CN113568756B - Cooperative dynamic scheduling method and system for password resources - Google Patents
Cooperative dynamic scheduling method and system for password resources Download PDFInfo
- Publication number
- CN113568756B CN113568756B CN202111096001.7A CN202111096001A CN113568756B CN 113568756 B CN113568756 B CN 113568756B CN 202111096001 A CN202111096001 A CN 202111096001A CN 113568756 B CN113568756 B CN 113568756B
- Authority
- CN
- China
- Prior art keywords
- password
- resource
- application system
- resources
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
- G06F9/505—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the load
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a cooperative dynamic scheduling method and system for password resources. Wherein, the method comprises the following steps: acquiring password resource demand information corresponding to a target application system; calculating a load value of the password resource currently used by the target application system based on a preset decision algorithm, and judging whether the password resource scheduling needs to be carried out on the target application system or not according to the load value; and under the condition that the password resource scheduling is required to be carried out on the target application system, carrying out the password resource scheduling on the target application system according to the password resource demand information, the load value and a preset scheduling strategy. Therefore, dynamic calculation can be carried out in the password service application according to the real-time use state of the password resources, namely, the password resources can be dynamically distributed or released according to the rising or lowering of the service demand, the scheduling and distribution of the password resources are automatically realized, the reasonable use of the password resources is optimized, and the password resource utilization rate and the password resource service efficiency are improved.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and a system for collaborative and dynamic scheduling of cryptographic resources, a storage medium, and an electronic device.
Background
The power system is related to the national civilization, and with the increasing severity of the international network security situation, the information security risk of the power grid is increasing, and potential safety hazards such as sensitive data leakage, illegal data tampering, identity misuse and the like exist. The password is the basis for constructing a power network security protection system. In order to solve the problem of safe and efficient operation of passwords of massive concurrent services, a technology for cooperative dynamic scheduling of password resources needs to be researched urgently to realize dynamic allocation and adjustment of the password resources according to service flow.
The password resources are mainly borne by the password equipment and comprise entity password equipment and virtual password equipment. In a practical application system, a password resource pool for gathering various password devices is mainly established to provide password service for the application system. Because different suppliers and different equipment models have different computing capacities of the password equipment, and service requests of the application system requiring password calculation have an infinite characteristic, the situation that the traffic volume rapidly rises or the traffic volume rapidly falls can occur, and the situation can influence the reasonable allocation of password resources. In the current traditional cloud computing field, various scheduling schemes exist for computing resources such as a host computer, but the scheduling algorithms do not consider the difference and complexity of password operation, and cannot be completely applied to password equipment, and dynamic scheduling and optimal configuration of password resources cannot be achieved, so that the utilization rate of the password resources is low, and the password service efficiency is poor.
Aiming at the technical problems that the password resources cannot be dynamically scheduled and optimally configured in the prior art, so that the utilization rate of the password resources is low and the password service efficiency is poor, an effective solution is not provided at present.
Disclosure of Invention
Aiming at the technical problems of low utilization rate of password resources and poor password service efficiency caused by incapability of dynamically scheduling and optimizing configuration of the password resources in the prior art, the invention provides a password resource collaborative dynamic scheduling method and a system, which can dynamically calculate according to the real-time use state of the password resources in the password service application, automatically realize scheduling and allocation of the password resources, effectively solve the problem of dynamic scheduling of the password resources, realize climbing or reducing dynamic allocation or release of the password resources according to the business demand, improve the utilization rate of the password resources, optimize the reasonable use of the password resources and improve the password service efficiency.
According to an aspect of the present invention, a cooperative dynamic scheduling method for cryptographic resources is provided, including: acquiring password resource demand information corresponding to a target application system;
calculating a load value of the password resource currently used by the target application system based on a preset decision algorithm, and judging whether the password resource scheduling needs to be carried out on the target application system or not according to the load value;
and under the condition that the password resource scheduling is required to be carried out on the target application system, carrying out the password resource scheduling on the target application system according to the password resource demand information, the load value and a preset scheduling strategy.
Optionally, the calculating a load value of a cryptographic resource currently used by the target application system based on a preset decision algorithm includes:
acquiring password resource operation information corresponding to all application systems;
calculating the load value of each password resource in a resource pool according to the password resource operation information, wherein the resource pool is used for storing the password resources in a centralized and classified manner; and
and calculating the total load value of all the password resources currently associated with the target application system according to the basic information and the load value of each password resource, wherein the total load value is used as the load value of the password resource currently used by the target application system.
Optionally, the calculating a load value of each cryptographic resource in the resource pool according to the cryptographic resource operation information includes:
determining a first ratio of the operational performance and the total performance of the current cryptographic function according to the running information of the cryptographic resource;
determining a second ratio of the number of concurrent connections to the maximum nominal number of concurrent connections according to the password resource operation information;
determining the resource occupancy rate of a target application system according to the running information of the password resources; and
and determining the load value of each password resource in the resource pool based on the first ratio, the second ratio and the occupancy rate of the target application system resource.
Optionally, the calculating, according to the basic information and the load value of each cryptographic resource, an overall load value of all cryptographic resources currently associated with the target application system includes:
calculating the capability value scores of the password resources currently associated with the target application system as load weight values according to the nominal information of the password resources currently associated with the target application system; and
and calculating the total load value of all the password resources currently associated with the target application system according to the load value of each password resource in the resource pool and the load weight value of each password resource currently associated with the target application system.
Optionally, the determining whether to perform password resource scheduling on the target application system according to the load value includes:
comparing the load value of the password resource currently used by the target application system with a preset password resource scheduling threshold value; and
and judging whether the password resource scheduling needs to be carried out on the target application system according to the comparison result.
Optionally, the performing, according to the password resource demand information, the load value, and a preset scheduling policy, password resource scheduling on the target application system as needed includes:
calculating the ability scoring value of each password resource in the resource pool according to the calculation ability and parameters of the initial password resource;
obtaining the capability scores of all password resources currently associated with the target application system, and calculating the total score of the password resources;
calculating a resource increase and decrease ratio value of resources needing to be increased or decreased according to the difference value between the load value and a threshold median value, wherein the threshold median value is the average of a preset highest threshold value and a preset lowest threshold value;
calculating the score value of the difference between the load value and the median of the threshold value according to the total score of the password resources and the resource increase and decrease ratio; and
and according to the resource increase and decrease ratio and the score value, carrying out password resource scheduling on the target application system as required.
Optionally, the performing, according to the resource increase/decrease ratio and the score value, cryptographic resource scheduling on the target application system as needed includes:
when the resource increase and decrease ratio is a positive value, selecting idle password resources from the resource pool according to the score value and increasing the idle password resources to the password resources currently used by the target application system; and
and when the resource increase and decrease ratio is a negative value, releasing redundant password resources from the password resources currently used by the target application system according to the score value.
Optionally, before obtaining the password resource requirement information corresponding to the target application system, the method includes:
and monitoring the running state of the password resources associated with each application system, and obtaining each running parameter from the password resources so as to obtain the running information of the password resources corresponding to each application system.
Optionally, before obtaining the password resource requirement information corresponding to the target application system, the method includes:
storing all operation resources and password resources in a centralized and classified manner to construct a resource pool;
collecting password resource demand information, password equipment operation capacity and operation parameter information of each application system;
and distributing a corresponding number of fixed password service units and password resources for each application system from the resource pool according to the password resource demand information.
Optionally, the cooperative dynamic scheduling method for cryptographic resources further includes:
and setting the password resource scheduling threshold value of each application system according to the collected password resource demand information of each application system.
According to another aspect of the present invention, there is provided a cooperative dynamic scheduling system for cryptographic resources, comprising: the demand information acquisition module is used for acquiring password resource demand information corresponding to the target application system;
the decision module is used for calculating the load value of the password resource currently used by the target application system based on a preset decision algorithm and judging whether the password resource scheduling needs to be carried out on the target application system or not according to the load value;
and the resource scheduling module is used for scheduling the password resources of the target application system as required according to the password resource demand information, the load value and a preset scheduling strategy under the condition that the password resources of the target application system are required to be scheduled.
Optionally, the decision module comprises:
the running information acquisition unit is used for acquiring running information of the password resources corresponding to all the application systems;
the single load value calculation unit is used for calculating the load value of each password resource in the resource pool according to the password resource operation information; and
and the total load value calculating unit is used for calculating the total load values of all the password resources currently associated with the target application system according to the basic information and the load values of each password resource, and the total load values are used as the load values of the password resources currently used by the target application system.
Optionally, the single load value calculating unit is specifically configured to:
determining a first ratio of the operational performance and the total performance of the current cryptographic function according to the running information of the cryptographic resource;
determining a second ratio of the number of concurrent connections to the maximum nominal number of concurrent connections according to the password resource operation information;
determining the resource occupancy rate of a target application system according to the running information of the password resources; and
and determining the load value of each password resource in the resource pool based on the first ratio, the second ratio and the occupancy rate of the target application system resource.
Optionally, the overall load value calculating unit is specifically configured to:
calculating the capability value scores of the password resources currently associated with the target application system as load weight values according to the nominal information of the password resources currently associated with the target application system; and
and calculating the total load value of all the password resources currently associated with the target application system according to the load value of each password resource in the resource pool and the load weight value of each password resource currently associated with the target application system.
Optionally, the decision module further comprises:
the comparison unit is used for comparing the load value of the password resource currently used by the target application system with a preset password resource scheduling threshold value; and
and the judging unit is used for judging whether the password resource scheduling needs to be carried out on the target application system according to the comparison result.
Optionally, the resource scheduling module includes:
the ability scoring value calculating unit is used for calculating the ability scoring value of each password resource in the resource pool according to the calculating ability and the parameters of the initial password resource;
the password resource total score calculating unit is used for obtaining the capability scores of all password resources currently associated with the target application system and calculating the password resource total score;
the resource increase and decrease ratio calculation unit is used for calculating the resource increase and decrease ratio of resources needing to be increased or decreased according to the difference value between the load value and a threshold median value, wherein the threshold median value is the average of a preset highest threshold value and a preset lowest threshold value;
the score calculating unit is used for calculating the score of the difference between the load value and the median of the threshold value according to the total score of the password resources and the resource increase and decrease ratio; and
and the password resource allocation unit is used for scheduling the password resources of the target application system according to the resource increase and decrease ratio and the score value and according to needs.
Optionally, the cryptographic resource allocation unit is specifically configured to:
when the resource increase and decrease ratio is a positive value, selecting idle password resources from the resource pool according to the score value and increasing the idle password resources to the password resources currently used by the target application system; and
and when the resource increase and decrease ratio is a negative value, releasing redundant password resources from the password resources currently used by the target application system according to the score value.
Optionally, the cooperative dynamic scheduling system for cryptographic resources further includes:
and the resource monitoring module is used for monitoring the password resource requirements of each application system and the running state of the associated password resources and acquiring various running parameters from the password resources so as to acquire the password resource requirement information and the password resource running information corresponding to each application system.
Optionally, the cooperative dynamic scheduling system for cryptographic resources further includes:
the resource pool is used for storing each operation resource and each password resource in a centralized and classified manner;
the basic information collection module is used for collecting the password resource demand information, the password equipment operation capacity and the operation parameter information of each application system;
and the basic configuration module is used for distributing a corresponding number of fixed password service units and password resources for each application system from the resource pool according to the password resource demand information.
Optionally, the cooperative dynamic scheduling system for cryptographic resources further includes:
and the parameter configuration module is used for setting the password resource scheduling threshold of each application system according to the collected password resource demand information of each application system.
According to a further aspect of the invention, there is provided a computer readable storage medium having stored thereon a computer program for executing the method of any of the above aspects of the invention.
According to still another aspect of the present invention, there is provided an electronic apparatus including: a processor; a memory for storing the processor-executable instructions; the processor is configured to read the executable instructions from the memory and execute the instructions to implement the method according to any one of the above aspects of the present invention.
Therefore, the cooperative and dynamic scheduling method and system for the password resources, which are provided by the invention, can perform dynamic calculation according to the real-time use state of the password resources in the application of the password services, automatically realize the scheduling and allocation of the password resources, effectively solve the problem of dynamic scheduling of the password resources, realize the climbing or reducing of the dynamic allocation or release of the password resources according to the service demand, optimize the reasonable use of the password resources, and further improve the utilization rate of the password resources and the efficiency of the password services. And then solved the unable dynamic scheduling and optimal configuration password resource that exist among the prior art to lead to the technical problem that the utilization ratio of password resource is low, password service efficiency is poor.
Drawings
A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:
fig. 1 is a flowchart illustrating a cooperative dynamic scheduling method for cryptographic resources according to an exemplary embodiment of the present invention;
FIG. 2 is a flowchart illustrating an overall process of cooperative and dynamic scheduling of cryptographic resources according to an exemplary embodiment of the present invention;
FIG. 3 is a flowchart illustrating a process for calculating a load value of a cryptographic resource currently used by a target application system according to an exemplary embodiment of the present invention;
FIG. 4 is a flowchart illustrating an on-demand allocation of cryptographic resources to a target application system based on a load value, according to an exemplary embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a cooperative dynamic scheduling system for cryptographic resources according to an exemplary embodiment of the present invention; and
fig. 6 is a structure of an electronic device according to an exemplary embodiment of the present invention.
Detailed Description
Hereinafter, example embodiments according to the present invention will be described in detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a subset of embodiments of the invention and not all embodiments of the invention, with the understanding that the invention is not limited to the example embodiments described herein.
It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
It will be understood by those of skill in the art that the terms "first," "second," and the like in the embodiments of the present invention are used merely to distinguish one element, step, device, module, or the like from another element, and do not denote any particular technical or logical order therebetween.
It should also be understood that in embodiments of the present invention, "a plurality" may refer to two or more and "at least one" may refer to one, two or more.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the invention may be generally understood as one or more, unless explicitly defined otherwise or stated to the contrary hereinafter.
In addition, the term "and/or" in the present invention is only one kind of association relationship describing the associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In the present invention, the character "/" generally indicates that the preceding and following related objects are in an "or" relationship.
It should also be understood that the description of the embodiments of the present invention emphasizes the differences between the embodiments, and the same or similar parts may be referred to each other, so that the descriptions thereof are omitted for brevity.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Embodiments of the invention are operational with numerous other general purpose or special purpose computing system environments or configurations, and with numerous other electronic devices, such as terminal devices, computer systems, servers, etc. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with electronic devices, such as terminal devices, computer systems, servers, and the like, include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, networked personal computers, minicomputer systems, mainframe computer systems, distributed cloud computing environments that include any of the above, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
Exemplary method
Fig. 1 is a flowchart illustrating a cooperative dynamic scheduling method for cryptographic resources according to an exemplary embodiment of the present invention. The embodiment can be applied to an electronic device, as shown in fig. 1, and includes the following steps:
As an embodiment, before obtaining the password resource requirement information corresponding to the target application system, the method includes: storing all operation resources and password resources in a centralized and classified manner to construct a resource pool; collecting password resource demand information, password equipment operation capacity and operation parameter information of each application system; and distributing a corresponding number of fixed password service units and password resources for each application system from the resource pool according to the password resource demand information.
Generally, before the cooperative dynamic scheduling of the cryptographic resources, a resource pool needs to be constructed. Specifically, each operation resource, password resource and the like are classified and stored in a pool to construct a resource pool. Therefore, resources can be extracted from the resource pool as required, and the resources are released when no requirement exists. The resource pool comprises a hardware cipher machine resource pool, a virtual cipher machine resource pool and a key database resource pool.
The hardware cipher machine resource pool mainly comprises a hardware cipher machine cluster which is used for providing cipher operation functions, including a symmetric algorithm, an asymmetric algorithm and a digest algorithm, and simultaneously providing a security protection function for a security system core element key. The virtual cryptographic machine resource pool mainly comprises a virtual cryptographic machine cluster which is mainly used for partitioning hardware resources through a virtualization technology, multiple virtual machines are simulated on a physical host, functions of the virtual cryptographic machine are consistent with those of an entity machine, and the utilization rate of the hardware resources is enhanced. The key database resource pool is mainly used for realizing the isolated storage of the keys of each application system.
Further, referring to fig. 2, basic resource configuration is required before performing the cooperative dynamic scheduling of the cryptographic resources. Specifically, first, service requirements (corresponding to the cryptographic resource requirements of the application system), the computing power of the cryptographic device, and parameter information are collected. And then distributing a corresponding number of fixed password service units and password resources for each application system from the resource pool according to the password resource demand information. The cryptographic resources may include, among other things, physical cryptographic devices and virtual cryptographic device resources. The collected computing power and parameters of the cryptographic device include: supported cryptographic algorithms, operational performance of each cryptographic algorithm, concurrent connectivity, and the like.
As an embodiment, before obtaining the password resource requirement information corresponding to the target application system, the method includes: and monitoring the running state of the password resources associated with each application system, and obtaining each running parameter from the password resources so as to obtain the running information of the password resources corresponding to each application system.
Specifically, referring to fig. 2, before performing cooperative and dynamic scheduling of the password resource, the running state of the password resource associated with each application system needs to be monitored, and each running parameter needs to be obtained from the password resource, so as to obtain the running information of the password resource corresponding to each application system. And when the data flow of the application system is monitored to be stable, the password service is completed by the fixed password service unit and the password resource. And after monitoring that the traffic of the application system changes, starting the password resource cooperative dynamic scheduling system to perform dynamic resource allocation.
As an embodiment, the method for collaborative and dynamic scheduling of cryptographic resources further includes: and setting the password resource scheduling threshold value of each application system according to the collected password resource demand information of each application system.
Generally, after collecting the corresponding information, the cryptographic resource scheduling threshold of the specific service application system needs to be set according to the collected cryptographic resource requirement information of each application system. The cipher resource scheduling threshold comprises a highest threshold Simax and a lowest threshold Simin, and subsequently, a decision can be made according to the two thresholds to judge whether the cipher resource needs to be scheduled to the application system, wherein i represents the ith application system.
102, calculating a load value of the password resource currently used by the target application system based on a preset decision algorithm, and judging whether password resource scheduling needs to be performed on the target application system according to the load value.
Generally, according to the collected running information of the password resources, a weighted dynamic adaptation algorithm is adopted to calculate a load value of the password resources currently used by the target application system, and then whether the password resources corresponding to the target application system need to be dynamically adjusted, that is, whether the resources need to be increased or decreased, is determined.
As an embodiment, calculating a load value of a cryptographic resource currently used by a target application system based on a preset decision algorithm includes: acquiring password resource operation information corresponding to all application systems; calculating the load value of each password resource in the resource pool according to the password resource operation information; and calculating the total load value of all the password resources currently associated with the target application system according to the basic information and the load value of each password resource, wherein the total load value is used as the load value of the password resource currently used by the target application system.
Specifically, after collecting the running information of the password resources corresponding to all the application systems, obtaining the real-time load value Si of each current application system by adopting a comprehensive calculation method, and comparing the real-time load value Si with an initially set high threshold value Simax and a lowest threshold value Simin for decision making. Because the calculation of the real-time load value Si of each application system has high complexity, the available operating parameters of each device are more, and the number of password resource devices corresponding to each application is large, it is difficult to accurately calculate the comprehensive load of the password resources used by the current application. The invention realizes the dynamic load calculation by a weighted dynamic adaptation algorithm based on the characteristics of the password resource equipment, and can effectively meet the requirement of the actual dynamic password resource scheduling. The specific real-time load calculation process of the service is as follows:
(1) first, load calculation for each cryptographic resource needs to be implemented. Specifically, the password resource operation information corresponding to all the application systems is obtained, and the load value of each password resource in the resource pool is calculated according to the password resource operation information. And each password resource is a hardware password machine resource or a virtual password machine resource.
(2) Secondly, obtaining the total load condition of all the password resources related to the application system according to the basic information and the real-time load value of each password resource, namely calculating the total load value of all the password resources currently related to the target application system.
As one embodiment, calculating a load value for each cryptographic resource in the resource pool based on the cryptographic resource run information includes: determining a first ratio of the operational performance and the total performance of the current cryptographic function according to the running information of the cryptographic resource; determining a second ratio of the number of concurrent connections to the maximum nominal number of concurrent connections according to the password resource operation information; determining the resource occupancy rate of a target application system according to the running information of the password resources; and determining the load value of each password resource in the resource pool based on the first ratio, the second ratio and the occupancy rate of the target application system resource.
Referring to fig. 3, the detailed process of calculating the load value of each cryptographic resource in the resource pool according to the cryptographic resource running information is as follows:
1) determining the ratio of the current operation performance of each cryptographic function to the maximum performance of the resource, accumulating the ratios to obtain X1 (corresponding to a first ratio), and if X1>1, revising X1= 1;
2) determining a ratio X2 (corresponding to a second ratio) of the number of concurrent connections to the maximum nominal number of concurrent connections;
3) determining the CPU occupancy rate O and the memory occupancy rate M, and calculating to obtain the resource occupancy rate X3 of a target application system, wherein X3= Min (100, Max (O, M));
4) and calculating by adopting a dynamic adaptation algorithm based on the three numerical values to obtain the load value Sdi of each password resource. If X1=1 or X3=1, Sdi =1, otherwise, the calculation formula is:
Sdi = Min(100, 100*(X1+(W2*X2+W3*X3)/ (W2+W3)))
wherein, W2 is the number of concurrent connections, W3 is the weight value of the CPU memory resource occupancy rate value, the suggested values 10 and 90 can be adjusted according to the actual equipment cryptographic algorithm capability.
As an embodiment, calculating an overall load value of all the cryptographic resources currently associated with the target application system according to the basic information and the load value of each cryptographic resource includes: calculating the capability value scores of the password resources currently associated with the target application system as load weight values according to the nominal information of the password resources currently associated with the target application system; and calculating the total load value of all the password resources currently associated with the target application system according to the load value of each password resource in the resource pool and the load weight value of each password resource currently associated with the target application system.
Referring to fig. 3, the calculation process of the overall load value of all the cryptographic resources currently associated with the target application system is as follows:
1) calculating the capability value score Ni of each associated password resource according to the actual nominal information of the password resource currently associated with the target application system, taking the value of 0-100 as the load weight value;
2) and according to the obtained load value Sdi of each password resource, then according to the load weight value in 1), carrying out weighted average to obtain an overall load value Si.
Si=(N1*S1+N2*S2+…+Nn*Sn)/(N1+N2+…+Nn)
And the Nn is the capability value score of the nth password resource associated with the target application system, and the Sn is the load value of the nth password resource associated with the target application system.
As an embodiment, determining whether to perform cryptographic resource scheduling on a target application system according to a load value includes: comparing the load value of the password resource currently used by the target application system with a preset password resource scheduling threshold value; and judging whether password resource scheduling needs to be carried out on the target application system according to the comparison result.
Specifically, after collecting the password resource operation information corresponding to all application systems, obtaining the total load value Si of all password resources currently associated with the application systems by using a comprehensive calculation method, comparing the total load value Si with the initially set highest threshold value Simax and lowest threshold value Simin, and determining whether to perform password resource scheduling on the target application system according to the comparison result. For example, but not limited to, when the comparison result is that the overall load value Si is greater than the highest threshold value Simax, it is determined that the cryptographic resource scheduling needs to be performed on the target application system. And when the comparison result is that the total load value Si is smaller than the minimum threshold value Simin, judging that the password resource scheduling needs to be carried out on the target application system. And when the comparison result is that the total load value Si is equal to the highest threshold value Simax, judging that the password resource scheduling of the target application system is not needed. It should be specifically noted that the specific determination logic may be specifically designed according to actual requirements, and is not limited herein.
And 103, under the condition that the password resource scheduling is required to be carried out on the target application system, carrying out the password resource scheduling on the target application system according to the password resource requirement information, the load value and a preset scheduling strategy.
Generally, when a password resource needs to be added to a target application system, a certain number of idle password resources are selected from a resource pool and dynamically added to the password resources required to be equipped by the target application system. In the case of reducing the cryptographic resources of the target application system, redundant cryptographic resources are reclaimed from the cryptographic resources currently serving the target application system, and the reclaimed cryptographic resources are marked as idle in the resource pool.
As an embodiment, according to the password resource demand information, the load value and a preset scheduling policy, performing password resource scheduling on a target application system on demand, includes: calculating the ability scoring value of each password resource in the resource pool according to the calculation ability and parameters of the initial password resource; obtaining the capability scores of all password resources currently associated with the target application system, and calculating the total score of the password resources; calculating a resource increase and decrease ratio value of resources needing to be increased or decreased according to the difference value between the load value and a threshold median value, wherein the threshold median value is the average of a preset highest threshold value and a preset lowest threshold value; calculating the score value of the difference between the load value and the median of the threshold value according to the total score of the password resources and the resource increase and decrease ratio; and according to the resource increase and decrease ratio and the score value, carrying out password resource scheduling on the target application system as required.
Usually, the amount of resources to be loaded or released is determined according to the comparison result between the real-time load value and the threshold value, so as to achieve the final dynamic scheduling of the resources. Referring to fig. 4, the scheduling resource load amount allocation process specifically includes the following steps:
(1) calculating the ability score value Ni of each password resource according to the calculation ability and parameters of the initial password resource, and taking the value of 0-100;
(2) obtaining the capability scores of all password resources related to the current application system, and calculating a total score CALL;
and calculating the resource increase and decrease ratio T of the password resources needing to be increased or decreased according to the difference value between the load value and the median value of the threshold value. Wherein, the median of the thresholds is the average number Savr of the highest threshold and the lowest threshold, Savr = (Smax-Smin)/2), and T = (Si-Savr)/Savr, T is a positive value and needs to increase the resources, T is a negative value and decreases the resources;
(3) and (3) calculating a score value C = CALL | T | of the difference between the load value and the median of the threshold value according to the total score value CALL and the resource increase/decrease ratio T calculated in the step (2).
(4) And according to the resource increase and decrease ratio T and the score value C, carrying out password resource scheduling on the target application system as required.
According to one embodiment, the password resource scheduling is performed on the target application system according to the resource increase/decrease ratio and the score value, and the method comprises the following steps: when the resource increase and decrease ratio is a positive value, selecting idle password resources from the resource pool according to the score value and increasing the idle password resources to the password resources currently used by the target application system; and when the resource increase and decrease ratio is a negative value, releasing redundant password resources from the password resources currently used by the target application system according to the credit value.
Specifically, when the resource increase/decrease ratio T is a positive value, it is proved that it is necessary to add password resources to the target application system, and then new password resources are loaded according to the score value C, that is, idle password resources are selected from the resource pool and added to the password resources currently used by the target application system. When the resource increase/decrease ratio T is a negative value, it is proved that the password resources need to be decreased for the target application system, and the redundant password resources are released according to the score value C, that is, the redundant password resources are released from the password resources currently used by the target application system according to the score value C.
Therefore, the steps 101 to 103 are repeated until the password resource meets the requirements of each application system.
Therefore, the cooperative and dynamic scheduling method for password resources provided by this embodiment can perform dynamic calculation according to the real-time use state of the password resources in the application of the password service, automatically implement scheduling and allocation of the password resources, effectively solve the problem of dynamic scheduling of the password resources, implement dynamic allocation or release of the password resources according to the increase or decrease of the business demand, and optimize the reasonable use of the password resources, thereby improving the utilization rate of the password resources and the efficiency of the password service. And then solved the unable dynamic scheduling and optimal configuration password resource that exist among the prior art to lead to the technical problem that the utilization ratio of password resource is low, password service efficiency is poor.
Exemplary System
Fig. 5 is a schematic structural diagram of a cooperative dynamic scheduling system for cryptographic resources according to an exemplary embodiment of the present invention. As shown in fig. 5, the present embodiment includes: the demand information acquisition module is used for acquiring password resource demand information corresponding to the target application system; the decision module is used for calculating the load value of the password resource currently used by the target application system based on a preset decision algorithm and judging whether the password resource scheduling needs to be carried out on the target application system or not according to the load value; and the resource scheduling module is used for scheduling the password resources of the target application system according to the password resource demand information, the load value and a preset scheduling strategy under the condition that the password resources of the target application system need to be scheduled, wherein the resource pool is used for storing the password resources in a centralized and classified manner.
In one embodiment, the decision module comprises: the running information acquisition unit is used for acquiring running information of the password resources corresponding to all the application systems; the single load value calculation unit is used for calculating the load value of each password resource in the resource pool according to the password resource operation information; and the total load value calculation unit is used for calculating the total load values of all the password resources currently associated with the target application system according to the basic information and the load values of each password resource, and the total load values are used as the load values of the password resources currently used by the target application system.
In one embodiment, the single load value calculation unit is specifically configured to: determining a first ratio of the operational performance and the total performance of the current cryptographic function according to the running information of the cryptographic resource; determining a second ratio of the number of concurrent connections to the maximum nominal number of concurrent connections according to the password resource operation information; determining the resource occupancy rate of a target application system according to the running information of the password resources; and determining the load value of each password resource in the resource pool based on the first ratio, the second ratio and the occupancy rate of the target application system resource.
In one embodiment, the overall load value calculating unit is specifically configured to: calculating the capability value scores of the password resources currently associated with the target application system as load weight values according to the nominal information of the password resources currently associated with the target application system; and calculating the total load value of all the password resources currently associated with the target application system according to the load value of each password resource in the resource pool and the load weight value of each password resource currently associated with the target application system.
In one embodiment, the decision module further comprises: the comparison unit is used for comparing the load value of the password resource currently used by the target application system with a preset password resource scheduling threshold value; and the judging unit is used for judging whether the password resource scheduling needs to be carried out on the target application system according to the comparison result.
In one embodiment, the resource scheduling module includes: the ability scoring value calculating unit is used for calculating the ability scoring value of each password resource in the resource pool according to the calculating ability and the parameters of the initial password resource; the password resource total score calculating unit is used for obtaining the capability scores of all password resources currently associated with the target application system and calculating the password resource total score; the resource increase and decrease ratio calculation unit is used for calculating the resource increase and decrease ratio of resources needing to be increased or decreased according to the difference value between the load value and a threshold median value, wherein the threshold median value is the average of a preset highest threshold value and a preset lowest threshold value; the score calculating unit is used for calculating the score of the difference between the load value and the median of the threshold value according to the total score of the password resources and the resource increase and decrease ratio; and the password resource allocation unit is used for scheduling the password resources of the target application system according to the resource increase and decrease ratio and the score value and according to needs.
In one embodiment, the cryptographic resource allocation unit is specifically configured to: when the resource increase and decrease ratio is a positive value, selecting idle password resources from the resource pool according to the score value and increasing the idle password resources to the password resources currently used by the target application system; and when the resource increase and decrease ratio is a negative value, releasing redundant password resources from the password resources currently used by the target application system according to the credit value.
In one embodiment, the cooperative dynamic scheduling system for cryptographic resources further comprises: and the resource monitoring module is used for monitoring the password resource requirements of each application system and the running state of the associated password resources and acquiring various running parameters from the password resources so as to acquire the password resource requirement information and the password resource running information corresponding to each application system.
In one embodiment, the cooperative dynamic scheduling system for cryptographic resources further comprises: the resource pool is used for storing each operation resource and each password resource in a centralized and classified manner; the basic information collection module is used for collecting the password resource demand information, the password equipment operation capacity and the operation parameter information of each application system; and the basic configuration module is used for distributing a corresponding number of fixed password service units and password resources for each application system from the resource pool according to the password resource demand information.
In one embodiment, the cooperative dynamic scheduling system for cryptographic resources further comprises: and the parameter configuration module is used for setting the password resource scheduling threshold of each application system according to the collected password resource demand information of each application system.
Referring to fig. 5, the cooperative dynamic scheduling system for cipher resources provided by the present invention includes a basic configuration module, a parameter configuration module, a resource pool, a decision module, a resource scheduling module, and a resource monitoring module.
The basic configuration module is mainly used for collecting service requirements, computing capacity of the password equipment and parameter information. And distributing a corresponding number of fixed password service units and password resources to the application system according to the service requirements. When the resource monitoring module monitors that the data flow of the application system is stable, the password service is completed by the fixed password service unit and the password resource. And when the traffic volume changes, starting the password resource cooperative dynamic scheduling system to perform dynamic resource allocation.
The parameter configuration module is mainly used for setting a password resource scheduling threshold value of a specific service application system according to the operational capability of the password equipment and the parameter information.
The resource pool is mainly used for storing operation resources, password resources and the like in a 'pool' in a centralized and classified manner, extracting the resources as required and releasing the resources when the demands do not exist. The system comprises a hardware crypto machine resource pool, a virtual crypto machine resource pool and a key database resource pool. The hardware cipher machine resource pool mainly comprises a hardware cipher machine cluster which is used for providing cipher operation functions, including a symmetric algorithm, an asymmetric algorithm and a digest algorithm, and simultaneously providing a security protection function for a security system core element key. The virtual cryptographic machine resource pool mainly comprises a virtual cryptographic machine cluster which is mainly used for partitioning hardware resources through a virtualization technology, multiple virtual machines are simulated on a physical host, functions of the virtual cryptographic machine are consistent with those of an entity machine, and the utilization rate of the hardware resources is enhanced. The key database resource pool is mainly used for realizing the isolated storage of the keys of each application system.
The decision module is mainly used for calculating a password resource load value by adopting a comprehensive calculation strategy according to the collected password resource operation information, and then judging whether the password resource corresponding to the application system needs to be dynamically adjusted or not to generate decision information.
The resource scheduling module is mainly used for allocating various resources in the resource pool to the corresponding application system according to the password resource requirements and the resource scheduling decision information of each application system provided by the resource monitoring module.
The resource monitoring module is mainly used for monitoring the password resource requirements of each application system and the running state of the password resources, acquiring various running parameters of the password resources from the password resources and sending the running parameters to the resource scheduling module at regular time.
Therefore, after combining the system and method for cooperative dynamic scheduling of password resources proposed in this embodiment, the method for cooperative dynamic scheduling of password resources can be implemented by using the system for cooperative dynamic scheduling of password resources shown in fig. 5, and the implementation steps are as follows:
the first step is as follows: and basic resource allocation, namely firstly collecting service requirements, computing capacity of password equipment and parameter information by a basic allocation module of the password resource collaborative dynamic scheduling system, and then allocating a corresponding number of fixed password service units and password resources to an application system according to the service requirements. When the resource monitoring module monitors that the data flow of the application system is stable, the password service is completed by the fixed password service unit and the password resource. And when the traffic volume changes, starting the password resource cooperative dynamic scheduling system to perform dynamic resource allocation.
The second step is as follows: after collecting the corresponding information, the parameter configuration module of the code resource cooperative dynamic scheduling system sets the code resource scheduling threshold of each application system.
The third step: the resource monitoring module of the code resource collaborative dynamic scheduling system monitors the running state of the code resource in real time, obtains various running parameters from the code resource and sends the running parameters to the decision module in fixed time.
The fourth step: the decision module calculates to obtain a load value by adopting a weighted dynamic adaptation algorithm according to the collected password resource operation information, then judges whether the password resource corresponding to the application system needs to be dynamically adjusted, namely whether the resource needs to be increased or reduced, and sends the decision information to the resource scheduling module.
The fifth step: after receiving the strategy of resource increase, the resource scheduling module selects a certain amount of idle resources and dynamically adds the idle resources to the password resources required to be allocated by the current application. After receiving the strategy of password resource reduction, corresponding resources are recovered from the password resources which provide service for the application system at present, and the resources are marked to be in an idle state in the password resource collaborative dynamic scheduling system.
A sixth step: and repeating the third step to the fifth step until the password resource meets the requirements of each application system.
In the first step, a basic configuration module in the cooperative dynamic scheduling system of the password resources collects the password computing capacity and various parameters of all password equipment resources in the system. The password resource types can include an entity password device and a virtual password device resource. The collected device resource computation capabilities and parameters include: supported cryptographic algorithms, operational performance of each cryptographic algorithm, concurrent connectivity, and the like.
Meanwhile, the parameter configuration module needs to set a password resource scheduling threshold for the application system, including a highest threshold value Simax and a lowest threshold value Simin, and the decision module makes a decision according to the two threshold values, where i represents the ith application system.
In the fourth step, after the decision module collects password resource operation information corresponding to all application systems, a comprehensive calculation method is adopted to obtain a real-time load value Si of each current application system, the current load value Si is compared with an initially set high threshold value Simax and a lowest threshold value Simin for decision, and scheduling information is sent to the resource scheduling module according to a comparison decision result.
The calculation of the real-time load value Si has high complexity, the available operating parameters of each device are more, and the password resource devices corresponding to each application are numerous, so that it is difficult to accurately calculate the comprehensive load of the password resources used by the current application. The invention realizes the dynamic load calculation by a weighted dynamic adaptation algorithm based on the characteristics of the password resource equipment, and can effectively meet the requirement of the actual dynamic password resource scheduling. The specific real-time load calculation process of the service is as follows:
(1) firstly, load calculation for each password resource needs to be realized, and the calculation process is as follows:
1) determining the ratio of the current cryptographic function operation performance to the maximum performance of the resource, accumulating the ratios to obtain X1, and if X1 is greater than 1, revising X1= 1;
2) determining the ratio X2 of the number of concurrent connections to the maximum nominal number of concurrent connections;
3) determining the CPU occupancy rate O and the memory occupancy rate M, and calculating to obtain the resource occupancy rate X3 of a target application system, wherein X3= Min (100, Max (O, M));
4) and calculating by adopting a dynamic adaptation algorithm based on the three numerical values to obtain the load value Sdi of each password resource. If X1=1 or X3=1, Sdi =1, otherwise, the calculation formula is:
Sdi = Min(100, 100*(X1+(W2*X2+W3*X3)/ (W2+W3)))
wherein, W2 is the number of concurrent connections, W3 is the weight value of the CPU memory resource occupancy rate value, the suggested values 10 and 90 can be adjusted according to the actual equipment cryptographic algorithm capability.
And each password resource is a hardware password machine resource or a virtual password machine resource.
(2) And secondly, obtaining the total load value of all the password resources related to the application system according to the basic information of each password resource and the numerical value of the real-time load. The calculation process of the total load value Si of all the password resources related to the application system is as follows:
1) calculating the capability value score Ni of each password resource according to the actual nominal information of the password resource currently associated with the application system, taking the value of 0-100 as the load weight value;
2) and (3) carrying out weighted average according to each password resource load value Sdi obtained in the step (1) and the weight value in the step (1) to obtain an overall load value Si.
Si=(N1*S1+N2*S2+…+Nn*Sn)/(N1+N2+…+Nn)
And the Nn is the capability value score of the nth password resource associated with the service application, and the Sn is the load value of the nth password resource associated with the service application.
In the fifth step, after receiving the resource adjustment strategy, the resource scheduling module determines the amount of the loaded or released resource according to the comparison result of the real-time load value and the threshold value, so as to achieve the final dynamic scheduling of the resource, wherein the specific scheduling resource load amount allocation process is as follows:
(1) calculating the ability score Ni of each password resource according to the calculation ability and parameters of the initial password resource, and taking the value of 0-100;
(2) obtaining the capability scores of all password resources related to the current application, and calculating a total score CALL;
calculating a ratio T of resources to be increased or decreased according to a difference value between the load value and a median of threshold values (mean Savr = (Smax-Smin)/2), wherein T = (S-Savr)/Savr, the resources are required to be increased if T is a positive value, and the resources are decreased if T is a negative value;
(3) calculating to obtain a score value C = CALL | T | of the difference between the load value and the median of the threshold value according to the total score value CALL and the resource increase and decrease ratio calculated in the step (2);
(4) if the password resources need to be added, loading new password resources according to the score value C;
(5) if the password resources need to be reduced, the redundant password resources are released according to the credit value C.
Therefore, the cooperative dynamic password resource scheduling system provided by this embodiment can perform dynamic calculation according to the real-time use state of the password resource in the application of the password service, automatically implement scheduling and allocation of the password resource, effectively solve the problem of dynamic password resource scheduling, implement dynamic allocation or release of the password resource according to the increase or decrease of the service demand, optimize the reasonable use of the password resource, and thereby improve the password resource utilization rate and the password service efficiency. And then solved the unable dynamic scheduling and optimal configuration password resource that exist among the prior art to lead to the technical problem that the utilization ratio of password resource is low, password service efficiency is poor.
Exemplary electronic device
Fig. 6 is a structure of an electronic device according to an exemplary embodiment of the present invention. The electronic device may be either or both of the first device and the second device, or a stand-alone device separate from them, which stand-alone device may communicate with the first device and the second device to receive the acquired input signals therefrom. FIG. 6 illustrates a block diagram of an electronic device in accordance with an embodiment of the present invention. As shown in fig. 6, the electronic device 60 includes one or more processors 61 and a memory 62.
The processor 61 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device to perform desired functions.
The input system 63 may also include, for example, a keyboard, a mouse, and the like.
The output system 64 can output various information to the outside. The output devices 64 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device that are relevant to the present invention are shown in fig. 6, omitting components such as buses, input/output interfaces, and the like. In addition, the electronic device may include any other suitable components, depending on the particular application.
Exemplary computer program product and computer-readable storage Medium
In addition to the above-described methods and apparatus, embodiments of the present invention may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the method of information mining of historical change records according to various embodiments of the present invention described in the "exemplary methods" section above of this specification.
The computer program product may write program code for carrying out operations for embodiments of the present invention in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present invention may also be a computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, cause the processor to perform the steps in the method of information mining of historical change records according to various embodiments of the present invention described in the "exemplary methods" section above of this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The basic principles of the present invention have been described above with reference to specific embodiments, but it should be noted that the advantages, effects, etc. mentioned in the present invention are only examples and are not limiting, and the advantages, effects, etc. must not be considered to be possessed by various embodiments of the present invention. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the invention is not limited to the specific details described above.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts in the embodiments are referred to each other. For the system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The block diagrams of devices, systems, apparatuses, and systems involved in the present invention are merely illustrative examples and are not intended to require or imply that the devices, systems, apparatuses, and systems must be connected, arranged, or configured in the manner shown in the block diagrams. These devices, systems, apparatuses, systems may be connected, arranged, configured in any manner, as will be appreciated by those skilled in the art. Words such as "including," "comprising," "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably therewith. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
The method and system of the present invention may be implemented in a number of ways. For example, the methods and systems of the present invention may be implemented in software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustrative purposes only, and the steps of the method of the present invention are not limited to the order specifically described above unless specifically indicated otherwise. Furthermore, in some embodiments, the present invention may also be embodied as a program recorded in a recording medium, the program including machine-readable instructions for implementing a method according to the present invention. Thus, the present invention also covers a recording medium storing a program for executing the method according to the present invention.
It should also be noted that in the systems, apparatus and methods of the present invention, the various components or steps may be broken down and/or re-combined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the invention. Thus, the present invention is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, the description is not intended to limit embodiments of the invention to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.
Claims (16)
1. A cooperative dynamic scheduling method for cryptographic resources is characterized by comprising the following steps:
acquiring password resource demand information corresponding to a target application system;
acquiring password resource operation information corresponding to all application systems;
according to the password dataSource running information, determining a first ratio X of current cryptographic function operational performance to total performance1;
Determining a second ratio X of the number of concurrent connections to the maximum nominal number of concurrent connections according to the running information of the password resource2;
Determining the resource occupancy rate X of the target application system according to the running information of the password resource3Wherein X is3Min (100, Max (O, M)), O being CPU occupancy, M being memory occupancy;
based on the first ratio X1The second ratio X2And target application system resource occupancy rate X3Determining a load value S for each cryptographic resource in a resource pooldiThe resource pool is used for storing the password resources in a centralized and classified manner; if X11 or X31, then Sdi1, otherwise SdiThe calculation formula of (2) is as follows: sdi=Min(100,100*(X1+(W2*X2+W3*X3)/(W2+W3) In a) of W), wherein W2Is the number of concurrent connections, W3Is the weighted value of the CPU memory resource occupancy rate value;
calculating the capability value score N of each password resource currently associated with the target application system according to the nominal information of the password resource currently associated with the target application systemiAs a load weight value;
according to the load value S of each password resource in the resource pooldiLoad weight value N of each password resource currently associated with target application systemiCalculating the total load value S of all the password resources currently associated with the target application systemiAs a load value of the cryptographic resource currently used by the target application system, Si=(N1*S1+N2*S2+…+Nn*Sn)/(N1+N2+…+Nn) Wherein N isnScoring the capability value of the nth cryptographic resource associated with the target application system, SnA load value for an nth cryptographic resource associated with the target application system;
judging whether password resource scheduling needs to be carried out on the target application system or not according to the load value of the password resource currently used by the target application system;
and under the condition that the password resource scheduling is required to be carried out on the target application system, carrying out the password resource scheduling on the target application system according to the password resource demand information, the load value and a preset scheduling strategy.
2. The method of claim 1, wherein the determining whether the cryptographic resource scheduling for the target application system is required according to the load value comprises:
comparing the load value of the password resource currently used by the target application system with a preset password resource scheduling threshold value; and
and judging whether the password resource scheduling needs to be carried out on the target application system according to the comparison result.
3. The method according to claim 1, wherein the performing cryptographic resource scheduling on the target application system on demand according to the cryptographic resource demand information, the load value and a preset scheduling policy comprises:
calculating the ability scoring value of each password resource in the resource pool according to the calculation ability and parameters of the initial password resource;
obtaining the capability scores of all password resources currently associated with the target application system, and calculating the total score of the password resources;
calculating a resource increase and decrease ratio value of resources needing to be increased or decreased according to the difference value between the load value and a threshold median value, wherein the threshold median value is the average of a preset highest threshold value and a preset lowest threshold value;
calculating the score value of the difference between the load value and the median of the threshold value according to the total score of the password resources and the resource increase and decrease ratio; and
and according to the resource increase and decrease ratio and the score value, carrying out password resource scheduling on the target application system as required.
4. The method of claim 3, wherein the scheduling the target application system for the cryptographic resource according to the resource increase/decrease ratio and the score value comprises:
when the resource increase and decrease ratio is a positive value, selecting idle password resources from the resource pool according to the score value and increasing the idle password resources to the password resources currently used by the target application system; and
and when the resource increase and decrease ratio is a negative value, releasing redundant password resources from the password resources currently used by the target application system according to the score value.
5. The method of claim 1, wherein before obtaining the password resource requirement information corresponding to the target application system, the method comprises:
and monitoring the running state of the password resources associated with each application system, and obtaining each running parameter from the password resources so as to obtain the running information of the password resources corresponding to each application system.
6. The method of claim 1, wherein before obtaining the password resource requirement information corresponding to the target application system, the method comprises:
storing all operation resources and password resources in a centralized and classified manner to construct a resource pool;
collecting password resource demand information, password equipment operation capacity and operation parameter information of each application system;
and distributing a corresponding number of fixed password service units and password resources for each application system from the resource pool according to the password resource demand information.
7. The method of claim 6, further comprising:
and setting the password resource scheduling threshold value of each application system according to the collected password resource demand information of each application system.
8. A cooperative and dynamic scheduling system for cryptographic resources, comprising:
the demand information acquisition module is used for acquiring password resource demand information corresponding to the target application system;
the decision module is used for acquiring password resource operation information corresponding to all application systems; determining a first ratio X of the operational performance and the total performance of the current cryptographic function according to the running information of the cryptographic resource1(ii) a Determining a second ratio X of the number of concurrent connections to the maximum nominal number of concurrent connections according to the running information of the password resource2(ii) a Determining the resource occupancy rate X of the target application system according to the running information of the password resource3Wherein X is3Min (100, Max (O, M)), O being CPU occupancy, M being memory occupancy; based on the first ratio X1The second ratio X2And target application system resource occupancy rate X3Determining a load value S for each cryptographic resource in a resource pooldiThe resource pool is used for storing the password resources in a centralized and classified manner; if X11 or X31, then Sdi1, otherwise SdiThe calculation formula of (2) is as follows: sdi=Min(100,100*(X1+(W2*X2+W3*X3)/(W2+W3) In a) of W), wherein W2Is the number of concurrent connections, W3Is the weighted value of the CPU memory resource occupancy rate value; calculating the capability value score N of each password resource currently associated with the target application system according to the nominal information of the password resource currently associated with the target application systemiAs a load weight value; according to the load value S of each password resource in the resource pooldiLoad weight value N of each password resource currently associated with target application systemiCalculating the total load value S of all the password resources currently associated with the target application systemiAs a load value of the cryptographic resource currently used by the target application system, Si=(N1*S1+N2*S2+…+Nn*Sn)/(N1+N2+…+Nn) Wherein N isnScoring the capability value of the nth cryptographic resource associated with the target application system, SnA load value for an nth cryptographic resource associated with the target application system; judging whether the target application system needs to be accessed according to the load value of the password resource currently used by the target application systemCarrying out password resource scheduling;
and the resource scheduling module is used for scheduling the password resources of the target application system as required according to the password resource demand information, the load value and a preset scheduling strategy under the condition that the password resources of the target application system are required to be scheduled.
9. The system of claim 8, wherein the decision module further comprises:
the comparison unit is used for comparing the load value of the password resource currently used by the target application system with a preset password resource scheduling threshold value; and
and the judging unit is used for judging whether the password resource scheduling needs to be carried out on the target application system according to the comparison result.
10. The system of claim 8, wherein the resource scheduling module comprises:
the ability scoring value calculating unit is used for calculating the ability scoring value of each password resource in the resource pool according to the calculating ability and the parameters of the initial password resource;
the password resource total score calculating unit is used for obtaining the capability scores of all password resources currently associated with the target application system and calculating the password resource total score;
the resource increase and decrease ratio calculation unit is used for calculating the resource increase and decrease ratio of resources needing to be increased or decreased according to the difference value between the load value and a threshold median value, wherein the threshold median value is the average of a preset highest threshold value and a preset lowest threshold value;
the score calculating unit is used for calculating the score of the difference between the load value and the median of the threshold value according to the total score of the password resources and the resource increase and decrease ratio; and
and the password resource allocation unit is used for scheduling the password resources of the target application system according to the resource increase and decrease ratio and the score value and according to needs.
11. The system of claim 10, wherein the cryptographic resource allocation unit is specifically configured to:
when the resource increase and decrease ratio is a positive value, selecting idle password resources from the resource pool according to the score value and increasing the idle password resources to the password resources currently used by the target application system; and
and when the resource increase and decrease ratio is a negative value, releasing redundant password resources from the password resources currently used by the target application system according to the score value.
12. The system of claim 8, further comprising:
and the resource monitoring module is used for monitoring the password resource requirements of each application system and the running state of the associated password resources and acquiring various running parameters from the password resources so as to acquire the password resource requirement information and the password resource running information corresponding to each application system.
13. The system of claim 8, further comprising:
the resource pool is used for storing each operation resource and each password resource in a centralized and classified manner;
the basic information collection module is used for collecting the password resource demand information, the password equipment operation capacity and the operation parameter information of each application system;
and the basic configuration module is used for distributing a corresponding number of fixed password service units and password resources for each application system from the resource pool according to the password resource demand information.
14. The system of claim 13, further comprising:
and the parameter configuration module is used for setting the password resource scheduling threshold of each application system according to the collected password resource demand information of each application system.
15. A computer-readable storage medium, characterized in that the storage medium stores a computer program for performing the method of any of the preceding claims 1-7.
16. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing the processor-executable instructions;
the processor is configured to read the executable instructions from the memory and execute the instructions to implement the method of any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111096001.7A CN113568756B (en) | 2021-09-18 | 2021-09-18 | Cooperative dynamic scheduling method and system for password resources |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111096001.7A CN113568756B (en) | 2021-09-18 | 2021-09-18 | Cooperative dynamic scheduling method and system for password resources |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113568756A CN113568756A (en) | 2021-10-29 |
CN113568756B true CN113568756B (en) | 2022-01-25 |
Family
ID=78173782
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111096001.7A Active CN113568756B (en) | 2021-09-18 | 2021-09-18 | Cooperative dynamic scheduling method and system for password resources |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113568756B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115086015B (en) * | 2022-06-10 | 2024-05-24 | 深圳市东进技术股份有限公司 | Cloud password service platform based on OAuth authentication and password resource allocation method |
CN115913550A (en) * | 2022-12-19 | 2023-04-04 | 北京数盾信息科技有限公司 | Password resource allocation method, device and equipment |
CN116455559B (en) * | 2023-06-15 | 2023-08-25 | 杭州海康威视数字技术股份有限公司 | Implementation method and device of soft and hard collaboration high-speed password equipment and electronic equipment |
CN117170801A (en) * | 2023-08-15 | 2023-12-05 | 华能信息技术有限公司 | Virtual cloud password resource processing method and system |
CN118069356A (en) * | 2024-02-28 | 2024-05-24 | 中国华能集团有限公司北京招标分公司 | Dynamic distribution method and system for password resources |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070180453A1 (en) * | 2006-01-27 | 2007-08-02 | International Business Machines Corporation | On demand application scheduling in a heterogeneous workload environment |
CN105306576A (en) * | 2015-11-10 | 2016-02-03 | 中国电子科技集团公司第三十研究所 | Scheduling method and system for password arithmetic units |
CN105872595A (en) * | 2016-03-31 | 2016-08-17 | 乐视控股(北京)有限公司 | Transcoding task distribution method and device |
CN107040589A (en) * | 2017-03-15 | 2017-08-11 | 西安电子科技大学 | The system and method for cryptographic service is provided by virtualizing encryption device cluster |
CN107465717A (en) * | 2017-06-16 | 2017-12-12 | 广州天宁信息技术有限公司 | A kind of method, apparatus and equipment of password on-demand service |
CN112702210A (en) * | 2020-12-30 | 2021-04-23 | 北京数盾信息科技有限公司 | Quasi-linear scheduling mechanism for cryptographic service capability extension |
-
2021
- 2021-09-18 CN CN202111096001.7A patent/CN113568756B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070180453A1 (en) * | 2006-01-27 | 2007-08-02 | International Business Machines Corporation | On demand application scheduling in a heterogeneous workload environment |
CN105306576A (en) * | 2015-11-10 | 2016-02-03 | 中国电子科技集团公司第三十研究所 | Scheduling method and system for password arithmetic units |
CN105872595A (en) * | 2016-03-31 | 2016-08-17 | 乐视控股(北京)有限公司 | Transcoding task distribution method and device |
CN107040589A (en) * | 2017-03-15 | 2017-08-11 | 西安电子科技大学 | The system and method for cryptographic service is provided by virtualizing encryption device cluster |
CN107465717A (en) * | 2017-06-16 | 2017-12-12 | 广州天宁信息技术有限公司 | A kind of method, apparatus and equipment of password on-demand service |
CN112702210A (en) * | 2020-12-30 | 2021-04-23 | 北京数盾信息科技有限公司 | Quasi-linear scheduling mechanism for cryptographic service capability extension |
Also Published As
Publication number | Publication date |
---|---|
CN113568756A (en) | 2021-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113568756B (en) | Cooperative dynamic scheduling method and system for password resources | |
CN107592345B (en) | Transaction current limiting device, method and transaction system | |
JP6457447B2 (en) | Data center network traffic scheduling method and apparatus | |
US10972344B2 (en) | Automated adjustment of subscriber policies | |
CN109218355B (en) | Load balancing engine, client, distributed computing system and load balancing method | |
CN110276182B (en) | API distributed current limiting realization method | |
CN109165093B (en) | System and method for flexibly distributing computing node cluster | |
WO2015062492A1 (en) | Service processing method, system and device | |
CN104714851B (en) | A kind of method and device for realizing resource allocation | |
KR101287448B1 (en) | Fuzzy control based virtual machine auto scaling system and method | |
JP5000456B2 (en) | Resource management system, resource management apparatus and method | |
CN112165436B (en) | Flow control method, device and system | |
CN111614570A (en) | Flow control system and method for service grid | |
CN108776934A (en) | Distributed data computational methods, device, computer equipment and readable storage medium storing program for executing | |
CN110740164B (en) | Server determination method, regulation and control method, device, equipment and storage medium | |
CN111641563B (en) | Flow self-adaption method and system based on distributed scene | |
CN104375897A (en) | Cloud computing resource scheduling method based on minimum relative load imbalance degree | |
CN103095824A (en) | File uploading control method and system | |
CN115277577A (en) | Data processing method, data processing device, computer equipment and computer readable storage medium | |
US20230273833A1 (en) | Resource scheduling method, electronic device, and storage medium | |
CN115033340A (en) | Host selection method and related device | |
US20130166751A1 (en) | Distributed resource management systems and methods for resource management thereof | |
JP2005128866A (en) | Computer unit and method for controlling computer unit | |
CN116546028A (en) | Service request processing method and device, storage medium and electronic equipment | |
CN114449466A (en) | User charging intelligent monitoring method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |