JP2011076506A - System and method for providing application service - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an application service provision system allowing promotion of use of a cloud service while making a security countermeasure of in-enterprise confidential information be performed on an application provision company side. <P>SOLUTION: The application service provision system includes: an in-enterprise server connected to an in-enterprise network, processing a request from a client terminal device; an in-enterprise database server connected to the in-enterprise network, storing the confidential information inside an enterprise including information related to a user using the client terminal device; and a virtual machine operating on a server connected to the Internet. When it is decided that processing based on the confidential information is not necessary to the request from the client terminal device, the in-enterprise server requests, of the virtual machine, processing to the request from the client terminal device. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an application service providing system and an application service providing method including a virtual machine that operates on a server connected via the Internet.

  Conventionally, computer resources such as server computers and databases have been owned by companies that use them. However, the hardware and applications are complex and expensive, and a specialized department that operates computer resources is also required.

  Therefore, a service form called cloud computing (hereinafter referred to as “cloud service”) has attracted attention as a form of using new computer resources based on the Internet. An example of such a cloud service is “Elastic Compute Cloud (EC2)” provided by Amazon.

  In the cloud service, the user does not need to hold or manage the computer resource, and can use the computer resource by paying the usage fee. On the other hand, on the cloud service provider side, virtual machines are arranged for each user on one or a plurality of servers, thereby improving server utilization efficiency and scalability. Therefore, the cloud service providing company can provide computer resources to the user at a relatively low cost (see, for example, Patent Document 1).

  In this way, because cloud users do not need to introduce computer resources, the introduction and operation costs are reduced, and the scalability is also excellent. It is expected to increase.

  In particular, it is expected that usage forms such as renting virtual machines from cloud service providers and providing applications to clients will increase.

  In other words, a company that intends to provide an application to a client via the Internet (hereinafter referred to as an “application provider”) rents a virtual machine as an application platform from a cloud service provider as a cloud service user, Run the application on this virtual machine. Since the application provider does not need to own and manage the application platform, the introduction cost and the operation cost are reduced, and the cost hurdle is lowered. Therefore, the application providing company can easily provide the application service to the client.

Japanese translation of PCT publication No. 2004-503011

  Data used in the application provided by the application provider includes important information such as confidential information within the application provider and personal information of the client (that is, the client of the application service provided by the application provider) (hereinafter referred to as “ "In-house confidential information").

  However, in the above cloud service, the application provider deposits data used in the provided application with the cloud service provider. In other words, the cloud service provider is to take security measures for data used in the provided application.

  However, when not only the virtual machine of the application provider but also the virtual machine of another user is placed on the same server, the data is stolen from other users due to hacking with a defect in the server program. There is a risk. Further, since the operation of the server is left to the cloud service provider, there is a risk that unauthorized copying from the inside of the cloud service provider will cause unauthorized copying or theft of the disk. As described above, when the confidential information in the company is deposited in the cloud service provider, there is a security problem that the confidential information in the company cannot be managed on the application provider side.

  In this way, the application providing company entrusts management of confidential information in the company such as client information to the cloud service providing company, and cannot manage information leakage. For this reason, there are many cases where he / she is anxious about depositing confidential company information at a cloud service provider and hesitates to use the cloud service. As described above, the cloud service has many advantages but is not sufficiently utilized.

  The present invention has been made in view of the above-described problems, and provides an application service providing system capable of promoting the use of a cloud service while allowing the application providing side to take security measures for confidential information within a company, and An object is to provide an application service providing method.

  In order to solve the above-mentioned object, an invention according to claim 1 is an invention in which an in-house server is connected to an in-company network and processes a request from a client terminal device, and the in-company network is connected to the client terminal device. In an application service providing system comprising: an in-company database server that stores confidential information in a company including information about users to be used; and a virtual machine that operates on a server connected to the Internet, the in-company server includes: A client receiving unit that receives a request from the client terminal device; a determination unit that determines whether or not a process based on the confidential information is required for the request from the client terminal device; and If it is determined that processing based on the A first request processing unit that acquires the confidential information from a database server and performs processing on the request; and when the determination unit determines that processing based on the confidential information is not necessary, the request to the virtual machine Second request processing means for requesting processing for the processing result, processing result transmission means for transmitting the processing result obtained by the first request processing means and the processing result acquired from the virtual machine to the client terminal device that made the request; The virtual machine includes a server receiving unit that receives a request from the in-company server, a processing unit that executes a process for the request from the client terminal device, and a processing result by the processing unit to the in-company server. It was that and a processing result transmission means for transmitting.

  The invention according to claim 2 is the application service providing system according to claim 1, comprising an external database server connected to the Internet and transmitting / receiving information to / from the virtual machine, and the virtual machine The processing means determines whether or not processing based on information stored in the non-enterprise database server is necessary in response to a request from the client terminal device, and processing based on information stored in the non-enterprise database server is necessary If it is determined that the request is received, information is transmitted to and received from the database server outside the company, and the request is processed.

  The invention according to claim 3 is the application service providing system according to claim 1 or 2, wherein the information about the user includes authentication information of the user, and the processing unit of the virtual machine includes: When the authentication information of the user is acquired from the client terminal device, it is determined that processing based on the confidential information is necessary, and authentication information that matches the acquired authentication information is stored in the in-company database server Whether the client terminal device is authenticated or not is inquired of the in-company database server.

  The invention according to claim 4 is the application service providing system according to any one of claims 1 to 3, wherein the information about the user includes an ID of the user, The second request processing means transmits the ID of the user using the client terminal apparatus that has made the request to the virtual machine together with processing request information corresponding to the request, and then responds to the request from the virtual machine. When the acquired processing result is acquired together with the user ID, the client terminal device that transmits the acquired processing result is determined from the user ID, and the processing result transmission unit of the virtual machine performs processing according to the processing request information. The result is transmitted together with the user ID corresponding to the processing request information.

  Further, the invention according to claim 5 is a server connected to the corporate network for processing a request from the client terminal device, and information about a user who is connected to the corporate network and uses the client terminal device. An application service providing method in an application service providing system comprising: an in-company database server for storing confidential information in the company, and a virtual machine that operates on a server connected to the Internet, wherein the in-company server includes: Receiving a request from the client terminal device; determining whether the in-company server determines whether processing based on the confidential information is required for the request from the client terminal device; The in-company server determines whether the determination step When it is determined that processing based on confidential information is necessary, a first request processing step of acquiring the confidential information from the in-company database server and processing the request; and When it is determined that processing based on the confidential information is not necessary, a second request processing step for requesting the virtual machine to process the request, and the virtual machine accepts a request from the in-company server. A server reception step, a processing step in which the virtual machine executes processing in response to a request from the client terminal device, and a processing result transmission step in which the virtual machine transmits a processing result of the processing step to the in-company server. The in-company server receives a processing result of the processing step; Serial enterprise server, was to have a processing result transmission step of transmitting the processing result obtained by the reception step to the client terminal apparatus that has performed the request.

