JP2014183347A - Virtual machine management device, method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable automatic setting of a communication environment between a virtual machine belonging to a movement source network formed by multiple bases and a movement destination virtual machine.SOLUTION: At a movement destination base 201 (#2), a base agent 210 (#2) gets a transferred image file of a VM 206 (#2) including automatic configuration information 213 (#2) made up of a base name at the time of VM generation, a VM name, a movement source VLAN ID used by the VM, and identification information on movement source physical switch SW corresponding to the VM, performs setting to a movement destination physical switch 204 (#2) corresponding to the VM name to transmit a packet by encapsulation on the basis of the identification information on the movement source physical switch, and notifies a base agent 210 (#1) in a movement source base 201 (#1) corresponding to the base name at the time of VM generation of the identification information on the movement destination physical switch, a movement source VLAN ID, and the identification information on the movement source physical switch to make the movement source perform setting to transmit a packet destined for the VM 206 (#2) by encapsulation.

Description

  The present invention relates to a management apparatus, method, and program for a virtual machine on a virtualization platform configured by a plurality of bases.

  In the operation management of a virtual infrastructure that consists of multiple bases, the range that can be managed by one operation management system is that the communication between devices (communication network, storage network) is reliable and the delay can be ignored This is a group of devices having such a positional relationship. Such a device group is generally closed in one base (for example, a building). For this reason, in a system having a plurality of geographically separated bases, it is necessary to deploy an operation management system for each base.

  In such a situation, it is considered that a virtual machine providing a certain service (hereinafter referred to as “VM”) moves between bases so that the service can be continued. In this case, it is necessary to reconfigure the VM at the destination site and to reconfigure the network between the sites accompanying the VM migration. However, as described above, since the virtualization infrastructure is operated by an independent operation management system at each site, in order to move a VM between the operation management systems, the maintenance operator must manually operate the site before moving the site. It is necessary to reflect the setting as the setting after moving the base.

  In this case, the configuration of the VM itself (the number or number of CPU clocks, the amount of memory, the disk capacity, etc.) is also the same at the destination site by passing the respective numbers and capacities quantified between the sites. It is possible to realize an operating environment (for example, Patent Documents 1, 2, or 3).

JP 2002-007149 A JP 2009-134687 A JP-A-10-283210

  However, with regard to the network connection environment, the connection relationship with other VMs that do not move and the connection relationship with clients that have connected to the moved VM vary depending on the destination site. For this reason, it is difficult to make the network connection environment as static data simply as a configuration. As a result, it is complicated to realize a network connection environment similar to that before the movement, and it is a task with considerable difficulty when the person in charge of management is different for each base.

  Therefore, an object of one aspect of the present invention is to enable automatic setting of a communication environment between a virtual machine belonging to a migration source network and a migration destination virtual machine.

  In one example, the virtual machine migration destination corresponds to the migration source virtual machine management device identification information, the migration source virtual machine identification information, the identification information of the migration source virtual network used by the virtual machine at the migration source, and the virtual machine. The virtual machine image file including the identification information of the source switch to be transferred is transferred, and the packet from the virtual machine is encapsulated to the destination switch corresponding to the source virtual machine identification information based on the source switch identification information An encapsulated transmission setting unit configured to perform transmission, and a destination switch identification information, a source virtual network identification information, and a source switch to perform setting for encapsulating and transmitting packets addressed to the virtual machine at the source Between bases to notify the migration source corresponding to the migration source virtual machine management device identification information Provided with a door.

  It becomes possible to automatically set the communication environment between the virtual machine belonging to the migration source network and the migration destination virtual machine.

It is a network block diagram of embodiment of this invention. It is a system block diagram of the movement origin base and movement destination base in this embodiment. FIG. 3 is a hardware configuration diagram common to a movement source and a movement destination of a base 201 in FIG. 2. FIG. 3 is a block diagram common to a movement source and a movement destination of a base 201 in FIG. 2. It is a figure which shows the structural example of the various data managed by this embodiment. It is a flowchart which shows the information for auto-configuration information generation and recording processing which a movement origin base agent performs. It is a flowchart which shows the tunnel setting control processing which a movement destination base agent performs. It is a flowchart which shows the tunnel setting control process which a movement origin base agent performs. It is FIG. (1) which shows the change of the system configuration | structure in the specific operation example of this embodiment. It is a figure (the 1) which shows the change of each control information in the specific operation example of this embodiment. It is FIG. (2) which shows the change of each control information in the specific operation example of this embodiment. It is FIG. (2) which shows the change of the system configuration | structure in the specific operation example of this embodiment. It is FIG. (The 3) which shows the change of each control information in the specific operation example of this embodiment. FIG. 10 is a diagram (No. 3) illustrating a change in the system configuration in the specific operation example of the embodiment. It is FIG. (The 4) which shows the change of each control information in the specific operation example of this embodiment. It is FIG. (The 5) which shows the change of each control information in the specific operation example of this embodiment. It is FIG. (The 4) which shows the change of the system configuration | structure in the specific operation example of this embodiment. It is FIG. (5) which shows the change of the system configuration | structure in the specific operation example of this embodiment. It is a figure which shows the data structural example of the packet data transmitted on the tunnel for communication.

Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the drawings.
FIG. 1 is a network configuration diagram of an embodiment of the present invention.
The embodiment of the present invention has a configuration in which a plurality of bases X, Y, Z, and the like are connected to each other by a network 101 between bases.

  Thus, in the operation management of the virtualization infrastructure configured by a plurality of bases, each base includes a plurality of physical servers and a plurality of VMs (virtual machines) operating in the physical servers. Each base has a plurality of local area networks (hereinafter referred to as “LAN”). Further, the bases are connected to each other by a network between the bases.

  Each base is provided with a virtual infrastructure operation management system. The operation management system controls the virtual infrastructure in the base, generates and configures VMs, and starts and ends. The operation management system also controls the network in the base, and creates and deletes a network configuration suitable for each VM.

  When a VM is operated on a virtual infrastructure in a base, various physical resources (server, storage, network, etc.) are abstracted as resource pools by the above-described operation management system. Then, these resources are allocated to the VM by being assigned, thereby enabling operation management without directly showing the physical configuration and specifications to the user who uses each VM. As a result, the configuration of the VM can be facilitated and the configuration of the physical device can be changed flexibly, reducing the burden of maintenance work on the virtualization infrastructure.

  FIG. 2 shows an example in which the VM is moved from the movement source base 201 (# 1) to the movement destination base 201 (# 2) in accordance with an instruction from a maintenance person who operates the maintenance person terminal 202. It is a system configuration | structure figure of the movement origin base 201 (# 1) and the movement destination base 201 (# 2). In the description of FIG. 2, unless otherwise specified, the number with “(# 1)” indicates a component of the movement source base 201 (# 1), and the number with “(# 2)” indicates movement. The components of the previous site 201 (# 2) are shown.

Each base 201 includes a physical server 203, a physical switch (hereinafter referred to as "physical SW") 204, a physical router 205, and the like.
In each physical server 203, one or more VMs 206 and a virtual switch (hereinafter referred to as “virtual SW”) 207 are generated. The VM 206 on the physical server 203 appears to be one machine from the outside, and the user of the VM 206 accesses the physical SW 204 and the physical router 205 via the virtual SW 207 in the physical server 203.

  The source physical router 205 (# 1) in the source site 201 (# 1) and the destination physical router 205 (# 2) in the destination site 201 (# 2) are connected by the network 101 between sites in FIG. And communication is enabled.

  Each VM 206 and virtual SW 207 in the physical server 203 are managed by the operation management system 208. The operation management system 208 holds VM connection information 209 in order to manage the VM 206 and the virtual SW 207. In FIG. 2, the operation management system 208 is illustrated as being outside the physical server 203, but actually, the operation management system 208 is also a single VM created in the physical server 203. Good. Further, although the VM connection information 209 is illustrated as being external to the operation management system 208, the operation management system 208 may hold it as internal information.

  The site agent 210 transfers one VM 206 in the physical server 203 of the migration source site 201 (# 1) in the physical server 203 of the migration destination site 201 (# 2) according to an instruction from the maintenance person who operates the maintenance person terminal 202. It operates as a virtual machine management device when moving to

  More specifically, the source base agent 210 (# 1) makes an inquiry to the operation management system 208, the base agent information 211, the physical SW information 212, and the like. As a result, the migration source base agent 210 (# 1) collects network connection information necessary for migration regarding the VM 206 to be migrated, and uses the information as automatic configuration information 213 for the VM 206. Embed in an image file.

  On the other hand, the migration destination base agent 210 (# 2) starts from the image file of the VM 206 after migration from the migration source base 201 (# 1) generated in the physical server 203 by the migration destination operation management system 208 (# 2). The automatic configuration information 213 is extracted. The destination base agent 210 (# 2) makes an inquiry to the operation management system 208. As a result, the migration destination base agent 210 (# 2) moves from the migration destination physical SW 204 (# 2) corresponding to the migrated VM 206 toward the migration source physical SW 204 (# 1) corresponding to the VM 206 before migration. Set up a communication tunnel (encapsulated transmission setting). Furthermore, the movement destination base agent 210 (# 2) transmits a movement source tunnel connection request to the movement source base agent 210 (# 1).

  In contrast, the migration source base agent 210 (# 1) is directed from the migration source physical SW 204 (# 1) corresponding to the VM 206 before the migration to the migration destination physical SW 204 (# 2) corresponding to the VM 206 after the migration. Then, set up a communication tunnel (encapsulated transmission setting).

  As described above, when the VM 206 moves, a communication tunnel is set between the movement source base 201 (# 1) and the movement destination base 201 (# 2). In this case, the source physical SW 204 (# 1) in which the communication tunnel is set is routed so as to be connected to the source LAN to which the VM 206 before the movement is connected. The destination physical SW 204 (# 2) in which the communication tunnel is set is routed so as to be connected to the destination LAN to which the VM 206 after movement is connected.

  As a result, a packet transmitted from another VM 206 in the movement source base 201 (# 1) or an external device connected to the same base to the movement target VM 206 is transferred from the movement source physical SW 204 (# 1) to the movement destination physical SW 204. It is transferred to the communication tunnel toward (# 2).

  Here, the communication tunnel is defined by layer 2 (L2: Ethernet (L2: Ethernet) by the payload of the tunnel connected at layer 3 (L3: network layer such as IP (Internet Protocol)) in the OSI reference model established by the International Organization for Standardization. Data link layer) packet such as registered trademark).

  Then, as described above, the packet transmitted from the movement source base 201 (# 1) remains the L2 packet in which, for example, the MAC (Media Access Control Address) address of the VM 206 after movement is set, and the communication tunnel described above. It is possible to reach the VM 206 after movement into the physical server 203 of the movement destination base 201 (# 2).

