JP2003258795A - Computer aggregate operating method, implementation system therefor, and processing program therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide technology by which access from an illegal computer is prevented and a highly reliable aggregate system can be provided. <P>SOLUTION: The computer aggregate operating method has a step for requesting the execution of communication processing to a second OS via a first OS when communication processing with another computer is required in application processing under execution under the control of the first OS, a step for receiving a packet transmitted from the other computer under the control of the second OS and deciding whether or not the received packet is transmitted from a legal communicating party under the control of the second OS, and a step for determining whether or not data in the received packet have contents proper for the application processing when it is decided that the packet is transmitted from the legal communicating party, and for delivering that packet or the data therein from the second OS to the first OS when it is determined that the contents are proper. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer aggregate operation system for managing the operation of a computer aggregate in which a plurality of computers are connected to each other via a network and exchange data with each other. The present invention relates to a technique effective when applied to a computer aggregate operation system for preventing the above by a multi-OS.

[0002]

2. Description of the Related Art With the spread of networks, many computers are connected to a LAN (L
oCal Area Network) and the Internet are often used. On the other hand, this situation means that a malicious user is exposed to various unauthorized access threats, and technology that protects computers from data corruption / software failures caused by wiretapping of data and virus infection is important. It has become to. Recently, NAS (Net) that manages data sharing among many computers
Work Attached Storage) technology is drawing attention, and data management business such as data centers and non-stop operation of core systems are expanding, and protection of data and avoidance of software failures due to virus infection have become essential issues.

In an aggregate system to which many computers are connected as described above, an unauthorized server is an IP (Int
ernet Protocol) Unauthorized access (information snooping / tapping / tampering / destruction, software failure) by forging connection authentication information such as an address and masquerading as a properly configured server
Will be created.

As a current technique for preventing this, when an apparatus is connected to a network using an illegal IP address, an IP address monitoring system and an IP address monitoring system which enable the apparatus to be easily detected and specified. The address monitoring method and recording medium are described in Japanese Patent Application Laid-Open No. 2001-103086. The outline is IP address and M
The combination of AC (Media Access Control) addresses is used to recognize the party to whom connection is permitted.

Further, a network system and a terminal device for detecting a source IP address used in a communication packet between a legitimate external terminal and a terminal within an organization when it is forged by an unauthorized user are disclosed in Japanese Patent Laid-Open No. 2001-2001. -14
No. 8715. The outline is communication IP from the regular terminal connected to the external network to the internal terminal connected to the internal network through the gateway.
When sending a packet, an authentication code calculated using a predetermined function in a regular terminal is embedded in a communication IP packet, and this authentication code is authenticated by a gateway having the same function to prevent unauthorized communication IP packet passage. To do.

[0006]

In the above-mentioned conventional IP address monitoring system, the OS is tampered with so as to forge the address of the communication packet in order to recognize the party to which the connection is permitted by the combination of the IP address and the MAC address. There is a problem that it cannot be prevented in the case of communication from the server. In recent years, an OS whose source code is open to the public has appeared, and a technician who has knowledge can modify the OS. Therefore, there is a possibility that such OS tampering may be performed.

In addition, in the above-mentioned conventional network system, since the authentication is performed by the gateway connecting the internal network and the external network, an unauthorized terminal is connected to the internal network and impersonates a correct internal terminal in the internal network. When a legitimate terminal connected to an external network receives unauthorized access and transmits data including a virus or the like to the internal network, it is impossible to prevent the unauthorized transmission of communication IP packets.

An object of the present invention is to provide a technique capable of solving the above problems, preventing access from an unauthorized computer, and providing a highly reliable aggregate system.

[0009]

According to the present invention, in a computer aggregate operating system for managing the operation of a computer aggregate in which a plurality of computers are connected by a network and data is exchanged with each other, application processing is controlled by a first OS. Execution below, communication processing with other computers, judgment whether it is a packet sent from a legitimate communication partner, and judgment that the packet or data in it is legitimate content for the application processing Is performed under the control of the second OS, and then the packet or the data therein is passed to the application of the first OS.

In the computer aggregate operation system of the present invention, a plurality of OSs are installed in each of the computers constituting the aggregate, and the communication processing is performed by the second OS.
If the application processing excluding the communication processing is executed under the control of an OS other than the second OS, and the communication processing with another computer is required in association with the execution of the application processing, the application is executed. There is O
The second OS is requested to execute the communication processing via S, and the second OS is executed.
Communication with another computer is performed by the processing of S.

When a packet is transmitted by communication processing with another computer, the transmitted packet is received under the control of the second OS, and the received packet is transmitted by a legitimate communication partner. Whether there is a second O
Determined under control of S.

For example, the computer on the transmitting side which transmits the packet stores the authentication code for identifying the computer of the transmission source in the packet and transmits it, and the computer on the receiving side transmits the authentication code in the received packet. , If the packet matches the authentication code of the computer that transmitted the packet, it is determined that the packet is transmitted from a legitimate communication partner.

Alternatively, a confirmation packet for confirming the transmission of the received packet is transmitted to the transmission source computer via a network different from the network to which the reception packet is transmitted, and indicates that the packet has been transmitted. When the response is received from the transmission source computer, it may be determined that the packet is transmitted from a legitimate communication partner.

Then, when it is determined that the received packet is transmitted from a legitimate communication partner,
It is determined whether the data in the packet is valid for the application process, and if it is determined to be valid, the packet or the data in the packet is passed from the second OS to the first OS. The method of determining the validity is, for example, having a common authentication code to be embedded in a communication packet or data between the first OSs of the communication-permitted servers, and copying the authentication code information from the first OS to the memory of the second OS at startup, The second OS refers to the copy information to compare whether the same authentication code is embedded in the received packet or the data therein, and if embedded, transfers the received packet or data from the second OS to the first OS. hand over. A common authentication code may be provided for each application. In addition to using the authentication code to judge the validity, the number of data unique to the application,
The determination may be combined with the determination as to whether the attributes such as size and type match. In addition, the compressed data is decompressed once by the second OS, the existing virus authentication pattern is scanned for scans, the file is checked for viruses, etc. The check is also performed by the second OS.

When a program or script for executing a predetermined process is downloaded from another computer and executed, the program or script is executed under the control of the second OS, and the execution result is the second result.
Pass from OS to first OS. Here, when an unauthorized process such as a virus infection is detected by the execution of the program or script, the process of passing the execution result to the first OS is stopped.

As described above, according to the present invention, the packet transmitted from another computer is received under the control of the second OS,
After determining whether the received packet is transmitted from a legitimate communication partner by the authentication code or the confirmation packet under the control of the second OS, the packet is transmitted from the legitimate communication partner. Since the packet is processed only when it is determined, it is possible to prevent unauthorized connection from other computers.

Further, according to the present invention, since the packet having the authentication code which is shared by the communicable first OSs or the data in the packets is passed to the first OS, there is a possibility of causing illegal processing such as virus infection. It is possible to filter certain data.

Further, according to the present invention, when data which is compressed and cannot be checked for viruses as it is is received, decompression processing is executed under the control of the second OS to perform virus checking, and predetermined processing is also performed. When the program or script to be executed is downloaded from another computer and executed, the result of executing the program or script under the control of the second OS is passed to the first OS, and the execution causes illegal processing such as virus infection. If the execution result is detected, the process of passing the execution result to the first OS is stopped. Therefore, even if the execution of a program or script downloaded from another computer causes a damage such as a virus infection, the damage is caused to the second OS. Keeps the application processing under control of the first OS Bets are possible.

As described above, according to the computer aggregate operation system of the present invention, application processing is performed by the first OS.
Under the control of the other computer, communication processing with other computers, determination of whether the packet is transmitted from a legitimate communication partner, and that packet or the data in the packet is legitimate content for the application processing. Second judgment
Since the packet or the data in the packet is passed to the application of the first OS after being performed under the control of the OS, it is possible to prevent access from an unauthorized computer and provide a highly reliable aggregate system.

[0020]

BEST MODE FOR CARRYING OUT THE INVENTION A computer aggregate operation system of one embodiment for managing the operation of a computer aggregate in which a plurality of computers are connected by a network and exchange data mutually will be described below.

FIG. 1 is a diagram showing a schematic configuration of a server that constitutes the computer aggregate of this embodiment. As shown in FIG. 1, the server according to the present exemplary embodiment includes an application processing unit 1
01, a network processing unit 102, and a filter processing unit 103.

The application processing unit 101 has a first
This is a processing unit that requests the second OS to execute the communication process via the first OS and the multi-OS configuration unit when the communication process with another server is required in the application process being executed under the control of S.

The network processing unit 102 receives a packet transmitted from another server under the control of the second OS,
It is a processing unit that determines whether or not the received packet is transmitted from an authorized communication partner under the control of the second OS.

When the filter processing unit 103 determines that the received packet is transmitted from a legitimate communication partner, whether the data in the packet is legitimate for the application processing. Judge,
This is a processing unit that transfers the packet or the data in the packet from the second OS to the first OS via the multi-OS configuration unit when it is determined to be valid.

The server is the application processing unit 101,
The program for functioning as the network processing unit 102 and the filter processing unit 103 is recorded on a recording medium such as a CD-ROM and stored in a magnetic disk or the like, and then loaded into a memory and executed. The recording medium for recording the program may be a recording medium other than the CD-ROM. Further, the program may be installed in the information processing apparatus from the recording medium and used.
The program may be used by accessing the recording medium through a network.

As shown in FIG. 1, the server of this embodiment comprises a first OS for controlling application processing and a second OS for controlling communication with the outside. The first OS and the second OS are
The hardware resources of the server are divided and used under the control of the multi-OS configuration unit. In the present embodiment, the application process is executed under the control of the first OS, and the communication process is executed under the control of the second OS. However, when the communication process is not executed, another application process is controlled by the second OS. It may be executed below.

FIG. 2 is a diagram showing a schematic configuration of the computer aggregate operation system of this embodiment. FIG. 2 shows a configuration in which each server of a plurality of servers forming the aggregate is connected to one network to operate the computer aggregate.

The computer aggregate operation system of FIG. 2 performs the following processing. (1) When data is transmitted from the server 202 to the server 201, the received data is multi-O in the server 201.
It is hooked at the S component and passed to the second OS. (2) In the second OS, the packet validity is checked by the received packet management function in the network processing unit 102. (3) If the packet is a valid packet from a valid server, the second OS passes the packet (or data extracted from the packet) to the first OS using inter-OS communication of the multi-OS component. (4) The first OS receives the data and processes it. (5) When sending a reply from the first OS, the information of the other party to send and the data is passed to the second OS using the inter-OS communication of the multi-OS component, and the second OS creates a packet from the received information and Send to server. (6) The network processing unit 102 discards a packet received from another server that is determined to be an invalid packet (or a packet from an unauthorized server), and thereafter stops accepting communication from that server. Furthermore, it sends a warning to the server that sent the illegal packet to other servers and the administrator of the aggregate.

As described above, the network processing unit 102 is
It has the authentication code management information of the server in the collection that permits communication, and further has the authentication code creation function, and checks the validity of the packet by using these information / functions. Here, as the authentication code of each server, the one created by the authentication code creating function using the MAC address or the like of the server is used.

Further, the network processing unit 102 causes an event to occur at an arbitrary interval, selects an arbitrary authentication code creation algorithm when the event occurs, and thereafter creates an authentication code by the newly selected algorithm. To do. Then, an identifier for identifying the selected algorithm is sent to the server that permits communication. The next event occurrence time shall be reset by the value obtained by a random number.

FIG. 3 is a flowchart showing the processing procedure of the application processing of this embodiment. As shown in FIG. 3, the application processing unit 101 of the server is the first OS.
When communication processing with another server is required for application processing being executed under control of 1., processing for requesting execution of communication processing to the second OS via the first OS and the multi-OS configuration unit is performed.

In step 301, the application processing unit 101 of the server accepts an operation instruction input from the operator according to the processing content of the application processing. Here, the input of the operation instruction may be accepted from a file or a memory area stored in advance.

In step 302, it is checked whether or not the content of the received operation instruction involves communication processing with another server, and if it involves communication processing with another server, go to step 303. If not, go to step 305.

In step 303, the first OS is requested to execute the communication process in the received instruction content. The first OS of the server requests the second OS to execute communication processing via the multi-OS configuration unit, and the second OS is the network processing unit 10.
2 performs communication processing with another server. Then, in step 304, the application processing unit 101 receives the data transmitted from the other server from the second OS via the first OS and the multi-OS configuration unit.

At step 305, application processing is executed according to the content of the operation instruction accepted at step 301. At that time, if the process involves communication with another server, the process is performed using the data received in step 304.

In step 306, it is checked whether or not an end instruction of the application processing has been received. If the end instruction has not been received yet, the process returns to step 301 to continue the processing, and if the end instruction has been received, the application is terminated. The process ends.

FIG. 4 is a flow chart showing the processing procedure of data transmission processing to another server of this embodiment. Figure 4
As shown in FIG.
When a communication processing execution request is received from the application processing unit 101 via the OS, the multi-OS configuration unit, and the second OS, an authentication code is created using the MAC address of the transmission source, etc., and data is communicated with the created authentication code. Performs the process of sending to the other server.

In step 401, the network processing unit 102 of the server uses the first OS, the multi-OS configuration unit, and the second OS.
It is checked whether or not a communication process execution request is received from the application processing unit 101 via S, and if a communication process execution request is received, the process proceeds to step 402.

In step 402, the production code identifier associated with the MAC address of the server is read out by referring to the authentication code management information, and then the authentication code is produced according to the processing procedure identified by the production procedure identifier.

FIG. 5 is a diagram showing an example of the authentication code management information of this embodiment. As shown in FIG. 5, the authentication code management information is created to identify the MAC address that is the authentication identifier of each server that constitutes the aggregate and the algorithm for creating the authentication code using the MAC address. The procedure identifier is stored.

In the processing procedure identified by the creation procedure identifier, the authentication code is created using the information unique to the server, such as the MAC address, and the creation procedure identification is performed at an event that occurs at an arbitrary interval. By changing the above, any authentication code creation algorithm that is shared by computers that have permitted mutual communication is selected.

In step 403, the network processing unit 102 of the server creates a packet in which the created authentication code is added to the transmission data to the other server, which is received from the application processing unit 101 together with the communication processing execution request. At that time, a common authentication code defined between the first OSs of the servers permitted to communicate is embedded in the transmission data.

FIG. 6 is a diagram showing the structure of a packet of this embodiment. As shown in FIG. 6, the packet of this embodiment includes
The authentication code for identifying the transmission source of the packet is stored. Here, the transmission data may be encrypted using information unique to the server, such as the MAC address of the transmission source server or the authentication code. Also, a code different for each application may be used as the common authentication code.

In step 404, the network processing unit 102 of the server accesses the LAN board via the second OS and the multi-OS configuration unit, and transmits the packet created in step 403 to the destination server.