  According to the present invention, an application provider who is a user of a cloud service uses a virtual machine that operates on a server connected via the Internet when providing an application service, While reducing operational costs, it is possible to take security measures within the company without depositing information including confidential information within the company to the cloud service provider.

It is a figure which shows the structure of the application service provision system which concerns on one Embodiment of this invention. It is a figure which shows schematic operation | movement of an application service provision system. It is a diagram showing a configuration of a client terminal apparatus shown in FIG. It is a figure which shows the flow of a process of the client terminal device shown in FIG. It is a diagram showing a configuration of a front-end server shown in FIG. It is a figure which shows the flow of a process of the front end server shown in FIG. It is a figure which shows the structure of DB server shown in FIG. It is a figure which shows the flow of a process of DB server shown in FIG. It is a figure which shows the structure of the server system shown in FIG. It is a figure which shows the architecture on the blade server shown in FIG. It is a diagram showing a configuration of a virtual AP server shown in FIG. It is a diagram showing a configuration of a virtual DB server shown in FIG. It is a figure which shows the flow of a process of the virtual AP server shown in FIG. It is a figure which shows the flow of a process of the virtual DB server shown in FIG. It is a diagram illustrating a flow of registration process of the system of Web conferencing services. It is a figure which shows an example of the data structure of a table. Is a diagram illustrating an example of the data structure of the setting information table. It is a figure which shows the flow of the participation preparation process of the system of a web conference service. Is a diagram showing the flow of the conference processing system Web conferencing services It is a figure which shows the flow of a process of a client terminal device. It is a figure which shows the flow of the process (the 1) of a front end server. It is a figure which shows the flow of the process (the 2) of a front end server. It is a figure which shows the flow of a process of DB server. It is a figure which shows the flow of a process of a virtual AP server. It is a figure which shows the flow of a process of a virtual DB server.

[1. Overview of application service provision system]
The application service providing system of the present embodiment is an application service providing system in which an application providing company, which is a company that intends to provide an application to the client via the Internet, can provide the application service to the client using the cloud service. It is.

  As described above, in the application service provided by the application provider using the cloud service, the client using the application service is not aware of the cloud service. The client receives an application service from the application provider in the same way as a normal application service. Examples of application services include a web conference service, a database service, an e-learning service, and an image distribution service described later.

  A cloud service provider, which is a company that provides a cloud service, rents a virtual machine serving as an application platform to the application provider. The application providing company executes an application program on the virtual machine and provides an application service to the client. In the following, a client terminal device receiving application service from an application provider company is referred to as a client terminal device.

  As shown in FIG. 1, a computer system 3 on the cloud service provider side includes a router 10 connected to the Internet 2 with a LAN side input / output port, a server system 11 connected to the LAN side input / output port of the router 10, And a storage system 16.

As will be described later, the server system 11 is composed of a plurality of blade servers connected to the Internet, and can operate a large number of virtual machines on these blade servers. Here, among a large number of virtual machines, an application providing company provides application services to clients using two virtual machines. One is a virtual machine used as an application server (hereinafter referred to as “AP server”), and the other is a virtual machine used as a database server (hereinafter referred to as “DB server”). In the example shown in FIG. 1, using a virtual machine that runs first on the blade server 12 ₁ as a virtual AP server 13 _x1, it uses a virtual machine operating on the seventh blade server 12 ₇ as a virtual DB server 13 _x2 .

Further, one of the multiple storages constituting the storage system 16 is used as the storage 14 _x for which the virtual DB server 13 _x2 performs storage control. The application provider company uses this storage 14 _x as the non-enterprise database. Virtual DB server 13 _x2, in response to a request from the virtual DB server 13 _x2, to read data stored in the memory and storage 14 _x data to the storage 14 _x.

  The computer system 4 of the application provider company includes a router 20, a front-end server 21 that is an example of an in-house server, a storage 22, a DB server 23 that is an example of an in-house database server, and a management terminal device 24. These are connected by a LAN which is an in-company network of an application provider. The DB server 23 stores data in the storage 22 and reads data stored in the storage 22 in response to a request from the outside. The management terminal device 24 is a device that can add data to the storage 22 or update data via the DB server 23, and the application provider operates the management terminal device 24 to store data in the storage 22. Data can be managed by adding, deleting, and updating.

The front-end server 21 can communicate with the virtual AP server 13 _x1 via the Internet 2. Secure communication is established between the virtual AP server 13 _x1 and the network within the computer system 4 by VPN (Virtual Private Network) connection. That is, the router 20 has a VPN function, and the virtual AP server 13 _x1 stores a VPN connection program, and the virtual AP server 13 _x1 performs VPN connection with the router 20.

  The user of the client terminal device 1a, 1b, 1c,... Subscribes to the application service of the application provider, and the client terminal device 1a, 1b, 1c,. Get company application services. Note that, for convenience, the client terminal device 1 is referred to as any one of the client terminal devices 1a, 1b, 1c,...

  When a communication packet transmitted from the client terminal device 1 to the front-end server 21 is transmitted to the front-end server 21, the router 20 sends the communication packet from the client terminal device 1 to the front-end server 21. Relay. Communication packets from the front end server 21 to the client terminal device 1 are also relayed to the client terminal device 1 by the router 20. The client terminal device 1 receives the application service by transmitting and receiving communication packets corresponding to the service to be provided to and from the front-end server 21.

In the application service providing system according to the present embodiment, the front-end server 21 accessed from the client terminal device 1 communicates with the DB server 23 and the virtual AP server 13 _{x1 as} necessary to request from the client terminal device 1. The processing according to is performed.

  In addition, the DB server 23 and the storage 22 are both arranged in the corporate network of the application provider, and the storage 22 stores application information including corporate confidential information. The confidential corporate information includes important information such as personal information of the client and confidential information in the company of the application provider. Therefore, the company confidential information can be managed in the company network on the application provider company side, and the company secret information can be managed on the application provider company side without being deposited in the cloud service provider company.

  Moreover, since the front-end server 21 is arranged in the company in addition to the DB server 23, security data such as company confidential information is transmitted / received only between the company network of the application provider and the client terminal device 1.

  Accordingly, the application providing company can use the cloud service without worrying about the security measures of the cloud service providing company side by strictly performing in-house security management. Therefore, the application provider can operate the application service at a relatively low cost by using the cloud service while strictly managing security.

On the other hand, processing that does not require security management is processed by the virtual AP server 13 _x1 or the virtual DB server 13 _x2 . That is, the front-end server 21, upon receiving a request from the client terminal device 1, virtual AP server 13 in communication with _x1 to execute processing is not necessary security management in virtual AP server 13 _x1. At this time, the virtual AP server 13 _x1 performs processing by storing data in the storage 14 _x and reading data from the storage 14 _x with respect to the virtual DB server 13 _{x2 as} necessary.

Therefore, by reducing the processing load on the front-end server 21 and the DB server 23 by causing the virtual AP server 13 _x1 and the virtual DB server 13 _x2 to perform heavy processing, the scale of computer resources arranged in the company is suppressed. Can do. This can reduce in-house computer resource introduction costs and operation costs.