  On the contrary, the packet transmitted from the VM 206 after moving into the physical server 203 of the movement destination base 201 (# 2) is a communication tunnel from the movement destination physical SW 204 (# 2) to the movement source physical SW 204 (# 1). Forwarded to This packet also remains as an L2 packet in which, for example, a MAC address is set in another VM 206 or the like in the movement source base 201 (# 1), passes through this communication tunnel, and the other packet in the movement source base 201 (# 1). The VM 206 or an external device connected to the same site can be reached.

  As described above, in the present embodiment, the communication source tunnel between the migration source base 201 and the migration destination VM 206 is established between the migration source base 201 (# 1) and the migration destination base 201 (# 2). It is possible to automatically set the communication environment using a two-way communication tunnel. For this reason, even when the VM 206 moves from the source base to the destination base, it is not necessary to change the network such as the IP address.

  FIG. 3 is a hardware configuration diagram common to the source and destination of the base 201 in FIG. FIG. 4 is a block diagram common to the movement source and the movement destination of the base 201 of FIG. 2 in which only the functional part and the data part are extracted from FIG. In FIG. 3 and FIG. 4, the same components as those in FIG. The following description is a description of both FIG. 3 and FIG. 4 unless otherwise noted.

  The base agent 210 includes a CPU (central processing unit) 301, a memory 302, a disk storage device (hereinafter abbreviated as “disk”) 303, and a network information card (hereinafter referred to as “NIC”) 304. Then, the CPU 301 executes each program stored in the memory 302, so that the operation management system cooperation unit 305, the VM configuration recording unit 306, the VM configuration reading unit 307, the tunnel setting unit 308, and the inter-site cooperation unit 309 Perform each function.

  The disk 303 stores base agent information 211 and physical SW information 212.

  The VM 206 generated on the physical server 203 in FIG. 2 is expanded on a memory (not shown) in the physical server 203. As shown in FIG. 3, a virtual CPU 310, a virtual disk 311, a virtual NIC 312 and the like are formed on this memory. When the VM 206 becomes a migration target, automatic configuration information 213 is recorded on the virtual disk 311.

  The operation management system 208 can also be generated, for example, on the physical server 203 in FIG. 2 as described above, and the entity is developed in a memory (not shown) in the physical server 203. As in the case of the VM 206, as shown in FIG. 3, a virtual CPU 313, a virtual disk 314, a virtual NIC 315, and the like are formed on this memory. On the virtual disk 314, VM connection information 209 is recorded. As illustrated in FIG. 4, the virtual CPU 313 of the operation management system 208 executes the function of the VM configuration unit 401 and manages the VM connection information 209. However, the operation management system 208 is not necessarily required to operate on the virtual machine.

  3 and 4, the operation management system cooperation unit 305 determines that the site 201 in FIG. 3 or 4 is in the middle of migration of the VM 206 from the migration source site 201 (# 1) to the migration destination site 201 (# 2) in FIG. When it is the source base 201 (# 1) in FIG. 2, the following operation is executed.

  The operation management system cooperation unit 305 acquires the VM name (virtual machine identification information or migration source VM ID) of the migration target VM 206 designated by the maintenance person from the maintenance person terminal 202 of FIG.

  Then, the operation management system cooperation unit 305 inquires of the VM connection information 209 in the operation management system 208 using the above-described VM name as a key via the NIC 304, the virtual NIC 315, and the virtual CPU 313 in FIG. As a result, the operation management system cooperation unit 305 extracts the migration source network identification information for identifying the connection environment of the migration source network to which the VM 206 is connected at the migration source base 201 (# 1). The source network identification information is, for example, network interface identification information and source LAN identification information. The network interface identification information is, for example, a VM interface name (network interface identification information). The identification information of the movement source LAN is, for example, a movement source connection LAN identifier (VLAN ID).

  Further, the operation management system cooperation unit 305 inquires the physical SW information 212 in the disk 303 using the movement source connection LAN identifier extracted as described above as a key. As a result, the operation management system cooperation unit 305 determines the physical SW 204 (the movement source physical SW 204 (# 1) in FIG. 2) that is connected to the movement source LAN and is capable of tunnel connection (communication by encapsulation). Here, the operation management system cooperation unit 305 may perform a search on the physical SW information 212 until a physical SW 204 capable of tunnel connection is found among the physical SWs 204 connected to the source LAN. Then, the operation management system cooperation unit 305 uses the determined source address of the physical SW 204 as the source tunnel connection IP address capable of encapsulated communication (this corresponds to the source switch identification information or source switch ID). Extracted from the SW information 212. This IP address is an Internet protocol address that can uniquely determine the physical SW 204 on the Internet to which the inter-base network 101 of FIG. 1 or 2 belongs.

  The operation management system cooperation unit 305 generates automatic configuration information 213 including the VM name, the VM interface name, the source connection LAN identifier, and the source tunnel connection IP address extracted as described above. The operation management system cooperation unit 305 includes the base name of the local base 201 in the automatic configuration information 213 as the base name (migration source management apparatus ID) at the time of VM generation. As described above, the operation management system cooperation unit 305 functions as an automatic configuration information generation unit.

  Next, the VM configuration recording unit 306 in FIG. 3 or 4 performs the following operation when the site 201 in FIG. 3 or 4 is the source site 201 (# 1) in FIG. Run. The VM configuration recording unit 306 records the automatic configuration information 213 generated by the operation management system cooperation unit 305 in the virtual disk 311 (image file) of the VM 206 via the NIC 304, the virtual NIC 312 and the virtual CPU 310 in FIG. To do.

  The VM configuration reading unit 307 in FIG. 3 or FIG. 4 displays the location of the base 201 in FIG. 3 or FIG. 2 during migration of the VM 206 from the migration source site 201 (# 1) to the migration destination site 201 (# 2) in FIG. The next operation is executed at the destination location 201 (# 2). The VM configuration reading unit 307 reads the automatic configuration information 213 from the virtual disk 311 (image file) of the VM 206 via the virtual CPU 310, the virtual NIC 312 and the NIC 304. This operation is executed when the maintenance person who operates the maintenance person terminal 202 in FIG. 4 indicates the VM name to be moved.

  Next, the tunnel setting unit 308 (encapsulated transmission setting unit) in FIG. 3 or 4 performs the same operation as described above when the site 201 in FIG. 3 or 4 is the destination site 201 (# 2) in FIG. Next, the following operation is performed.

  First, the tunnel setting unit 308 makes an inquiry to the VM connection information 209 in the operation management system 208 using the VM name (virtual machine identification information) and the VM interface name (network interface identification information) as keys. The VM name is designated from the maintenance person terminal 202. The VM interface name is included in the automatic configuration information 213 read from the migrated VM 206 by the VM configuration reading unit 307. The tunnel setting unit 308 accesses the VM connection information 209 via the NIC 304, the virtual NIC 315, and the virtual CPU 313. As a result, the tunnel setting unit 308 extracts a movement destination LAN (movement destination network) corresponding to the VM name and the VM interface name to which the moved VM 206 is newly connected.

  Next, the tunnel setting unit 308 inquires the physical SW information 212 in the disk 303 using the destination connection LAN identifier corresponding to the destination LAN as a key. As a result, the tunnel setting unit 308 extracts the physical SW 204 connected to the destination LAN and capable of tunnel connection (communication by encapsulation) (the destination physical SW 204 (# 2) in FIG. 2). Here, the tunnel setting unit 308 may search the physical SW information 212 until a physical SW 204 capable of communication by encapsulation is found among the physical SWs 204 connected to the destination LAN.

  Then, the tunnel setting unit 308 extracts the above-described extraction of the communication tunnel setting with the destination tunnel connection IP address in the automatic configuration information 213 as the destination and the destination LAN as the route via the NIC 304 in FIG. To the physical SW 204.

  In FIG. 2, this communication tunnel is connected to the source physical SW 204 (# 2) through the destination physical router 205 (# 2), the inter-base network 101, and the source physical router 205 (# 1). Set for SW204 (# 1). The communication tunnel encapsulates the packet transmitted by the VM 206 moved to the destination site 201 (# 2) in FIG. 2, and the VM 206 was originally connected at the source site 201 (# 1). Deliver to the source LAN.

  Next, the inter-site cooperation unit 309 in FIG. 3 and FIG. 4 performs the following operation when the base 201 in FIG. 3 or 4 is the destination base 201 (# 2) in FIG. Run. The inter-base cooperation unit 309 transmits a source tunnel connection request including the following information to the base agent 210 (virtual machine management apparatus) in the source base 201 (# 1). This source tunnel connection request is a destination tunnel connection IP address that can be encapsulated and is the address information of the physical SW 204 (the destination physical SW 204 (# 2 in FIG. 2)) (this is the destination switch identification information or destination address). Corresponding to the switch ID). The source tunnel connection request includes the source tunnel connection IP address (source switch identification information) in the automatic configuration information 213 read from the migrated VM 206 by the VM configuration reading unit 307. Further, the source tunnel connection request includes the source connection LAN identifier (source network identification information) in the automatic configuration information 213. Further, the inter-base cooperation unit 309 makes an inquiry to the base agent information 211 in the disk 303 using the VM generation base name (migration source virtual machine management apparatus identification information) in the automatic configuration information 213 as a key. Thereby, the inter-base cooperation unit 309 extracts the IP address of the base agent 210 of the other base 201 shown in FIG. 3 or 4 (the source base 201 (# 1) in FIG. 2). Then, the inter-base cooperation unit 309 transmits the above-described source tunnel connection request via the NIC 304 in FIG. 3 with the IP address as the destination.

  On the other hand, the inter-site cooperation unit 309 determines that the base 201 in FIG. 3 or FIG. 4 is the source base in FIG. 2 during migration of the VM 206 from the source base 201 (# 1) in FIG. 2 to the destination base 201 (# 2). When 201 (# 1), the next operation is executed. The inter-base cooperation unit 309 sends the source tunnel connection request transmitted from the inter-base cooperation unit 309 in the destination base agent 210 (# 2) (virtual machine management apparatus) of the destination base 201 (# 2) in FIG. Receive.

The tunnel setting unit 308 described above with reference to FIG. 3 or FIG. 4 performs the following operation when the base 201 in FIG. 3 or FIG. 4 is the source base 201 (# 1) in FIG. .
First, the tunnel setting unit 308 makes an inquiry to the physical SW information 212 in the disk 303 using the movement source tunnel connection IP address (movement source switch identification information) included in the received movement source tunnel connection request as a key. As a result, the tunnel setting unit 308 extracts the physical SW 204 corresponding to the source tunnel connection IP address (source physical SW 204 (# 1) in FIG. 2).

