CN117076042A - Workload scheduling method, apparatus, device, storage medium and program product - Google Patents
Workload scheduling method, apparatus, device, storage medium and program product Download PDFInfo
- Publication number
- CN117076042A CN117076042A CN202310929575.0A CN202310929575A CN117076042A CN 117076042 A CN117076042 A CN 117076042A CN 202310929575 A CN202310929575 A CN 202310929575A CN 117076042 A CN117076042 A CN 117076042A
- Authority
- CN
- China
- Prior art keywords
- workload
- computing
- trusted
- computing node
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000012216 screening Methods 0.000 claims abstract description 52
- 238000004590 computer program Methods 0.000 claims description 13
- 230000000694 effects Effects 0.000 claims description 13
- 230000007613 environmental effect Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 abstract description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007635 classification algorithm Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5077—Logical partitioning of resources; Management or configuration of virtualized resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of cloud computing processing, and provides a workload scheduling method, a workload scheduling device, a workload scheduling equipment, a workload scheduling storage medium and a workload scheduling program product. The method comprises the following steps: determining that all computing nodes in the target cluster do not meet deployment conditions of target workload, and screening out trusted computing nodes from all computing nodes; screening at least one first workload from the first workloads in a first priority order from low to high based on first priorities of the first workloads deployed in the trusted computing node, the first priorities including a workload protected priority and/or a security environment impact priority, the security environment impact priority being used to characterize the extent to which the workload is affected by the security environment; at least one first workload is scheduled to other nodes of the computing nodes than the trusted computing node to schedule a target workload to the trusted computing node. The invention can improve the rationality and the safety of the workload scheduling.
Description
Technical Field
The present invention relates to the field of cloud computing processing technologies, and in particular, to a workload scheduling method, apparatus, device, storage medium, and program product.
Background
With the development of cloud computing, users can flexibly and transparently use any available resource within a cluster. How to deploy the workload to the computing nodes in the cluster is a need to be solved.
Currently, the scheduling of workloads mostly follows the default scheduling mechanism provided by the container cloud platform Kubernetes, i.e. the component responsible for scheduling in Kubernetes decides to place the workload at a certain computing node within a certain cluster, or selects the computing node in a user-specified manner.
However, the foregoing scheduling method does not consider whether the scheduled computing node is itself secure, and may cause security events such as data leakage. And because the edge computing environment has the characteristic of limited terminal resources, the computing resources of the trusted computing node are easily insufficient to complete the deployment of a new workload, and the workload is further scheduled to the computing node with low security, so that the risk of data leakage exists.
In summary, the security of the current workload scheduling approach is not high.
Disclosure of Invention
The invention provides a workload scheduling method, a workload scheduling device, electronic equipment and a storage medium, which are used for solving the problem that the safety of a workload scheduling mode in the prior art is not high.
The invention provides a workload scheduling method, which comprises the following steps:
determining that all computing nodes in a target cluster do not meet deployment conditions of a target workload, and screening out trusted computing nodes from the computing nodes;
screening at least one first workload from the first workloads in a first priority order from low to high based on first priorities of the first workloads deployed in the trusted computing node, the first priorities including a workload protected priority and/or a security environment impact priority, the security environment impact priority being used to characterize the extent to which the workload is affected by a security environment;
scheduling the at least one first workload to other nodes of the computing nodes than the trusted computing node to schedule the target workload to the trusted computing node.
According to the workload scheduling method provided by the invention, the determining that each computing node in the target cluster does not meet the deployment condition of the target workload comprises the following steps:
determining whether the computing nodes meet the deployment condition based on the computing resource requirements of the target workload and the remaining computing resources of the computing nodes;
and under the condition that all the residual computing resources do not meet the computing resource requirements, determining that all the computing nodes do not meet the deployment conditions.
According to the workload scheduling method provided by the invention, the determining whether each computing node meets the deployment condition based on the computing resource requirement of the target workload and the remaining computing resources of each computing node further comprises:
determining whether a trusted computing node exists in first computing nodes corresponding to at least one residual computing resource based on the trusted state of the first computing nodes under the condition that the at least one residual computing resource meets the computing resource requirement;
and under the condition that no trusted computing node exists in each first computing node, determining that each computing node does not meet the deployment condition.
The workload scheduling method provided by the invention further comprises the following steps:
in the case that the trusted state of the target computing node in each computing node is changed from trusted to untrusted, screening at least one second workload from each second workload deployed in the target computing node according to the order of the second priorities from high to low, wherein the second priorities comprise the priorities of the protected workload and/or the priorities of the security environmental impact;
migrating the at least one second workload to other trusted nodes of the computing nodes other than the target computing node.
The workload scheduling method provided by the invention further comprises the following steps:
determining that at least one computing node in the computing nodes meets the deployment condition, and screening nodes to be deployed from the at least one computing node;
and dispatching the target workload to the node to be deployed.
According to the workload scheduling method provided by the invention, the node to be deployed is screened from the at least one computing node, and the workload scheduling method comprises the following steps:
screening nodes to be deployed with highest node scores from the at least one computing node based on the node scores of the at least one computing node;
Wherein the node score is determined based on at least one of a trusted status score of the computing node, a security score of the computing node, and a compliance score of the computing node.
According to the workload scheduling method provided by the invention, each computing node in the target cluster is determined not to meet the deployment condition of the target workload, the trusted computing node is screened from the computing nodes, and then the method further comprises the following steps:
screening at least one third workload from the first workloads according to the order of the activity level from low to high based on the activity level of the first workloads;
reducing resource limitation requirements of the at least one third workload.