Moreover, the resources (CPU, memory, etc.) of the virtual AP server 13 _x1 and the virtual DB server 13 _x2 are increased or decreased according to the processing load. Therefore, in the case of a cloud service in which the service fee changes according to the amount of resource usage, the application provider can effectively suppress the usage fee of the cloud service.

  A schematic operation of the application service providing system configured as described above will be described with reference to FIG.

  As shown in FIG. 2, first, the client of the application service performs a predetermined operation for receiving the application service using the client terminal device 1. In response to this operation, the client terminal device 1 makes a request according to the operation to the front-end server 21 via the Internet 2 (step S11).

When receiving the request from the client terminal device 1, the front-end server 21 determines whether or not communication with the virtual AP server 13 _x1 is necessary (step S12). That is, the front-end server 21 determines whether or not the request from the client terminal device 1 should be processed by the virtual AP server 13 _x1 .

If it is determined in the process of step S12 that communication with the virtual AP server 13 _x1 is necessary (step S12: YES), the front-end server 21 transmits a request corresponding to the received request to the virtual AP server 13 _x1. To do. At this time, since the communication path in the Internet 2 among the communication paths between the front-end server 21 and the virtual AP server 13 _x1 is VPN-connected, the front-end server 21 is connected to the virtual AP server 13 _x1. Secure communication. Here, in order to perform secure communication between the virtual AP server 13 _x1 and the DB server 23, but so as to perform a VPN connection, using HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) protocol Secure communication may be performed.

Next, when receiving a request transmitted from the front-end server 21 via the Internet 2, the virtual AP server 13 _x1 determines whether access to the public information is necessary (step S13). Public information is information other than confidential information within a company. If it is determined that access to the public information is necessary (step S13: YES), the virtual AP server 13 _x1 makes an inquiry according to the request to the virtual DB server 13 _x2 (step S14). The virtual DB server 13 _x2 stores data in the storage 14 _x and reads data from the storage 14 _x in response to an inquiry from the virtual AP server 13 _x1 , and stores the result of the storage process or read process as a virtual AP. This is transmitted to the server 13 _x1 (step S15). The virtual AP server 13 _x1 performs processing based on the result acquired from the virtual DB server 13 _x2 (step S16), and transmits the processing result to the front-end server 21 (step S17). The virtual AP server 13 _x1 transmits the result acquired from the virtual DB server 13 _x2 as it is to the front-end server 21 as necessary.

On the other hand, when the front-end server 21 determines that communication with the virtual AP server 13 _x1 is not necessary (step S12: NO), or when the result of the requested processing is returned from the virtual AP server 13 _x1 , It is determined whether access to the confidential information is necessary (that is, processing based on the confidential information in the company is necessary) (step S18). For example, when the request from the client terminal device 1 is a registration request or connection request to the application service and includes personal information such as a client password, ID, name, address, and occupation, the confidential information in the company is accessed. Determine that it is necessary. Here, the registration request to the application service is a request made in advance by the client in order to use the application service using the client terminal device 1, and personal information such as a client password, ID, name, address, and occupation. Is a request for registering. The connection request to the application service is a request made when the client uses the application service using the client terminal device 1, and includes a client password and ID. The virtual AP server 13 _x1 authenticates the client using the client password and ID included in the connection request. In this process, if it is determined that access to confidential information within the company is necessary (step S18: YES), the front-end server 21 makes an inquiry to the DB server 23 (step S19). Next, the DB server 23 stores data in the storage 22 and reads data from the storage 22 in response to an inquiry from the front-end server 21, and displays the result of the storage process or read-out process on the front-end server 21. (Step S20).

Next, the front end server 21 performs the process of step S21. That is, when the process of step S20 is completed, the front-end server 21 performs a process based on the result acquired from the DB server 23. Further, when it is determined that access to confidential information within the company is not necessary (step S18: NO), the front-end server 21 performs processing in response to a request from the client terminal device 1. At this time, if there is a result obtained from the virtual DB server 13 _x2 via the virtual AP server 13 _x1 , the front-end server 21 performs processing based on this result. At this time, if there is a result obtained from the virtual DB server 13 _x2 via the virtual AP server 13 _x1 , processing based on this result and the result obtained from the DB server 23 is performed.

  Thereafter, the front-end server 21 transmits the result of the processing performed in step S21 to the requesting client terminal device 1 (step S22), and the client terminal device 1 receives the result transmitted from the front-end server 21 ( Step S23).

[2. Configuration and operation of each component]
Next, the configuration and operation of each element constituting the application service providing system will be described.

[2.1. Configuration and Operation of Client Terminal Device 1]
First, the configuration of the client terminal device 1 will be described. The client terminal device 1 can be a general personal computer in addition to a dedicated computer. The client terminal device 1 is owned by a client who is a user of the client terminal device 1. As illustrated in FIG. 3, the client terminal device 1 includes a control unit 101, a storage unit 102, a communication unit 103, an operation unit 104, an information acquisition unit 105, and a presentation unit 106, which are They are connected to each other via a system bus 107.

  The control unit 101 controls the entire client terminal device 1 and includes a CPU (Central Processing Unit), an internal memory, and the like. The storage unit 102 is a rewritable storage device having a storage area for storing various types of information, and is composed of, for example, a flash memory. The communication unit 103 is a communication interface for communicating with other devices via the Internet 2. The operation unit 104 is an operation unit for inputting various settings. The information acquisition unit 105 includes a camera and a microphone, outputs video information captured from the camera, and outputs audio information acquired from the microphone. The presentation unit 106 is configured by a display or a speaker including a liquid crystal display device, and reproduces video information and audio information.

  The operation of the client terminal device 1 configured as described above will be described. This process is a process executed by the control unit 101 of the client terminal device 1. As shown in FIG. 4, when a user who is a client of an application service operates the operation unit 104 to perform a predetermined operation for receiving the application service, the control unit 101 receives the operation and changes the communication unit 103. Then, a request corresponding to the operation on the operation unit 104 is made to the front-end server 21 (step S30). Thereafter, the control unit 101 receives the result transmitted from the front-end server 21 in response to the request made in step S30 via the communication unit 103, and performs display and control on the presentation unit 106 according to the result. (Step S31). Thereafter, the control unit 101 repeats the processes of steps S30 and S31.

[2.2. Configuration and operation of front-end server 21]
Next, the configuration and operation of the front end server 21 will be described. The front-end server 21 can be a general server computer. The front-end server 21 is managed by a user company. As shown in FIG. 5, the front-end server 21 includes a control unit 201, a storage unit 202, a communication unit 203, and an operation unit 204, which are connected to each other via a system bus 205.

  The control unit 201 controls the entire front end server 21. The storage unit 202 is a rewritable storage device having a storage area for storing various types of information. The communication unit 203 is connected to a LAN, which is an in-house network of an application provider company, and is a communication interface for communicating with other devices. The operation unit 204 is an operation unit for inputting various settings.