  Then, the tunnel setting unit 308 performs the following communication tunnel setting for the extracted physical SW 204 via the NIC 304 in FIG. The tunnel setting unit 308 indicates the physical SW 204 (the movement destination physical SW 204 (# 2) in FIG. 2) indicated by the movement destination tunnel connection IP address (movement destination switch identification information) included in the received movement source tunnel connection request. Set the communication tunnel as the destination. Further, the tunnel setting unit 308 sets a communication tunnel that is routed to the source LAN (source network) to which the pre-movement VM 206 was originally connected, included in the received source tunnel connection request. .

  In FIG. 2, this communication tunnel is connected to the destination physical SW 204 (# 1) through the source physical router 205 (# 1), the inter-base network 101, and the destination physical router 205 (# 2). Set for SW204 (# 2). The communication tunnel encapsulates the packet addressed to the VM 206 that has reached the source LAN to which the VM 206 originally connected at the source base 201 (# 1), and sends it to the destination base 201 (# 2). .

  As described above, in this embodiment, a bidirectional communication tunnel is set between the movement source base 201 (# 1) and the movement destination base 201 (# 2). As a result, a network connection environment that is the same as when the VM 206 moved to the destination base 201 (# 2) is at the source base 201 (# 1) can be automatically configured, and the service can be continued. .

  4, the VM configuration unit 401 in the operation management system 208 generates a VM 206 in the physical server 203 in FIG. 2 when a VM 206 generation request is generated from a maintenance person who operates the maintenance person terminal 202. Is connected to a predetermined virtual SW 207. The VM configuration unit 401 holds information regarding the connection obtained as a result as VM connection information 209.

FIG. 5 is a diagram illustrating a configuration example of various data managed in the present embodiment.
FIG. 5A is a diagram showing a data configuration example of the VM connection information 209 managed by the operation management system 208 in the configurations of FIGS. 2 to 4, and includes “VM name”, “VM interface name”, “virtual”. It consists of data of “SW name” and “connection LAN identifier”. The VM connection information 209 is table data indicating which LAN each VM 206 of the base 201 is connected to. Data exists for each network interface of each VM 206, and indicates which virtual SW 207 is connected to which LAN and belongs to which LAN. In FIG. 5A, “VM name” is information for identifying the VM 206. “VM interface name” is information for identifying the network interface of the VM 206. “Virtual SW” is information for identifying the virtual SW 207 (see FIG. 2) to which the network interface is connected. The “connection LAN identifier” is information for identifying the LAN in the base 201 to which the network interface is connected, and generally a VLAN ID (virtual network identification information) or the like can be considered.

  FIG. 5B is a diagram showing a data configuration example of the physical SW information 212 managed by the site agent 210 in the configurations of FIGS. 2 to 4, and includes “physical SW name”, “connection LAN identifier”, It consists of data of “tunnel connection availability” and “tunnel connection IP address”. This physical SW information 212 is table data having which LAN each physical SW 204 in the base 201 is connected to, whether or not a tunnel can be connected, and address information at the time of tunnel connection. In FIG. 5B, “physical SW name” is information for identifying the physical SW 204. The “connection LAN identifier” is information for identifying the LAN in the base 201 to which the physical SW 204 is connected. “Tunnel connection availability” is information indicating whether the physical SW 204 is tunnel-connectable. The “tunnel connection IP address” is the IP address of the physical SW 204 used at the time of tunnel connection. Note that the physical switch 204 can have a plurality of IP addresses. In this case, as the “tunnel connection IP address”, one of the plurality of IP addresses capable of tunnel connection is set.

  FIG. 5C is a diagram showing a data configuration example of the base agent information 211 managed by the base agent 210 in the configuration of FIGS. 2 to 4, and includes “base name” and “base agent IP address”. Composed of each data. The site agent information 211 is table data storing information for connection when negotiating with the site agent 210 of the other site 201. In FIG. 5C, “base name” is information for identifying the base. The “base agent IP address” is an IP address for connecting to the base agent 210 in the base 201 represented by “base name”.

  FIGS. 5D and 5E show the data of the automatic configuration information 213 recorded in the image file of the VM 206 to be moved by the site agent 210 in the migration source site 201 in the configuration of FIGS. It is a figure which shows the example of a structure. For example, in FIG. 2, when the VM 206 moves from the source base 201 (# 1) to the destination base 201 (# 2), the destination base agent 210 (# 2) is moved as described above. The automatic configuration information 213 is read from the VM 206. As a result, various configurations of the VM 206 are performed at the movement destination base 201 (# 2). The automatic configuration information 213 is composed of two table data of VM configuration information and network connection information.

  FIG. 5D is a diagram illustrating an example of the data configuration of the VM configuration information, and includes data of “VM name” and “VM generation base name”. The VM configuration information is table data representing the configuration of the VM 206 itself, and is composed of only one set of data. In FIG. 5D, “VM name” is information for identifying the VM 206. The “VM generation base name” is information for identifying the base name when the VM 206 is generated. As the VM configuration information, the CPU and memory allocation amount, the bandwidth of the network interface, and the like can be considered, but are omitted in this embodiment.

  FIG. 5E is a diagram showing a data configuration example of the network connection information, and is composed of data of “VM interface name”, “connection LAN identifier”, and “tunnel connection IP address”. The network connection information is information indicating to which LAN in the migration source base 201 each network interface of the VM 206 is connected. Using “VM interface name” as a key, it is composed of one or more record data. In FIG. 5E, “VM interface name” is information for identifying the network interface of the VM 206. The “connection LAN identifier” is information for identifying the LAN in the source base 201 to which the network interface is connected. The “tunnel connection IP address” is an IP address for specifying the movement source physical SW 204 at the time of tunnel connection.

  6 shows that the migration source base agent 210 (# 1) in the migration source base 201 (# 1) during migration of the VM 206 from the migration source base 201 (# 1) to the migration destination base 201 (# 2) in FIG. It is a flowchart which shows the information production | generation and recording process for automatic configuration to perform. This process is a process in which the CPU 301 constituting the base agent 210 in FIG. 3 executes a program that realizes the functions of the operation management system cooperation unit 305 and the VM configuration recording unit 306 stored in the memory 302. This program may be read from the disk 303 of FIG. 3 into the memory 302 and executed when the site agent 210 is activated. Further, this program may be installed on the disk 303 from a portable recording medium set in a portable recording medium driving device (not shown). Further, this program may be downloaded from an external server (not shown) or the like via the NIC 304 in FIG.

  First, VM connection information acquisition processing is executed (step S601). In this process, first, the VM name of the migration target VM 206 is input from the maintenance person terminal 202 (see FIG. 2 or 4) operated by the maintenance person. In FIG. 3, the CPU 301 in the base agent 210 makes an inquiry to the VM connection information 209 in the operation management system 208 using the above-described VM name as a key via the NIC 304, the virtual NIC 315, and the virtual CPU 313. As a result, the operation management system 208 returns a record data group of the VM connection information 209 including the VM name and one record having the data configuration example of FIG. As record data of the VM connection information 209 returned for one VM name, a plurality of record data groups may be returned. This is because a plurality of LAN connections may be performed in one VM 206.

  Therefore, the CPU 301 repeatedly executes the processing up to step S607 while acquiring the record data of the data configuration example of FIG. 5A from the VM connection information 209 one by one (step S602).

  First, the CPU 301 executes a physical SW information acquisition process (step S603). Here, the CPU 301 makes an inquiry to the physical SW information 212 in the disk 303 in FIG. 3 using the “connection LAN identifier” in the record data illustrated in FIG. 5A of the currently acquired VM connection information 209 as a key. Do. At this time, in the record group of the VM connection information 209 in which one record has the data configuration example of FIG. 5B, the value of the “connection LAN identifier” item is equal to the value of the connection LAN identifier, and “tunnel connection availability” The record data of the physical SW information 212 in which the value in the item indicates that tunnel connection is possible is sequentially searched. Since a plurality of physical SWs 204 can be connected to a LAN corresponding to one connection LAN identifier, there is a possibility that a plurality of record data may be searched for the record data searched here.

  As a result, the CPU 301 acquires the record data of the physical SW information 212 in which the value of the “connection LAN identifier” item is equal to the value of the connection LAN identifier and the value in the “tunnel connection availability” item indicates that tunnel connection is possible. It is determined whether or not it has been completed (step S604).

  If the determination in step S604 is NO, the physical SW information acquisition process in step S603 is repeatedly executed (step S604 → S605 →) while determining whether the last record of the physical SW information 212 has been reached (step S605). (Repeat S603 → S604).

  In this iterative process, when the determination proceeds to the last record of the physical SW information 212 and the determination in step S605 is YES, the VM 206 that is currently about to move is determined as a VM 206 that cannot move between the bases 201. Then, the process of the flowchart of FIG. 6 ends. In this case, the connection to the LAN indicated by the connection LAN identifier in the record data of the VM connection information 209 currently selected in step S602 necessary for the VM 206 to be moved is for communication between the bases 201. It will not be possible to use a tunnel. Therefore, in this case, the CPU 301 ends the automatic configuration information generation and recording process shown in the flowchart of FIG. 6 and displays an error to that effect on the maintenance person terminal 202, for example.

  If the record data of the corresponding physical SW information 212 can be acquired in the above-described repetitive processing and the determination in step S604 is YES, the network connection information generation processing is executed (step S606). Here, the CPU 301 generates record data of network connection information having the data configuration example shown in FIG. Among the record data illustrated in FIG. 5E, as the “VM interface name”, the value of the “VM interface name” item included in one record data selected from the VM connection information 209 in step S602 is set. Is done. As the “connection LAN identifier”, the value of the “VM interface name” item included in the record data is set as the source connection LAN identifier. Furthermore, as the “tunnel connection IP address”, the value of the “tunnel connection IP address” item in the record data illustrated in FIG. 5B of the physical SW information 212 acquired in step S603 is the source tunnel connection. Set as an IP address.

  Thereafter, the CPU 301 determines whether or not it has reached the last record data in the record data group of the VM connection information 209 acquired in step S601 (step S607).

  If the determination in step S607 is NO, the CPU 301 returns to the process in step S602, and acquires the next record data illustrated in FIG. 5A from the VM connection information 209 acquired in step S601. Then, the CPU 301 tries to generate new network connection information for the migration target VM 206 by the series of processing from step S603 to S606 described above.