FIG. 7 is a flow chart showing a processing procedure of data reception processing from another server of this embodiment. As shown in FIG. 7, when a packet is transmitted from another server, the network processing unit 102 of the server receives the transmitted packet under the control of the second OS, and the received packet is transmitted from a legitimate communication partner. A process of determining whether or not it has been performed is performed under the control of the second OS.

In step 701, the network processing unit 102 of the destination server checks whether a packet is received from another server, and if a packet is received from another server, the process proceeds to step 702.

In step 702, the authentication code management information is referred to, and the M of the server that is the sender of the received packet is referred to.
After reading the creation procedure identifier associated with the AC address, the authentication code of the transmission source server is created according to the processing procedure identified by the creation procedure identifier.

In step 703, the authentication code in the received packet is compared with the created authentication code of the transmission source server, and the authentication code in the received packet is compared with the created authentication code of the transmission source server. It is checked whether they match, and if they match, it is determined that the packet is transmitted from a legitimate communication partner, and the process proceeds to step 704.

In step 704, the data in the received packet is read to create received data, and then the filtering process is performed, and the process returns to step 701. Here, if the received data is created by multiple packets,
The filtering process is performed after receiving the plurality of packets and creating the reception data.

On the other hand, as a result of comparison in step 703, if the authentication code in the received packet does not match the authentication code of the created transmission source server, the packet is transmitted from an unauthorized communication partner. It is determined that the item is one, and the process proceeds to step 705. In step 705,
Notification information indicating that a packet has been received from an unauthorized communication partner is created, and the notification is sent to the other servers constituting the aggregate and the terminal device of the administrator, and then the process returns to step 701.

FIG. 8 is a flow chart showing the processing procedure of the filter processing of this embodiment. As shown in FIG. 8, when the filter processing unit 103 of the server determines that the received packet is transmitted from a valid communication partner, the data in the packet is valid for the application processing. If the content is correct, the packet or data therein is passed from the second OS to the first OS via the multi-OS configuration unit.

In step 801, the filter processing unit 103 of the server determines whether or not the data received by the network processing unit 102 is compressed. If it is compressed, the process proceeds to step 802. If it is not compressed, the process proceeds to step 80.
Go to 3.

In step 802, a process of decompressing the compressed data is performed, and the result is stored in a predetermined file.

In step 803, an authentication code common to the communicable computers existing in the memory of the second OS or an authentication code specific to the target application common to the communicable computers and the data specific to the data receivable by the target application are specified. Read attribute information. The data-specific attributes include, for example, the number of data, size,
Types and combinations thereof.

In step 804, it is determined whether the common authentication data is embedded in the received data or the decompressed data, and whether the attribute of the data matches the attribute peculiar to the application. If the authentication code and the attribute match, step 80
5, the process proceeds to step 811 if they do not match.

In step 805, a virus infection check is performed on the decompressed data file or the received uncompressed data file. In step 806, after the virus check, it is confirmed whether the data is not infected. If it is not infected, the process proceeds to step 807, and if it is infected, step 8 is performed.
Proceed to 11.

In step 807, it is checked whether or not the received data includes a program or script for executing a predetermined process. If it is included, the process proceeds to step 808, and if it is not included. Go to step 810.

In step 808, the processing of the program or script in the received data is executed under the control of the second OS, and the execution result is output to a predetermined file.

In step 809, after the program or script is executed, the first
When unauthorized processing is not detected by checking whether unauthorized processing such as access to the OS area, execution of communication processing other than requests via the first OS and the multi-OS configuration unit, behavior infected with a virus, etc. is detected In step 810, if fraud is detected, the process proceeds to step 811.

In step 810, since the received data is valid data, the received data or the execution result data is passed to the first OS via the second OS and the multi-OS configuration unit.

On the other hand, in step 811, upon detection of data including a virus, data from an unauthorized server, etc., the process of transferring the received data to the first OS is stopped, and a message indicating that the transfer process is stopped is displayed. The first OS is notified via the 2OS and the multi-OS configuration unit, and at the same time, the computer and the administrator who are permitted to communicate are notified of the illegal packet and information regarding the originating computer.

As described above, in the computer aggregate operation system of this embodiment, application processing other than communication with other servers is executed under the control of the first OS, communication processing with other servers, and a valid communication partner. After determining whether the packet or the data therein is a valid content for the application processing under the control of the second OS. Data is passed to the first OS application, so access from unauthorized servers is prevented,
It is possible to provide a highly reliable aggregate system by protecting the application processing on the first OS side from illegal data such as viruses.

That is, in the present embodiment, the packet transmitted from the legitimate communication partner is not recognized by the combination of the IP address and the MAC address, but the authentication code created from the information unique to the server. Therefore, it is possible to prevent the communication from the server in which the OS is falsified so as to forge the address of the communication packet.

Further, in this embodiment, since the gateway device connecting the internal network and the external network does not authenticate, the server that received the packet determines whether the packet is a valid packet. Not only illegal packets but also illegal packets due to spoofing in the internal network can be prevented.

Further, in this embodiment, since the legitimacy of the data is confirmed under the control of the second OS and the data is passed to the first OS, illegal data such as a virus is mixed in the packet transmitted from the legitimate communication partner. Even if this is the first of the incorrect data
It is possible to prevent diffusion to the OS side.

Further, in this embodiment, the first OS and the second OS are
Since and are separated by the multi-OS configuration unit and operate independently of each other, when the second OS is infected with an unknown virus that is difficult for the second OS to detect and the second OS itself terminates abnormally when the program or script is executed. However, the processing of the first OS can be continued, and the application processing other than the communication processing can be continued.

In the above processing, the illegal packet is determined by the authentication code in the received packet. However, in the computer aggregate operation system of this embodiment, when the packet is received from another server, the received packet is received. It is also possible to transmit a confirmation packet for confirming the transmission of the above to the server of the transmission source to judge the illegal packet.

FIG. 9 is a flow chart showing the processing procedure of the reception processing when the communication partner is determined by the confirmation packet at the time of reception of this embodiment. As shown in FIG. 9, when the confirmation packet at the time of reception is used in the present embodiment, the network processing unit 102 transmits a confirmation packet for confirming the transmission of the received packet to the transmission source server, and the packet is transmitted. When a response indicating that the packet has been transmitted is received from the transmission source server, it is determined that the packet has been transmitted from a legitimate communication partner.

In step 901, the network processing unit 102 of the server checks whether a packet is received from another server, and if a packet is received from another server, the process proceeds to step 902.

At step 902, a confirmation packet containing information such as the reception date and time and size of the received packet is created and transmitted to the server which is the sender of the received packet.
In the server that is the sender of the confirmation packet, the reception packet is transmitted from the server by comparing the transmission date and time and the size of the confirmation packet in the communication history held by the server. Is transmitted, a response packet indicating the result is transmitted, and the server transmitting the confirmation packet receives the response packet.

In step 903, it is checked whether or not the response packet to the confirmation packet includes a response indicating that the server that is the source of the received packet has transmitted, and it is indicated that the received packet has been transmitted. If the response is included, it is determined that the received packet is transmitted from a legitimate communication partner, and the process proceeds to step 904. In step 904, after the data in the received packet is read to create received data,
Filter processing is performed, and the process returns to step 901.

On the other hand, as a result of the comparison in step 903, when the response packet to the confirmation packet does not include a response indicating that the reception source packet has transmitted the received packet, or the response packet to the confirmation packet Is not received within a predetermined time, it is determined that the received packet is transmitted from an unauthorized communication partner, and the process proceeds to step 905. In step 905, notification information indicating that a packet has been received from an unauthorized communication partner is created, and the notification is sent to the other servers constituting the aggregate and the terminal device of the administrator, and then the process returns to step 901.

As described above, in the computer aggregate operation system of this embodiment, when a packet is received from another server, a confirmation packet for confirming the transmission of the received packet is transmitted to the transmission source server. Since the unauthorized packet is determined by the above, it is possible to detect the access from the unauthorized server that does not support the protocol that responds to the confirmation packet.

Further, in the computer aggregate operation system of this embodiment, connection information indicating the connection state of each server forming the aggregate to the network is created in advance, and the unauthorized packet is determined using this connection information. It may be done.

FIG. 10 is a flow chart showing the processing procedure of the connection information collection processing of this embodiment. As shown in FIG. 10, the network processing unit 102 transmits a confirmation packet for confirming the connection status to the network to each server, and performs a process of creating in advance connection information indicating a server connected to the network.

In step 1001, the network processing unit 102 of the server initializes the connection information indicating the server that is connected to the network, and then refers to the configuration information indicating the servers forming the aggregate to obtain the MAC address of each server. read out.

In step 1002, a confirmation packet for confirming the connection status to the network is created and transmitted to the server having the read MAC address. The server receiving the confirmation packet transmits a response packet indicating that the server itself is connected to the network, and the server transmitting the confirmation packet receives the response packet.

In step 1003, it is checked whether or not the response packet to the confirmation packet includes a response indicating that the server is connected to the network, and a response indicating that the server is connected is included. If so, the process proceeds to step 1004, and in step 1004, the MAC address of the server that has transmitted the response packet is added to the connection information.

On the other hand, as a result of checking in step 1003, if the response packet to the confirmation packet does not include a correct response, or if the response packet to the confirmation packet is not received within the predetermined time, the server It is determined that the device is not connected to the network, and the process proceeds to step 1005.

In step 1005, it is checked whether or not the confirmation packet has been transmitted to all the servers that form the aggregate. If there is a server for which the confirmation packet has not been transmitted yet, the process returns to step 1001 and the confirmation packet is transmitted. Continue sending.

In the above description, the confirmation packet is individually transmitted to each server, but the confirmation packet may be simultaneously transmitted to a plurality of servers by broadcasting.

FIG. 11 is a flow chart showing the processing procedure of the reception processing when the communication partner is determined using the connection information collected in advance in this embodiment. As shown in FIG. 11, when the transmission source of the received packet is the server indicated in the connection information, the network processing unit 102 determines that the packet is transmitted from a legitimate communication partner. Perform processing.

In step 1101, the network processing unit 102 of the server checks whether a packet is received from another server, and if a packet is received from another server, the process proceeds to step 1102. Step 110
In 2, the MAC address of the server that is the transmission source of the received packet is searched by referring to the connection information collected in advance.

At step 1103, as a result of the search,
It is checked whether the MAC address of the transmission source server of the received packet is included in the connection information, and if the MAC address of the transmission source server is included in the connection information, the received packet Is determined to have been transmitted from an authorized communication partner, and step 1104
Go to. In step 1104, the data in the received packet is read to create received data, and then the filter process is performed, and the process returns to step 1101.

On the other hand, as a result of checking the search result in step 1103, the MA of the server that is the transmission source of the received packet is detected.
If the C address is not included in the connection information, it is determined that the received packet is transmitted from an unauthorized communication partner, and the process proceeds to step 1105. In step 1105, notification information indicating that a packet has been received from an unauthorized communication partner is created, and the notification is sent to the other servers constituting the aggregate and the terminal device of the administrator, and then the process returns to step 1101.

As described above, in the computer aggregate operation system according to this embodiment, connection information indicating the connection state of each server constituting the aggregate to the network is created in advance, and the unauthorized packet is used using this connection information. Since the determination is made, it is possible to detect access from an unauthorized server that impersonates a legitimate server that is not connected, such as a server that is stopped due to maintenance.

In the above processing, the confirmation packet is transmitted when the packet is received from another server, or the confirmation packet is transmitted in advance to collect the connection information. Then, each server may be connected to two or more networks to form an aggregate, and the confirmation packet may be transmitted and received via a network different from the network on which normal data packets are transmitted and received.

FIG. 12 is a diagram showing a schematic configuration of a server using the two networks of this embodiment. The server of FIG. 12 is provided with two LAN boards, and the network processing unit 102 transmits the confirmation packet via a network different from the network for transmitting and receiving normal data packets.

FIG. 13 is a diagram showing a schematic configuration of a computer aggregate operation system using two networks of this embodiment. FIG. 13 shows a configuration in which each server of a plurality of servers forming the aggregate is connected to two networks to operate the computer aggregate.

The computer aggregate operation system of FIG. 13 performs the same processing as that shown in FIG. 2 in (1) to (6), but performs the following processing when transmitting the confirmation packet. . (7) In order to confirm the validity of the received packet, the second LAN also managed by the second OS is used. (8) The network processing unit 102 reads the MAC address from the received packet and sends it to the server 202 that is the transmission source.
Is obtained and the MAC address of the server 202 in the second LAN is obtained, and then a confirmation packet is sent to the server 202 using the MAC address and the second LAN. Second L here
The MAC address of each server in the AN is assumed to be stored in advance in the configuration information of the aggregate. (9) When the network processing unit 102 of the server 202 receives the confirmation packet from the second LAN, it compares the transmission history with the content and returns the result using the second LAN. (10) The network processing unit 102 of the server 201 receives the reply from the second LAN, and if it is confirmed that the reply is valid, performs the process of passing the data in the received packet to the first OS, and states that it is invalid. When a reply is received, the illegal packet is discarded and a warning is sent.

The network processing unit 102 of each server
It has the authentication code management information of the server in the collection that permits communication, and further has the authentication code creation function, and checks the validity of the packet using these information and means. Here, as the authentication code of each server, the one created by the authentication code creating function using the two (or more) MAC addresses of the server is used.

As described above, in the computer aggregate operation system of this embodiment, each server is connected by two networks to form an aggregate, and the aggregate data is transmitted via a network different from the network for transmitting and receiving normal data packets. Since the confirmation packet is transmitted and received, it is possible to prevent an unauthorized server from illegally responding to the confirmation packet by keeping the network for the confirmation packet private.

In the above example, the case where a plurality of servers form an aggregate has been described, but in the computer aggregate operation system of this embodiment, an aggregate including a computer other than a server such as NAS is formed. Good as a thing.

FIG. 14 is a diagram showing a schematic structure of the NAS constituting the computer aggregate of this embodiment. As shown in FIG. 14, the NAS of this embodiment includes a first OS that controls application processing and a second OS that controls communication with the outside, and a storage device controlled by the first OS.

FIG. 15 is a diagram showing a schematic configuration of a computer aggregate operation system including the NAS of this embodiment.
FIG. 15 shows a configuration in which a NAS and a plurality of servers are connected to a network to form a computer aggregate. In this computer aggregate operating system, the same processing as that shown in FIG. 13 is performed.

Further, in the computer aggregate operating system of this embodiment, computers equipped with a plurality of OSs of three or more may be used, and these computers may constitute an aggregate.

FIG. 16 is a diagram showing a schematic configuration of a multi-OS server having three or more OSs according to this embodiment. The server of FIG. 16 includes a first OS to a (n-1) th OS that controls application processing, and an nth OS that controls communication with the outside.

FIG. 17 shows three or more multi-O's according to this embodiment.
It is a figure showing a schematic structure of a computer aggregate operation system at the time of S composition. FIG. 17 shows a configuration in which three or more servers having a multi-OS configuration are connected to a network to form a computer aggregate.

The computer aggregate operation system of FIG. 17 performs the following processing in the same manner as that shown in FIG. (1) In the server 201, the received data is a multi-OS
The component is hooked and passed to the n-th OS. (2) In the nth OS, the packet validity is checked by the received packet management function in the network processing unit 102. (3) If the packet is a legitimate packet from a legitimate server, the n-th OS uses the inter-OS communication of the multi-OS component to send the packet (or data extracted from the packet) to the corresponding OS (first OS to first ( n-1) Hand over to OS). (4) The corresponding OS receives the data and processes it. (5) When making a reply from the corresponding OS, the information of the partner and the data to be sent is passed to the n-th OS using the inter-OS communication of the multi-OS component, and the n-th OS creates a packet from the received information, Send to the target server. (6) The network processing unit 102 of the n-th OS discards packets that are determined to be invalid packets (or packets from unauthorized servers) among packets received from other servers, and thereafter accepts communication from that server. To stop. Further, the server sends a warning to the server that sent the illegal packet to other servers and the administrator of the aggregate. (7) As a method for confirming the legitimacy of a packet,
Use the second LAN managed by the OS. (8) The network processing unit 102 obtains the MAC address of the server 202, which is the transmission source of the packet, and then performs the second L
A confirmation packet is sent to the server 202 using the AN. (9) When the network processing unit 102 of the server 202 receives the confirmation packet from the second LAN, it compares the transmission history with the content and returns the result using the second LAN. (10) The network processing unit 102 of the server 201
If a reply is received from the second LAN and it is confirmed that the packet is valid, a process of passing the data in the received packet to the OS is performed. Send it.

As described above, according to the computer aggregate operating system of the present embodiment, application processing is executed under the control of the first OS, communication processing with other computers, and packets transmitted from legitimate communication partners. And determining that the packet or the data therein is a valid content for the application processing, under the control of the second OS, the packet or the data therein is determined by the first OS. Since it is passed to the application, it is possible to prevent access from an unauthorized computer and provide a highly reliable aggregate system.

[0101]

According to the present invention, the application processing is executed under the control of the first OS, the communication processing with another computer, the judgment as to whether the packet is transmitted from a legitimate communication partner, and the packet or the packet Data is passed to the application of the first OS after it is judged that the data is valid for the application processing, under the control of the second OS, the packet or the data in the packet is passed to the application of the first OS. It is possible to prevent and provide a reliable aggregate system.

[Brief description of drawings]

FIG. 1 is a diagram showing a schematic configuration of a server that constitutes a computer aggregate of the present embodiment.

FIG. 2 is a diagram showing a schematic configuration of a computer aggregate operation system of the present embodiment.

FIG. 3 is a flowchart showing a processing procedure of application processing of the present embodiment.

FIG. 4 is a flowchart showing a processing procedure of data transmission processing to another server of the present embodiment.

FIG. 5 is a diagram showing an example of authentication code management information of the present embodiment.

FIG. 6 is a diagram showing the structure of a packet of this embodiment.

FIG. 7 is a flowchart showing a processing procedure of data reception processing from another server of the present embodiment.

FIG. 8 is a flowchart showing a processing procedure of filter processing according to the present embodiment.

FIG. 9 is a flowchart showing a processing procedure of a reception process in the case of determining a communication partner with a confirmation packet at the time of reception of the present embodiment.

FIG. 10 is a flowchart showing a processing procedure of connection information collection processing of the present embodiment.

FIG. 11 is a flowchart showing a processing procedure of a reception processing when determining a communication partner using the connection information collected in advance according to the present embodiment.

FIG. 12 is a diagram showing a schematic configuration of a server using two networks according to the present embodiment.

FIG. 13 is a diagram showing a schematic configuration of a computer aggregate operation system using two networks of this embodiment.

FIG. 14 is a diagram showing a schematic configuration of a NAS configuring a computer aggregate of the present embodiment.

FIG. 15 is a diagram showing a schematic configuration of a computer aggregate operation system including the NAS of the present embodiment.

FIG. 16 is a diagram showing a schematic configuration of a multi-OS server having three or more OSs according to the present embodiment.

FIG. 17 is a diagram showing a schematic configuration of a computer aggregate operation system in a configuration of three or more multi-OS according to the present embodiment.

[Explanation of symbols]

101 ... Application processing unit, 102 ... Network processing unit, 103 ... Filter processing unit, 201 and 202
…server.

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI Theme Coat (reference) H04L 12/28 200 H04L 9/00 673Z (72) Inventor Masahide Sato 1099 Ozenzenji, Aso-ku, Kawasaki City, Kanagawa Prefecture In-house company Hitachi Systems Development Laboratory (72) Inventor Shinji Kimura 1099, Ozenji, Aso-ku, Kawasaki City, Kanagawa Stock Company Hitachi Systems Development Laboratory F-term (reference) 5B085 AE00 AE04 5B098 AA10 GC16 5J104 AA02 AA08 PA07 5K030 GA15 LE01 5K033 AA08

Claims (15)

[Claims] 1. A computer aggregate operating method for managing the operation of a computer aggregate in which a plurality of computers are connected via a network to exchange data with each other, wherein another computer is operated by an application process being executed under the control of the first OS. First when communication processing with
The step of requesting the second OS to execute the communication processing via the OS, and the step of receiving a packet transmitted from another computer under the control of the second OS and transmitting the received packet from a legitimate communication partner. If it is determined that the received packet is transmitted from a legitimate communication partner, the data in the packet is compared with the application process. A method for operating a computer aggregate, comprising the steps of: judging whether the contents are legal, and if judged to be legal, passing the packet or the data therein to the second OS from the second OS. 2. If the authentication code in the received packet matches the authentication code of the computer that sent the packet, it is determined that the packet is sent from a legitimate communication partner. The method for operating a computer aggregate according to claim 1, wherein: 3. When a confirmation packet for confirming the transmission of the received packet is transmitted to the computer of the transmission source, and a response indicating that the packet has been transmitted is received from the computer of the transmission source, The computer aggregate operating method according to claim 1 or 2, wherein it is determined that the packet is transmitted from an authorized communication partner. 4. A confirmation packet for confirming the connection status to the network is transmitted to each computer, connection information indicating a computer connected to the network is created in advance, and the transmission source of the received packet is 3. The computer according to claim 1, wherein the packet is determined to be transmitted from a legitimate communication partner when the computer is the computer indicated in the connection information. Computer aggregate operation method. 5. The computer aggregate operation according to claim 3, wherein the confirmation packet is transmitted via a network different from a network to which the received packet is transmitted. Method. 6. When the content of the received packet is a program or script for executing a predetermined process, the process is executed under the control of the second OS, and the execution result is passed to the first OS. The computer aggregate operating method according to any one of claims 1 to 5. 7. The computer aggregate operating method according to claim 6, further comprising: stopping the process of passing the execution result to the first OS when an unauthorized process is detected by the execution of the process. 8. A computer aggregate operation system for managing the operation of a computer aggregate for connecting a plurality of computers via a network and exchanging data with each other, wherein another computer is operated by an application process being executed under the control of the first OS. First when communication processing with
An application processing unit that requests the second OS to execute communication processing via the OS, and a packet transmitted from another computer is received under the control of the second OS, and the received packet is transmitted from a legitimate communication partner. A network processing unit that determines whether the received packet is under the control of the second OS; and when it is determined that the received packet is transmitted from a legitimate communication partner, the data in the packet is the application. A computer comprising: a filter processing unit that determines whether the contents are valid for the processing, and if it is determined that the contents are correct, the packet or the data in the packet is passed from the second OS to the first OS. Aggregate operation system. 9. The network processing unit, if the authentication code in the received packet matches the authentication code of the computer that sent the packet, the packet was sent from a legitimate communication partner. 9. The computer aggregate operation system according to claim 8, wherein the computer aggregate operation system is determined as follows. 10. The network processing unit transmits a confirmation packet for confirming the transmission of the received packet to the computer of the transmission source, and a response indicating that the packet has been transmitted from the computer of the transmission source. The computer aggregate operating system according to claim 8 or 9, wherein when received, the packet is determined to be transmitted from a legitimate communication partner. 11. The network processing unit transmits a confirmation packet for confirming a connection status to the network to each computer, creates connection information indicating a computer connected to the network in advance, and receives the reception information. 9. The method according to claim 8, wherein when the transmission source of the packet is the computer indicated in the connection information, the packet is determined to be transmitted from a legitimate communication partner. Item 10. A computer aggregate operation system according to any one of items 9. 12. The network processing unit transmits the confirmation packet via a network different from the network to which the received packet is transmitted, according to claim 10 or 11. The computer aggregate operation system described in 1. 13. The filter processing unit, when the content of the received packet is a program or a script for executing a predetermined process, executes the process under the control of the second OS and displays the execution result. The computer aggregate operation system according to any one of claims 8 to 12, which is to be passed to the first OS. 14. The filter processing unit stops the transfer processing of the execution result to the first OS when an unauthorized processing is detected by the execution of the processing. Described computer aggregate operation system. 15. A program for causing a computer to function as a computer-aggregate operating system that manages the operation of a computer-aggregate in which a plurality of computers are connected to each other via a network to exchange data with each other, and is executed under the control of a first OS. First when communication processing with another computer is required for application processing in
An application processing unit that requests the second OS to execute communication processing via the OS, and a packet transmitted from another computer is received under the control of the second OS, and the received packet is transmitted from a legitimate communication partner. A network processing unit that determines whether the received packet is under the control of the second OS; and when it is determined that the received packet is transmitted from a legitimate communication partner, the data in the packet is the application. It is characterized in that the computer is made to function as a filter processing unit for judging whether the contents are valid for the processing, and if it is judged that the contents are correct, the packet or the data therein is passed from the second OS to the first OS. Program to do.