According to the workload scheduling method provided by the invention, the first priority of any one of the first workloads is determined based on the following steps:
inputting metadata of the first workload into a priority prediction model to obtain the first priority output by the priority prediction model;
the metadata comprises at least one of resource limitation requirements, information representing whether the metadata depends on a trusted execution environment, calling relations among computing nodes, the number of requests among the computing nodes and activity;
The priority prediction model is trained based on sample metadata and priority labels corresponding to the sample metadata.
The invention also provides a workload scheduling device, comprising:
the first screening module is used for determining that all computing nodes in the target cluster do not meet the deployment condition of the target workload, and screening out trusted computing nodes from the computing nodes;
a second screening module, configured to screen at least one first workload from the first workloads in order from low to high based on a first priority of each first workload deployed in the trusted computing node, where the first priority includes a priority of workload protection and/or a security environment influence priority, and the security environment influence priority is used to characterize a degree of workload influence by a security environment;
and the load scheduling module is used for scheduling the at least one first workload to other nodes except the trusted computing node in the computing nodes so as to schedule the target workload to the trusted computing node.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing any of the workload scheduling methods described above when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a workload scheduling method as described in any of the above.
The invention also provides a computer program product comprising a computer program which when executed by a processor implements a workload scheduling method as described in any one of the above.
According to the workload scheduling method, device, equipment, storage medium and program product provided by the invention, the fact that all computing nodes in the target cluster do not meet the deployment condition of the target workload is determined, and the trusted computing nodes are screened out from all computing nodes, so that the target workload can be deployed on the screened trusted computing nodes, the target workload is prevented from running on the untrusted computing nodes, the safety of data is ensured, the problem of data leakage is prevented, and the safety of workload scheduling is improved; screening at least one first workload from the first workloads in the order of the first priorities from low to high based on the first priorities of the first workloads deployed in the trusted computing node; and scheduling at least one first workload to other nodes except the trusted computing node in each computing node to schedule the target workload to the trusted computing node, so that when the computing resources of the trusted computing node are insufficient to deploy the target workload, the first workload with lower priority which is deployed is scheduled to the other nodes to enable the target workload to be deployed to the trusted computing node, and the first workload with lower priority is deployed to the other nodes, thereby avoiding influencing the other workloads with higher priorities and further improving the rationality of workload scheduling.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a workload scheduling method according to the present invention;
FIG. 2 is a second flow chart of a workload scheduling method according to the present invention;
FIG. 3 is a schematic diagram of a workload scheduler according to the present invention;
fig. 4 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
With the development of cloud computing, users can flexibly and transparently use any available resource within a cluster. How to deploy the workload to the computing nodes in the cluster is a need to be solved.
Currently, the scheduling of workloads mostly follows the default scheduling mechanism provided by the container cloud platform Kubernetes, i.e. the component responsible for scheduling in Kubernetes decides to place the workload at a certain computing node within a certain cluster, or selects the computing node in a user-specified manner.
However, the foregoing scheduling method does not consider whether the scheduled computing node is itself secure, and may cause security events such as data leakage. And because the edge computing environment has the characteristic of limited terminal resources, the computing resources of the trusted computing node are easily insufficient to complete the deployment of a new workload, and the workload is further scheduled to the computing node with low security, so that the risk of data leakage exists.
Specifically, since the current container workload scheduling method is designed to be a mode that can flexibly and transparently use any available resource in the cluster, the selection of the working nodes is mainly manually configured by the user according to the own requirements.
For example, in the scenario of edge computing, it is difficult for an edge computing node to self-prove its own security, so that a workload may be deployed on an untrusted computing node, which may further cause a problem of disclosure of private data of a user, in other words, the above-mentioned edge computing node is difficult to satisfy a requirement of a user on security of the working node in the scenario of edge computing.
In addition, due to the characteristics of real-time performance, complexity, dynamic performance, limited terminal resources and the like of the edge computing environment, the problems of system safety and privacy become more and more prominent, and due to the characteristics of limited terminal resources of the edge computing environment, the computing resources of the trusted computing nodes are easily insufficient to complete the deployment of new workloads.
In addition, due to the distributed deployment mode and the heterogeneous nature of the edge computing, the problems of numerous participation entities and complex trust relationship exist in the edge computing, so that whether one edge computing node is disguised by a malicious node or not is difficult to judge, and the security of service data is difficult to protect the application deployed to the edge computing node under the scene.
In view of the above problems, the present invention proposes the following embodiments. Fig. 1 is a schematic flow chart of a workload scheduling method according to the present invention, as shown in fig. 1, where the workload scheduling method includes:
Step 110, determining that each computing node in the target cluster does not meet the deployment condition of the target workload, and screening out the trusted computing nodes from the computing nodes.
Here, the target cluster is a cluster of target workloads to be deployed, the target cluster comprising a plurality of computing nodes, e.g., the target cluster comprising a plurality of edge computing nodes.
Here, the target workload may include, but is not limited to, at least one of: new workloads to be deployed, original workloads in the target cluster that need to be migrated to new computing nodes, and so on.
Here, the deployment condition is a condition required for the target workload to be deployed to the computing node, further, the deployment condition may be set according to actual needs, further, the deployment condition may include, but is not limited to, at least one of the following: resource limitations of the target workload, trusted status of the computing node to be deployed, and so on.
In an embodiment, if all the computing nodes in the target cluster do not meet the resource limitation of the target workload or the trusted state of all the computing nodes to be deployed is not trusted, determining that all the computing nodes in the target cluster do not meet the deployment condition of the target workload.
In another embodiment, whether each computing node in the target cluster has a computing node meeting the resource limit of the target workload is determined, whether each computing node to be deployed has a trusted state of a computing node is determined to be trusted, and when either of the two conditions is not met, it is determined that each computing node in the target cluster does not meet the deployment condition of the target workload.
It can be understood that the above two condition judgment orders may be to judge the resource limitation of the target workload first and then judge the trusted state of the computing node to be deployed; or judging the trusted state of the computing node to be deployed, and then judging the resource limitation of the target workload; of course, the determination may be performed simultaneously, and is not particularly limited herein.
Here, the trusted computing node may be determined by a trusted workload scheduler.
Furthermore, the trusted workload scheduler is configured to count information such as available computing resources (such as CPU, memory, etc.) of all computing nodes, and trusted status in real time, and store the data information, so as to determine whether each computing node meets a deployment condition of a target workload when, for example, a new workload is deployed or an original workload is migrated.
In one embodiment, at least one trusted computing node is selected from the computing nodes, and the highest scoring trusted computing node is selected from the trusted computing nodes based on the node scores of the trusted computing nodes. Wherein the node score is determined based on at least one of a trusted status score of the trusted computing node, a security score of the trusted computing node, and a compliance score of the trusted computing node.
Illustratively, the node score is determined based on the following formula:
totalpoint=T*(((V 1 +V 2 +…+V n )/(n*10))*(C 1 +C 2 +…+
C n )/n);
wherein, total point represents node score; t represents the trusted status score, the trusted status score T is 1 score if the trusted status is trusted, and the trusted status score T is 0 score if the trusted status is not trusted; v (V) 1 To V n A security score of each item, n represents the number of items, the security score is 0 score if the security is critics, the security score is 2 score if the security is HIGH, the security score is 6 score if the security is media, the security score is 9 score if the security is LOW, and the security score is 10 score if the security is NULL; c (C) 1 To C n And the compliance score of each item is represented, wherein if the compliance is a compliance score of 1, the compliance score is a compliance score of 0.
In addition, it should be noted that there are multiple security scores on a single computing node, i.e., there are multiple vulnerability detection items for security, each score is represented by V, V 1 To V n Representing the scores of the different terms. There are multiple compliance scores, i.e., there are multiple items of compliance, on a single compute node, each score represented by C, C 1 To C n Representing the scores of the different terms.
In another embodiment, one trusted computing node may be randomly selected from the computing nodes.
Step 120, based on the first priorities of the first workloads deployed in the trusted computing node, screening at least one first workload from the first workloads in the order from low to high of the first priorities.
Wherein the first priority comprises a priority that the workload is protected and/or a security environment influence priority that characterizes a degree to which the workload is affected by the security environment.
Here, the first priority may be used to characterize the importance of the workload, in particular, the higher the first priority, the higher the importance of the corresponding first workload.
It will be appreciated that a lower security environment impact priority represents a lower degree of dependence on the security of the computing node for the corresponding workload, in other words, the security environment impact priority is used to characterize whether the workload needs to be placed at a trusted computing node.
It will be appreciated that the first workload which is screened out in the order of the first priority from low to high is a workload of relatively low importance. The at least one first workload that is screened out is of lower priority than the first workload that is not screened out.
The higher the degree to which the workload is affected by the secure environment, the higher the secure environment influence priority.
Step 130, scheduling the at least one first workload to other nodes of the computing nodes except the trusted computing node to schedule the target workload to the trusted computing node.
In an embodiment, the other node may be at least one random computing node of the computing nodes other than the trusted computing node.
In another embodiment, the other node may be at least one trusted computing node of the computing nodes other than the trusted computing node. Specifically, at least one random trusted computing node except the trusted computing node in each computing node can be selected, and the trusted computing node with the highest score except the trusted computing node can be selected from the at least one trusted computing node as other nodes based on the node score of the at least one trusted computing node. The calculation manner of the node score may be referred to above, and will not be described in detail herein.
In another embodiment, determining that each computing node in the target cluster does not meet the deployment condition of the first workload, and screening out trusted computing nodes from the computing nodes; screening at least one fourth workload from the fourth workloads in the order of the first priority from low to high based on the first priority of the fourth workloads deployed in the trusted computing node; the fourth workload is scheduled to other nodes of the computing nodes than the trusted computing node to schedule the first workload to the trusted computing node. Determining that at least one computing node in all computing nodes meets deployment conditions of a first workload, screening nodes to be deployed from the at least one computing node, and scheduling the first workload to the nodes to be deployed. The scheduling manner of the first workload is basically the same as that of the target workload, and may refer to the scheduling manner of the target workload, which is not described herein in detail.
In one embodiment, the number of first workloads screened out may be determined by the target workload. Specifically, if the screened first workload is scheduled to other nodes, but the computing resources of the trusted computing node still do not meet the resource constraint of the target workload, returning to step 120, and continuing to execute step 120 and step 130 until the target workload is scheduled to the trusted computing node; or stopping screening when the first priority of the screened first workload is greater than or equal to the priority of the target workload, and if the computing resources of the trusted computing nodes still do not meet the resource limit of the target workload at the moment, returning preset information of insufficient resources or screening other trusted computing nodes from the computing nodes again. The priority of the target workload is substantially the same as the first priority of the first workload, and will not be described in detail herein.
According to the workload scheduling method provided by the embodiment of the invention, the fact that all computing nodes in the target cluster do not meet the deployment condition of the target workload is determined, and the trusted computing nodes are screened out from all computing nodes, so that the target workload can be deployed on the screened trusted computing nodes, the target workload is prevented from running on the untrusted computing nodes, the safety of data is ensured, the problem of data leakage is prevented, and the safety of workload scheduling is improved; screening at least one first workload from the first workloads in the order of the first priorities from low to high based on the first priorities of the first workloads deployed in the trusted computing node; and scheduling at least one first workload to other nodes except the trusted computing node in each computing node to schedule the target workload to the trusted computing node, so that when the computing resources of the trusted computing node are insufficient to deploy the target workload, the first workload with lower priority which is deployed is scheduled to the other nodes to enable the target workload to be deployed to the trusted computing node, and the first workload with lower priority is deployed to the other nodes, thereby avoiding influencing the other workloads with higher priorities and further improving the rationality of workload scheduling.