  When the determination in step S607 is YES, the CPU 301 executes automatic configuration information writing processing (step S608). Here, first, the CPU 301 adds the data structure of FIG. 5D in addition to the record data group of the network connection information in which one record data generated by the repetitive processing in step S606 has the data structure example of FIG. Generate VM configuration information with examples. As the VM configuration information, the CPU 301 sets the VM name input from the maintenance person terminal 202 in step S601 and the name of the local site 201 as “VM name” and “VM generation base name”, respectively. For example, in FIG. 3, the CPU 301 writes the automatic configuration information 213 including the VM configuration information generated as described above and the record data group of the network connection information in the virtual disk 311 (image file) of the VM 206. .

  Thereafter, the CPU 301 ends the automatic configuration information generation and recording process shown in the flowchart of FIG.

  The automatic configuration information generation and recording process shown in the flowchart of FIG. 6 is performed for each operation of the operation management system linkage unit 305 (automatic configuration information generation unit) and the VM configuration recording unit 306 in FIG. 3 or FIG. Correspond.

  In the present embodiment, the automatic configuration information 213 includes, as network connection information, information on the movement source LAN to which the VM 206 was connected for each network interface before movement and information on the movement source physical SW that can be tunnel-connected to the LAN. be able to. Then, the automatic configuration information 213 is recorded in the image file of the VM 206 to be moved.

  When the automatic configuration information 213 is read by the movement destination base 201 (# 2) (FIG. 2), the movement destination base 201 (# 2) in FIG. A communication tunnel toward # 1) is set. With this communication tunnel, a packet can be transmitted from the VM 206 moved into the destination base 201 (# 2) to the LAN to which the VM 206 in the source base 201 (# 1) was originally connected. Become.

  FIG. 7 shows that the migration destination base agent 210 (# 2) in the migration destination base 201 (# 2) during migration of the VM 206 from the migration source base 201 (# 1) to the migration destination base 201 (# 2) in FIG. It is a flowchart which shows the tunnel setting control processing to perform. In this process, for example, the CPU 301 configuring the site agent 210 in FIG. 3 executes a program that realizes the functions of the VM configuration reading unit 307, the tunnel setting unit 308, and the inter-site cooperation unit 309 stored in the memory 302. It is. This program may be read from the disk 303 of FIG. 3 into the memory 302 and executed when the site agent 210 is activated. Further, this program may be installed on the disk 303 from a portable recording medium set in a portable recording medium driving device (not shown). Further, this program may be downloaded from an external server (not shown) or the like via the NIC 304 in FIG.

  First, automatic configuration information acquisition processing is executed (step S701). In this process, first, the VM name of the migration target VM 206 is input from the maintenance person terminal 202 (see FIG. 2 or 4) operated by the maintenance person. In FIG. 3, the CPU 301 in the base agent 210 reads the automatic configuration information 213 from the virtual disk 311 (image file) of the VM 206 corresponding to the VM name via the virtual CPU 310, the virtual NIC 312, and the NIC 304.

  The processing in step S701 corresponds to the operation of the VM configuration reading unit 307 in FIG. 3 or FIG.

  As described above, the network connection information in the automatic configuration information 213 may include a plurality of record data corresponding to the fact that the VM 206 before movement can be connected to a plurality of source LANs.

  Therefore, the CPU 301 repeatedly executes the processing up to step S711 while acquiring the record data of the data configuration example of FIG. 5E from the network connection information in the automatic configuration information 213 one by one (step S702). .

  First, the CPU 301 executes a VM connection information record acquisition process (step S703). In FIG. 3, the CPU 301 makes an inquiry to the VM connection information 209 in the operation management system 208 using the VM name and the VM interface name as keys via the NIC 304, the virtual NIC 315, and the virtual CPU 313. As the VM name, the one designated from the maintenance person terminal 202 in step S701 is designated. As the VM interface name, the value of the “VM interface name” item in the record data illustrated in FIG. 5E of the network connection information acquired in step S702 is designated. As a result, the operation management system 208 returns one record of the VM connection information 209 having the data configuration example of FIG. 5A including the VM name and the VM interface name. This record includes new connection information of the moved VM 206 at the movement destination base 201 (# 2).

  Next, the CPU 301 executes physical SW information acquisition processing (step S704). Here, the CPU 301 makes an inquiry to the physical SW information 212 in the disk 303 in FIG. 3 using the “connection LAN identifier” in the record data illustrated in FIG. 5A of the VM connection information 209 acquired in step S703 as a key. I do. At this time, in the record group of the physical SW information 212 in which one record has the data configuration example of FIG. 5B, the value of the “connection LAN identifier” item is equal to the value of the connection LAN identifier, and “tunnel connection availability” The record data of the physical SW information 212 in which the value in the item indicates that tunnel connection is possible is sequentially searched. Since a plurality of physical SWs 204 can be connected to a LAN corresponding to one connection LAN identifier, there is a possibility that a plurality of record data may be searched for the record data searched here.

  As a result, the CPU 301 acquires the record data of the physical SW information 212 in which the value of the “connection LAN identifier” item is equal to the value of the connection LAN identifier and the value in the “tunnel connection availability” item indicates that tunnel connection is possible. It is determined whether or not it has been completed (step S705).

  If the determination in step S705 is NO, the physical SW information acquisition process in step S704 is repeatedly executed (step S705 → S706 →) while determining whether the last record of the physical SW information 212 has been reached (step S706). (Repetition of S704 → S705).

  In this iterative process, when the determination proceeds to the last record of the physical SW information 212 and the determination in step S706 is YES, the migration target VM 206 is determined to be a VM 206 that cannot be moved between the bases 201, and FIG. The process of the flowchart ends. In this case, connection to the LAN indicated by the connection LAN identifier in the record data of the VM connection information 209 selected in step S703 necessary for the migration target VM 206 can be performed using the communication tunnel between the bases 201. There will be no. Therefore, in this case, the CPU 301 ends the tunnel setting control process shown in the flowchart of FIG. 7, and displays an error to that effect on the maintenance person terminal 202, for example.

  If the record data of the corresponding physical SW information 212 can be acquired in step S704 and the determination in step S705 is YES in the above iterative processing, the CPU 301 executes communication tunnel setting processing (step S707). Here, the CPU 301 performs setting of the communication tunnel for the extracted physical SW 204 via the NIC 304 in FIG. At this time, the CPU 301 sets the source tunnel connection IP address set in the “tunnel connection IP address” item in the record data illustrated in FIG. 5E of the network connection information acquired in step S702 as the destination. To do.

  Subsequently, the CPU 301 executes a routing setting process (step S708). Here, the CPU 301 performs the setting of the communication tunnel path set in step S707 on the extracted physical SW 204 via the NIC 304 in FIG. At this time, the CPU 301 moves to the destination connection LAN identifier set in the “connection LAN identifier” item in the record data illustrated in FIG. 5A of the VM connection information 209 acquired in step S703. The LAN is set as a communication tunnel route.

  Thereafter, the CPU 301 executes a process of transmitting a source tunnel connection request to the source base agent 210 (# 1) (see FIG. 2) (step S709). Subsequently, the CPU 301 executes a process of receiving a source tunnel connection response that is a response to the source tunnel connection request from the source base agent 210 (# 1) (step S710). These processes correspond to the operation at the movement destination base 201 (# 2) of the inter-base cooperation unit 309 in FIG. 3, and details thereof will be described later.

  Thereafter, the CPU 301 determines whether or not the last record data in the record data group of the network connection information of the automatic configuration information 213 read in step S701 has been reached (step S711).

  If the determination in step S711 is NO, the CPU 301 returns to the process in step S702, and acquires the record data of the next network connection information illustrated in FIG. 5E from the automatic configuration information 213 read in step S701. To do. Then, the CPU 301 tries to set a new tunnel connection for the migration target VM 206 through a series of processes from step S703 to S710 described above.

  When the determination in step S711 is YES, the CPU 301 ends the tunnel setting control process shown in the flowchart of FIG.

  The processing in steps S702 to S708 and S711 in FIG. 7 corresponds to the operation in the destination site 201 (# 2) (see FIG. 2) of the tunnel setting unit 308 in FIG.

  The number of communication tunnels set for the moved VM 206 by the tunnel setting control process shown in the flowchart of FIG. 7 is not limited to one. The VM 206 is connected to a plurality of source LANs at the source base 201 (# 1) (see FIG. 2), and the source physical SW 204 (# 1) (see FIG. 2) capable of tunnel connection to each source LAN. Can be assigned, a plurality of network connection information corresponding to them is generated. The destination base agent 210 (# 2) sequentially extracts a plurality of record data of the above-described network connection information from the automatic configuration information 213, and sets a plurality of communication tunnels based on them. As a result, the VM 206 that has moved to the movement destination base 201 (# 2) passes through the plurality of communication tunnels that have been set to the plurality of movement source LANs originally connected to the movement source base 201 (# 1). It becomes possible to access.

  FIG. 8 shows that the migration source base agent 210 (# 1) in the migration source base 201 (# 1) during migration of the VM 206 from the migration source base 201 (# 1) to the migration destination base 201 (# 2) in FIG. It is a flowchart which shows the tunnel setting control processing to perform. This process is executed in cooperation with the tunnel setting control process executed by the destination base agent 210 (# 2) described in FIG. In this process, for example, the CPU 301 configuring the site agent 210 in FIG. 3 executes a program that realizes the functions of the inter-site cooperation unit 309 and the tunnel setting unit 308 stored in the memory 302. This program may be read from the disk 303 of FIG. 3 into the memory 302 and executed when the site agent 210 is activated. Further, this program may be installed on the disk 303 from a portable recording medium set in a portable recording medium driving device (not shown). Further, this program may be downloaded from an external server (not shown) or the like via the NIC 304 in FIG.

  First, in the tunnel setting control process executed by the movement destination base agent 210 (# 2) (see FIG. 2), the following process is executed although not shown in the flowchart of FIG. The CPU 301 in FIG. 3 acquires the automatic configuration information 213 from the migration target VM 206 in step S701 in FIG. 7, and then executes connection destination base agent IP address acquisition processing as shown in FIG. 8 (step 701 ′). ). In this process, the CPU 301 first extracts the VM generation base name from the data illustrated in FIG. 5D of the VM configuration information included in the automatic configuration information 213. Then, the CPU 301 makes an inquiry to the base agent information 211 in the disk 303 in FIG. 3 using the VM generation base name as a key, thereby moving the base agent 210 (# 1) as the connection destination of the communication tunnel. The IP address (see FIG. 2) is extracted. As the VM configuration information included in the automatic configuration information 213, the IP address of the source base agent 210 (# 1) may be directly set instead of the base name at the time of VM generation. An inquiry operation is not necessary.

  Thereafter, the CPU 301 of the destination base agent 210 (# 2) belonging to the destination base 201 (# 2) performs the source tunnel at the timing of step S709 in the process of executing the tunnel setting control process shown in the flowchart of FIG. Execute connection request transmission processing. Here, the CPU 301 transmits a source tunnel connection request including the following information to the source base agent 210 (# 1) in the source base 201 (# 1).

  First, the source tunnel connection request includes a destination tunnel connection IP address that is address information of the destination physical SW 204 (# 2). This destination physical SW 204 (# 2) is a physical SW 204 at one end of one of the communication tunnels set between the destination base 201 (# 2) and the source base 201 (# 1). . This destination tunnel connection IP address is the IP address stored in the “tunnel connection IP address” item in the record data illustrated in FIG. 5B of the physical SW information 212 acquired in step S704 of FIG. It is.

  The source tunnel connection request includes a source tunnel connection IP address that is address information of the source physical SW 204 (# 1). The source physical SW 204 (# 1) is the physical SW 204 at the other end of the communication tunnel. This source tunnel connection IP address is the IP address set in the “tunnel connection IP address” item in the record data illustrated in FIG. 5E of the network connection information acquired in step S702. The network connection information is information included in the automatic configuration information 213 read from the virtual disk 311 (image file) of the migration target VM 206 in step S701.

  Further, the migration source tunnel connection request includes a migration source connection LAN identifier which is identification information of the migration source LAN connected when the migration target VM 206 is at the migration source base 201 (# 1). This source connection LAN identifier is set in the “connection LAN identifier” item in the record data illustrated in FIG. 5E of the network connection information acquired in step S702.

  Here, the CPU 301 uses the IP address of the source base agent 210 (# 1) (see FIG. 2), which is the connection destination of the communication tunnel extracted in step S701 ′ of FIG. 8, as the destination via the NIC 304 of FIG. Then, the above-mentioned source tunnel connection request is transmitted.

  The processing in step S709 in FIG. 7 described above corresponds to the operation of the inter-base cooperation unit 309 in FIG. 3 in the movement destination base agent 210 (# 2) together with the processing in step S710 described later.

  On the other hand, the CPU 301 in the site agent 210 in FIG. 3 which is the source site agent 210 (# 1) in FIG. 2 executes the tunnel setting control process shown in the flowchart including steps S801 to S805 in FIG. . This process is, for example, a process in which the CPU 301 configuring the site agent 210 in FIG. 3 executes a program that realizes the function of the inter-site cooperation unit 309 stored in the memory 302. This program may be read from the disk 303 of FIG. 3 into the memory 302 and executed when the site agent 210 is activated. Further, this program may be installed on the disk 303 from a portable recording medium set in a portable recording medium driving device (not shown). Further, this program may be downloaded from an external server (not shown) or the like via the NIC 304 in FIG.

  First, the CPU 301 receives the source tunnel connection request transmitted in step S709 in FIG. 7 (step S801).

  The processing in step S801 corresponds to the operation of the inter-base cooperation unit 309 in the base agent 210 in FIG. 3 or FIG. 4 that is the movement source base agent 210 (# 1) in FIG. 2 together with the processing in step S805 described later. .

  Next, the CPU 301 makes an inquiry to the physical SW information 212 in the disk 303 using the source tunnel connection IP address included in the source tunnel connection request received in step S801 as a key. As a result, the CPU 301 extracts the physical SW 204 corresponding to the source tunnel connection IP address (source physical SW 204 (# 1) in FIG. 2).

  In response to this, the CPU 301 executes communication tunnel setting processing (step S803). Here, the CPU 301 sets the communication tunnel for the physical SW 204 extracted in step S802 via the NIC 304 in FIG. At this time, the CPU 301 sets the destination tunnel connection IP address included in the source tunnel connection request received in step S801 as the destination.

  Subsequently, the CPU 301 executes a routing setting process (step S804). Here, the CPU 301 sets the communication tunnel path set in step S803 to the physical SW 204 extracted in step S802 via the NIC 304 in FIG. At the same time, the CPU 301 similarly sets the path on the movement source side of the communication tunnel set by the movement destination in step S707 in FIG. 7 to the physical SW 204 extracted in step S802 via the NIC 304 in FIG. Against. At this time, the CPU 301 sets the movement source LAN corresponding to the movement source connection LAN identifier included in the movement source tunnel connection request received in step S801 as the route of the two communication tunnels.

  The processing in steps S802 to S804 in FIG. 8 described above corresponds to the operation of the tunnel setting unit 308 in the site agent 210 in FIG. 3 which is the source site agent 210 (# 1).

  Thereafter, the CPU 301 transmits a movement source tunnel connection response to the movement destination base agent 210 (# 2) of FIG. 2 which is the transmission source of the movement source tunnel connection request received in step S801 (step S805).

  In response to this, the CPU 301 of the site agent 210 in FIG. 3 which is the destination site agent 210 (# 2) receives the above-described source tunnel connection response at the timing of step S710 in FIG. It is confirmed that a communication tunnel is set from the base 201 (# 1) to the destination base 201 (# 2). Subsequently, the CPU 301 serving as the movement destination base agent 210 (# 2) extracts the path setting on the movement destination side of the communication tunnel extracted in step S704 of FIG. 7 via the NIC 304 of FIG. Performed on SW204. At this time, the CPU 301 sets the movement destination LAN corresponding to the movement destination connection LAN identifier extracted in step S703 of FIG. 7 as the route of the communication tunnel.

  As described above, in the tunnel setting control process at the movement destination base 201 (# 2) shown in the flowchart of FIG. 7, a plurality of communication is performed for one moved VM 206 by repeating the process from step S702 to S711. It is possible to set up a tunnel. Accordingly, as indicated by the broken line 801 in FIG. 8, the source tunnel connection request transmission process in step S709 and the source tunnel connection response reception process in step S710 are also performed for communication set in the destination base 201 (# 2). It is executed repeatedly as many times as the number of tunnels. In response to this, the tunnel setting control process shown in the flowchart of steps S801 to S805 of FIG. 8 executed by the source base agent 210 (# 1) is also repeatedly executed the same number of times. As a result, corresponding to the plurality of communication tunnels set from the destination site 201 (# 2) to the source site 201 (# 1), the source site 201 (# 1) to the destination site 201. The same number of communication tunnels toward (# 2) are set. As a result, the VM 206 that has moved to the destination site 201 (# 2) is originally connected to the source site 201 (# 1) via the plurality of bidirectional communication tunnels set as described above. Bidirectional communication can be performed with the plurality of source LANs.

  9, 12, 14, 17, and 18, and FIGS. 10, 11, 13, 15, and 16 are diagrams showing changes in the system configuration in a specific operation example of the present embodiment; It is a figure which shows the change of each control information. Hereinafter, a specific operation example of the present embodiment will be described in order with reference to these drawings.

9, 12, 14, 17, and 18 are almost the same as those in FIG. 2, and the same components as those in FIG. 2 are given the same numbers.
The premise of these figures is as follows.

  Except for the physical server 203 and the virtual SW 207, the part with “(# 1)” belongs to the base X which is the movement source base 201 (# 1), and the part with “(# 2)” is the movement destination base. It belongs to the base Y which is 201 (# 2).

  The physical servers 203 and virtual SWs 207 of # 1 and # 2 belong to the base X that is the migration source base 201 (# 1), and the physical servers 203 and virtual SW 207 of # 3 are the migration destination base 201 (# 2). It belongs to the base Y.

  A plurality of LANs exist at each site and are identified by VLAN (hereinafter, the “connection LAN identifier” described above is referred to as “VLAN ID”).

  For example, the physical server 203 (# 1) at the site X has a VM 206 group of A group (VM names “# A-1” and “# A-2”, respectively) sharing the VLAN with VLAN ID = 1000. For example, the VM 206 (# A-1) belonging to the A group is connected to the node A (not shown) connected to the external network (NW) 901 (#A) along the communication path 902 (#A) indicated by the solid line. On the other hand, a first service database service is provided. The VM 206 (# A-1) is, for example, a Web server. For example, the VM 206 (# A-2) belonging to the A group communicates with the VM 206 (# A-1) along the communication path 903 (#A) indicated by a solid line. The VM 206 (# A-2) is, for example, a database server. The NIC 1 of the VM 206 on the communication paths 902 (#A), 903 (#A), the port Ports 1 and 2 of the virtual SW 207 (# 1), the port Port 3 of the physical SW 204 (# 1), etc. (gray color part) , VLAN ID = 1000 VLAN port is formed.

  The physical server 203 (# 2) at the site X includes, for example, group B VMs 206 (the VM names are “# B-1” and “# B-2”, respectively) sharing the VLAN with VLAN ID = 2000. For example, the VM 206 (# B-2) belonging to the B group is connected to an external network (NW) 901 (#B) along a communication path 904 (#B) indicated by a broken line, particularly to a node B (not shown). In contrast, a second database service is provided. The VM 206 (# B-2) is, for example, a Web server. For example, the VM 206 (# B-1) belonging to the B group communicates with the VM 206 (# B-2) along the communication path 905 (#B) indicated by a broken line. The VM 206 (# B-1) is, for example, a database server. The NIC 1 of the VM 206 on the communication paths 904 (#B) and 905 (#B), the port Ports 1 and 2 of the virtual SW 207 (# 2), the port Port 4 of the physical SW 204 (# 1), etc. (black portions) A VLAN port with VLAN ID = 2000 is formed.

  Port Port 3 of the virtual SW 207 (# 1) (# 2), Ports 1, 2, and 5 of the physical SW 204 (# 1), Port Ports 1 and 2 of the physical router 205 (# 1), etc. pass packets of an arbitrary VLAN. It is a trunk port to be made.

  In the configuration example shown in FIG. 9, FIG. 12, FIG. 14, FIG. 17, or FIG. 18, the VLAN with VLAN ID = 1000 and the VLAN with VLAN ID = 2000 form an independent network that provides mutually independent services. doing.

  On the other hand, in FIG. 9, it is assumed that the physical server 203 (# 3) at the site Y does not initially have a VM 206 but has a VLAN with VLAN ID = 3000.

  In addition to the physical SW 204 (# 1) and the physical SW 204 (# 2), there are a plurality of physical SWs 204 (not shown) in particular at the site X and the site Y, respectively. Here, it is assumed that only the physical SW 204 (# 1) at the site X and only the physical SW 204 (# 2) at the site Y can be tunnel-connected to other sites.

  The base X and the base Y are connected by physical routers 205 (# 1) and 205 (# 2), and do not share the same VLAN.

  FIGS. 10A, 10B, and 10C show the base agent information 211 (# 1), the physical SW information 212 (# 1), and the physical SW information 212 (# 1) held in the base X in the system state shown in FIG. It is a figure which shows the specific example of a data structure of VM connection information 209 (# 1).

  As the base agent information 211 (# 1) in FIG. 10A, for example, there is a data configuration example in FIG. 5C, and “base name” item = “base Y”, “base agent address” item = “ One record data of “192.168.100.2” is registered.

  The physical SW information 212 (# 1) in FIG. 10B has, for example, a data configuration example in FIG. However, here, the “connection LAN identifier” item is the “VLAN ID” item.

  Then, “physical SW name” item = “physical SW (# 1)”, “VLAN ID” item = “1000”, “tunnel connection availability” item = “enabled”, “tunnel connection IP address” item = “172. 16.100.1 "is registered. Further, “physical SW name” item = “physical SW (# 1)”, “VLAN ID” item = “2000”, “tunnel connection availability” item = “enabled”, “tunnel connection IP address” item = “172. 16.100.2 "is registered. In FIG. 10B, only data examples capable of tunnel connection are shown. In these data registration examples, as shown in FIG. 9, the physical SW 204 (# 1) has a VLAN with VLAN ID = 1000 (communication path 902 (#A)) and a VLAN with VLAN ID = 2000 (communication path 904). (#B)).

  The VM connection information 209 (# 1) in FIG. 10C has, for example, a data configuration example in FIG. However, here, the “connection LAN identifier” item is the “VLAN ID” item.

  For example, “VM name” item = “VM (# A-1)”, “VM interface name” item = “NIC1”, “virtual SW name” item = “virtual SW (# 1)”, “VLAN ID” item = Record data of “1000” is registered. Also, “VM name” item = “VM (# A-2)”, “VM interface name” item = “NIC1”, “virtual SW name” item = “virtual SW (# 1)”, “VLAN ID” item = Record data of “1000” is registered. As shown in FIG. 9, in these data registration examples, both VM 206 (# A-1) and VM 206 (# A-2) belonging to group A are connected via the same virtual SW 207 (# 1). It shows that the same VLAN with VLAN ID = 1000 is connected. Note that the VLAN with VLAN ID = 1000 is indicated by solid line communication paths 902 (#A) and 903 (#A) in FIG. 9, for example.

  Further, the VM interface names are both “NIC1”, but they may be different.

  Furthermore, “VM name” item = “VM (# B-1)”, “VM interface name” item = “NIC1”, “virtual SW name” item = “virtual SW (# 2)”, “VLAN ID” item = Record data of “2000” is registered. In addition, “VM name” item = “VM (# B-2)”, “VM interface name” item = “NIC1”, “virtual SW name” item = “virtual SW (# 2)”, “VLAN ID” item = Record data of “2000” is registered. As shown in FIG. 9, in these data registration examples, both VM 206 (# B-1) and VM 206 (# B-2) belonging to group B are connected via the same virtual SW 207 (# 2). It shows that the same VLAN with VLAN ID = 2000 is connected. Note that a VLAN with VLAN ID = 2000 is indicated by, for example, dashed communication paths 904 (#B) and 905 (#B) in FIG.

  FIGS. 11A, 11B, and 11C show base agent information 211 (# 2), physical SW information 212 (# 2), and physical SW information 212 (# 2) held in the base Y in the system state shown in FIG. It is a figure which shows the specific example of a data structure of VM connection information 209 (# 2).

  The site agent information 211 (# 2) in FIG. 11A has, for example, the data configuration example in FIG. 5C, and “site name” item = “site X”, “site agent address” item = “ One record data of “192.168.100.1” is registered.

  For example, the physical SW information 212 (# 2) in FIG. 11B has a data configuration example in FIG. However, here, the “connection LAN identifier” item is the “VLAN ID” item.

  Then, “physical SW name” item = “physical SW (# 2)”, “VLAN ID” item = “3000”, “tunnel connection availability” item = “available”, “tunnel connection IP address” item = “172. 16.200.1 "record data is registered. In FIG. 11B, only data examples capable of tunnel connection are shown. This data registration example shows that the physical SW 204 (# 2) is connected to the VLAN with VLAN ID = 3000 as shown in FIG.

  The VM connection information 209 (# 2) in FIG. 11C has, for example, a data configuration example in FIG. However, here, the “connection LAN identifier” item is the “VLAN ID” item.

  Here, since the VM 206 does not initially exist at the site Y, record data is not registered.

  Next, as a specific operation example when the VM 206 moves, the VM 206 (# A-2) in the physical server 203 (# 1) at the base X changes from the state of FIG. 9 to the physical server 203 (# at the base Y). An example of moving to 3) will be described.

  In this case, as shown as 1201 in FIG. 12, the VM from the maintenance person terminal 202 operated by the maintenance person to the movement source base agent 210 (# 1) of the base X that is the movement source base 201 (# 1). Name = “VM (# A-2)” is indicated. As a result, the migration source base agent 210 (# 1) starts execution of automatic configuration information generation and recording processing shown in the flowchart of FIG.

  First, the migration source base agent 210 (# 1) uses the VM name = “VM (# A-2)” as a key and the data registration example of FIG. 10C managed by the operation management system 208 (# 1). An inquiry is made to the VM connection information 209 (# 1) possessed (step S601 in FIG. 6). 13 is an inquiry path indicated as 1202 in FIG. As a result, the migration source base agent 210 (# 1) extracts “VM interface name” = “NIC1” and “VLAN ID” = “1000” from the record data in the second row of FIG.

  Next, the migration source base agent 210 (# 1) uses the “VLAN ID” = “1000” as a key, and the physical SW information 212 (#) having the data registration example of FIG. 10B in the disk 303 of FIG. 1) is accessed (step S603 in FIG. 6). It is an inquiry path shown as 1203 in FIG. As a result, the source base agent 210 (# 1) detects that the physical SW 204 (# 1) can be tunnel-connected from the record data of the first row in FIG. IP address = “172.16.100.1” is extracted.

  The source base agent 210 (# 1) is shown in FIG. 13B as network connection information based on the access to the VM connection information 209 (# 1) and the physical SW information 212 (# 1) described above. Record data is generated (step S606 in FIG. 6).

  Furthermore, the source base agent 210 (# 1) is shown in FIG. 13A, in which the VM name = “VM (# A-2)” designated from the maintenance person terminal 202 and its base name X are used. Record data of VM configuration information is generated (step S608 in FIG. 6).

  The source base agent 210 (# 1) generates the automatic configuration information 213 including the record data of the VM configuration information in FIG. 13A and the record data of the network connection information in FIG. Recording is performed on the virtual disk 311 (FIG. 3) in the VM 206 (# A-2) in (# 1).

  As described above, in this embodiment, the VM configuration information shown in FIG. 13A and the network connection information shown in FIG. 13B are notified to the migration destination base 201 (# 2) as the automatic configuration information 213. Is done. Based on the VM name in the VM configuration information and the VM interface name in the network connection information, information indicating what performance of the VM 206 should be connected to the VLAN at the migration destination site 201 (# 2) is displayed. From # 1), the destination base 201 (# 2) can be notified. Which physical SW 204 in the migration source base 201 (# 1) should be set up with the tunnel connection IP address in the network connection information from which physical SW 204 in the migration destination base 201 (# 2) Information can be notified from the source base 201 (# 1) to the destination base 201 (# 2). Information on which VM 206 moved to the destination base 201 (# 2) should communicate with the VM 206 originally connected to the VM 206 at the source base 201 (# 1) by the VLAN ID in the network connection information From the source base 201 (# 1) to the destination base 201 (# 2). The base agent 210 (# 2) in the destination base 201 (# 2) communicates with the base agent 210 (# 1) of which source base 201 (# 1) by the VM generation base name in the VM configuration information. It can be notified from the movement source base 201 (# 1) to the movement destination base 201 (# 2) whether it should be performed.

  Next, as indicated by a broken line path 1401 in FIG. 14, the image file of the VM 206 (# A-2) in the physical server 203 (# 1) at the site X is the destination site 201 (# 2). It is moved into the physical server 203 (# 2) of Y. This movement can be performed by means such as transferring the image file of VM 206 (# A-2) through the following communication path. That is, physical server 203 (# 1) → physical SW 204 (# 1) → physical router 205 (# 1) → inter-site network 101 → physical router 205 (# 2) → physical SW 204 (# 2) → physical server 203 (# 2).

  Here, in the operation management system 208 (# 1) in the base X, the function of the VM configuration unit 401 in FIG. 4 is executed, whereby the VM 206 (# A-2) is converted from the VM connection information 209 (# 1). Delete record data for. As a result, the control information managed by the site X changes as shown in FIGS. Specifically, in the registration contents of the VM connection information 209 (# 1) shown in FIG. 10C, the record “VM name” item = “VM (# A-2)” is deleted, and FIG. It is changed to the registered contents shown in (c).

  On the other hand, the operation management system 208 (# 2) in the base Y that is the movement destination base 201 (# 2) has a VM 206 as a function of the VM configuration unit 401 in FIG. 4 as indicated by a broken line 1402 in FIG. Configuration for (# A-2) is performed. The operation management system 208 (# 2) adds record data regarding the moved VM 206 (# A-2) to the VM connection information 209 (# 2). As a result, the control information managed by the site Y changes as shown in FIGS. Specifically, the record of the VM connection information 209 (# 2) is not registered in FIG. On the other hand, the operation management system 208 (# 2) reads out the automatic configuration information 213 from the image file (virtual disk 311 in FIG. 3) of the migrated VM 206 (# A-2), and the information is in it. The network connection information shown in FIG. The operation management system 208 (# 2) extracts the value “NIC1” of the “VM interface name” item in this network connection information. The operation management system 208 (# 2) selects an appropriate virtual SW 207 (# 3) and VLAN corresponding to this VM interface name from the resource pool in the site Y. The operation management system 208 (# 2) sets “virtual SW name” = “virtual SW (# 3)” and “VLAN ID” = “3000” corresponding to them, and “VM name” = “VM (# A− 2) ”and registered as VM connection information 209 as shown in FIG.

  Next, as indicated by 1701 in FIG. 17, the VM from the maintenance person terminal 202 operated by the maintenance person to the movement source base agent 210 (# 2) of the base Y that is the movement destination base 201 (# 2). Name = “VM (# A-2)” is indicated. Thereby, the destination base agent 210 (# 2) starts executing the tunnel setting control process shown in the flowchart of FIG.

  First, the migration destination base agent 210 (# 2) corresponds to the VM name = “VM (# A-2)” and the automatic configuration information held in the virtual disk 311 in the physical server 203 (# 3). 213 is read (step S701 in FIG. 7). It is an access route shown as 1702 in FIG. At this time, the migration destination base agent 210 (# 2) extracts “VM interface name” = “NIC1” from the network connection information shown in FIG. 13B in the read automatic configuration information 213. Further, the migration destination base agent 210 (# 2) extracts “VLAN ID” = “1000” as the migration source VLAN ID (migration source connection LAN identifier) from the network connection information. Further, the destination base agent 210 (# 2) extracts “tunnel connection IP address” = “172.16.100.1” from the network connection information as the source tunnel connection IP address.

  Next, the migration destination base agent 210 (# 2) makes an inquiry to the VM connection information 209 (# 1) having the data registration example of FIG. 16C managed by the operation management system 208 (# 2) (FIG. 16). 7 step S703). 18 is an inquiry path indicated as 1703 in FIG. At this time, the migration destination base agent 210 (# 2) designates “VM name” = “VM (# A-2)” and “VM interface name” = “NIC1” extracted as described above as keys. As a result, the migration destination base agent 210 (# 2) extracts “VLAN ID” = “3000” from the record data in FIG.

  Subsequently, the migration destination base agent 210 (# 2) uses the physical SW information 212 (#) having the data registration example of FIG. 16 (b) in the disk 303 of FIG. 3 using “VLAN ID” = “3000” as a key. 1) is accessed (step S704 in FIG. 7). FIG. 18 is an inquiry path indicated as 1704 in FIG. As a result, the migration destination base agent 210 (# 2) detects that the physical SW 204 (# 2) can be tunneled from the record data in the first row in FIG. IP address = “172.16.100.1” is extracted.

  The destination base agent 210 (# 2) sets a communication tunnel for the detected physical SW 204 (# 2) (step S707 in FIG. 7). 18 is a setting route indicated by 1705 in FIG. At this time, the migration destination base agent 210 (# 2) moves from the “tunnel connection IP address” item in the record data of the network connection information of FIG. 100.1 "is set as the destination. This IP address is the IP address of the physical SW 204 (# 1) of the base X that is the movement source base 201 (# 1). As a result, a communication tunnel 1706 is set from the physical SW 204 (# 2) at the site Y to the physical SW 204 (# 1) at the site X.

  Next, the movement destination base agent 210 (# 2) executes a routing setting process (step S708 in FIG. 7). It is a setting route indicated as 1707 in FIG. Here, the migration destination base agent 210 (# 2) sets the route of the communication tunnel 1706 set as described above for the detected physical SW 204 (# 2). At this time, the migration destination base agent 210 (# 2) selects a VLAN corresponding to “VLAN ID” = “3000” extracted from the “VLAN ID” item of the VM connection information 209 (# 2) in FIG. And set as a route of the communication tunnel 1706.

  As a result, the VM 206 (# A-2) in the physical server 203 (# 3) and the communication tunnel 1706 are connected as the communication path 1708 in FIG.

  Thereafter, the migration destination base agent 210 (# 2) uses the “VM generation base name” = “base X” in the VM configuration information of the read automatic configuration information 213 as a key in the diagram in the disk 303 of FIG. The site agent information 211 (# 2) having the data registration example 16 (a) is accessed. This access is made through the inquiry path shown as 1801 in FIG. As a result, the transfer destination base agent 210 (# 2), from the record data on the first line in FIG. 16A, “base agent address” = “corresponding to the transfer source base agent 210 (# 1) of the base X. 192.168.100.1 "is extracted. Then, the destination base agent 210 (# 2) transmits a source tunnel connection request with the base agent address as a destination (step S709 in FIGS. 7 and 8). It is a communication path shown as 1802 in FIG. Actually, the migration destination base agent 210 (# 2) → physical SW 204 (# 2) → physical router 205 (# 2) → inter-base network 101 → physical router 205 (# 1) → physical SW 204 (# 1) → movement The route is the former base agent 210 (# 1). This source tunnel connection request includes “tunnel connection IP address” = “172.16.200.1” extracted from the physical SW information 212 of FIG. 16B as the destination tunnel connection IP address. The source tunnel connection request is “tunnel connection IP address” = “172.16.100.1” extracted from the network connection information of FIG. 13B in the automatic configuration information 213, and the source tunnel connection. It is included as an IP address. Further, the source tunnel connection request includes “VLAN ID” = “1000” extracted from the network connection information in FIG. 13B as the source VLAN ID (source source connection LAN identifier).

  When the source base agent 210 (# 1) receives the source tunnel connection request (step S801 in FIG. 8), it inquires the physical SW information 212 (# 1) in the disk 303 in FIG. 3 (step in FIG. 8). S802). It is an inquiry path shown as 1803 in FIG. Specifically, the record data of the physical SW information 212 (# 1) in FIG. 15B using the source tunnel connection IP address = “172.16.100.1” included in the source tunnel connection request as a key. Is searched. As a result, the migration source base agent 210 (# 1) detects the physical SW 204 (# 1) from the record data in the first row of the physical SW information 212 in FIG.

  The source base agent 210 (# 1) sets a communication tunnel for the detected physical SW 204 (# 1) (step S803 in FIG. 8). FIG. 19 is a setting route indicated as 1804 in FIG. At this time, the source base agent 210 (# 1) sets the destination tunnel connection IP address = “172.16.200.1” included in the source tunnel connection request as the destination. This IP address is the IP address of the physical SW 204 (# 2) of the base Y that is the movement destination base 201 (# 2). As a result, a communication tunnel 1805 in the opposite direction to the communication tunnel 1706 is set from the physical SW 204 (# 1) at the site X to the physical SW 204 (# 2) at the site Y.

  Next, the source base agent 210 (# 1) executes a routing setting process (step S804 in FIG. 8). This is a setting route indicated as 1806 in FIG. Here, the source base agent 210 (# 1) sets the path of the communication tunnel 1805 set as described above for the detected physical SW 204 (# 1). At the same time, the source base agent 210 (# 1) also sets the route at the source of the communication tunnel 1706 (see FIG. 17) set by the destination base agent 210 (# 2) as described above. To the physical SW 204 (# 1). At this time, the source base agent 210 (# 1) sets the VLAN corresponding to “VLAN ID” = “1000” included in the source tunnel connection request as the route of the communication tunnel 1805 and the communication tunnel 1706. .

  As a result, the VM 206 (# A-1) in the physical server 203 (# 1) and the communication tunnels 1706 and 1805 are connected to each other as a communication path 1807 in FIG. Note that the VM 206 (# A-2) in the physical server 203 (# 3) and the communication tunnels 1706 and 1805 are also connected to each other as the communication path 1708 in FIG. The

  Thereafter, the source base agent 210 (# 1) transmits a source tunnel connection response to the destination base agent 210 (# 2) (step S805). In response to this, the movement destination base agent 210 (# 2) changes the path setting on the movement destination side of the communication tunnel 1805 set by the movement source base agent 210 (# 1) to the physical switch 204 (# 2). ). At this time, the migration destination base agent 210 (# 2) sets the VLAN corresponding to the previously extracted “VLAN ID” = “3000” as the route of the communication tunnel 1805.

  Thereafter, for example, when a service request is generated from the node A connected to the external NW 901 (#A) to the VM 206 (# A-1) in the base X, first, the VM 206 (# A-1 in the base X) ) Receives the service request via the communication path 902 (#A). As a result, when database access to the VM 206 (# A-2) occurs, the VM 206 (# 1) issues a database access request to the VM 206 (# A-2) in the same manner as before the movement. This request can reach the VM 206 (# A-2) in the physical server 203 (# 3) at the site Y from the communication path 1807 via the communication tunnel 1805 and the communication path 1708.

  When the VM 206 (# A-2) returns a response to the database access request, the response is transmitted from the communication path 1708 via the communication tunnel 1706 and the communication path 1807 in the physical server 203 (# 1) at the site X. The VM 206 (# A-1) can be reached. The VM 206 (# A-1) returns the response to the node A connected to the external NW 901 (#A) via the communication path 902 (#A).

FIG. 19 is a diagram illustrating a data configuration example of packet data transmitted through the communication tunnel 1706 or 1805.
The packet transmitted / received by the migration target VM 206 has the following data configuration example on each VLAN with VLAN ID = 1000 (movement source) or VLAN ID = 3000 (movement destination). The IP packet 1906 in which the source IP address and the destination IP address are set in the IP header is stored in the payload of the layer 2 ether packet 1905 in which the ether header is set. Further, a TCP packet 1907 in which a TCP (Transfer Control Protocol) header is set is stored in the payload of the IP packet 1906. An Ethernet packet 1905 having such a structure is transmitted on the VLAN.

  When such an Ethernet packet 1905 is transmitted on the communication tunnel 1706 or 1805, a layer 2 Ethernet packet 1901 in which an Ethernet header for the communication tunnel is set is transmitted. The payload of the Ethernet packet 1901 stores an IP packet 1902 in which the source IP address and the destination IP address related to the physical switch 204 at both ends of the communication tunnel 1706 or 1805 are set in the IP header. A TCP packet 1903 in which a TCP header is set is stored in the payload of the IP packet 1902. Then, an Ethernet packet 1905 communicated with the migration target VM 206 is encapsulated and stored in the payload of the TCP packet 1903 and transmitted.

  Then, at the exit side of each communication tunnel 1706 or 1805, the above-described encapsulated Ether packet 1905 is taken out and sent to each VLAN.

  As described above, in this embodiment, the VM 206 (# A-2) moved to the base Y by the communication tunnels 1706 and 1805 set in both directions between the base X and the base Y is in the base X. A network connection environment that is the same as when Then, the service can be continued.

  According to the present embodiment, when the VM 206 moves between the bases 201, the configuration of the VM 206 and the network connection configuration does not require any maintenance personnel.

  Further, even if the VM 206 moved to a LAN having a connection LAN identifier different from that of the source base 201 (# 1) is deployed in the destination base 201 (# 2), the VM 206 after the transfer is moved to the source base 201 (# 1). It is possible to continue communication with the VM 206.

  According to the present embodiment, even if the migration destination of the VM 206 is not determined in advance, the migration source site 201 (# 1) and the migration source LAN are determined based on the automatic configuration information 213 at the migration destination site 201 (# 2). It becomes possible to specify the communication tunnel.

  According to the present embodiment, even if the migration destination of the VM 206 is not determined in advance, the communication tunnel for the migration destination site 201 (# 2) at the migration source site 201 (# 1) by negotiation between the site agents 210 is performed. Can be set.

Regarding the above embodiment, the following additional notes are disclosed.
(Appendix 1)
In the destination of the virtual machine,
Including migration source virtual machine management apparatus identification information, migration source virtual machine identification information, identification information of a migration source virtual network used by the virtual machine at the migration source, and identification information of a migration source switch corresponding to the virtual machine Encapsulation in which a virtual machine image file is transferred and configured to encapsulate and send packets from the virtual machine to the migration destination switch corresponding to the migration source virtual machine identification information based on the migration source switch identification information A transmission setting section;
The identification information of the migration destination switch, the identification information of the migration source virtual network, and the identification information of the migration source switch for performing setting to encapsulate and transmit a packet addressed to the virtual machine at the migration source, An inter-base link unit that notifies the migration source corresponding to the migration source virtual machine management device identification information;
A virtual machine management apparatus comprising:
(Appendix 2)
The virtual machine image file further includes network interface identification information indicating a source network interface;
The identification information of the source switch corresponds to the address information of the source capable of encapsulated communication,
At the destination, the encapsulated transmission setting unit extracts a destination virtual network to which the virtual machine corresponding to the virtual machine identification information and the network interface identification information is connected, and is connected to the destination virtual network. Extracting the migration destination switch capable of encapsulated transmission, encapsulating and transmitting packets from the virtual machine using the migration source switch indicated by the migration source address information as a destination and the migration destination virtual network as a route;
The virtual machine management device according to appendix 1, wherein:
(Appendix 3)
The identification information of the destination switch corresponds to the address information of the destination capable of encapsulated communication,
In the migration source of the virtual machine,
The inter-base link unit that receives notification of the destination address information, the source virtual network identification information, and the source address information from the destination,
A source switch corresponding to the received source address information is extracted, the destination switch indicated by the received destination address information is a destination, and the received source virtual network is a route. An encapsulated communication setting unit configured to encapsulate and send a packet addressed to the virtual machine moved to the destination;
The virtual machine management device according to attachment 2, further comprising:
(Appendix 4)
In the migration source of the virtual machine,
The migration source virtual machine management device identification information, the migration source virtual machine identification information, the migration source virtual network identification information, and the migration source switch identification information are generated as automatic configuration information and recorded in the virtual machine image file. An automatic configuration information generation unit
The virtual machine management device according to appendix 1, wherein:
(Appendix 5)
The encapsulated transmission setting unit searches the switch until a switch capable of encapsulated transmission is found among the switches connected to the destination virtual network, and extracts the searched switch as the destination switch To
The virtual machine management device according to attachment 2, wherein:
(Appendix 6)
The automatic configuration information generation unit searches for the switch until a switch that can perform the encapsulated transmission is found among the switches connected to the movement source virtual network, and uses the retrieved switch as the movement source switch. Extract,
The virtual machine management device according to appendix 4, characterized in that:
(Appendix 7)
In the destination of the virtual machine,
Including migration source virtual machine management apparatus identification information, migration source virtual machine identification information, identification information of a migration source virtual network used by the virtual machine at the migration source, and identification information of a migration source switch corresponding to the virtual machine A virtual machine image file is transferred, and a setting is made to encapsulate and transmit a packet from the virtual machine based on the movement source switch identification information to a movement destination switch corresponding to the movement source virtual machine identification information.
The identification information of the migration destination switch, the identification information of the migration source virtual network, and the identification information of the migration source switch for performing setting to encapsulate and transmit a packet addressed to the virtual machine at the migration source, Notifying the migration source corresponding to the migration source virtual machine management device identification information,
A virtual machine management method.
(Appendix 8)
To the computer that manages the virtual machine at the destination of the virtual machine,
Including migration source virtual machine management apparatus identification information, migration source virtual machine identification information, identification information of a migration source virtual network used by the virtual machine at the migration source, and identification information of a migration source switch corresponding to the virtual machine Encapsulation in which a virtual machine image file is transferred and configured to encapsulate and send packets from the virtual machine to the migration destination switch corresponding to the migration source virtual machine identification information based on the migration source switch identification information Send setting step;
The identification information of the migration destination switch, the identification information of the migration source virtual network, and the identification information of the migration source switch for performing setting to encapsulate and transmit a packet addressed to the virtual machine at the migration source, An inter-base coordination step for notifying the migration source corresponding to the migration source virtual machine management device identification information;
A program for running
(Appendix 9)
In migration that moves a virtual machine from the source to the destination,
Migration source virtual machine management device identification information, migration source virtual machine identification information, identification information of the migration source virtual network to which the virtual machine was connected at the migration source, and identification of the migration source switch connected to the migration source virtual network A virtual machine image file including information is transferred from the virtual machine to the migration destination switch connected to the migration destination virtual network corresponding to the migration source virtual machine identification information. An encapsulated transmission setting unit configured to encapsulate and transmit a packet of
The identification information of the migration destination switch, the identification information of the migration source virtual network, and the identification information of the migration source switch for performing setting to encapsulate and transmit a packet addressed to the virtual machine at the migration source, An inter-base link unit that notifies the migration source corresponding to the migration source virtual machine management device identification information;
A virtual machine management apparatus comprising:
(Appendix 10)
The source virtual machine management device identification information is a base name at the time of virtual machine generation indicating the base name of the source at the time when the virtual machine was generated,
The source virtual machine identification information is the name of the virtual machine,
The migration source virtual network is a migration source LAN that is a virtual local area network to which the virtual machine is connected at the migration source,
The identification information of the source switch is a source tunnel connection IP address that is an Internet protocol address at which the source switch can perform the encapsulated transmission,
The identification information of the destination switch is a destination tunnel connection IP address that is an Internet protocol address at which the destination switch can perform the encapsulated transmission.
The virtual machine management device according to appendix 1, wherein:
(Appendix 11)
The network interface identification information is a virtual machine interface name indicating the name of the network interface to which the virtual machine was connected at the migration source,
The destination virtual network is a destination LAN that is a virtual local area network to which the virtual machine is connected at the destination.
The virtual machine management device according to attachment 2, wherein:

101 Network between sites 201 (# 1) Migration source site 201 (# 2) Migration destination site 202 Maintenance person terminal 203 Physical server 204 Physical SW (physical switch)
205 Physical router 206 VM (virtual machine)
207 Virtual SW (Virtual switch)
208 Operation Management System 209 VM Connection Information 210 Base Agent 211 Base Agent Information 212 Physical SW Information 213 Information for Automatic Configuration 301 CPU (Central Processing Unit)
302 Memory 303 Disk 304 NIC (Network Information Card)
305 Operation management system cooperation unit 306 VM configuration recording unit 307 VM configuration reading unit 308 Tunnel setting unit 309 Inter-site cooperation unit 310, 313 Virtual CPU
311, 314 Virtual disk 312, 315 Virtual NIC
401 VM config section

Claims (8)

In the destination of the virtual machine,
Including migration source virtual machine management apparatus identification information, migration source virtual machine identification information, identification information of a migration source virtual network used by the virtual machine at the migration source, and identification information of a migration source switch corresponding to the virtual machine Encapsulation in which a virtual machine image file is transferred and configured to encapsulate and send packets from the virtual machine to the migration destination switch corresponding to the migration source virtual machine identification information based on the migration source switch identification information A transmission setting section;
In order to perform the setting to encapsulate and send a packet addressed to the virtual machine at the migration source, the identification information of the migration destination switch, the identification information of the migration source virtual network, and the identification information of the migration source switch, An inter-base link unit that notifies the migration source corresponding to the migration source virtual machine management device identification information;
A virtual machine management apparatus comprising: The virtual machine image file further includes network interface identification information indicating a source network interface;
The identification information of the source switch corresponds to the address information of the source capable of encapsulated communication,
At the destination, the encapsulated transmission setting unit extracts a destination virtual network to which the virtual machine corresponding to the virtual machine identification information and the network interface identification information is connected, and is connected to the destination virtual network. Extracting the migration destination switch capable of encapsulated transmission, encapsulating and transmitting packets from the virtual machine using the migration source switch indicated by the migration source address information as a destination and the migration destination virtual network as a route;
The virtual machine management apparatus according to claim 1. The identification information of the destination switch is address information of the destination capable of encapsulated communication,
In the migration source of the virtual machine,
The inter-base link unit that receives notification of the destination address information, the source virtual network identification information, and the source address information from the destination,
A source switch corresponding to the received source address information is extracted, the destination switch indicated by the received destination address information is a destination, and the received source virtual network is a route. An encapsulated communication setting unit configured to encapsulate and send a packet addressed to the virtual machine moved to the destination;
The virtual machine management apparatus according to claim 2, further comprising: In the migration source of the virtual machine,
The migration source virtual machine management device identification information, the migration source virtual machine identification information, the migration source virtual network identification information, and the migration source switch identification information are generated as automatic configuration information and recorded in the virtual machine image file. An automatic configuration information generation unit
The virtual machine management apparatus according to claim 1. The encapsulated transmission setting unit searches the switch until a switch capable of encapsulated transmission is found among the switches connected to the destination virtual network, and extracts the searched switch as the destination switch To
The virtual machine management apparatus according to claim 2. The automatic configuration information generation unit searches for the switch until a switch that can perform the encapsulated transmission is found among the switches connected to the movement source virtual network, and uses the retrieved switch as the movement source switch. Extract,
The virtual machine management device according to claim 4. In the destination of the virtual machine,
Including migration source virtual machine management apparatus identification information, migration source virtual machine identification information, identification information of a migration source virtual network used by the virtual machine at the migration source, and identification information of a migration source switch corresponding to the virtual machine A virtual machine image file is transferred, and a setting is made to encapsulate and transmit a packet from the virtual machine based on the movement source switch identification information to a movement destination switch corresponding to the movement source virtual machine identification information.
The identification information of the migration destination switch, the identification information of the migration source virtual network, and the identification information of the migration source switch for performing setting to encapsulate and transmit a packet addressed to the virtual machine at the migration source, Notifying the migration source corresponding to the migration source virtual machine management device identification information,
A virtual machine management method. To the computer that manages the virtual machine at the destination of the virtual machine,
Including migration source virtual machine management apparatus identification information, migration source virtual machine identification information, identification information of a migration source virtual network used by the virtual machine at the migration source, and identification information of a migration source switch corresponding to the virtual machine Encapsulation in which a virtual machine image file is transferred and configured to encapsulate and send packets from the virtual machine to the migration destination switch corresponding to the migration source virtual machine identification information based on the migration source switch identification information Send setting step;
The identification information of the migration destination switch, the identification information of the migration source virtual network, and the identification information of the migration source switch for performing setting to encapsulate and transmit a packet addressed to the virtual machine at the migration source, An inter-base coordination step for notifying the migration source corresponding to the migration source virtual machine management device identification information;
A program for running