  The control unit 201 includes a CPU, an internal memory, and the like. The CPU functions as client reception means, determination means, first request processing means, second request processing means, processing result transmission means, billing means, and the like by reading and executing a program stored in the internal memory.

Next, processing in the front end server 21 will be described. This process is a process executed by the control unit 201 of the front-end server 21. As shown in FIG. 6, when receiving a request from the client terminal device 1 (step S40), the control unit 201 determines whether communication with the virtual AP server 13 _x1 is necessary (step S41). In this process, when it is determined that communication with the virtual AP server 13 _x1 is necessary (step S41: YES), the control unit 201 transmits a request corresponding to the received request to the virtual AP server 13 _x1 (step S42). ). When the result for this request is received from the virtual AP server 13 _x1 (step S43) or when it is determined that communication with the virtual AP server 13 _x1 is not necessary (step S41: NO), the control unit 201 makes public information It is determined whether or not access is necessary (step S44). When determining that there is no need to access the public information (step S44: NO), the control unit 201 shifts the process to step S47. On the other hand, if it is determined that access to the public information is necessary (step S44: YES), the control unit 201 accesses the DB server 23 (step S45) and receives the result from the DB server 23 (step S46). Thereafter, the control unit 201 generates a final processing result for the client request based on the processing result by the virtual AP server 13 _x1 or the result received from the DB server 23, and transmits the generated processing result to the client terminal device 1. (Step S47). Thereafter, the control unit 201 repeats the processing from steps S40 to S47.

Further, the front-end server 21 executes billing processing based on the usage history of the virtual AP server 13 _x1 and the virtual DB server 13 _x2 for each client terminal device 1.

[2.3. Configuration and operation of DB server 23]
Next, the configuration of the DB server 23 that is an in-company database server will be described. As the DB server 23, a general server computer can be applied. The DB server 23 is managed by the user's company. As illustrated in FIG. 7, the DB server 23 includes a control unit 301, a storage unit 302, a communication unit 303, and an operation unit 304, which are connected to each other via a system bus 305. .

  The control unit 301 controls the entire DB server 23. The storage unit 302 is a rewritable storage device having a storage area for storing various types of information. The storage unit 302 stores confidential information within the company. The communication unit 303 is a communication interface that is connected to a LAN that is a network in an application providing company and communicates with other devices. Intracompany confidential information is stored in the storage 22, and the DB server 23 reads the intracompany confidential information from the storage 22, and stores the intracompany confidential information in the storage 22.

  The control unit 301 includes a CPU, an internal memory, and the like. The CPU functions as a storage processing unit or the like by reading and executing a program stored in the internal memory.

  Next, processing in the DB server 23 will be described. This process is a process executed by the control unit 301 of the DB server 23. As illustrated in FIG. 8, when the control unit 301 receives a request from the front-end server 21 (step S50), the control unit 301 next accesses the storage 22 to the storage 22 in response to a request from the front-end server 21. The confidential information in the company is stored and the confidential information in the company is read from the storage 22 (step S51). Thereafter, the control unit 301 transmits the result of the storage process or the read process performed in step S51 to the front end server 21 (step S52). Thereafter, the control unit 301 repeats the processing from steps S50 to S52.

[2.4. Configuration and operation of virtual AP server 13 _x1 and virtual DB server 13 _x2 ]
The virtual AP server 13 _x1 and the virtual DB server 13 _x2 are virtual machines formed on the server system 11 as described above.

As shown in FIG. 9, the server system 11 includes a plurality of blade servers 12 _{1 to} 12 _n , storages 14 _{1 to} 14 _n, and a server management device 15. For the sake of convenience, the blade server 12 will be referred to when any one or all of the blade servers 12 _{1 to} 12 _n are shown. Further, when any one or all of the storages 14 _{1 to} 14 _n are shown, the storage 14 is referred to for convenience.

  Each blade server 12 includes a CPU 401, a ROM 402, a RAM 403, an input / output unit 404, a communication unit 405, and a hard disk (HDD) 406, which are connected to each other via a system bus 407. ing. The input / output unit 404 is a communication interface for transmitting / receiving data to / from the server management apparatus 15, and the communication unit 405 is a communication interface for connecting to a LAN that is an in-house network of a cloud service provider.

A plurality of virtual machines 13 _{1 to} 13 _n operate on the blade servers 12 _{1 to} 12 _n configured as described above. In addition, when showing any virtual machine or all the virtual machines among the plurality of virtual machines 13 _{1 to} 13 _n , they are referred to as virtual machines 13 for convenience.

  FIG. 10 shows the architecture on the blade server 12. As shown in the figure, in the blade server 12, the main OS operates with the base program. Then, a virtual machine program that is a program for operating the virtual machine on the main OS operates. A plurality of guest OSs can be operated on the virtual machine program. One or more application programs can be operated on each guest OS.

  The server management device 15 is a device that controls and manages each blade server 12, and manages resources (CPU 401, ROM 402, RAM 403, HDD 406, etc.) allocated to the guest OS. For example, the server management apparatus 15 can change the resource allocated to the virtual machine 13 according to the resource utilization rate by the virtual machine 13. Further, the server management device 15 can control the start and stop of execution of the application program. Furthermore, it communicates with each blade server 12 to add, delete or update the guest OS and application program.

In the present embodiment, among the virtual machines 13 operating on the blade server 12, a virtual machine operating on the blade server 12 ₁ is used as the virtual AP server 13 _x1 , and a virtual machine operating on the blade server 13 ₂ is used as the virtual DB. _Used as the server 13 _x2 (see FIG. 1).

As shown in FIG. 11, the virtual AP server 13 _x1 operating on the blade server 12 functions as a control unit 411, a storage unit 412, a communication unit 413, and the like by using resources of the blade server 12, and is used for applications. Run the program. The control unit 411 functions as a server reception unit, a processing unit, a processing result transmission unit, and the like.

Further, as illustrated in FIG. 12, the virtual DB server 13 _x2 functions as a control unit 421, a storage unit 422, a communication unit 423, and the like by using resources of the blade server 12, and executes a database server program. . The virtual DB server 13 _x2 reads data from a preset storage 14 _x among the storages 14 _{1 to} 14 _n and stores data in the storage 14 _x . This storage 14 _x stores information other than the confidential information within the company. The control unit 421 functions as a storage processing unit or the like.

Next, processing in the virtual AP server 13 _x1 will be described. This process is a process executed by the control unit 411 of the virtual AP server 13 _x1 . As shown in FIG. 13, when receiving a request from the front-end server 21 (step S60), the control unit 411 determines whether or not it is necessary to access public information (step S61). If it is determined in this process that it is not necessary to access public information (step S61: NO), the control unit 411 shifts the process to step S64. On the other hand, when determining that it is necessary to access public information (step S61: YES), the control unit 411 accesses the virtual DB server 13 _x2 (step S62). When a result transmitted from the virtual DB server 13 _x2 is received for this access (step S63), the control unit 411 performs processing according to this result as necessary, and the processing result or virtual DB server The result transmitted from 13 _{× 2 is} transmitted to the front-end server 21 (step S64). Thereafter, the control unit 411 repeats the processing from steps S60 to S64.

Next, processing in the virtual DB server 13 _x2 will be described. This process is a process executed by the control unit 421 of the virtual DB server 13 _x2 . As shown in FIG. 14, when receiving a request from the front-end server 21 or the virtual AP server 13 _x1 (step S70), the control unit 421 performs a storage operation (step S71). In this process, the control unit 421 accesses the storage 22, the front-end server 21 and the virtual AP server 13 reads the data from the memory and storage 14 _x information to the storage 14 _x in response to a request from _x1 such I do. The control unit 421 transmits the result of the storage process or the read process performed in step S71 to the virtual AP server 13 _x1 (step S72). Thereafter, the control unit 421 repeats the processes from Steps S70 to S72.

[Web conference system to which this embodiment is applied]
Next, a Web conference service system (hereinafter, “Web conference system”) using the application service providing system having the above-described configuration will be specifically described. This Web conference system is executed by operating application software on the virtual machine 13 set on the blade server 12 while using the front-end server 21 and the DB server 23 having the SIP server function in the application provider company. Is. Here, as an example, it is assumed that an application providing company rents a virtual machine that operates on the server system 11 and uses this virtual machine as an AP server and a DB server to provide a web conference service. In the following, an AP server formed by a virtual machine is referred to as a virtual AP server 13 _x1, and a DB server formed from a virtual machine is referred to as a virtual DB server 13 _x2 . The virtual DB server 13 _x2 uses the storage 14 _x as a storage unit.

  In the following description, this Web conference system enables a conference between remote locations by transmitting and receiving video information and audio information between the client terminal devices 1 via the front-end server 21. In the following, although the audio information process is omitted, it is the same process as the video information process.

  In the configuration shown in FIG. 1, when three clients A to C using the client terminal devices 1a to 1c hold a Web conference, the client terminal device 1b is provided in the presentation unit 106 of the client terminal device 1a used by the client A. And the video information acquired in 1c is presented. The video information acquired by the client terminal devices 1a and 1c is presented to the presentation unit 106 of the client terminal device 1b used by the client B. The video information acquired by the client terminal devices 1a and 1b is presented to the presentation unit 106 of the client terminal device 1c used by the client C. Further, the front-end server 21 processes and transmits video information to be transmitted to each client terminal device 1 based on the video information acquired from each client terminal device 1.

In addition, as shown in FIG. 16, the storage 22 includes a first table in which information for each client terminal device 1 is registered, and a second table in which information such as the start time and end time of a conference to be held is registered. And a third table in which information of the client terminal device 1 participating in the conference is registered. In addition, as illustrated in FIG. 17, the storage 14 _x stores a setting information table in which information regarding image information for each client terminal device 1 is registered.

  In order to conduct a Web conference, it is necessary to register conference information to be described later in the storage 22 from the client terminal device 1 of the organizer. In order to participate in the web conference, it is necessary to perform an operation for preparing for participation in each participating client terminal device 1.

In this Web conference system, the following three processes are performed.
(1) “Registration process” for registering a conference to be hosted in the DB server 23
(2) “Participation preparation process” for the procedure to participate in the conference
(3) “Conference processing” for conducting a web conference
Each process will be specifically described below.

[registration process]
First, the registration process will be described with reference to FIG. This process is executed by the client terminal device 1 of the client that hosts the conference, the front-end server 21, the DB server 23, the virtual AP server 13 _x1, and the virtual DB server 13 _x2 .

  First, the client terminal device 1 receives an input of a base ID and a password and an instruction to execute an authentication process from the conference organizer via the operation unit 104, and sends a request for an authentication process based on the received information to the front. It transmits to the end server 21 (step S81). This request includes information indicating an execution request for authentication processing, a base ID, and a password. At this time, a predetermined encryption process may be applied to the base ID and password.

  Next, when receiving a request for authentication processing, the front-end server 21 transmits an authentication processing request to the DB server 23 (step S82).

  Next, when the DB server 23 receives the authentication process request, the DB server 23 performs an authentication process (step S83). The DB server 23 performs an authentication process with reference to the first table (FIG. 16) stored in the storage 22. That is, in this authentication process, it is verified whether or not the combination of the base ID and the password included in the received authentication process request is registered in the first table of the storage 22. When the combination of the base ID and the password is registered in the first table, the DB server 23 determines that the authentication has succeeded, and otherwise determines that the authentication has failed. Note that the site ID and password stored in the storage 22 may also be encrypted in the same manner as the processing in the client terminal device 1, and in this case, they are decrypted at the time of collation.

  Here, the data structure of the first table stored in the storage 22 will be described. As shown in FIG. 16, in the first table, “location ID”, “IP address”, “password”, “person in charge name”, “phone number”, “company name” are set for each client terminal device 1. "," Service contents ", and" Mail address "are stored.

  Next, the DB server 23 transmits an authentication result to the front end server 21 that has transmitted the authentication processing request (step S84). The authentication result includes information indicating whether or not the authentication is successful, that is, information indicating authentication OK or information indicating authentication NG.

  When the front-end server 21 receives the authentication result from the DB server 23, the front-end server 21 transmits the authentication result to the client terminal device 1 that has transmitted the request accepted in step S82 (step S85).

  When the client terminal apparatus 1 receives an authentication result including information indicating authentication OK, the client terminal apparatus 1 accepts an input of conference information (hereinafter referred to as “conference information”) hosted via the operation unit 104 from the conference organizer. The conference information registration process execution process is accepted. Then, a request for conference information registration processing based on the received information is transmitted to the front-end server 21 (step S86). Here, the conference information includes a base ID (hereinafter referred to as “conference participation base ID”) of the client terminal device 1 used by a client participating in the conference, and a scheduled start time / scheduled end time of the conference. Yes. The display layout setting information (described later) on each client terminal device 1 participating in the participation is also included in this request. Also, information on the codec used for each client terminal device 1 is included in this request.

  When the front-end server 21 receives the request for the conference information registration process, the front-end server 21 generates a temporary ID (step S87). The temporary ID is an ID for associating a third table, which will be described later, with a setting information table.

Next, the front-end server 21 transmits a conference information registration request to the DB server 23 (step S88), and further transmits a conference setting information registration request to the virtual AP server 13 _x1 (step S90). The meeting information registration request includes meeting information and a temporary ID. The conference setting information registration request includes a pair of conference participation base ID and temporary ID.

  When receiving the conference information registration request from the front-end server 21, the DB server 23 performs a conference information registration process (step S89). In the conference information registration process, the conference information is registered in the second table and the third table of the storage 22 based on the received conference information registration process request. That is, the DB server 23 includes the conference scheduled start time and the scheduled end time of the conference information included in the conference information registration request, and the base ID (host base ID) of the client terminal device 1 that has requested the conference information registration process. ) Is registered in the second table in association with the newly issued conference ID. Further, the DB server 23 registers the conference participation base ID and the setting information in the third table in association with the newly issued conference ID among the conference information included in the conference information registration request.

  Here, the data structures of the second table and the third table stored in the storage 22 will be described. As shown in FIG. 16, in the second table, using the conference ID as a key, the “host base ID” indicating the client terminal device 1 of the organizer, the “scheduled start time” indicating the conference start time, and the conference end time “Scheduled end time” is stored. Further, as shown in FIG. 16, “conference participation site ID” and “temporary ID” indicating the identification number of the client terminal device 1 participating in the conference are stored in the third table using the conference ID as a key. .

Upon receiving the conference setting information registration request, the virtual AP server 13 _{x1 transfers} the conference setting information registration request to the virtual DB server 13 _x2 (step S90).

Next, when _receiving the conference setting information registration request, the virtual DB server 13 _x2 performs a conference setting information registration process (step S91). In the conference setting information registration process, based on the received conference setting information registration request, a pair of conference participation base ID and temporary ID is registered in the setting information table of the storage 14 _x .

Here, the data structure of the setting information table stored in the storage 14 _x will be described. As shown in FIG. 17, in the setting information table, “image quality ID” and “image format ID” are associated with each other using a temporary ID as a key. The “image quality ID” is defined by numbers, and the type of codec is defined in advance corresponding to each number. Further, the “image format ID” is defined by numbers, and the display layout of the presentation unit 106 of the client terminal device 1 (for example, whether or not the video information of its own client terminal device is necessary, The display position of video information of each client terminal device is defined in advance.

[Participation preparation process]
Next, the participation preparation process will be described with reference to FIG. This process is a process for notifying each client terminal device 1 held by a client participating in the web conference that the web conference is to be performed and authenticating each client terminal device 1.

  First, the front-end server 21 transmits a conference information request to the DB server 23 (step S101). The process of step S101 is repeatedly performed at predetermined time intervals.

  When receiving the conference information request, the DB server 23 refers to the first to third tables stored in the storage 22 and extracts the conference information (step S102). Specifically, the DB server 23 extracts a conference ID that starts within a predetermined time from the current time. Then, referring to the third table, the conference participation base ID is extracted using the extracted conference ID as a search key. Then, referring to the first table, an e-mail address is extracted using the extracted conference participation base ID as a search key. Then, the DB server 23 transmits the extracted information as conference information to the front end server 21 (step S103).

  When the front-end server 21 receives the conference information from the DB server 23 (step S104), the conference notification information indicating that the conference is performed to the client terminal device 1 having the conference participation base ID included in the received conference information. Is transmitted by electronic mail (step S105).

  When the client terminal device 1 receives the conference notification information transmitted from the front-end server 21 and receives the input of the base ID and password and the execution instruction of the authentication process from the client via the operation unit 104, the received information Is sent to the front-end server 21 (step S106). When the front-end server 21 receives the authentication processing request, the front-end server 21 transmits the authentication processing request to the DB server 23 (step S107).

  When the DB server 23 receives the authentication processing request from the front-end server 21, the DB server 23 performs authentication processing (step S108). This authentication process is performed with reference to the first table and the third table stored in the storage 22. That is, the DB server 23 determines whether the combination of the base ID and the password included in the authentication processing request is registered in the first table. If the combination is registered in the first table, the DB server 23 further stores the combination in the third table. It is determined whether the base ID is registered. When registered in both, the DB server 23 determines that the authentication has succeeded, and otherwise determines that the authentication has failed. When this authentication process ends, the DB server 23 obtains a temporary ID from the third table stored in the storage 22 when the authentication is successful, and transmits this temporary ID together with information indicating authentication OK (step). S109).

When the front-end server 21 receives the authentication result including the information indicating the authentication OK and the temporary ID from the DB server 23 (step S110), the front-end server 21 transmits a conference setting information request to the virtual AP server 13 _x1 (step S111). This conference setting information request includes the temporary ID acquired from the DB server 23.

Upon receiving the conference setting information request, the virtual AP server 13 _x1 transmits a conference setting information request to the virtual DB server 13 _x2 (step S112). This conference setting information request includes a temporary ID.

When receiving the conference setting information request from the virtual AP server 13 _x1 , the virtual DB server 13 _x2 refers to the setting information table stored in the storage 14 _x based on the temporary ID included in the conference setting information request, Using the temporary ID as a key, a screen quality ID and a screen format ID are extracted (step S113). Then, the virtual DB server 13 _x2 transmits the extracted screen quality ID and screen format ID as screen information to the virtual AP server 13 _x1 (step S114).

Virtual AP server 13 _x1 receives the screen information from the virtual DB server 13 _x2, stores this screen information to the client terminal apparatus storage unit 412 bases ID in association with the one that sent the authentication information in step S106 (step S115). Then, the virtual AP server 13 _x1 transmits completion information indicating that registration of the conference setting information is completed to the front-end server 21 (step S116).

When the front-end server 21 receives the completion information from the virtual AP server 13 _x1 , the front-end server 21 transmits the conference setting information registration result to the client terminal device 1 that has transmitted the authentication processing request (step S117). Note that the client terminal device 1 has a conference flag in the storage unit 102, and the flag is turned ON when the conference disclosure time comes.

[Conference processing]
Next, the conference process will be described with reference to FIG. This process is a process executed between each client terminal device 1 participating in the Web conference, the front-end server 21, and the virtual AP server 13 _x1 . In FIG. 19, for convenience of explanation, two client terminal devices, the client terminal device 1 a and the client terminal device 1 b, are shown. However, in reality, the same processing is performed for the number of client terminal devices 1 participating in the conference. Repeated throughout the meeting.

  First, the client terminal device 1a transmits the video information acquired via the information acquisition unit 105 to the front-end server 21 (step S120a). Similarly, the client terminal device 1b transmits the video information acquired via the information acquisition unit 105 to the front end server 21 (step S120b).

When receiving the video information from each client terminal device 1, the front-end server 21 transfers each video information to the virtual AP server 13 _x1 (step S121).

Next, when receiving the video information of each client terminal device 1 from the front-end server 21 (step S122), the virtual AP server 13 _x generates a video to be transmitted to each client terminal device 1 based on the received video information. (Step S123). At this time, the screen information for each client terminal device 1 stored in the storage unit 412 is referred to. Thereafter, the virtual AP server 13 _x1 transmits the generated video information to the front end server 21 (step S124).

Next, when receiving the video information from the virtual AP server 13 _x1 , the front-end server 21 transfers the received video information to each client terminal device 1 (step S125). Each of the client terminal devices 1a and 1b presents video information to the presentation unit 106 based on the received video information (steps S126a and S126b). That is, the video is displayed on the display.

  Next, specific processing for each element in the Web conference system that performs the above operation will be described.

[Processing in Client Terminal Device 1]
First, the processing in the client terminal device 1 will be specifically described with reference to FIG.

  First, the control unit 101 determines whether or not an authentication processing execution instruction has been received from the client via the operation unit 104 (step S130). In this process, if it is determined that an authentication process execution instruction has been received (step S130: YES), the control unit 101 transmits an authentication process request to the front-end server 21 (step S131). The request includes a site ID and password. Thereafter, the control unit 101 receives an authentication result from the front-end server 21 (step S132).

  On the other hand, if it is determined in step S130 that the authentication process execution instruction has not been received (step S130: NO), the control unit 101 determines whether or not the conference information registration process execution instruction has been received (step S133). In this process, if it is determined that the execution instruction for the conference information registration process has been received (step S133: YES), the control unit 101 transmits a request for the conference information registration process to the front-end server 21 based on the received input. (Step S134). Thereafter, the control unit 101 receives completion information indicating registration of conference information transmitted from the front-end server 21 in response to a request for the conference information registration process (step S135).

  On the other hand, when the control unit 101 determines in step S133 that it has not received an instruction to execute the conference information registration process (step S133: NO), the control unit 101 determines whether or not it is a conference start time ( Step S136). This determination is made based on whether the in-conference flag stored in the storage unit 102 is ON. If it is determined that it is not the meeting start time (step S136: NO), the control unit 101 shifts the process to step S130 and repeats the processes after step S130. On the other hand, if it determines with it being a meeting start time (step S136: YES), the control part 101 will transfer a process to step S137.

  In step S <b> 137, the control unit 101 transmits the video information acquired via the information acquisition unit 105 to the front end server 21. Further, the control unit 101 presents the video information acquired from the front-end server 21 to the presentation unit 106 (step S138). Thereafter, the control unit 101 determines whether or not the conference is over (step S139). This determination is made based on whether or not the in-conference flag stored in the storage unit 102 is turned off. If it is determined that the conference is not finished (step S139: NO), the control unit 101 shifts the process to step S137, and repeats the processes after step S137. On the other hand, if it determines with it being the meeting completion (step S139: YES), the control part 101 will transfer a process to step S130 and will repeat the process from step S130.

[Processing in front-end server 21 (part 1)]
Next, the process (part 1) in the front-end server 21 will be specifically described with reference to FIG. In this processing, processing corresponding to the request received from the client terminal device 1 is performed.

  First, the control unit 201 determines whether or not a request for authentication processing has been received from any of the client terminal devices 1 (step S140). If it is determined in this process that an authentication process request has been received (step S140: YES), the control unit 201 transmits an authentication request request to the DB server 23 (step S141). In response to this authentication request request, when the authentication result is received from the DB server 23 (step S142), the control unit 201 transmits the authentication result to the client terminal device 1 (step S143).

  On the other hand, if it is determined in step S141 that a request for authentication processing has not been received (step S141: NO), the control unit 201 determines whether a request for conference information registration processing has been received (step S144). If it determines with having received the request | requirement of a meeting information registration process (S144: YES), the control part 201 will produce | generate temporary ID in step S145.

Thereafter, the control unit 201 transmits a conference information registration request to the DB server 23 (step S146), and further transmits a conference setting information registration request to the virtual AP server 13 _x1 (step S147). Thereafter, when the control unit 201 receives completion information indicating that the processing is completed from the DB server 23 and the virtual AP server 13 _x1 (step S148), the control unit 201 transmits the processing result to the client terminal device 1 ( Step S150).

On the other hand, if it is determined in step S144 that the conference information registration processing request has not been received (step S144: NO), the control unit 201 determines whether or not the video information has been received from the client terminal device 1 in step S150. judge. When determining that the video information has not been received (step S150: NO), the control unit 201 shifts the process to step S152. On the other hand, when determining that the video information has been received (step S150: YES), the control unit 201 transfers the received video information to the virtual AP server 13 _x1 (step S150).

On the other hand, in step S152, it is determined whether video information is received from the virtual AP server 13 _x1 . If it is determined that the video information has not been received (step S152: NO), the process proceeds to step S140, and the process of step S140 is repeated. On the other hand, when determining that the video information has been received (step S152: YES), the control unit 201 transfers the received video information to the client terminal device 1 (step S153).

[Processing in the front-end server 21 (part 2)]
Next, the process (part 2) in the front-end server 21 will be specifically described with reference to FIG. This process is a process for inquiring to the DB server 23 whether or not there is a conference that starts within a predetermined time from the current time, and is repeatedly executed at predetermined time intervals. Note that the above-described processing in Part 1 is executed in parallel.

  First, the control unit 201 transmits a conference information request to the DB server 23 (step S160). When receiving a response to the conference information request (step S161), the control unit 201 determines whether or not conference information is included in the received response (step S162). If there is no meeting information corresponding to the meeting information request transmitted in step S161, the received response does not include the meeting information.

  If it determines with the meeting information not being included (step SS162: NO), the control part 201 will complete | finish this process. On the other hand, if it is determined that the conference information is included (step S162: YES), the control unit 201 indicates that the conference is performed on the client terminal device 1 having the conference participation base ID included in the conference information. the notification information sent by e-mail (step S163).

[Processing in the DB server 23]
Next, the processing in the DB server 23 will be specifically described with reference to FIG.

  First, the control unit 301 of the DB server 23 determines whether an authentication processing request has been received from the front end server 21 (step S170). If it determines with having received the authentication process request (step S170: YES), the control part 301 will perform an authentication process (step S171). This authentication process is performed with reference to the first table and the third table stored in the storage 22 as described above. When this authentication process ends, the control unit 301 transmits the authentication result to the front-end server 21 (step S172).

  On the other hand, if it is determined in step S170 that an authentication processing request has not been received (step S170: NO), the control unit 301 determines whether a conference information registration request has been received (step S173). If it determines with having received the meeting information registration request (step S173: YES), the control part 301 will memorize | store meeting information in the 3rd table of the storage 22, as mentioned above (step S174). Thereafter, in step S174, the control unit 301 transmits completion information indicating that the registration of conference information has been completed to the front-end server 21 (step S175).

  On the other hand, when it is determined in step S173 that the conference information registration request has not been received (step S173: NO), the control unit 301 determines whether a conference information request has been received (step S176). If it determines with not having received the meeting information request (step S176: NO), the control part 301 will transfer a process to step S170, and will repeat the process after step S170. On the other hand, if it determines with having received the meeting information request (step S176: YES), the control part 301 will extract meeting information with reference to the 1st-3rd table memorize | stored in the storage 22, as mentioned above. (Step S177). Thereafter, the control unit 301 transmits the extracted conference information to the front end server 21 (step S178).

[Process in virtual AP server 13 _x1 ]
Next, processing in the virtual AP server 13 _x1 will be specifically described with reference to FIG.

First, the control unit 411 of the virtual AP server 13 _x1 determines whether a conference setting information registration request has been received (step S180). If it is determined that the conference setting information registration request has been received (step S180: YES), the control unit 411 transfers the received conference setting information registration request to the DB server 23 (step S181).

  On the other hand, if it is determined in step S180 that the conference setting information registration request has not been received (step S180: NO), the control unit 411 determines whether a conference setting information request has been received (step S182). If it determines with having received the meeting setting information request (step S182: YES), the control part 411 will transfer the request | requirement of meeting setting acquisition to the DB server 23 based on the received meeting setting information request (step S183).

  If it is determined in step S182 that the conference setting information request has not been received (step S182: NO), the control unit 411 determines whether screen information has been received (step S184). If it is determined that the screen information has been received (step S184: YES), the control unit 411 stores the received screen information in the storage unit 412 (step S185). Thereafter, the control unit 411 transmits completion information indicating that the processing has been normally completed to the client terminal device 1 (step S186).

  On the other hand, if it is determined in step S184 that screen information has not been received (step S184: NO), the control unit 411 determines whether video information has been received (step S187). If it is determined that the video information has been received (step S187: YES), the control unit 411 temporarily stores the received video information in the storage unit 412 (step S188). Thereafter, the control unit 411 generates video information to be transmitted to the client terminal device 1 based on the video information temporarily stored in step S188 (step S189). The video information generated here is generated by processing video information received from another client terminal device 1 stored in the storage unit 412. Further, the screen information stored in the storage unit 412 is referred to at the time of processing. Thereafter, the control unit 411 transmits the video information created in step S189 to the client terminal device 1 (step S190).

  If it is determined that the video information has not been received (step S187: NO), the control unit 411 shifts the process to step S180 and repeats the processes after step S180.

[Process in virtual DB server 13 _x2 ]
Next, the processing in the virtual DB server 13 _x2 will be specifically described with reference to FIG.

In step S200, the control unit 421 determines whether a conference setting information registration request has been received. If it is determined that it has received the conference setting information registration request (step S200: YES), the control unit 421, based on the meeting setting information registration request received, the pair of the conference participant site ID and temporary ID, setting storage 14 _x Register in the information table (step S201).

On the other hand, if it is determined in step S200 that the conference setting information registration request has not been received (S200: NO), the control unit 421 determines whether a conference setting information request has been received (step S202). If it determines with not having received the meeting setting information request (S202: NO), the control part 421 will transfer a process to step S200, and will repeat the process after step S200. On the other hand, if it determines with having received the meeting setting information request (step S202: YES), the control part 421 will acquire screen information with reference to a setting information table (step S203). Thereafter, the control unit 421 transmits the acquired screen information to the virtual AP server 13 _x1 (step S204).

  As described above, the application providing company can provide the Web conference system to the client using the cloud service.

  Moreover, since the front-end server 21 and the DB server 23 are arranged in-house in addition to the DB server 23, security data such as corporate confidential information such as the first to third tables is stored in the company of the application provider company. Transmission / reception is performed only between the network and the client terminal device 1.

  Therefore, the company confidential information can be managed in the company network on the application provider company side, and the company secret information can be managed on the application provider company side without being deposited in the cloud service provider company.

In addition, the front-end server 21 is arranged in an in-house network and is used as a SIP server, while processing such as video information processing processing is performed by the virtual AP server 13 _x1 and the virtual DB server 13 _x2 , As a result, the load on the server in the company can be reduced.

  In addition, description of each embodiment mentioned above is an example of this invention, and this invention is not limited to the above-mentioned embodiment. For this reason, it is needless to say that various modifications other than the above-described embodiments can be made according to the design and the like as long as they do not depart from the technical idea of the present invention.

_{DESCRIPTION OF SYMBOLS} 1 Client terminal device 11 Server system 12 Blade server 13 _x1 Virtual AP server 13 _x2 Virtual DB server 14 _x , 22 Storage 23 DB server 24 Management terminal device

Claims (5)

An internal server that is connected to the internal network and processes requests from client terminal devices;
An in-company database server that stores confidential information in the company that includes information related to a user who is connected to the in-company network and uses the client terminal device;
In an application service providing system comprising a virtual machine that operates on a server connected to the Internet,
The corporate server is
Client accepting means for accepting a request from the client terminal device;
In response to a request from the client terminal device, a determination unit that determines whether processing based on the confidential information is necessary;
When it is determined by the determination means that processing based on the confidential information is necessary, first request processing means for acquiring the confidential information from the in-company database server and performing processing for the request;
A second request processing unit for requesting the virtual machine to process the request when the determination unit determines that the process based on the confidential information is not necessary;
Processing result transmission means for transmitting the processing result obtained by the first request processing means and the processing result acquired from the virtual machine to the client terminal device that has made the request;
The virtual machine is
Server accepting means for accepting a request from the enterprise server;
Processing means for executing processing for a request from the client terminal device;
An application service providing system comprising: processing result transmission means for transmitting a processing result by the processing means to the in-company server. An external database server connected to the Internet for sending and receiving information to and from the virtual machine;
The processing means of the virtual machine is:
In response to a request from the client terminal device, it is determined whether processing based on information stored in the non-company database server is necessary, and determination is made that processing based on information stored in the non-company database server is required. Then, the application service providing system according to claim 1, wherein processing for the request is performed by transmitting / receiving information to / from the database server outside the company. The information about the user includes authentication information of the user,
When the authentication information of the user is acquired from the client terminal device, the processing unit of the virtual machine determines that processing based on the confidential information is necessary, and authentication information that matches the acquired authentication information is 3. The application service providing system according to claim 1, wherein the client terminal device is authenticated by inquiring the in-company database server as to whether it is stored in the in-company database server. 4. The information about the user includes the ID of the user,
The second request processing means of the in-house server transmits the ID of the user who uses the client terminal device that has made the request together with processing request information corresponding to the request to the virtual machine, and then the virtual machine When the processing result corresponding to the request is acquired together with the user ID, the client terminal device that transmits the acquired processing result from the user ID is determined.
The processing result transmission unit of the virtual machine transmits a processing result corresponding to the processing request information together with a user ID corresponding to the processing request information. Application service providing system. A company that is connected to a company network and processes requests from client terminal devices, and a company that is connected to the company network and stores confidential information in the company including information about users who use the client terminal devices. An application service providing method in an application service providing system comprising an internal database server and a virtual machine operating on a server connected to the Internet,
A reception step in which the in-company server receives a request from the client terminal device;
A determination step of determining whether or not the in-company server requires processing based on the confidential information in response to a request from the client terminal device;
A first request processing step of acquiring the secret information from the in-company database server and processing the request when the in-company server determines that the processing based on the secret information is necessary in the determination step When,
A second request processing step for requesting the virtual machine to process the request when the in-company server determines that the processing based on the confidential information is not necessary in the determination step;
A server reception step in which the virtual machine receives a request from the in-company server;
A processing step in which the virtual machine executes processing for a request from the client terminal device;
A processing result transmission step in which the virtual machine transmits a processing result of the processing step to the in-company server;
A receiving step in which the enterprise server receives a processing result of the processing step;
An application service providing method comprising: a processing result transmitting step in which the in-company server transmits the processing result acquired in the receiving step to the client terminal device that has made the request.

Images