Based on the above embodiment, in step 110, determining that each computing node in the target cluster does not meet the deployment condition of the target workload includes:
determining whether the computing nodes meet the deployment condition based on the computing resource requirements of the target workload and the remaining computing resources of the computing nodes;
and under the condition that all the residual computing resources do not meet the computing resource requirements, determining that all the computing nodes do not meet the deployment conditions.
In an embodiment, the computing resource requirement at least needs to meet the resource constraint of the target workload, i.e. at least needs to meet the minimum computing resource requirement of the target workload deployed to the computing node, or the computing resource requirement may be set to a fixed value according to the actual requirement.
In one embodiment, in the event that there is at least one computing node in each computing node whose remaining computing resources meet the computing resource requirements of the target workload, a determination is made that the computing node meets the deployment conditions of the target workload. In another embodiment, in a case where there is at least one computing node in each computing node whose remaining computing resources meet the computing resource requirements of the target workload, and the trusted state of the computing node is trusted, it is determined that the computing node meets the deployment condition of the target workload.
According to the workload scheduling method provided by the embodiment of the invention, based on the computing resource requirements of the target workload and the residual computing resources of each computing node, whether each computing node meets the deployment condition is determined, if yes, the target workload is deployed on the computing nodes with the residual computing resources meeting the computing resource requirements of the computing nodes, so that reasonable scheduling of the target workload is realized, and under the condition that all the residual computing resources do not meet the computing resource requirements, the computing nodes are determined not to meet the deployment condition, so that the scheduling of the first workload is performed according to the priority order, and further, when the computing resources of the trusted computing nodes are not enough to deploy the target workload, the deployment of the target workload is realized, and the first workload with lower priority is deployed on other nodes, so that the influence on the workload with higher priority is avoided, and the rationality of workload scheduling is improved.
Based on any of the foregoing embodiments, in the method, determining whether each computing node meets the deployment condition based on the computing resource requirement of the target workload and the remaining computing resources of each computing node further includes:
Determining whether a trusted computing node exists in first computing nodes corresponding to at least one residual computing resource based on the trusted state of the first computing nodes under the condition that the at least one residual computing resource meets the computing resource requirement;
and under the condition that no trusted computing node exists in each first computing node, determining that each computing node does not meet the deployment condition.
Here, trusted status includes trusted or untrusted.
In an embodiment, if one of the remaining computing resources meets the computing resource requirement and the first computing node corresponding to the remaining computing resource is in a trusted state, determining that the first computing node meets the deployment condition of the target workload.
In another embodiment, if the remaining computing resources of the plurality of computing nodes all meet the computing resource requirement of the target workload, and the trusted states of the corresponding plurality of first computing nodes are all trusted, one of the plurality of first computing nodes may be selected randomly as the trusted computing node, or according to the computing mode of the node scores, the first computing node with the highest node score in the plurality of first computing nodes is selected as the trusted computing node.
According to the workload scheduling method provided by the embodiment of the invention, under the condition that at least one residual computing resource in the residual computing resources meets the computing resource requirement, based on the trusted state of the first computing node corresponding to the at least one residual computing resource, whether the trusted computing node exists in the first computing nodes is determined, if the trusted computing node exists, the target workload is deployed on the trusted computing node which meets the computing resource requirement, so that the data security is ensured, and the problem of potential sensitive data or user privacy information leakage is prevented. Meanwhile, under the condition that the trusted computing nodes do not exist in the first computing nodes, the computing nodes are determined to not meet the deployment condition, so that the first workload is scheduled according to the priority order, when the computing resources of the trusted computing nodes are insufficient to deploy the target workload, the target workload can be deployed to the trusted computing nodes, the first workload with lower priority is deployed to other nodes, the influence on other workloads with higher priority is avoided, and the rationality of workload scheduling is improved.
Based on any of the above embodiments, fig. 2 is a second flowchart of a workload scheduling method according to the present invention, as shown in fig. 2, where the method further includes:
Step 210, in the case that the trusted state of the target computing node in the computing nodes is changed from trusted to untrusted, screening at least one second workload from the second workloads in order of the second priority from high to low based on the second priority of the second workloads deployed in the target computing node.
Wherein the second priority comprises a workload protected priority and/or a secure environmental impact priority.
In an embodiment, the trusted status of the target computing node may verify whether a change has occurred based on a trusted verification service of the edge computing node server UEFI (Unified Extensible Firmware Interface ).
Specifically, the trusted verification service specifically comprises the following steps:
1. starting trusted verification starting in an edge computing node server UEFI, checking the integrity of each component in the starting process, recording the measurement value of each component and storing the measurement value into a PCR (Platform Configuration Register ) register;
2. starting a remote proving server and sending a challenge request to a remote proving client;
3. starting a remote proving client, responding to a challenge request of a remote proving server, and collecting PCR values and feeding the PCR values back to the remote proving server;
4. The remote proving server receives the PCR value sent by the remote proving client and verifies the state of the remote proving client, so that the trusted state of the computing node is obtained;
5. a trusted authentication service CA (Certificate Authority ) is started, and an AIK (Attestation Identity Key, platform identity authentication key) certificate is issued to the remote attestation client during authentication, preventing the remote attestation client identity from being imitated.
6. It is determined whether the trusted state of the computing node has changed.
Here, the second workload is a workload already deployed on the target computing node that has a trusted state transition from trusted to untrusted.
It will be appreciated that a higher second priority indicates a corresponding higher second workload importance, as well as a higher security (trusted status) requirement for the computing node.
In an embodiment, the second priority is determined according to a priority prediction model, specifically, metadata of the second workload is input to the priority prediction model, so as to obtain the second priority of the second workload. Wherein the metadata may include, but is not limited to, at least one of: resource constraint requirements, information characterizing whether to rely on a trusted execution environment, call relationships between computing nodes, number of requests between computing nodes, liveness, and so forth.
Step 220, migrating the at least one second workload to other trusted nodes of the computing nodes except the target computing node.
In an embodiment, the other trusted node may be at least one random trusted computing node of the computing nodes other than the target computing node.
In another embodiment, the other trusted node may be at least one of the computing nodes other than the target computing node. Specifically, the trusted computing node with the highest score except the target computing node can be selected from the at least one trusted computing node as other trusted nodes based on the node scores of the at least one trusted computing node. The calculation manner of the node score may be referred to above, and will not be described in detail herein.
In another embodiment, determining that each computing node in the target cluster does not meet the deployment condition of the second workload, and screening out trusted computing nodes from the computing nodes; screening at least one fifth workload from the fifth workloads in the order of the first priority from low to high based on the first priority of the fifth workloads deployed in the trusted computing node; the at least one fifth workload is scheduled to other nodes of the computing nodes than the trusted computing node to schedule a second workload to the trusted computing node. Determining that at least one computing node in all computing nodes meets deployment conditions of a second workload, screening nodes to be deployed from the at least one computing node, and scheduling the second workload to the nodes to be deployed. The scheduling manner of the second workload is basically the same as that of the target workload, and may refer to the scheduling manner of the target workload, which is not described herein in detail.
According to the workload scheduling method provided by the embodiment of the invention, under the condition that the trusted state of the target computing node in each computing node is changed from trusted to untrusted, based on the second priority of each deployed second workload in the target computing node, at least one second workload is screened out from each second workload according to the order from high to low of the second priority, and at least one second workload is migrated to other trusted nodes except the target computing node in each computing node, so that when the trusted state of the target computing node is changed to untrusted, the workload (the second workload) with higher importance degree (the second priority is higher) on the target computing node can be scheduled to other trusted computing nodes meeting the deployment condition, thereby ensuring the safety of data and preventing the problem of potential sensitive data or user privacy information leakage. Meanwhile, it can be found that, for example: the firmware is tampered with the attacks, so that the security of the data is further ensured. Furthermore, in edge computing, for example, a computing node that is exposed outdoors may also provide protection for assets (workloads) on that computing node by way of trusted verification and prevent potential security risks resulting from the cloud computing node's own insecurity.
Based on any of the above embodiments, the method further comprises:
determining that at least one computing node in the computing nodes meets the deployment condition, and screening nodes to be deployed from the at least one computing node;
and dispatching the target workload to the node to be deployed.
In one embodiment, where there is at least one computing node in each computing node whose remaining computing resources meet the computing resource requirements of the target workload, it is determined that the at least one computing node meets the deployment conditions of the target workload.
In another embodiment, in a case where there is at least one computing node in each computing node whose remaining computing resources meet the computing resource requirements of the target workload, and the trusted state of the at least one computing node is trusted, it is determined that the at least one computing node meets the deployment conditions of the target workload.
In an embodiment, if the plurality of computing nodes meet the deployment condition of the target workload, the node to be deployed with the highest node score may be selected from the computing nodes based on the node scores of the computing nodes. Wherein the node score is determined based on at least one of a trusted status score of the trusted computing node, a security score of the trusted computing node, and a compliance score of the trusted computing node. Specific node scoring may refer to the node scoring manner described above, and will not be described in detail herein.
In another embodiment, if the plurality of computing nodes meet the deployment condition of the target workload, the node to be deployed may be randomly selected from the computing nodes.
According to the workload scheduling method provided by the embodiment of the invention, at least one computing node in all computing nodes is determined to meet the deployment condition, the node to be deployed is screened out from the at least one computing node, and the target workload is scheduled to the node to be deployed, so that the target workload is deployed on the computing node meeting the deployment condition, and the rationality of workload scheduling is improved.
Based on any one of the foregoing embodiments, in the method, the selecting a node to be deployed from the at least one computing node includes:
screening nodes to be deployed with highest node scores from the at least one computing node based on the node scores of the at least one computing node;
wherein the node score is determined based on at least one of a trusted status score of the computing node, a security score of the computing node, and a compliance score of the computing node.
In one embodiment, the trusted workload scheduler comprises a trust-based workload scheduling model that analyzes the trusted status, system security (vulnerability scores), and compliance of each compute node in the target cluster and scores all compute nodes based on the above information.
Specifically, the scoring mode of the node scoring may refer to the scoring mode of the node, which is not described herein.
Furthermore, the scheduling model can count information such as available computing resources (such as data of a CPU (central processing unit), a memory and the like) of all computing nodes, a trusted state and the like in real time, and store the data information in the scheduling model, so as to judge whether each computing node meets the deployment condition of a target workload when new workload is deployed or an original workload is migrated.
In addition, the scheduling model may schedule the original workload and the new workload to be deployed, which need to be migrated to the new computing node, in the target cluster based on the scheduling decision.
Further, taking deployment of a new target workload as an example, the scheduling decision of the scheduling model includes three stages, and the specific situations are as follows:
stage 1: and determining the trusted computing nodes meeting the conditions according to the set deployment conditions of the target workload, and if all the computing nodes do not meet the conditions, returning preset information of insufficient resources or entering the processing flow of the stage 3.
Specifically, whether the preset information of insufficient return resources is returned or the processing flow entering the stage 3 is judged can be determined by setting an execution strategy of a target workload, and further, if the target workload is set to enable a forced strategy, the processing flow entering the stage three can be carried out under the condition that all computing nodes do not meet the conditions; if the target workload is set to not enable the forced policy, the preset information of insufficient resources can be returned.
The computing nodes meeting the deployment condition are screened out according to the resource limitation of the target workload, and then secondary screening is carried out according to the node trusted state, so that the trusted computing nodes meeting the deployment condition are obtained.
Stage 2: in the computing nodes meeting the deployment condition, scheduling is performed in the order from high to low according to the scoring mode.
Stage 3: when the computing resources of the trusted computing node are insufficient to complete the deployment of the target workload, the following two policies may be taken:
strategy 1: and determining the trusted computing node to be deployed (which can be selected according to the scoring of the node), scheduling the deployed workload which does not depend on the computing resources of the trusted computing node to other nodes, wherein the part of the trusted computing node is low in importance, and the workload is used for releasing the computing resources on the trusted computing node.
Strategy 2: and determining the trusted computing node to be deployed (which can be selected according to the scoring of the node), and reducing the resource limit of the deployed workload with lower partial activity on the trusted computing node.
When enough computing resources cannot be obtained after the two strategies are adopted, prompting the user that the computing resources of the trusted computing node are exhausted, and rejecting the deployment of the target workload.
The two strategies can be used alternatively or simultaneously, and the flexible management of the computing resources of the trusted computing node can be realized by flexibly calling the two strategies.
According to the workload scheduling method provided by the embodiment of the invention, the node to be deployed with the highest node score is screened out from at least one computing node based on the node score of the at least one computing node, so that the target workload is deployed on the trusted computing node, the safety of data is ensured, and the problem of potential sensitive data or user privacy information leakage is prevented.
Based on any of the above embodiments, after step 110, the method further includes:
screening at least one third workload from the first workloads according to the order of the activity level from low to high based on the activity level of the first workloads;
reducing resource limitation requirements of the at least one third workload.
Here, liveness is used to characterize the frequency with which the corresponding workload uses the computing node.
It will be appreciated that the third workload that is screened is the workload that is less active in each of the first workloads.
In an embodiment, after performing the step 130, the trusted computing node still cannot meet the resource limitation requirement of the target workload, and performs the step of screening at least one third workload from the first workloads according to the order of the activity level from low to high based on the activity level of the first workloads, so as to reduce the resource limitation requirement of the at least one third workload.
In another embodiment, the step of screening at least one third workload from the first workloads according to the order of the activity level from low to high based on the activity level of the first workload, and reducing the resource limitation requirement of the third workload may be performed simultaneously with the step 130.
In an embodiment, based on the liveness of each first workload, the first workload with the lowest liveness is screened out as a third workload, and the liveness of the third workload is reduced.
In another implementation, based on the liveness of the first workload, screening out a plurality of first workloads with lower liveness as third workloads, and reducing the liveness of any third workload, specifically, the judgment of lower liveness can be performed by a preset threshold, and if the first workload is lower than the preset threshold, the judgment of lower liveness is performed.
According to the workload scheduling method provided by the embodiment of the invention, based on the liveness of each first workload, at least one third workload is screened from each first workload according to the sequence from low liveness to high liveness, so that the resource limit requirement of at least one third workload is reduced, the aim that the target workload can be deployed to a trusted computing node when the computing resources of the trusted computing node are insufficient to deploy the target workload is realized, the resource limit requirement of the third workload with lower liveness is reduced, the influence on other workloads with higher liveness is avoided, and the rationality of workload scheduling is further improved.
Based on any of the above embodiments, in the method, the first priority of any of the first workloads is determined based on the steps of:
inputting metadata of the first workload into a priority prediction model to obtain the first priority output by the priority prediction model;
the metadata comprises at least one of resource limitation requirements, information representing whether the metadata depends on a trusted execution environment, calling relations among computing nodes, the number of requests among the computing nodes and activity;
the priority prediction model is trained based on sample metadata and priority labels corresponding to the sample metadata.
Here, resource limitation requirements may include, but are not limited to: resource limit (CPU, memory) maximum, resource limit (CPU, memory) minimum, etc. Liveness may characterize the frequency with which the corresponding workload uses the computing node.
In some embodiments, metadata for the first workload is input to the priority prediction model resulting in a workload protected priority output by the priority prediction model.
In one embodiment, a DBSCAN (Density-Based Spatial Clustering of Applications with Noise, density-based clustering algorithm) classification algorithm may be used to train a priority prediction model to generate three classifications, which are then given high, medium, and low labels by user supervision, which may be used to represent workload-protected priorities, i.e., the importance of the workload, such that relevant metadata of the workload is input to the priority prediction model, resulting in workload-protected priorities output by the priority prediction model.
In some embodiments, metadata for the first workload is input to a priority prediction model resulting in a security environmental impact priority output by the priority prediction model.
In an embodiment, setting the degree to which the workload is affected by the security environment may be classified into four levels, high, medium, low and no, and the priority prediction model is trained using a KNN (k-nearest neighbor) algorithm, so as to generate a model affected by the security rating, so that the relevant metadata of the workload is input into the priority prediction model, and the degree to which the priority prediction model outputs for representing the workload is affected by the security environment, that is, the security environment influence priority, may be obtained.
According to the workload scheduling method provided by the embodiment of the invention, the first priority of the first workload is determined by training the priority prediction model, so that at least one first workload is screened from the first workloads according to the sequence from low to high of the first priority based on the first priority of the first workloads deployed in the trusted computing node; and scheduling at least one first workload to other nodes except the trusted computing node in each computing node to schedule the target workload to the trusted computing node, so that when the computing resources of the trusted computing node are insufficient to deploy the target workload, the first workload with lower priority which is deployed is scheduled to the other nodes to enable the target workload to be deployed to the trusted computing node, and the first workload with lower priority is deployed to the other nodes, thereby avoiding influencing the other workloads with higher priorities and further improving the rationality of workload scheduling.
The workload scheduling device provided by the invention is described below, and the workload scheduling device described below and the workload scheduling method described above can be referred to correspondingly.
Fig. 3 is a schematic structural diagram of a workload scheduling device provided by the present invention, as shown in fig. 3, the workload scheduling device includes: a first screening module 310, a second screening module 320, a load scheduling module 330.
A first screening module 310, configured to determine that each computing node in the target cluster does not meet the deployment condition of the target workload, and screen out trusted computing nodes from the computing nodes.
A second screening module 320, configured to screen at least one first workload from the first workloads according to a sequence from low to high of the first priorities based on a first priority of the first workloads deployed in the trusted computing node, where the first priority includes a priority of workload protection and/or a security environment influence priority, and the security environment influence priority is used to characterize a degree to which the workload is affected by a security environment.
A load scheduling module 330, configured to schedule the at least one first workload to nodes other than the trusted computing node in the computing nodes, so as to schedule the target workload to the trusted computing node.
According to the workload scheduling device provided by the embodiment of the invention, the fact that all computing nodes in the target cluster do not meet the deployment condition of the target workload is determined, and the trusted computing nodes are screened out from all computing nodes, so that the target workload can be deployed on the screened trusted computing nodes, the target workload is prevented from running on the untrusted computing nodes, the safety of data is ensured, the problem of data leakage is prevented, and the safety of workload scheduling is improved; screening at least one first workload from the first workloads in the order of the first priorities from low to high based on the first priorities of the first workloads deployed in the trusted computing node; and scheduling at least one first workload to other nodes except the trusted computing node in each computing node to schedule the target workload to the trusted computing node, so that when the computing resources of the trusted computing node are insufficient to deploy the target workload, the first workload with lower priority which is deployed is scheduled to the other nodes to enable the target workload to be deployed to the trusted computing node, and the first workload with lower priority is deployed to the other nodes, thereby avoiding influencing the other workloads with higher priorities and further improving the rationality of workload scheduling.
Fig. 4 illustrates a physical schematic diagram of an electronic device, as shown in fig. 4, which may include: processor 410, communication interface (Communications Interface) 420, memory 430 and communication bus 440, wherein processor 410, communication interface 420 and memory 430 communicate with each other via communication bus 440. The processor 410 may invoke logic instructions in the memory 430 to perform a workload scheduling method comprising: determining that all computing nodes in a target cluster do not meet deployment conditions of a target workload, and screening out trusted computing nodes from the computing nodes; screening at least one first workload from the first workloads in a first priority order from low to high based on first priorities of the first workloads deployed in the trusted computing node, the first priorities including a workload protected priority and/or a security environment impact priority, the security environment impact priority being used to characterize the extent to which the workload is affected by a security environment; scheduling the at least one first workload to other nodes of the computing nodes than the trusted computing node to schedule the target workload to the trusted computing node.
Further, the logic instructions in the memory 430 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program, the computer program being storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of performing the workload scheduling method provided by the methods described above, the method comprising: determining that all computing nodes in a target cluster do not meet deployment conditions of a target workload, and screening out trusted computing nodes from the computing nodes; screening at least one first workload from the first workloads in a first priority order from low to high based on first priorities of the first workloads deployed in the trusted computing node, the first priorities including a workload protected priority and/or a security environment impact priority, the security environment impact priority being used to characterize the extent to which the workload is affected by a security environment; scheduling the at least one first workload to other nodes of the computing nodes than the trusted computing node to schedule the target workload to the trusted computing node.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform a workload scheduling method provided by the above methods, the method comprising: determining that all computing nodes in a target cluster do not meet deployment conditions of a target workload, and screening out trusted computing nodes from the computing nodes; screening at least one first workload from the first workloads in a first priority order from low to high based on first priorities of the first workloads deployed in the trusted computing node, the first priorities including a workload protected priority and/or a security environment impact priority, the security environment impact priority being used to characterize the extent to which the workload is affected by a security environment; scheduling the at least one first workload to other nodes of the computing nodes than the trusted computing node to schedule the target workload to the trusted computing node.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (12)
1. A method of workload scheduling, comprising:
determining that all computing nodes in a target cluster do not meet deployment conditions of a target workload, and screening out trusted computing nodes from the computing nodes;
screening at least one first workload from the first workloads in a first priority order from low to high based on first priorities of the first workloads deployed in the trusted computing node, the first priorities including a workload protected priority and/or a security environment impact priority, the security environment impact priority being used to characterize the extent to which the workload is affected by a security environment;
scheduling the at least one first workload to other nodes of the computing nodes than the trusted computing node to schedule the target workload to the trusted computing node.
2. The workload scheduling method according to claim 1, wherein said determining that none of the computing nodes in the target cluster satisfies the deployment condition of the target workload comprises:
determining whether the computing nodes meet the deployment condition based on the computing resource requirements of the target workload and the remaining computing resources of the computing nodes;
And under the condition that all the residual computing resources do not meet the computing resource requirements, determining that all the computing nodes do not meet the deployment conditions.
3. The workload scheduling method according to claim 2, wherein said determining whether said each computing node satisfies said deployment condition based on said computing resource requirements of said target workload and remaining computing resources of said each computing node further comprises:
determining whether a trusted computing node exists in first computing nodes corresponding to at least one residual computing resource based on the trusted state of the first computing nodes under the condition that the at least one residual computing resource meets the computing resource requirement;
and under the condition that no trusted computing node exists in each first computing node, determining that each computing node does not meet the deployment condition.
4. The workload scheduling method according to claim 1, further comprising:
in the case that the trusted state of the target computing node in each computing node is changed from trusted to untrusted, screening at least one second workload from each second workload deployed in the target computing node according to the order of the second priorities from high to low, wherein the second priorities comprise the priorities of the protected workload and/or the priorities of the security environmental impact;
Migrating the at least one second workload to other trusted nodes of the computing nodes other than the target computing node.
5. The workload scheduling method according to claim 1, further comprising:
determining that at least one computing node in the computing nodes meets the deployment condition, and screening nodes to be deployed from the at least one computing node;
and dispatching the target workload to the node to be deployed.
6. The workload scheduling method according to claim 5, wherein said screening out nodes to be deployed from said at least one computing node comprises:
screening nodes to be deployed with highest node scores from the at least one computing node based on the node scores of the at least one computing node;
wherein the node score is determined based on at least one of a trusted status score of the computing node, a security score of the computing node, and a compliance score of the computing node.
7. The workload scheduling method according to claim 1, wherein the determining that each computing node in the target cluster does not meet the deployment condition of the target workload, and selecting trusted computing nodes from the computing nodes, further comprises:
Screening at least one third workload from the first workloads according to the order of the activity level from low to high based on the activity level of the first workloads;
reducing resource limitation requirements of the at least one third workload.
8. The workload scheduling method according to claim 1, wherein said first priority of any one of said first workloads is determined based on the steps of:
inputting metadata of the first workload into a priority prediction model to obtain the first priority output by the priority prediction model;
the metadata comprises at least one of resource limitation requirements, information representing whether the metadata depends on a trusted execution environment, calling relations among computing nodes, the number of requests among the computing nodes and activity;
the priority prediction model is trained based on sample metadata and priority labels corresponding to the sample metadata.
9. A workload scheduler, comprising:
the first screening module is used for determining that all computing nodes in the target cluster do not meet the deployment condition of the target workload, and screening out trusted computing nodes from the computing nodes;
A second screening module, configured to screen at least one first workload from the first workloads in order from low to high based on a first priority of each first workload deployed in the trusted computing node, where the first priority includes a priority of workload protection and/or a security environment influence priority, and the security environment influence priority is used to characterize a degree of workload influence by a security environment;
and the load scheduling module is used for scheduling the at least one first workload to other nodes except the trusted computing node in the computing nodes so as to schedule the target workload to the trusted computing node.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the workload scheduling method of any one of claims 1 to 8 when the program is executed by the processor.
11. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the workload scheduling method according to any of claims 1 to 8.
12. A computer program product comprising a computer program which, when executed by a processor, implements the workload scheduling method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310929575.0A CN117076042A (en) | 2023-07-26 | 2023-07-26 | Workload scheduling method, apparatus, device, storage medium and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310929575.0A CN117076042A (en) | 2023-07-26 | 2023-07-26 | Workload scheduling method, apparatus, device, storage medium and program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117076042A true CN117076042A (en) | 2023-11-17 |
Family
ID=88710581
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310929575.0A Pending CN117076042A (en) | 2023-07-26 | 2023-07-26 | Workload scheduling method, apparatus, device, storage medium and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117076042A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117955984A (en) * | 2024-03-26 | 2024-04-30 | 苏州元脑智能科技有限公司 | Server scheduling method, device, system, computer equipment and storage medium |
-
2023
- 2023-07-26 CN CN202310929575.0A patent/CN117076042A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117955984A (en) * | 2024-03-26 | 2024-04-30 | 苏州元脑智能科技有限公司 | Server scheduling method, device, system, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11509679B2 (en) | Trust topology selection for distributed transaction processing in computing environments | |
| US10685109B2 (en) | Elimination of false positives in antivirus records | |
| RU2477929C2 (en) | System and method for prevention safety incidents based on user danger rating | |
| US10397255B1 (en) | System and method for providing security in a distributed computation system utilizing containers | |
| Tsaregorodtsev et al. | Information security risk estimation for cloud infrastructure. | |
| US10015185B1 (en) | Risk score aggregation for automated detection of access anomalies in a computer network | |
| JP5030578B2 (en) | Method, data processing system, and program for controlling risk in an artificial neural network expert system | |
| US9336388B2 (en) | Method and system for thwarting insider attacks through informational network analysis | |
| EP3226169A1 (en) | Antivirus signature distribution with distributed ledger | |
| US8806629B1 (en) | Automatic generation of policy-driven anti-malware signatures and mitigation of DoS (denial-of-service) attacks | |
| US11757924B2 (en) | Third-party application risk assessment in an authorization service | |
| US20200252422A1 (en) | Risk score generation for assets of an enterprise system utilizing user authentication activity | |
| US10044698B2 (en) | Dynamic identity checking for a software service in a virtual machine | |
| RU2580030C2 (en) | System and method for distribution virus scan tasks between virtual machines in virtual network | |
| US10318727B2 (en) | Management device, management method, and computer-readable recording medium | |
| US20120266245A1 (en) | Multi-Nodal Malware Analysis | |
| US10558810B2 (en) | Device monitoring policy | |
| US8635079B2 (en) | System and method for sharing malware analysis results | |
| US20100100929A1 (en) | Apparatus and method for security managing of information terminal | |
| CN110061987B (en) | Access access control method and device based on role and terminal credibility | |
| Rashidi et al. | Android user privacy preserving through crowdsourcing | |
| CN117076042A (en) | Workload scheduling method, apparatus, device, storage medium and program product | |
| JP2019036273A (en) | System and method of identifying potentially dangerous devices during interaction of user with banking services | |
| Hagan et al. | Enhancing security and privacy of next-generation edge computing technologies | |
| CN105608380B (en) | Cloud computing security evaluation method based on life cycle of virtual machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |