CN116055283A

CN116055283A - Multi-platform unified cloud management system supporting global tenant application resource quota setting

Info

Publication number: CN116055283A
Application number: CN202310324286.8A
Authority: CN
Inventors: 汤铭; 夏飞; 李萌; 杜元翰; 程昕云; 刘喆; 王鹏飞; 宋浒; 王凌; 余竞航; 陈欣; 刘子寒; 沈力; 朱佳佳; 奚梦婷; 陆佳鑫; 查俊杰
Original assignee: Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Current assignee: Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Priority date: 2023-03-30
Filing date: 2023-03-30
Publication date: 2023-05-02
Anticipated expiration: 2043-03-30
Also published as: CN116055283B

Abstract

The invention discloses a multi-platform unified cloud management system supporting global tenant application resource quota setting, which comprises a display layer, a service supporting layer, a platform layer and a data integration interface layer; the platform layer comprises a plurality of platform resources; the service support layer is used for providing various service logics used by the unified cloud management system, and centrally managing and coordinating service call among all subsystems; the business supporting layer comprises a security management unit, a resource view module, a service view module and an application view module. The method and the system can support the application resource quota of the globally set tenant, further improve the advancement, the safety, the benefit efficiency and the matched service of each regional platform, meet the digital management requirement, effectively support the construction and development of each business application and improve the use experience of the tenant.

Description

Multi-platform unified cloud management system supporting global tenant application resource quota setting

Technical Field

The invention relates to the technical field of multi-platform resource management, in particular to a multi-platform unified cloud management system supporting global tenant application resource quota setting.

Background

With the gradual development of emerging services such as energy Internet and the like, the change of the power grid service deployment mode brings new requirements to the cloud platform. On the basis of meeting the requirements of data center platform and internet of things platform support, the cloud platform needs to further improve the advancement, safety, benefit efficiency and matched service of the platform so as to meet the requirements of digital management and effectively support the construction and development of various business applications.

At present, each basic platform has independent access entrance, cannot support the application resource quota of the global setting tenant, and needs to be further improved from the aspects of standardization and unified management.

The invention with the publication number of CN114553865A discloses a heterogeneous hybrid cloud system architecture design method, under the network-cloud-edge-end architecture, the overall architecture design capacity is used as traction, an end system and a heterogeneous hybrid cloud platform of a public cloud data center are designed, and the end system and the public cloud data center are integrated transversely and integrally through the public cloud data center and n end systems to form an end system and public cloud data center integrated heterogeneous hybrid cloud platform; according to the service requirement, data fusion analysis and calculation are carried out on a big data calculation engine, related achievements with sharing are pushed to a data center or an active system, a training migration model for cross-end system communication with a public data center is built, the training migration model is uniformly distributed to a data center algorithm model library in an atomic assembly mode, and the joint data service of a plurality of primary functional packages for searching and accessing heterogeneous resources of an end system is realized. The invention with the publication number of CN113706101A provides an intelligent system architecture and a method for power grid project management, wherein the intelligent system architecture comprises a heterogeneous cloud platform, a data center platform, a project management center platform and a polymorphic application platform; providing an infrastructure by the heterogeneous cloud platform; the data center is used for storing data assets in the form of blockchains, distributed databases and data warehouses; the project management console accesses data assets of the data center according to the acquired project information, and analyzes and processes the data assets according to business requirements and technical requirements of project management; and packaging the processed data into a group of business micro-services, data micro-services and message processing micro-services, and providing the business micro-services, the data micro-services and the message processing micro-services for the user to apply in a multi-form. The invention improves collaborative management efficiency, improves project intelligent management level, and promotes the power grid enterprise to change from flow driving to data driving. However, none of the similar techniques involve the technical problem of globally setting up application resource quotas for tenants.

Disclosure of Invention

Aiming at the defects in the prior art, the invention provides a multi-platform unified cloud system supporting the application resource quota of the globally set tenant, which can support the application resource quota of the globally set tenant, further improve the advancement, the safety, the benefit efficiency and the matched service of each regional platform, so as to meet the digital management requirement, effectively support the construction and development of each business application and improve the use experience of the tenant.

In order to achieve the above purpose, the present invention adopts the following technical scheme:

a multi-platform unified cloud management system supporting global tenant application resource quota setting, wherein the unified cloud management system is used for respectively deploying a plurality of cloud management nodes in a main company data center according to cloud platform types, accessing a sub-company data center as a regional node into the corresponding cloud management node, and completing network deployment of the unified cloud management system; the data center refers to a set of all cloud platforms in the same geographic location; the main company side information management platform performs tenant data interaction with the unified cloud management system and the subsidiary company side information management platform respectively to form a two-stage collaborative operation and maintenance system;

the unified cloud management system is constructed based on a micro-service architecture and comprises a display layer, a service supporting layer, a platform layer and a data integration interface layer;

The platform layer comprises multi-platform resources including an Ardisia cloud, a Hua Chen cloud, openStack, VMware and physical machine resources, and the multiple platforms are arranged based on a hierarchical frame;

the service support layer is used for providing various service logics used by the unified cloud management system, and centrally managing and coordinating service call among all subsystems; the service support layer comprises a security management unit, a resource view module, a service view module and an application view module; the security management unit comprises an alarm view module, a vulnerability patch repair module, a security policy issuing module, a tenant view module and a platform version management view module;

the resource view module is used for managing the resource capacity and the service condition of each area, and comprises a physical equipment layer function and a virtual equipment layer function;

the service view module is used for managing the instance creation condition of each service, the resource occupation condition of the service in the whole network and the area, the supporting condition of the service on the application and the loading condition of the service instance;

the application view module is used for managing the supporting condition of service resources of each region to the application, including the deployment condition of the management application in each region, the load condition of each application in each region, the local deployment architecture topology of the management application, the resource occupation condition of the management application in the whole network and region, the use condition of the management application to PaaS service and the hot spot application analysis;

The tenant view module is used for making virtual prices for all services in combination with market quotations, metering and charging service use conditions of tenants, and reflecting service use costs of the tenants through virtual fees; the tenant view module is also used for hierarchically managing the resource quota and the virtual cost of each tenant;

the platform version management view module is used for regularly calling a component list and version numbers of components contained in each regional platform, and making a platform component version upgrading strategy according to a calling result so as to uniformly upgrade the components;

the vulnerability patch repair module is used for unified recording and repair design of vulnerability patches;

the security policy issuing module is used for formulating a unified security configuration policy according to headquarter security protection requirements, and issuing the formulated unified security configuration policy to cloud management nodes and all regional nodes for execution;

the alarm view module is used for organically integrating and uniformly controlling the operation indexes of different monitoring tools scattered in a plurality of cloud platforms, counting the number of alarms in each area according to the level, displaying the health state of the whole cloud platform and supporting to check the alarm information above the preset alarm level in each area;

The data integration interface layer is used for providing the integration interfaces of the display layer, the service support layer, the platform layer and the third party system to perform interaction of configuration information;

the display layer provides self-service functions for personnel with different roles and comprises an operation and maintenance view module, an operation view module and an optimization suggestion module; the operation and maintenance view module is used for daily service deployment, host management and operation statistics operation; the operation view angle module is used for daily worksheet flow statistics, coordination statistics of each organization department and resource use condition statistics of each department; the optimization suggestion module is configured to provide a large screen view function and to provide an optimization suggestion report based on historical data.

The beneficial effects of the invention are as follows:

firstly, the multi-platform unified cloud management system supporting the application resource quota of the global setting tenant can support the application resource quota of the global setting tenant, further improves the advancement, the safety, the benefit efficiency and the matched service of each regional platform, meets the digital management requirement, effectively supports the construction and development of each business application, and improves the use experience of the tenant.

Secondly, the multi-platform unified cloud management system supporting global tenant application resource quota setting organically integrates independent information originally scattered in each monitoring tool, realizes centralized monitoring, centralized display and centralized alarm of multiple platforms, simultaneously realizes tenant isolated resources, supplements a multi-platform cloud resource instance running state alarm short board, and improves multi-platform running monitoring capability.

Drawings

Fig. 1a is a schematic diagram of an overall functional architecture of a multi-platform unified cloud system supporting globally set tenant application resource quotas in an embodiment of the invention; fig. 1b is a schematic technical architecture diagram of a multi-platform unified cloud system supporting global tenant application resource quota setting in an embodiment of the present invention;

FIG. 2 is a schematic diagram of a logical deployment architecture of a multi-platform unified cloud system supporting global set tenant application resource quotas in an embodiment of the invention;

FIG. 3 is a schematic illustration of a Hua-as proprietary cloud nanotube ingress interface;

FIG. 4 is a schematic diagram of resource pool parameter settings;

fig. 5a to 5f are exemplary diagrams of configurations of the vSphere single-node IaaS service directory; wherein, fig. 5a is a schematic diagram of a newly created service configuration window; FIG. 5b is a schematic diagram of a cloud resource configuration window; FIG. 5c is a schematic diagram of a network configuration window; FIG. 5d is a user window schematic; FIG. 5e is a schematic view of a disk window; FIG. 5f is a schematic diagram of an application software resource parameter configuration;

FIG. 6a is a schematic diagram of an operation license definition; FIG. 6b is a schematic diagram of a service deployment operation license definition;

FIG. 7 is a resource versus software diagram;

FIG. 8 is an application topology information presentation diagram;

FIG. 9a is a classical mode example diagram; FIG. 9b is an expert mode example diagram;

FIG. 10 is a graph of quota and actual usage occupancy and trend examples;

FIG. 11 is a diagram of an example role management;

FIG. 12 is an exemplary diagram of a severe alert home page;

FIG. 13 is an overview illustration of cloud host performance;

FIG. 14 is an illustration of a predictive alert;

FIG. 15 is a schematic view of a resiliently flexible arrangement;

FIGS. 16a to 16c are schematic views of the war packet update flow; wherein FIG. 16a is a pipeline task configuration diagram; FIG. 16b is a diagram of an example construction of war packets; fig. 16c is a diagram of a download address acquisition example.

Detailed Description

The invention will now be described in further detail with reference to the accompanying drawings.

It should be noted that the terms like "upper", "lower", "left", "right", "front", "rear", and the like are also used for descriptive purposes only and are not intended to limit the scope of the invention in which the invention may be practiced, but rather the relative relationship of the terms may be altered or modified without materially altering the teachings of the invention.

The embodiment discloses a multi-platform unified cloud management system supporting global tenant application resource quota setting, wherein the unified cloud management system is used for respectively deploying a plurality of cloud management nodes in a main company data center according to cloud platform types, accessing a sub-company data center serving as a regional node to a corresponding cloud management node, and completing network deployment of the unified cloud management system; a data center refers to a collection of all cloud platforms in the same geographic location. Referring to fig. 2, the main company side information management platform performs tenant data interaction with the unified cloud management system and the sub company side information management platform respectively to form a two-stage collaborative operation and maintenance system. For example, the unified cloud management system is first-level deployed on the cloud, the main company data center is respectively deployed with an Ari cloud management node and a Hua cloud management node, and is connected to a company unified cloud management platform, each subsidiary company is respectively connected to the company Ari cloud management node and the Hua cloud management node as regional nodes, so that a two-level cooperative operation and maintenance system with the main parts of the main company and the province (city) company is constructed, and the construction requirement of one cloud of the company is met. The unified cloud management center node can manage and control resource management of the headquarter/province data center, virtual network management, batch execution of host operation and maintenance commands, batch file issuing and monitoring data acquisition. As shown in fig. 2, provincial (municipal) companies have all rights of the local area node, and can realize all management and operation and maintenance work on the local area node cloud; the unified cloud management system performs unified management and flexible scheduling on the IT resources of the company, pushes the platform assembly version to be unified and synchronously updated, and issues the security policy uniformly; the unified cloud management system and the headquarter SG-I6000 realize the synchronization of the standing account data and the work order data, and then the headquarter SG-I6000 realizes the interaction of the standing account data and the work order data of the provincial side SG-I6000, so that a two-stage collaborative operation and maintenance system is formed.

The unified cloud system of the embodiment integrally adopts a hierarchical design and is divided into a platform layer, a service supporting layer, a display layer and a data integration interface layer. The overall functional architecture is shown in fig. 1a, and the technical architecture is shown in fig. 1 b. The unified cloud management system is deployed on the cloud, a first-level deployment mode and a distributed deployment mode are adopted, the deployment mode simultaneously considers high availability and transverse expansibility, any one application node or database node physical machine fails, the unified cloud management system can continue to provide services, and more virtual machine nanotubes and user accesses can be supported by adding nodes to the application cluster.

The display layer mainly provides self-service functions for personnel with different roles, is oriented to operation and maintenance views of operation and maintenance personnel, can perform daily service deployment, host management, operation statistics and other operations, is oriented to operation views of operators, and can perform daily work order flow statistics, cooperation statistics of each organization department, resource use condition statistics of each department and the like. In addition, a large screen view function is provided for facilitating the overall understanding of the resource use condition. And intelligent analysis is performed according to the historical data, and an optimization suggestion report is provided. The display layer is used for displaying the system platform outwards and comprises a plurality of types of modules, including a dashboard, a report, a large screen display, a page display and the like. The technical option can use AngularJS, grafana, vue front end frames and the like.

The service support layer unifies various service logics used by the cloud management platform system, centrally manages and coordinates service call among all subsystems, is a core management platform of the unified cloud management platform, can use consul, rabbitMQ, tomcat, prometheus, logstash, restFul interfaces and the like in technical selection, and mainly has the following functional points:

the resource view is mainly used for checking the resource capacity and the service condition of each area and comprises the functions of a physical device layer, a virtual device layer and the like.

The service view comprises an instance creation condition of each service, a resource occupation condition of the service in the whole network and the area, a supporting condition of the service to the application and a loading condition of the service instance.

An application view supporting to view the supporting condition of service resources of each area to the application, including viewing the deployment condition of the application in each area; checking the load condition of each application in each area; viewing a local deployment architecture topology of the application; checking the resource occupation condition of the application in the whole network and the area; checking the service condition of the PaaS service by the application; hotspot application analysis, etc.

And the tenant view establishes virtual prices for all services in combination with market quotations, measures and charges service use conditions of the tenant, and more intuitively reflects service use cost of the tenant through the virtual fees, thereby being convenient for more accurate cost control. Support to view resource quota, virtual fees, etc. of each tenant in a hierarchical manner.

And (3) platform version management, namely checking a component list and version numbers of components contained in each regional platform, so that a platform component version upgrading strategy can be formulated conveniently, and the components can be upgraded uniformly.

And repairing the loopholes, wherein the loopholes comprise unified records and repairing designs of the loopholes.

And issuing a security policy, namely formulating a unified security configuration policy according to headquarter security protection requirements, and issuing the policy to each cloud pipe node for execution.

And the alarm view module is used for organically integrating and uniformly controlling the operation indexes of different monitoring tools scattered in a plurality of cloud platforms, counting the number of alarms in each area according to the grade, displaying the health state of the whole cloud platform and supporting to view the alarm information above the preset alarm level in each area.

The platform layer is mainly all cloud platform resources existing in the current national network, mainly an Ali private cloud, a Hua private cloud, openstack, VMware and physical machine resources. Meanwhile, based on the hierarchical framework, new platform types can be flexibly expanded, the nanotubes of various IT resources are realized, and management is performed in a unified view and a unified management mode. The platform layer (data layer) is used for unifying data storage of cloud management platform data, and comprises a plurality of storage modes of persistent storage, cache and shared storage, and MySql, redis, NFS and the like can be used for technical selection

The integrated interface layer is convenient for integrating the unified cloud management system with the existing IT management system and comprises an information management platform (such as I6000 in fig. 2), SSO, a software center and the like so as to realize the serial connection of multiple systems and realize the interaction of configuration information, thereby improving the overall IT management level through the cloud management platform.

The multi-platform unified cloud management system of the embodiment comprises functional modules such as organization, resource set, role, user, resource change, authority change and the like, and takes tenant as a leading part to perform unified management on all types of cloud platforms of a main company and each sub-company. The functional modules are described as follows:

and (3) an organization module: the method can be regarded as a department, an organization and the like, and an operation subject concept, and resources are belonged to the lower part of a certain organization.

A resource set module: the set of specified resources may be used as items. The resources are in fact among a set of resources that are attributed under a certain organization. The resource set must be subordinate to a certain organization and cannot be managed across organizations.

And a role module: various rights are given to different roles, and the same user can contain one or more roles.

And (3) a user module: the applicable objects of the resource set, a plurality of users with the same authority can be divided into the same user group, an organization can contain a plurality of users or user groups, and the resource set and the users are in a many-to-many relationship.

Resource and authority changing module: the change module comprises resource change and authority change and is used for modifying the range and the control authority of the resource which can be controlled by the user.

Taking a newly built sub-company department and related tenants as an example, firstly, a head office administrator calls an organization module to create a corresponding department in each platform, then calls a user module to create the department tenant, and divides the same authority tenant into the same user group, and secondly calls a role module to assign multi-platform resource authorities to single users or user groups. When the tenant resources are needed to be distinguished in the same department, the resource set module can be called again, and the resources of the tenant in the multi-platform are further refined. When the tenant use resource needs to be changed, a resource changing module is used.

The split modules will be described in detail below with reference to the accompanying drawings. It should be noted that, the text parts such as the IP address, the analysis result, the project name and the like in the drawing are only for illustrating the functions of the software modules and components included in the system, and are irrelevant to the technical scope of the present embodiment.

1. Resource view module

The resource view module comprises a multi-cloud docking component, a resource query component, a resource pool management component, an inventory resource nanotube component, an IP address pool management component, a capacity analysis component and a cloud host use management component.

The multi-cloud docking assembly is used for unifying various cloud resources of the nano-tube data center, interacting with the multi-cloud platform through an API, and expanding and supporting any proprietary cloud, public cloud, heterogeneous cloud, container cloud and other platforms in a plug-in mode. Fig. 3 is a schematic diagram of a proprietary cloud nanotube inlet interface. The service steps are as follows: clicking an adding operation by a tenant manager and an infrastructure manager; inputting a docking configuration operation by a tenant administrator and an infrastructure administrator; click verification, verifying whether the input content is correct; click submission, prompt success of docking and success of cloud platform docking.

The resource inquiry component collects the resource use condition of a plurality of cloud platforms, the resource capacity and the use condition of each area, and performs resource state information inquiry of various resource types of computing resources, network resources and storage resources of a physical equipment layer and a virtual equipment layer through various display modes of a report form and an instrument panel. The resource inquiry assembly can check the resource use condition of cloud platform and ali cloud platform through various display modes such as a report, an instrument panel and the like, and the resource capacity and the use condition of each area comprise the functions of a physical equipment layer, a virtual equipment layer and the like. The system comprises a plurality of resource types such as computing resources, network resources, storage resources and the like, wherein the computing resources can be used for checking each Region, the total capacity of each available area resource, the used condition and the available condition. The resource query component provides an overview view for viewing the current state of the data center and the last 7 days of state information. A data center refers to a collection of all cloud platforms at one geographic location. In the data center interface, the user can see the distribution diagram of the data center, and the state and the use condition of the CPU, the memory, the storage, the cloud host and the physical host of each data center at present, and can enter a full-screen mode for viewing.

The resource pool management component maps the resources in the butted cloud platform into one or more logical resource pools through the self-defined resource pools, associates the resource pools with tenants, and performs free cutting and quota management on the resource pools, so that the specified resource pools use specified computing resources, storage resources and network resources in one cloud platform, and the consumption of the resources allowed to be used by the tenants is specified. The service steps are as follows: the tenant manager/infrastructure manager clicks the added resource pool, inputs cloud platform resource information and the like; selecting network resources, storage resources and computing resources; quota management operation is carried out on resources such as CPU, memory, network and the like; configuring a resource pool label; and importing the stock resources into the nano tube.

The stock resource nanotube assembly automatically synchronizes virtual machines from each cloud platform by docking with a cloud platform controller, and the nanotubes virtual machines reach a specified organization or project; in the process of nano-tube, the IP and configuration of the virtual machine are kept as they are, the user service is not affected, and the stock virtual machine is smoothly brought into the management system of the unified cloud management system; after the virtual machines are stored in the nano tube, the running state of the original virtual machines is not influenced, and full life cycle management of the virtual machines is provided for users, wherein the full life cycle management comprises configuration information collection, daily operation and maintenance operations (such as start-stop and migration and the like), automatic expansion and retraction based on strategies and resource recovery; the unified cloud management system belongs the virtual machines to corresponding service groups and projects when the stock virtual machines are managed by the nano-tubes, and lays a foundation for further realizing the fine management of resources and metering and charging according to an organization architecture. The stock virtual machine of the nano tube inherits the original cluster and resource pool management subordinate relation, and the project and the owner are appointed to reconstruct the original subordinate relation when the nano tube is processed. Virtual machine full lifecycle management: including adding monitoring, starting, restarting, stopping, snapshot management, online migration, adding disks, expanding disk space, LVM management, remote execution of scripts, remote terminal access, unloading of virtual machines, etc.

In a multi-cloud environment, applications crossing different cloud platforms are more prone to using the IP addresses of the same network segment, IP address conflict frequently occurs in the scene, and the unified cloud management platform can well solve the problems through unified management of the IP pools crossing the clouds. The functions of planning, detecting, distributing and the like of the IP are realized through the cross-cloud IP pool management. The unified management of the IP pools of the unified cloud management platform supports the division of finer granularity IP sections in the sub-network, gives names to the IP pools, facilitates the selection of a proper IP pool when a user configures service or applies for resources, and supports the occupation of manual marking and the release of IP addresses in the IP pools. Specifically, the IP address pool management component comprises a resource pool adding plug-in, a resource pool configuration plug-in, an IP address field configuration plug-in and an IP address recording plug-in; the resource pool adding plug-in is used for newly building a resource pool in the subnet; the resource pool configuration plug-in is used for carrying out parameter configuration on the newly-built resource pool; the IP address field configuration plug-in is used for carrying out IP address field configuration and management on the newly-built resource pool; the IP address recording plug-in is used for recording the used IP address state. Examples of creation and use of IP pools are as follows: entering an infrastructure/IP pool and selecting an added resource pool (which can support a common IP pool and an F5 IP pool); inputting a resource pool name, CIDR, gateway, DNS and the like, as shown in FIG. 4; the IP address field range is configured, and specific IP addresses can be checked, released and reserved on the same interface; the IP pool automatically records the used IP, and prevents the IP from being repeatedly distributed. The service steps are as follows: creating an IP pool by a tenant manager and an infrastructure manager; inputting information such as names, descriptions, CIDR, gateways, DNS and the like; configuring an IP range, and inputting a start IP and an end IP; clicking to determine that the IP pool is configured successfully; the IP address status is queried, available, occupied, reserved, etc.

The capacity analysis component is used for analyzing and displaying the resource consumption trend, including analyzing the occupation condition of the resources of the service group and the capacity condition of the resource pool

The cloud host use management component provides an IAAS resource unified view, which comprises a cloud host overview, cloud host operating system distribution, highest TOP ranking of a CPU use ratio host, lowest TOP ranking of a CPU use ratio, lowest TOP ranking of a memory use ratio, highest TOP ranking of a disk use ratio, lowest TOP ranking of a cloud host, and the like, and is displayed in various display modes such as a bar graph, a pie graph and the like.

2. Service view module

In order to realize self-service, 4 key processes of resource pooling, standardization, automation and self-service are needed, wherein the automation is realized by calling an API or a script by a platform, and other key processes are all needed to be configured in a unified cloud management system. The unified cloud management system is a standardized process for realizing cloud through service arrangement and service management. The service orchestration realizes the standardization of the application model, and the service management realizes the standardization of the deployment parameters.

The service view module includes a service orchestration component, a service configuration component, a service instance management component, and a service resource management component.

The service orchestration component designs an application blueprint based on the TOSCA standard in a blueprint interface in a dragging manner through the blueprint. Blueprints contain the topology of the application, workflow, policies, etc. The blueprint is a core module of the unified cloud system, and the automatic deployment and running state management of the platform are realized based on the blueprint. Blueprint components are divided into infrastructure components and application software components, which are abstractions of the underlying resources and application software, respectively. Blueprint orchestration is directed acyclic complex orchestration of visual resource jobs, supporting multiple task nodes, script execution, file distribution, file backup, HTTP requests, database operations, and the like, supporting both parallel processing and manual intervention. The service steps are as follows: clicking the blueprint design by a software architect to create a new blueprint design model; the left dragging component of the software architect comprises a host, a network, software and the like, and is connected with the right canvas to construct a logical architecture model conforming to the service, and an IaaS service, an IaaS+ service and an IaaS+ PaaS service arrangement model; clicking to verify whether the blueprint model is correct; and (5) saving the blueprint design model.

In this embodiment, the blueprint in the unified cloud system defines a standardized application model, specific resources are not bound, and corresponding resources are allocated according to an available resource pool only when a user applies for self-service, so that indiscriminate deployment and delivery of the same application component (such as MySql) in different environments are realized, and consistency of development-test-production environment deployment is realized. The blueprint layout can be used for performing operations such as adding, editing, deleting, inquiring, cloning, exporting, publishing, putting off the shelf and the like, and supporting the layout and analysis of complex tasks of the directed acyclic graph with multiple job nodes connected in series and parallel. Based on the arrangement capability of the blueprint and the abstract capability of the blueprint component on the multi-cloud resources, the service arrangement component completes the mixed arrangement of the multi-cloud resources, and in an enterprise-level IT environment, the mixed arrangement capability can enable an applicant to apply for deployment of physical machines and cloud hosts in different environments by one key, and install different operating systems in batches to enable the applicant to specify ip. The multi-cloud resource mix orchestration capability of the service orchestration component is divided into three types, iaaS, iaas+ and iaas+paas.

The service configuration component is used for configuring, releasing, modifying and downloading a service catalog, specifically, associating an application blueprint with a service group (comprising personnel and a resource pool in the service group, and an IP allocation strategy of the resource pool can be performed in a mode of IP pool, fixed IP allocation, DHCP and the like), setting an automatic deployment parameter of a software and hardware basic resource, and releasing the service catalog after the configuration is completed; in this embodiment, one application blueprint may correspond to one or more service directories, using different resources, so that one standard application architecture blueprint may be used for multiple environments and multiple scenarios. The service directory may be configured and published by a cloud administrator or by an authorized role, such as a business group administrator. The global shared service directory may be published, or the service directory for a specified service group may be published. Based on the configured application blueprints, corresponding service directories may be generated, including general IaaS services (such as virtual machines, physical machines, cloud load balancing), iaas+ services (including common applications, such as Oracle, webSphere, weblogic, tomcat, mysql, hadoop, spark, etc.), and iaas+ PaaS services.

The main configuration content of the service directory includes: configuring deployment parameters of infrastructure resources and application software resources contained in a service directory; configuring basic information such as names, descriptions, icons and the like of service directory services; configuring lease period, charging mode, approval process and the like of the service; and configuring access rights of the service, including operation control rights of the cloud host. The resource class services supported by the service configuration component include, but are not limited to, virtual machines, physical machines, images, cloud hard disks, cloud routing, public network IP, cloud snapshots, and the like. The following describes the specific configuration by taking the vSphere single-node IaaS service directory as an example:

Firstly, configuring basic information such as names, descriptions, icons and the like of service directory services, as shown in fig. 5 a; configuring lease time, payment mode, approval flow, visible attribution and the like of the service; the relevant parameters of the infrastructure resources required by the service directory can be configured and preset, and whether the parameters are opened to the user to be filled in when the service is applied can be configured, as shown in fig. 5 b; configuring network related services, such as automatic domain adding, IP allocation mode assignment and the like, as shown in fig. 5 c; configuring a new user and supporting setting of a random password, as shown in fig. 5 d; the related parameters of the disk can be set when the virtual machine is configured to be deployed automatically, an automatic data disk can be added, and formatting, capacity expansion and mounting can be performed according to LVM and other modes; some parameters can be selected when the user applies for, as shown in fig. 5 e; the relevant parameters of the application software resource are configured, the preset can be configured, and whether the parameters are opened to the user to be filled in when the service is applied can be configured, as shown in fig. 5 f. The service steps of the service configuration are as follows: clicking service configuration by a software architect, and selecting a blueprint model; configuring parameters such as associated service groups, groups and the like by the configuration service; configuring parameters for components such as a host, a database, a network and the like in service configuration, and selecting virtual machine template management, naming rules and the like, wherein the configuration parameters allow the applicant to modify, allow the approver to modify and the like; and storing and releasing the service configuration to generate the service card.

The unified cloud management system supports creation of virtual machine templates, one virtual machine template corresponding to a plurality of cloud platform templates. The cloud platform template is associated with a template in the vSphere platform or an image in the OpenStack platform. After the virtual machine template and the associated cloud platform template are created, the cloud platform template can be automatically identified according to the cloud platform where the blueprint object is located by directly designating the virtual machine template and the associated cloud platform template in the service configuration component.

An administrator may configure users of different roles, access rights templates for self-service, including operation control rights for cloud hosts and other cloud resource and service deployments, specify what roles are allowed to perform what operations, and whether approval is required before performing the operations, and then associate the templates with the organization architecture, as shown in fig. 6a and 6 b.

The service instance management component is used for reading all service instance information from each region, carrying out statistics management and display, wherein the service instance comprises a cloud host, a database and object storage; the service resource management component is used for reading service resource occupation conditions and application support conditions of the resources of each region from each region, and carrying out statistics management and display; the service instance management component and the service resource management component comprise statistical class indexes and detail class indexes; the statistical class indexes comprise the resource types, the resource quantity, the state distribution condition and the version distribution condition of each region, each department and each project resource partition condition; the detail class index comprises specific resource name, resource configuration information (IP, cpu, memory), resource creation time, latest update time, current latest version, running state, and affiliated departments, projects and owners information. And a plurality of presentation modes, such as pie charts, graphs, bar charts and the like are supported, report presentation is supported, screening can be performed according to a plurality of conditions, including departments, projects, states and the like, and reports can be exported. Report forms, display effects of the instrument panels and support customization of display contents. FIG. 7 is a diagram showing the relationship of resources to software.

3. Application view module

The application view module comprises an application instance information acquisition component, an application deployment management component, an application load management component, an application deployment topology management component, an application pair PAAS service support component and a hot spot application analysis component.

The application instance information acquisition component is used for acquiring the related information of all application instances in each region; the read application examples are all service examples of the alicloud and the Hua cloud including tomcat, nginx, oa, crm application.

The application deployment management component is used for carrying out statistics management and display on index information of all application instances in each region; the index information of the application instance comprises statistics type indexes and detail type indexes, wherein the statistics type indexes comprise application types, application quantity, state distribution conditions and version distribution conditions of all areas, all departments and all project resource partition conditions; the explicit class index includes specific application name, application configuration information (IP, port, JMX parameters, user, password, etc.), resource creation time, latest update time, current latest version, running status, and affiliated departments, projects, owners. The report is displayed in a plurality of display modes (pie charts, graphs, bar charts and the like) and supported, and can be screened according to a plurality of conditions, including departments, projects, states and the like, and meanwhile, the report can be exported.

The application load management component is used for carrying out statistics and display on the load conditions of all application instances in each region. The application examples comprise all service examples of the ali cloud and the Hua cloud, including tomcat, nginx, oa, crm application and the like. And supporting to check the load condition of a specific application, including the application indexes such as connection number, stack memory occupation condition, access user number, network IO and the like.

After the application is wholly deployed, the application deployment topology management component is used for integrating the resource nodes and service deployment information of each application instance, such as which host, software, network and other resources are contained in the application, analyzing the configuration information of each resource node, the connection relation between each resource node and the service deployment relation, generating a corresponding application deployment topology interface, and executing corresponding operations, such as refreshing, starting, stopping, suspending, remote terminal, executing script operations, starting, stopping and the like on the software resources, on each resource node according to an external instruction in the application deployment topology interface. As shown in fig. 8, since the application deployment topology management component collects the resource node and service deployment information of each application instance, the configuration information of each node and the current alarm state, including the operating system version, the IP address, the memory capacity, the total space of the disk, the number of cpus, etc., can also be displayed on the topology interface by adding the corresponding display plug-in, and the alarm information includes the cpu usage, the memory usage, the triggered alarms. If the displayed index gives an alarm, the alarm is generated by adopting different color representation, such as memory usage rate.

The application pair PAAS service support component is used for displaying the support condition of the application resource to the PAAS service in each area, and comprises the relation between the application and the PAAS service, the application heap memory use condition, the application Eden Space use condition, the Old Gen memory use condition, the survivingSpace use condition, the application connection condition, the cache condition, the request condition and the request/response byte condition.

The hot spot application analysis component regularly carries out statistical analysis on application conditions, application development conditions and version update conditions of all areas, and is divided into a stable version, a development version and an internal test version according to application release conditions, analysis is carried out on comprehensive application use conditions, problem feedback conditions and daily maintenance data, hot spot applications are counted, topN ranking is released, and users recommend preferentially in the application process. The statistical application information comprises information such as application name, version type, creation time, application frequency, deployment time consumption, historical problem number and the like.

4. Tenant view module

The tenant view module comprises a charging rule management component, a metering charging component, a resource quota component and a weight and domain dividing component.

The charging rule management component comprises a charging rule setting inlet for providing charging rule setting inlets for different clouds and different resources, wherein a charging rule template adapting to different service scenes is preset in the charging rule setting inlet; the charging rule management component also comprises a charging script plug-in which is used for automatically defining charging prices of various specifications according to the Javascript script input by the user. The charging rule setting mode window is switched through the setting rule mode plug-in, and the charging rule setting mode comprises a classical mode and an expert mode.

In classical mode, the billing script plug-in is not invoked, its unit price is set for different resources. For private cloud and public cloud resources, an administrator directly defines unit prices of all components of different cloud platforms, such as CPU, memory, network IP and bandwidth. As shown in fig. 9 a. In expert mode, a set of charging rules is defined by invoking a charging script plug-in, for example: the types of the california specifications are various, the prices of different specifications are inconsistent, if a single configuration is very complicated, a script supporting Javascript is used for defining a set of charging prices of different specifications of the california, and an example diagram is shown in fig. 9 b. The billing rules support a plurality of monetary units, including Renminbi, dollars, saudi, etc., and the tenant administrator may select one monetary unit in the system configuration.

The metering and charging component collects actual resource consumption details and bill details of each level of organization, and generates a cost analysis page which is used for displaying cost proportion of each department and cost trend taking time as span, and the cost analysis page is respectively displayed aiming at time, cloud platform, resource type, service group, project and owner. The metering and charging component comprises an optimization suggestion functional plug-in, and the optimization suggestion functional plug-in is used for calculating the utilization rate score of each resource according to the average utilization conditions of the CPU, the memory and the disk (the smaller the utilization rate score is, the more idle resources are indicated), obtaining the distribution condition of the idle resources according to the sorting and screening of the utilization rate scores, and reconfiguring the idle resources, so that the resources which are used inefficiently are adjusted in time, and the cost is saved. The service steps of metering and charging are as follows: the tenant manager/infrastructure manager/system manager clicks the metering charging, and defines charging rules; click expense analysis, which can inquire the charging expense of different service groups and projects; clicking the metering charging report forms, inquiring the charging report forms of different service groups and projects, and exporting the report forms; the click expense analysis can inquire the resources with high resource allocation and low resource utilization rate, and can modify the resource allocation by one-click.

The resource quota component configures budget for the whole tenant or the individual tenant according to the organization architecture of the tenant, controls payment resources and applications according to the configured budget policy after the budget is exhausted, and comprehensively plans the consumption of all levels of organization cloud resources by configuring the cost quota of a CPU, a memory, a disk and the like. For example, according to an organization architecture, a resource quota is configured for a service group, and after the quota is reached, a user cannot apply for deploying resources by controlling the available resource capacity of the service group, such as a CPU, a memory, a storage, the number of virtual machines, and the like. The resource quota of the service group and the quota of the resource pool are mutually independent and can be used simultaneously. The resource quota component further comprises a quota analysis report plug-in, which is used for displaying related information such as organizations at all levels, total number of CPU quota, total amount of memory quota, total number of virtual machine configuration, number of cloud hosts, number of cloud resources and the like, and quota and actual allocation usage ratio and trend graph, as shown in fig. 10.

The rights and domain splitting component comprises a role management plug-in, a user management plug-in, a tenant management plug-in and a project management plug-in. The role management plug-in is used for providing operation authorities for configuring different roles to different pages of the platform; for example, the super rights correspond to super administrators, support creation of multiple system administrator users, the system rights correspond to system administrators, tenant levels correspond to business group administrators and business group members, and project levels correspond to project administrators and project members. In addition to the default roles, the role management plug-in also provides entries for system administrators and tenant administrators to customize the roles and their permissions, enabling them to configure the enablement and approval mechanisms of virtual machine operations and service deployment operations based on the roles; for example: virtual machine start-stop, adjust configuration, add disk, telnet, change owners, extend deployment, uninstall deployment, etc. Different operations define different enabling and approving mechanisms for different user roles, as shown in fig. 11. The user management plug-in is used for providing user management function entries including user addition, deletion, disabling, modification and viewing. The tenant management plug-in is used for generating a logic organization structure of a corresponding service group according to an organization architecture of a company entity and managing users, resources and resource quota in the service group; after the unified cloud management system completes the butt joint of each cloud platform account, a plurality of logic resource pools are defined, and different resource pools correspond to different cloud platform resources. The resource pool is associated with the tenant, and the cloud platform which is only allowed to be used by the tenant is limited, so that the range of the tenant in the process of applying, creating and changing the resource is limited. Therefore, tenant management is correspondingly realized through a service group, the logical organization structure of the unified cloud management system supports the creation of a multi-level service group, and the multi-level service group is used for corresponding to the organization structure (department) of an enterprise in the unified cloud management system and comprises a service group manager and service members, and the service group is internally related to a user to which the service group belongs and a resource pool which can be used by the service group. A service group is a logical concept, and entities that need to link users, resources, and resource quotas together can all correspond with a service group, such as a sub-company, a different hierarchy of departments, and so on. The service group has two roles of an administrator and a common member by default, the administrator can configure resources, services and rights of the common member of the service group, the common member can apply for resources owned by the service group, manage application deployment, virtual machine instances and the like owned by the common member, and meanwhile, more service group-level roles are allowed to be defined so as to support different management scenes. The project management plug-in is used for providing a management entrance of a user in the project; the project is the embodiment of the daily project of the enterprise in the cloud management platform, and the project belongs to the business group. The user members in the project can only come from members of the business group in which the project is located, but the user can belong to a plurality of business groups, and therefore can also belong to a plurality of projects. The project may have multiple project administrators. The service steps are as follows: tenant manager/infrastructure manager/system manager defines role rights; creating a service group and a project by a tenant manager/infrastructure manager/system manager; creating a user by the tenant manager/infrastructure manager/system manager, and configuring a service group and roles; configuring a service group manager and a service group member for the service group; project administrators and project members are configured for projects.

5. Alarm view module

At present, for example, the ali cloud and the Hua Chen cloud correspond to a plurality of monitoring tools, for example, the ali cloud has a plurality of monitoring tools such as a space base and an ARMS, but a unified monitoring platform is not provided, various operation indexes are dispersed in different tools, for example, hardware information needs to pass through the space base, micro services need to pass through the ARMS, a unified monitoring display entrance is not provided, and meanwhile, the monitoring capability of tenant isolation and the monitoring alarm capability of specific resource examples are not provided. Therefore, the embodiment provides the alarm view module, which organically integrates the independent information originally scattered in each monitoring tool, covers the comprehensive monitoring system of the hardware layer, the component service layer, the resource instance and the application layer, realizes the centralized monitoring, the centralized display and the centralized alarm of the cloud platform, and provides an important basis for the information communication working decision of the company. Meanwhile, the tenant isolated resources are realized, cloud resource instance running state warning short plates are supplemented, cloud platform running monitoring capability is improved, a more practical and efficient monitoring warning platform is provided for wide on-line operation and maintenance operators, working efficiency is improved, remote quick positioning of on-site running faults is realized, labor cost is saved while normal running of the cloud platform is guaranteed, and good economic benefits are brought.

The alarm view module adopts a three-layer B/S architecture design, and a data service layer supports a Mysql relational database to realize simple processing and storage of data; the application service layer adopts a springboot frame and adopts front-end and rear-end separation to realize basic services such as cloud platform service monitoring, resource monitoring and the like; the foreground page adopts the technologies of Vue, html5, elementui, nodeJs and the like to realize the services of drawing, picture rendering and the like of the visual control. In terms of hardware, the alarm view module adopts a two-level deployment mode, and hardware resources need two parts of network equipment and server equipment, wherein a network switch is divided into a core layer and a convergence layer, and each layer of switch is configured and stacked to realize redundancy. The database server, the application server and the display server are all deployed and in an intranet environment, a distributed deployment scheme is adopted, the deployment mode simultaneously considers high availability and transverse expansibility, any one application node or the physical machine of the database node is failed, the platform can continue to provide service, and more monitoring alarm information nanotubes and user accesses can be supported by adding the nodes to the application cluster. In terms of software, the alarm view module comprises a platform service monitoring component, a platform alarm component, a platform important alarm monitoring component, a resource monitoring management component, a resource alarm component and an alarm management component.

The platform service monitoring component is used for collecting operation information of all resource types, service types and application types in each platform and obtaining service operation conditions of the cloud platform by statistics. The platform service monitoring component collects cloud platform service operation condition data, uniformly displays service operation conditions of the cloud platform, and comprises normal service operation and abnormal service operation, and is realized by mainly acquiring hardware information and micro service information of the cloud platform through a cloud monitoring tool.

The platform alarm component collects alarm information generated by each component of the cloud platform and uniformly displays the alarm information, specifically, statistics and display (including modes of mail, short message and the like) are carried out on the appointed index information of the platform alarm information obtained by the platform service monitoring component, and the appointed index information of the platform alarm information comprises alarm level, alarm number, affiliated departments, affiliated platforms and alarm types. The platform type comprises all service examples of the Arian cloud and the Hua-Chen cloud, including various resource types, service types, application types and the like in the platform.

The important alarm monitoring component is configured to extract all alarm information above a preset alarm level in the platform alarm component, retrieve complete information from the platform service monitoring component for reintegration and display, and notify corresponding alarm information to a corresponding tenant manager, including a resource name, an IP address, an owner, a triggered alarm, a trigger time, and the like, as shown in fig. 12. By clicking on the alarm list, detailed alarm information can be checked, including alarm level, alarm condition, number of alarms, alarm trend chart, time for triggering each alarm, etc.,

The resource monitoring management component is used for counting and displaying the quantity of each resource under the tenant and the utilization rate of each component of the tenant, and comprises a host monitoring plug-in, a cloud host monitoring plug-in and an application monitoring plug-in; the host monitoring plug-in extracts the CPU use condition, the memory use condition and the storage use condition of the host to carry out graphical display, the display indexes comprise the total amount and the used amount of the monitoring object, and particularly, the storage types (such as SSD storage or DataStore) of the monitoring object can be distinguished for storage. Meanwhile, the time span and the interval time of monitoring can be selected according to actual requirements; the cloud host monitoring plug-in graphically displays the system CPU utilization rate, the user CPU utilization rate, the memory utilization rate, the disk IO and the network transceiving packet flow of the virtual machine, and the cloud host performance overview schematic diagram is shown in FIG. 13; the application monitoring plug-in provides corresponding monitoring functions for the automatically deployed common databases and middleware, such as Mysql, oracle, sqlServer, tomcat, weblogic, webSphere, JVM and the like. The resource monitoring management component obtains the resource operation performance data through the cloud component, displays the resource detail according to tenant classification, and mainly displays the use condition of the resources such as ECS, RDS, OSS and the like.

The resource alarm component is used for analyzing the statistical result of the resource monitoring management component, obtaining a resource alarm result according to a self-defined alarm rule (if the CPU utilization rate is more than 90% continuously for 5 minutes, triggering an alarm), monitoring the resource, triggering the alarm, and then sending the resource alarm result and a preset resource optimization rule to a corresponding tenant manager, wherein the key of the resource optimization rule is that the resources are idle resources/overload resources through resource optimization suggestions, and if the memory utilization rate of a single resource is less than 10% continuously for 5 balances, the resources belong to idle resources, and the resources are allocated.

The alarm management component is used for carrying out configuration management on the cloud platform, the alarm strategy of the cloud resource and the triggered alarm, and comprises a cloud platform alarm subscription plug-in, a cloud resource alarm strategy configuration plug-in, a cloud resource alarm notification configuration plug-in, an elastic telescopic adjustment plug-in, a triggered alarm management plug-in and the like. The cloud platform alarm subscription plug-in subscribes to an alarm strategy of a specific cloud platform and then designates triggered operations (such as warning, mail notification and the like) including a vMotion state, a virtual machine switch state, a vphere HA state, a host motherboard battery fan temperature state, a DataStore state and a virtual machine compliance state. The cloud resource alarm strategy configuration plug-in provides an alarm management page, and a user independently opens, disables or edits a certain alarm strategy on the alarm management page, wherein the alarm strategy comprises downtime alarm, threshold alarm and forecast alarm. FIG. 14 is a schematic diagram of a predictive alert configuration that would trigger an alert by setting a threshold based on a time period (e.g., mySQL's current connection number in the past 1 day) to predict that a certain threshold will be reached in a future period (e.g., mySQL's current connection number in the future 1 day). The elastic expansion adjustment plug-in is used for realizing the elastic expansion of service deployment based on the alarm, providing an alarm strategy use interface, and setting the elastic expansion operation after the alarm triggering at the alarm strategy use interface by a user. The triggered alarm management plug-in unit checks and processes the triggered alarms in a unified way, and checks the class of the alarms, the alarm objects, the alarm types, the triggered times, the latest alarm time, the alarm state and the like in a classified way; processing the triggered alarm support such as restoration, suspension and release; the triggered alarm management plug-in can also display the triggered alarms in the form of a trend graph, so that a user can intuitively see the triggering time and the severity of multiple alarms. The service steps are as follows: clicking alarm configuration in service deployment, configuring an alarm strategy and triggering a resource alarm condition; in the alarm strategy process, configuring notification configuration; based on the current alarm condition, configuring an elastic telescopic condition of the alarm to realize alarm closed-loop processing; checking an alarm list generated in a current system; and checking a trend chart generated by a specific alarm in the current system.

6. Operation view module

The operation view module comprises a tenant statistics component, a quota statistics component and a flow statistics component.

The tenant statistics component is used for acquiring the resource usage situation of each tenant, specifically including the resource occupation situation of the tenant, the resource usage situation of the tenant, the resource of the tenant, the member distribution situation and the like, performing statistical analysis on the multi-dimensional data of the tenant, for example, performing trend analysis on a plurality of dimensions such as cloud host application/removal amount, service deployment application/removal amount, CPU usage situation, memory usage situation, storage usage situation, virtual machine usage quantity and the like; in addition, the tenant statistics component is further used for summarizing and analyzing the distribution condition of the resources and members of the tenant, including service group cloud host distribution, service group member number, service group cloud host application trend, cloud host removal trend and service group personnel resource distribution. The quota statistics component is used for acquiring the organizations at all levels, the total number of CPU quota, the total amount of memory quota, the total number of virtual machine configuration, the number of cloud hosts and the number of cloud resources, counting to obtain the quota and the actual allocation usage duty ratio, and analyzing to obtain a duty ratio trend graph; the flow statistics component is used for obtaining historical approval information of each user application, including information such as application type, deployment name, application state, application time and completion time, and generating an approval flow chart of each user application. The user selects an application record and can check the information such as the approval flow, approval progress, historical approval result, approval opinion and the like of the application in a flow chart mode.

7. Operation and maintenance view module

The operation and maintenance view module comprises a work order statistics component, an operation statistics component, a service deployment management component and a cloud host management component.

The work order statistics component comprises a work order application plug-in, a to-be-handled application plug-in and a handled application plug-in; the work order application plug-in is used for checking approval information of all relevant work orders corresponding to the current user; the to-be-handled application plug-in lists all applications which need to be approved by the current user, and simultaneously displays the total quantity and the service condition of the resource pool of the service group in the data center as approval basis to provide a user approval operation entrance; the application plug-in is used for recording and displaying all the applications which are approved by the current user. And listing all applications requiring the current user to examine and approve on the to-be-processed application page, wherein the application information comprises application type, deployment name, application state, application time, completion time and the like. After the user enters the approval page, the system takes the total amount of the resource pool and the service condition of the service group in the display data center as the approval basis, the user can modify the IT service application parameters (for example, the approval policy allows the approval personnel to modify the application parameters), fill in the approval result and the approval opinion, execute the approval operations such as pass, return to the previous stage, reject and the like, and drive the flow of the flow system to enter the next approval link after the approval is completed. The application page is all the applications which are approved by the current user, the application information comprises application type, deployment name, application state, application time, completion time and other information, and one piece of application is selected to check the approval process and the historical approval result of the application, the approval comments and other information. The business steps of the process arrangement are as follows: the tenant manager/infrastructure manager/system manager clicks the flow configuration, and the work order approval flow can be customized; building a work order approval model according to the business condition; the service configuration manages the work order, or is issued as manual work order service, and the work order approval process can be executed by clicking the service card; according to the user roles defined by the worksheet, the worksheet is approved; a management SLA protocol can be defined in the service configuration to realize different service types and different SLA requirements.

The operation statistics component is used for counting all operation and maintenance operations of the platform, including resource application, resource removal, deletion of management information, recovery and the like, and stopping, starting, disk adding and network card adding operations on host resources. The statistics list contains request type, title, service name, operator, business group, project, application state, application time and completion time. The operation statistics component supports a variety of screening conditions including business groups, projects, owners, status, sla status, and the like. The status includes in-process, under approval, rejected, returned, completed, failed, cancelled, etc.

The service deployment management component is used for creating a corresponding blueprint instance for the approved user application, deploying an application environment corresponding to the blueprint, and enabling the user to perform various operations and management on the blueprint in the deployment management interface. The service deployment management component displays all service deployment lists of the current user, and the service deployment management list displays the deployment list and common information owned by the user, including names, service catalogues, deployment states, owners, deployment time, expiration time, cost information and the like. The user selects the desired service deployment or deployments to perform operations such as stopping, reclaiming, telescoping, modifying owners, etc. For example, a user clicks on a particular service deployment to expose deployment details including basic information, deployment topology, operational history, and monitoring information. The user can know the information of the service group/project/user, the occupied resource pool, the used blueprint name, the current month cost/total cost, the deployment time/lease and the like of the service deployment from the basic information. The deployment topology interface graphically exposes the runtime topology of the service deployment in the form of a blueprint. In the deployment process of the service, the deployed components and the components to be deployed are respectively represented by different colors in the deployment topology, and the deployment process is described by matching with detailed words, so that a user can know the progress of deployment conveniently. When the service deployment is completed, all resource examples, names and states are listed, and the user clicks on an example and can jump to the corresponding example interface. Besides the policy that the monitoring alarm module can configure dynamic expansion of resources, a certain node in the self-help appointed service deployment of the user is supported to perform instantaneous or timed expansion, and a newly added node can be automatically registered in load balancing, for example, a tomcat server node is selected to perform expansion, as shown in fig. 15.

The cloud host management component is used for carrying out self-service operation and maintenance operation on all cloud host resources applied by a user, the self-service operation and maintenance operation is mainly divided into operation and maintenance operation and resource changing operation, and the operation and maintenance operation and the resource changing operation are realized by providing a cloud host list interface. Specifically, the user views common information of the cloud host in the cloud host list interface, including an instance name, a service group to which the user belongs, a current state, an IP address, an instance owner, whether monitoring is built in, a monthly unit price, an aggregate fee, and the like. The user selects a plurality of cloud hosts to start, suspend, stop, restart, execute scripts, modify owners, etc. in batch, taking the label set as an example: the method is convenient for users to classify, quickly search and analyze the resources according to different attributes. After clicking a certain cloud host, the user displays detailed information of the cloud host, including information of the host, specifically including: manufacturer, model, IP, CPU specification and memory, hard disk size and utilization, applicant and status, etc. The user performs normal operations on the cloud host, such as startup, shutdown, restarting, web remote terminal, disk addition, online migration, and the like, and all the operations can control whether to open to the user and whether to add approval process through rights management. In the process of using the cloud host, a user can apply for a snapshot to the applied cloud host so as to realize backup to the state of the system at the moment. Presentation and full life cycle operation of the snapshot is provided at the snapshot information interface. The snapshot information and the relation among the snapshots are displayed in a tree form, and a user can delete the snapshots, roll back the snapshots and the like of the specified snapshots. The user can log in the virtual machine through the VNC and the fort machine. In the process of using the cloud host, the cloud platform display name, the hostname and the login password of the cloud host can be changed on the unified cloud pipe in a self-service manner, and the super administrator authority of the non-root user can be given. In the cloud host list interface, the operation of resource change can be performed on the cloud host besides the conventional operation and maintenance operation, and a user can perform operations such as configuration adjustment, disk capacity expansion, network card addition/deletion and the like on the cloud host on a unified cloud host system. The service steps of the life cycle are: the logger clicks the service catalogue, selects the service card, and applies for resources by self; the resource application enters an approval link, and an approver considers whether to allow the application in compliance; triggering service deployment operation after the application is completed; after the service deployment is completed, the logger can perform operation and maintenance management operation on the cloud host and the cloud resources; after the resource is used, a recovery link is automatically carried out, the recovery station is clicked, the resource to be removed can be inquired, and meanwhile, a user can select to delay the resource use.

8. Platform version management view module

The unified cloud management system arranges software components such as a relational database, noSQL, middleware, web components, a development platform and the like into a blueprint for deployment and operation and maintenance management, and a user groups common middleware, database, application services and the like on the platform in a self-defined mode, multiplexes the grouped components in the blueprint, and provides end-to-end application environment deployment services for the user. Specifically, when a user creates and edits an application software component, a Ansible, python, shell script file is adopted to support an enterprise to multiplex an existing and verified script to hook the script and a specific operation, and the operation can be directly invoked in the deployment process and after deployment. Parameters required for script execution are declared as component attributes, which are set default values in service configuration or are opened to the user to fill in service application forms, thereby converting script parameters that are not friendly to the user into application form input items readable by the user. Based on the rich language support of the software components and the capability of being mixed and arranged with other components in the blueprint after being componentized, the unified cloud management system can be integrated with an automatic operation and maintenance tool through the software components. For example, the software component may complete the automated delivery of the resource by shell, python, or existing calling an API or CLI provided by the automated operation and maintenance tool; the software components are mixed with the infrastructure components in the blueprint, so that end-to-end delivery of the application oriented is realized; the software component converts the parameters in the API/CLI into the application items in the application form, so that the application is filled in a more friendly and readable mode; the software component obtains the environment information (such as host name, IP, service IP, etc.) of each component with the infrastructure and the dependency relationship and transmits the environment information to the automated operation and maintenance tool. For the infrastructure component, the business steps are: the software architect clicks the infrastructure component to check the built-in component of the current system; the viewable built-in components include tomcat, mysql, mongodb, oracle, weblogic, spark, hadoop, etc.; clicking on the blueprint design may drag the software component into the host component. For the custom application component, the business steps are: the software architect clicks the infrastructure component, clicks the add button, and enters the component definition interface; selecting script types, and defining scripts for installing, deploying, configuring and uninstalling the execution components; selecting an operation button, and associating the operation action with the script; clicking the "publish" button, custom components were successful and can be placed into blueprint design for use.

The platform version management view module regularly checks the components defined or configured by each platform, the component examples comprise tomcat, nginx, an alicloud common service component, a Hua cloud common service component and the like, the checking indexes comprise component names, cloud platform types, component use descriptions, versions, states, creators and creation time, the currently configured components and component versions of each platform are mastered in time, and the number of currently supported components of each platform is counted.

The platform version management view module adopts a pipeline arrangement flow to create an automatic, reusable and safe compliant application delivery flow, and configures construction, deployment and test end-to-end flow management and control. The pipeline function comprises a user-defined task type, input and output parameters and execution settings, and can automatically execute various tasks, such as blueprint deployment tasks, jenkins tasks, script tasks and the like, so that continuity of each stage of the pipeline is ensured, real-time checking of the execution state of the tasks is supported, and problems are found in time. Taking the flow of updating the war packet as an example, first designating war pipeline tasks, as shown in fig. 16 a; secondly, constructing a war package by using jenkins, designating a property file name, and writing the content of the property file into an output result, wherein the content of the property file is shown in FIG. 16 b; then obtaining the download address of the Jenkins construction product by using the script task, wherein the quoted form is as follows $ { task refid. DOWNLOAD_URL }, see FIG. 16c; finally, writing shell scripts to realize the logic script example of the war package upgrade, and finishing the updating of the war package.

In this embodiment, the plurality of modules relate to pipeline jobs, script batch jobs, and report management jobs. The business steps of pipeline operation management are as follows: the logger clicks on job management and pipelining; selecting resources which need to execute batch operation, and defining different links of a pipeline; a release pipeline; the logger can execute pipeline tasks and automatically trigger a series of operation operations. The business steps of script batch operation are as follows: the logger clicks on the job management and script library; clicking an add button to select operations such as name, resource type, service group, authorization and the like; defining script contents of different script languages, clicking and storing; clicking my deployment, selecting a cloud host or cloud resource, may perform script operations in bulk. The report management operation comprises the following business steps: the tenant manager/infrastructure manager/system manager clicks report management, and can check various report types; clicking the multi-data center monitoring view to check the use condition of each area resource; clicking a custom dashboard to check cloud resource distribution, cloud host alarm, namely current work order application condition; clicking the custom report forms can check report form data with different dimensions, such as a host overall situation report form, a virtual machine report form and the like.

The unified cloud management system provides a comprehensive large screen function, integrates various data in the system, including work order data, monitoring data, resource data, business data and the like, and simultaneously displays serious alarms, important changes and the like through remarkable display effects through rich display effects, such as a histogram, a trend graph, a pie chart and the like, so that a user can conveniently grasp condition information of resources, changes, security situations and the like in real time.

The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above examples, and all technical solutions belonging to the concept of the present invention belong to the protection scope of the present invention. It should be noted that modifications and adaptations to the invention without departing from the principles thereof are intended to be within the scope of the invention as set forth in the following claims.

Claims

1. The multi-platform unified cloud management system supporting global tenant application resource quota setting is characterized in that the unified cloud management system deploys a plurality of cloud management nodes in a main company data center according to cloud platform types, and a subsidiary company data center is used as a regional node to access the corresponding cloud management node to complete network deployment of the unified cloud management system; the data center refers to a set of all cloud platforms in the same geographic location; the main company side information management platform performs tenant data interaction with the unified cloud management system and the subsidiary company side information management platform respectively to form a two-stage collaborative operation and maintenance system;

2. The multi-platform unified cloud system supporting global tenant application resource quota of claim 1, wherein the resource view module comprises a multi-cloud docking component, a resource query component, a resource pool management component, a stock resource nanotube component, an IP address pool management component, a capacity analysis component, and a cloud host usage management component;

the multi-cloud docking assembly is used for unifying various cloud resources of the nano-tube data center, interfacing the multi-cloud platforms through an API, and expanding and supporting any proprietary cloud, public cloud, heterogeneous cloud and container cloud platform in a plug-in mode;

The resource inquiry component collects the resource use condition of a plurality of cloud platforms, the resource capacity and the use condition of each area, and performs resource state information inquiry of a plurality of resource types of computing resources, network resources and storage resources of a physical equipment layer and a virtual equipment layer through various display modes of a report form and an instrument panel;

the resource pool management component maps the resources in the butted cloud platform into one or more logical resource pools through a custom resource pool, associates the resource pool with a tenant, and performs free cutting and quota management on the resource pool, so that the specified resource pool uses specified computing resources, storage resources and network resources in one cloud platform, and the specified tenant allows the use of the resource consumption;

the stock resource nanotube assembly automatically synchronizes virtual machines from each cloud platform by docking with a cloud platform controller, and the nanotubes virtual machines reach a specified organization or project; the IP and configuration of the virtual machine are kept as they are in the process of the nano tube; after the virtual machine is stored in the nano tube, full life cycle management of the virtual machine is provided for a user, wherein the full life cycle management comprises configuration information collection, daily operation and maintenance operation, automatic expansion and contraction based on a strategy and resource recovery; the stock virtual machine of the nano tube inherits the original cluster and resource pool management subordinate relation, and the project and the owner are appointed to rebuild the original subordinate relation when the nano tube is managed;

The IP address pool management component comprises a resource pool adding plug-in, a resource pool configuration plug-in, an IP address segment configuration plug-in and an IP address recording plug-in; the resource pool adding plug-in is used for newly building a resource pool in the subnet; the resource pool configuration plug-in is used for carrying out parameter configuration on the newly-built resource pool; the IP address field configuration plug-in is used for carrying out IP address field configuration and management on the newly-built resource pool; the IP address recording plug-in is used for recording the used IP address state;

the capacity analysis component is used for analyzing and displaying the resource consumption trend, and comprises the steps of analyzing the occupation condition of the resources of the service group and analyzing the capacity condition of the resource pool;

the cloud host use management component is used for providing an IAAS resource unified view and displaying the use state of the cloud host through a plurality of display modes of a histogram and a pie chart.

3. The multi-platform unified cloud system supporting global set tenant application resource quotas of claim 1, wherein the service view module comprises a service orchestration component, a service configuration component, a service instance management component, and a service resource management component;

the service arrangement component designs an application blueprint based on TOSCA standard in a blueprint interface in a dragging mode through a blueprint, and the blueprint component is divided into an infrastructure component and an application software component, and abstracts basic resources and application software respectively; the blueprint defines a standardized application model, specific resources are not bound, and the service arrangement component distributes corresponding resources according to the self-service application type of the user and an available resource pool, so that the same application component is deployed and delivered indiscriminately in different environments;

The service configuration component is used for configuring, releasing, modifying and downloading the service catalogue, specifically, associating the application blueprint with the service group, setting the automatic deployment parameters of the software and hardware basic resources, and releasing the service catalogue after the configuration is completed; one application blueprint corresponds to one or more service catalogs and uses different resources;

the service instance management component is used for reading all service instance information from each region, carrying out statistics management and display, wherein the service instance comprises a cloud host, a database and object storage; the service resource management component is used for reading service resource occupation conditions and application support conditions of the resources of each region from each region, and carrying out statistics management and display; the service instance management component and the service resource management component comprise statistical class indexes and detail class indexes; the statistical class indexes comprise the resource types, the resource quantity, the state distribution condition and the version distribution condition of each region, each department and each project resource partition condition; the detail class index comprises specific resource name, resource configuration information, resource creation time, latest update time, current latest version, running state, and affiliated departments, projects and owners information.

4. The multi-platform unified cloud system supporting globally set tenant application resource quotas in claim 1, wherein the application view module comprises an application instance information acquisition component, an application deployment management component, an application load management component, an application deployment topology management component, an application-to-PAAS service support component, and a hotspot application analysis component;

the application instance information acquisition component is used for acquiring the related information of all application instances in each region; the read application examples are all service examples of the alicloud and the Hua cloud including tomcat, nginx, oa, crm application;

the application deployment management component is used for carrying out statistics management and display on index information of all application instances in each region; the index information of the application instance comprises statistics type indexes and detail type indexes, wherein the statistics type indexes comprise application types, application quantity, state distribution conditions and version distribution conditions of all areas, all departments and all project resource partition conditions; the detail indexes comprise specific application names, application configuration information, resource creation time, latest update time, current latest version, running state, affiliated departments, projects and owners;

The application load management component is used for carrying out statistics display on the load conditions of all application instances in each region;

the application deployment topology management component is used for integrating the resource nodes and the service deployment information of each application instance, analyzing the configuration information of each resource node, the connection relation between each resource node and the service deployment relation, generating a corresponding application deployment topology interface, and executing corresponding operation on each resource node at the application deployment topology interface according to an external instruction;

the application pair PAAS service support component is used for displaying the support condition of the PAAS service by application resources in each region, and comprises the relation between the application and the PAAS service, the application heap memory use condition, the application Eden Space use condition, the Old Gen memory use condition, the surviving Space use condition, the application connection condition, the cache condition, the request condition and the request/response byte condition;

the hot spot application analysis component regularly carries out statistical analysis on application conditions, application development conditions and version update conditions of all areas, and is divided into a stable version, a development version and an internal test version according to application release conditions, analyzes comprehensive application use conditions, problem feedback conditions and daily maintenance data, calculates hot spot applications and releases TopN ranking.

5. The multi-platform unified cloud system supporting global set tenant application resource quota of claim 1, wherein the tenant view module comprises a billing rules management component, a metering billing component, a resource quota component, and a split domain component;

the charging rule management component comprises a charging rule setting inlet for providing charging rule setting inlets for different clouds and different resources, wherein a charging rule template adapting to different service scenes is preset in the charging rule setting inlet; the charging rule management component also comprises a charging script plug-in which is used for automatically defining charging prices of various specifications according to the Javascript script input by the user;

the metering and charging component collects actual resource consumption details and bill details of each level of organization, generates a cost analysis page, and the cost analysis page is used for displaying cost proportion of each department and cost trend taking time as span, and respectively displays time, cloud platform, resource type, service group, project and owner; the metering and charging assembly comprises an optimization suggestion functional plug-in, wherein the optimization suggestion functional plug-in is used for calculating the utilization rate score of each resource according to the average utilization conditions of a CPU, a memory and a disk, filtering the utilization rate score according to the ordering of the utilization rate scores to obtain the distribution condition of idle resources, and reconfiguring the idle resources;

The resource quota component configures budget for the whole tenant or the individual tenant according to the organization architecture of the tenant, and after the budget is used up, the payment resource and the application are controlled according to the configured budget strategy;

the weight and domain division component comprises a role management plugin, a user management plugin, a tenant management plugin and a project management plugin; the role management plug-in is used for providing operation authorities for configuring different roles to different pages of the platform; the user management plug-in is used for providing a user management function entry; the tenant management plug-in is used for generating a logic organization structure of a corresponding service group according to an organization architecture of a company entity and managing users, resources and resource quota in the service group; the project management plug-in is used for providing management access for users in the project.

6. The multi-platform unified cloud system supporting global tenant application resource quota setting of claim 1, wherein the alert view module comprises a platform service monitoring component, a platform alert component, a platform important alert monitoring component, a resource monitoring management component, a resource alert component, and an alert management component;

the platform service monitoring component is used for collecting operation information of all resource types, service types and application types in each platform and obtaining service operation conditions of the cloud platform by statistics;

The platform alarm component counts and displays the appointed index information of the platform alarm information acquired by the platform service monitoring component, wherein the appointed index information of the platform alarm information comprises alarm levels, alarm quantity, affiliated departments, affiliated platforms and alarm types;

the important alarm monitoring component is used for extracting all alarm information above a preset alarm level in the platform alarm component, calling complete information from the platform service monitoring component for re-integration display, and notifying corresponding alarm information to corresponding tenant management personnel;

the resource monitoring management component is used for counting and displaying the quantity of each resource under the tenant and the utilization rate of each component of the tenant, and comprises a host monitoring plug-in, a cloud host monitoring plug-in and an application monitoring plug-in; the host monitoring plug-in extracts the CPU use condition, the memory use condition and the storage use condition of the host to carry out graphical display, wherein the display indexes comprise the total amount and the used amount of the monitoring object; the cloud host monitoring plug-in graphically displays the system CPU utilization rate, the user CPU utilization rate, the memory utilization rate, the disk IO and the network transceiving packet flow of the virtual machine; the application monitoring plug-in provides corresponding monitoring functions for the automatically deployed common database and middleware;

The resource alarm component is used for analyzing the statistical result of the resource monitoring management component to obtain a resource alarm result, and transmitting the resource alarm result and a preset resource optimization rule to a corresponding tenant manager;

the alarm management component is used for carrying out configuration management on the cloud platform, the alarm strategy of the cloud resource and the triggered alarm.

7. The multi-platform unified cloud system supporting global set tenant application resource quotas of claim 1, wherein the operation view module comprises a tenant statistics component, a quota statistics component, and a flow statistics component;

the tenant statistics component is used for acquiring the use condition of each tenant resource and carrying out statistics analysis on tenant multidimensional data; the quota statistics component is used for acquiring the organizations at all levels, the total number of CPU quota, the total amount of memory quota, the total number of virtual machine configuration, the number of cloud hosts and the number of cloud resources, counting to obtain the quota and the actual allocation usage duty ratio, and analyzing to obtain a duty ratio trend graph; the flow statistics component is used for obtaining historical approval information of each user application and generating an approval flow chart of each user application.

8. The multi-platform unified cloud system supporting global set tenant application resource quota of claim 1, wherein the operation and maintenance view module comprises a work order statistics component, an operation statistics component, a service deployment management component, and a cloud host management component;

The work order statistics component comprises a work order application plug-in, a to-be-handled application plug-in and a handled application plug-in; the work order application plug-in is used for checking approval information of all relevant work orders corresponding to the current user; the to-be-handled application plug-in lists all applications which need to be approved by the current user, and simultaneously displays the total quantity and the service condition of the resource pool of the service group in the data center as approval basis to provide a user approval operation entrance; the sponsored application plug-in is used for recording and displaying all the approved applications of the current user;

the operation statistics component is used for counting all operation and maintenance operations of the platform, including resource application, resource removal, management information deletion, recovery, and operations of stopping, starting, disk adding and network card adding of host resources;

the service deployment management component is used for creating a corresponding blueprint example for the user application passing through the trial, deploying an application environment corresponding to the blueprint, and enabling the user to perform various operations and management on the blueprint in the deployment management interface;

the cloud host management component is used for carrying out self-service operation and maintenance operation on all cloud host resources applied by the user.

9. The multi-platform unified cloud system supporting global set tenant application resource quotas of claim 1, wherein the platform version management view module sets a pipeline orchestration update mode for components of each war package; specifically, using jenkins to construct a war package, designating a property file name, and writing the content of the property file into an output result; obtaining a download address of the Jenkins building product by using a script task; and re-writing shell scripts to realize the example of the war package upgrading logic scripts, and finishing the updating of the war package.