virtual machine migration method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910044144.XA CN109783196B (en) 2019-01-17 2019-01-17 Virtual machine migration method and device

Publications (2)

Publication Number Publication Date
CN109783196A true CN109783196A (en) 2019-05-21
CN109783196B CN109783196B (en) 2021-03-12

Family

ID=66501529

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910044144.XA Active CN109783196B (en) 2019-01-17 2019-01-17 Virtual machine migration method and device

Country Status (1)

Country Link
CN (1) CN109783196B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112073518A (en) * 2020-09-09 2020-12-11 杭州海康威视系统技术有限公司 Cloud storage system, cloud storage system management method and central management node
CN112286866A (en) * 2020-10-23 2021-01-29 星辰天合(北京)数据科技有限公司 Data processing method and device, electronic equipment and computer readable storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794238A (en) * 2008-12-31 2010-08-04 英特尔公司 Effective utilization of remapping engine
US20120284398A1 (en) * 2010-10-26 2012-11-08 International Business Machines Corporation Inter-virtual machine communication
CN104346575A (en) * 2014-10-24 2015-02-11 重庆邮电大学 Software defined security architecture
CN106201659A (en) * 2016-07-12 2016-12-07 腾讯科技(深圳)有限公司 A kind of method of live migration of virtual machine and host
CN107113192A (en) * 2014-12-29 2017-08-29 株式会社Ntt都科摩 resource management in cloud system
CN107562512A (en) * 2016-07-01 2018-01-09 华为技术有限公司 A kind of method, apparatus and system for migrating virtual machine
CN107656796A (en) * 2017-09-04 2018-02-02 顺丰科技有限公司 A kind of virtual machine cold moving method, system and equipment
CN107885575A (en) * 2017-03-13 2018-04-06 平安科技(深圳)有限公司 The moving method and device of virtual machine

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794238A (en) * 2008-12-31 2010-08-04 英特尔公司 Effective utilization of remapping engine
US20120284398A1 (en) * 2010-10-26 2012-11-08 International Business Machines Corporation Inter-virtual machine communication
CN104346575A (en) * 2014-10-24 2015-02-11 重庆邮电大学 Software defined security architecture
CN107113192A (en) * 2014-12-29 2017-08-29 株式会社Ntt都科摩 resource management in cloud system
CN107562512A (en) * 2016-07-01 2018-01-09 华为技术有限公司 A kind of method, apparatus and system for migrating virtual machine
CN106201659A (en) * 2016-07-12 2016-12-07 腾讯科技(深圳)有限公司 A kind of method of live migration of virtual machine and host
CN107885575A (en) * 2017-03-13 2018-04-06 平安科技(深圳)有限公司 The moving method and device of virtual machine
CN107656796A (en) * 2017-09-04 2018-02-02 顺丰科技有限公司 A kind of virtual machine cold moving method, system and equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112073518A (en) * 2020-09-09 2020-12-11 杭州海康威视系统技术有限公司 Cloud storage system, cloud storage system management method and central management node
CN112073518B (en) * 2020-09-09 2023-06-02 杭州海康威视系统技术有限公司 Cloud storage system, cloud storage system management method and central management node
CN112286866A (en) * 2020-10-23 2021-01-29 星辰天合(北京)数据科技有限公司 Data processing method and device, electronic equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN109783196B (en) 2021-03-12

Similar Documents

Publication Publication Date Title
US10009317B2 (en) Security policy generation using container metadata
US10264025B2 (en) Security policy generation for virtualization, bare-metal server, and cloud computing environments
US11122129B2 (en) Virtual network function migration
CN109067877B (en) Control method for cloud computing platform deployment, server and storage medium
US9262208B2 (en) Automated, controlled distribution and execution of commands and scripts
US9756070B1 (en) Scanning machine images to identify potential risks
US10402216B1 (en) Live support integration in a virtual machine based development environment
WO2016160595A1 (en) System and method for threat-driven security policy controls
US10810176B2 (en) Unsolicited bulk email detection using URL tree hashes
US11880458B2 (en) Malware detection based on user interactions
JP6138337B2 (en) Test system and test method for reducing performance test cost in cloud environment
WO2021053422A1 (en) Correspondence of external operations to containers and mutation events
CN104169939A (en) Method and system realizing virtualization safety
US20240311189A1 (en) System and method for secure recovery of application group in container deployment environments
CN109783196A (en) A kind of moving method and device of virtual machine
US10705895B2 (en) Device based automated tool integration for lifecycle management platform
CN111124614A (en) Virtual machine migration flow control test method, device, equipment and storage medium
US9417896B2 (en) Allocating hypervisor resources
US9870304B2 (en) System for verifying historical artifacts in disparate source control systems
CN110290172B (en) Container application cloning method and device, computer equipment and storage medium
US11748511B2 (en) Protecting data based on context of data movement operation
US10671432B2 (en) Intelligent memory management through peer learning
US20240236050A1 (en) Building and using attestation model in confidential computing
US20210042182A1 (en) Graceful degradation of user interface components in response to errors
CN115996150A (en) Virtual studio creation method and system storage medium and data verification method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant