JP2015184871A - Backup management device, client server system, backup management method, and backup management program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a backup management device automating work until a system restoration while securing a considerable security state, and shortening a time related to the system restoration.SOLUTION: The backup management device includes: management means for managing information for updating a system; and backup means that acquires backup data of the system, in response to a command to restore the system, commands a virtual host including a hypervisor of a virtual environment to create a virtual machine having a same configuration as that of the system, restores a system from the backup data of the system in the created virtual machine, commands a backup client to update the system restored in the virtual machine, and stores backup data of the updated system on the basis of information for updating the system.

Description

  The present invention relates to a backup management apparatus, a client server system, a backup management method, and a backup management program for managing system backup.

  In recent years, in order to recover from a system failure caused by a disaster or virus infection, the importance of backing up the system has been increasing, and various backup software has been released. On the other hand, the series of flow from actual restoration to system recovery is not yet automated, connected to the network without applying the latest patch, or it is necessary to incorporate a mechanism on the network side. There was a problem of doing. For this reason, it has been difficult to achieve both automation and security when the system is restored, compared to when the system is backed up.

  Patent Document 1 discloses a recovery management apparatus that applies a latest patch at the time of system recovery. The recovery management apparatus of Patent Literature 1 automatically executes update operations such as patch application and version upgrade for each software in order to put each software in an appropriate state after system recovery.

  Patent Document 2 discloses a virtual machine security management system for realizing improvement of security in a virtual environment. The virtual machine security management system of Patent Literature 2 generates a quarantine virtual machine on a quarantine virtualization server prepared for quarantine when a message is issued due to a user request, virus detection, or security patch not applied. Then, the virtual machine security management system of Patent Document 2 determines whether or not the template that is the basis of the generated quarantine virtual machine has been quarantined. The virtual machine security management system disclosed in Patent Document 2 is a virtual machine that is free from virus infection and has a security patch applied by moving a virtual machine that has passed quarantine from a virtual server for quarantine to an operating virtual server in a production environment. Generate a machine.

JP 2007-304768 A JP 2010-73011 A

  According to the recovery management device of Patent Document 1, it is possible to restore a system in the latest state by applying a patch after the system is restored. However, in the recovery management device of Patent Document 1, as the number of patches increases or the backup data becomes older, the number of patches increases, the patch application time increases, and the risk of recovery failure due to a patch installation failure increases. There was a problem.

  The virtual machine security management system of Patent Literature 2 can provide a user with a virtual machine that has undergone a quarantine process when generating a virtual machine from a template. However, the virtual machine security management system disclosed in Patent Document 2 also has a problem that it takes time to quarantine when a template becomes old or a large number of patches are released.

  An object of the present invention is to provide a backup management apparatus that solves the above-described problems.

  The backup management apparatus of the present invention is a backup management apparatus that manages backup data of a system including a backup client having a function of updating the security status of backup data, and manages information for updating the system In response to the instruction to acquire the backup data of the system and the system and restore the system, the virtual host with the virtual environment hypervisor is instructed to create a virtual machine with the same configuration as the system. The system was restored to the virtual machine from the system backup data, and the backup client was instructed to update the system restored to the virtual machine and updated based on the information for updating the system. System back And a backup means for storing the updater.

  The client server system of the present invention includes a backup client having a function of updating the security status of backup data, a client in which a system having at least one network interface is constructed, and a virtual host having a virtual environment hypervisor And management server that manages patch information to be applied to the system and policy information related to system network connection as information for updating the system, and in response to an instruction to acquire system backup data and restore the system Instruct the virtual host to create a virtual machine with the same configuration as the system in the virtual host, restore the system to the created virtual machine, and restore the virtual machine to the backup client. A backup server that issues an instruction to update the stored system and stores the backup data of the updated system based on information for updating the system. The backup client obtains a patch from the management means. In addition, the policy information is acquired from the patch application unit that applies the acquired patch to the restored system and the management unit, and the policy determination regarding the network connection of the system to which the patch is applied based on the acquired policy information. Security judgment means that issues an instruction to switch the network connection status of the system determined by the policy according to the result of the policy judgment, and control of the network connection status of the network interface of the system determined by the policy according to the instruction of the security judgment means And a network control unit that.

  A backup management method of the present invention is a backup management method for managing backup data of a system including a backup client having a function of updating the security status of backup data, and manages information for updating the system, In response to an instruction to acquire system backup data and restore the system, an instruction to create a virtual machine with the same configuration as the system is issued to the virtual host with the hypervisor of the virtual environment, and the created virtual machine Restore the system from the system backup data to the backup client, instruct the backup client to update the system restored to the virtual machine, and update the system backup data based on the information for updating the system. Store .

  A backup management program of the present invention is a backup management program for managing backup data of a system including a backup client having a function of updating the security state of backup data, and processing for managing information for updating the system In addition, in response to an instruction to restore system backup data and an instruction to restore the system, a process to issue an instruction to create a virtual machine having the same configuration as the system to a virtual host with a virtual environment hypervisor Process to restore the system from the system backup data to the created virtual machine, process to instruct the backup client to update the system restored to the virtual machine, and to update the system Based on information To execute a process of storing backup data of modernization systems in computer Te.

  According to the present invention, it is possible to provide a backup management apparatus that automates the work up to system recovery while ensuring a sufficient security state and reduces the time required for system recovery.

1 is a block diagram of a client server system according to an outline of the present invention. It is a block diagram which shows the function structure of the backup management apparatus which concerns on the outline | summary of this invention. 1 is a block diagram of a client server system according to an outline of the present invention. It is a block diagram which shows the internal structure of the backup object system and virtual machine of the client server system which concerns on the outline | summary of this invention. 1 is a block diagram of a client server system according to a first embodiment of the present invention. It is a conceptual diagram for demonstrating the backup process which concerns on the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the backup process which concerns on the 1st Embodiment of this invention. It is a conceptual diagram for demonstrating the virtual restore process of the backup data update process which concerns on the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the virtual restore process of the backup data update process which concerns on the 1st Embodiment of this invention. It is a conceptual diagram for demonstrating the update process of the backup data update process which concerns on the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the update process of the backup data update process which concerns on the 1st Embodiment of this invention. It is a conceptual diagram for demonstrating the storage process of the backup data update process which concerns on the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the storage process of the backup data update process which concerns on the 1st Embodiment of this invention. It is a conceptual diagram for demonstrating operation | movement of the backup data update process which concerns on the 1st Embodiment of this invention. It is a conceptual diagram for demonstrating the restore process of the system recovery process which concerns on the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the restore process of the system recovery process which concerns on the 1st Embodiment of this invention. It is a conceptual diagram for demonstrating the update process of the system recovery process which concerns on the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the update process of the system recovery process which concerns on the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the storage process of the backup data update process which concerns on the 2nd-4th embodiment of this invention. 6 is a backup data storage table summarizing differences in backup data stored in the first to fourth embodiments of the present invention.

  EMBODIMENT OF THE INVENTION Below, the form for implementing this invention is demonstrated using drawing. However, the preferred embodiments described below are technically preferable for carrying out the present invention, but the scope of the invention is not limited to the following.

(Overview)
First, the outline | summary of embodiment of this invention is demonstrated using drawing.

  FIG. 1 is a block diagram for explaining a client server system according to the outline of the present embodiment. The client server system according to the outline of the present embodiment includes a backup management device 1, a backup target system 30, and a virtual host 40. The backup management apparatus 1 and the backup target system 30 are connected via a network 50. FIG. 1 also illustrates a state in which the backup management apparatus 1 and the virtual host 40 according to this overview are connected via a virtual network 60.

  The network 50 is realized by, for example, a LAN or the Internet (LAN: Local Area Network).

The backup target system 30 includes a backup client 30 having a function of updating the security status of backup data, and is a client in which a system including at least one network interface is constructed. The backup client 32 has a function of updating the security state by applying a patch to the backup target system 30, determining the security state of the backup target system 30, and controlling the connection with the network. Includes a virtual environment hypervisor, and a virtual machine 41 is temporarily created therein. Inside the virtual machine 41, a backup client 42 having the same configuration as the backup client 32 included in the backup target system 30 is created. The virtual machine 41 is connected to the backup unit 10 and the management unit 20 of the backup management apparatus 1 via the virtual network 60. The virtual machine 41 is generated at the timing when the backup target system 30 is backed up, and does not affect the operation of the backup target system 30.

  As shown in FIG. 1, the backup management apparatus 1 includes a backup unit 10 and a management unit 20. The backup management device 1 is realized by an information processing device such as a computer or a server. Note that the backup unit 10 and the management unit 20 may be realized by different hardware, or may be realized by the same hardware. Further, the backup management apparatus 1 may be realized by software installed in the information processing apparatus.

  The backup unit 10 is a unit for backing up the system area including the OS portion of the backup target system and restoring the backup target system in the event of a failure (OS: Operating System).

  FIG. 2 is a block diagram showing the internal configuration of the backup unit 10 and the management unit 20.

  The backup unit 10 includes a backup catalog management unit 12, a backup execution unit 13, a backup catalog storage unit 14, a backup data storage unit 15, and an update process schedule storage unit 16. The backup catalog management unit 12 manages catalog information including backup data meta information such as the date when the backup target system 30 was backed up, the host name of the business machine, the file name of the backup data, and the retention period. Further, the backup catalog management means 12 manages a backup ID, which is a unique identifier for specifying the backup data, as catalog information of the backup data (ID: Identification). The backup execution unit 13 acquires the backup data of the backup target system 30 and restores the backup data according to a backup data restore instruction. The backup catalog storage unit 14 stores catalog information of backup data. The update process schedule storage means 16 stores the update process schedule.

  Further, the backup unit 10 includes a backup data update processing unit 17 and an update process activation control unit 18. The backup data update processing unit 17 issues an instruction to create a virtual machine 41 to the virtual host 40 and an instruction to back up the updated virtual machine 41 in response to an instruction to start the backup data update process. The update process activation control means 18 issues a backup data update process start instruction at a preset timing at a preset timing.

  The management unit 20 is a unit that manages patch information to be applied to the system and policy information regarding the network connection of the system. Specifically, the patch information to be applied to the system is a patch to be applied to an element constituting the system such as an OS or an application. The policy information related to the network connection of the system is specifically policy information as a condition for determining permission / non-permission of connecting the system to the network.

  The management unit 20 includes a security management unit 22, a patch storage unit 23, and a policy storage unit 24. The security management unit 22 provides patches and policy information to the backup target system 30. The patch storage unit 23 stores the binary of the patch. The policy storage means 24 stores policy information indicating conditions for permitting connection with the network.

  FIG. 3 is a block diagram illustrating a state in which the backup target system 30 and the backup management apparatus 1 are connected via the network 50 when the backup target system 30 is not backed up. When the backup target system 30 is not backed up, the virtual host 40 is in a state that does not affect the relationship between the backup target system 30 and the backup management device 1. Therefore, in the client server system according to the present outline, the virtual host 40 does not always have to exist, and is configured to exist as necessary.

  FIG. 4 is a block diagram showing the internal configuration of the backup system included in the backup target system 30 and the internal configuration of the virtual machine 41 generated in the virtual host 40. Note that the internal configurations of the backup target system 30 and the virtual machine 41 illustrated in FIG. 4 may be realized by functions of a general information processing apparatus.

  The backup target system 32 is connected to the network 50 by a plurality of network interfaces (hereinafter referred to as NIC 33) (NIC: Network Interface Card). Similarly, the temporarily created virtual machine 41 is connected to the virtual network 60 temporarily created by the plurality of NICs 43. The virtual network 60 is configured as a closed network of the management unit 20, the backup unit 10, the virtual host 40, and the virtual machine 41.

  The backup client 32 includes a patch application unit 34, a security determination unit 35, and a network control unit 36. The temporarily created virtual machine 41 includes a patch application unit 44, a security determination unit 45, and a network control unit 46 having the same functions as the backup client 32.

The backup management apparatus 1 according to the outline of the present embodiment solves the problem that the present invention has as a problem by performing backup data update processing after collecting backup data from the backup target system 30. Note that the backup data update process is a process for updating backup data, and includes the following three processes.
(1) A virtual machine 41 is temporarily created on the virtual host 40. The system is restored to the created virtual machine 41 based on the backup data collected from the backup target system 30, and the backup target system 30 at the time when the backup data is collected is reproduced.
(2) The virtual machine 41 that reproduces the backup target system 30 is activated. For the activated virtual machine 41, the latest patch application, firewall configuration, and unnecessary NIC 43 are invalidated, and the latest security is ensured when the virtual machine 41 is constructed.
(3) Confirm that the security of the virtual machine 41 has been secured. After confirming that the security of the virtual machine 41 has been ensured, the virtual machine 41 is backed up by the backup management apparatus 1 and used as backup data of the backup source system.

  That is, according to the backup data update process in the backup management apparatus according to the present embodiment, the updated backup data of the system can be stored. In addition, the backup management apparatus according to the present embodiment can recover the system using the backup data of the updated system when the backup target system is recovered.

  The backup management device according to this embodiment restores the backup data collected from the backup target system onto the temporarily created virtual machine, reproduces the system at the time of backup, and creates the temporarily created virtual machine. Take security measures. The backup management apparatus according to the present embodiment backs up a virtual machine on which security measures have been taken, and saves and manages it as backup data of the backup target system. In the backup management apparatus according to the present embodiment, there is no need to change the configuration such as network disconnection or connection to the quarantine network in order to ensure security when the system is restored using the old generation backup data.

  That is, according to the backup management apparatus according to the present embodiment, it is possible to restore the backup target system in the latest state or near the latest state with sufficient security.

(First embodiment)
Next, a backup management apparatus according to the first embodiment of the present invention will be described.

  FIG. 5 is a block diagram of the client server system according to the first embodiment of the present invention. The backup management apparatus according to the first embodiment includes a backup server 100 as backup means and a security management server 200 as security management means. The backup management apparatus according to the present embodiment is an apparatus for protecting the business machine 300 that is a backup target system. The business machine 300 is installed with a backup client device 320 having functions for applying a patch to the business machine 300, determining the security status of the business machine 300, and controlling connection to the network. Also, the backup management apparatus according to the present embodiment can manage a plurality of business machines 300 as management targets.

  In the first embodiment, the backup server 100 corresponding to the backup unit performs backup of the business machine 300 corresponding to the information processing apparatus. In addition, the backup server 100 issues an instruction to create a temporary machine 410 as a temporary virtual machine in the virtual host 400 that includes the hypervisor of the virtual environment. The backup server 100 restores the backup data of the business machine 300 as the temporary machine 410, applies the patch information managed by the security management server 200 to the restored temporary machine 410, and updates the security state of the temporary machine 410. That is, the security management server 200 ensures the updated security state of the temporary machine 410. FIG. 5 also shows backup / restore as a control means having an input means for a user to input an instruction to the backup server 100 and the security management server 200 and a display means for displaying information to the user. An operation UI device 700 is also shown.

  The business machine 300, the backup server 100, the security management server 200, and the backup / restore operation UI device 700 are connected to the business LAN 500. Each apparatus can be connected by a plurality of business LANs 500. The backup server 100, the security management server 200, and the temporary machine 410 are connected to each other by a temporary LAN 600 that is isolated from the business LAN 500.

(Backup server)
The backup server 100 is a device for backing up the system area including the OS portion of the business machine 300 and recovering the business machine 300 so that it can be started again in the event of a failure.

  In FIG. 5, the backup server 100 includes means such as a backup catalog management means 120, a backup execution means 130, a backup data update processing means 170, and an update process activation control means 180. Further, the backup server 100 includes storage means such as a backup catalog storage means 140, a backup data storage means 150, and an update process schedule storage means 160. The internal configuration of the backup management apparatus 100 shown in FIG. 5 corresponds to the internal configuration of the backup means 10 shown in FIG.

(Security management server)
The security management server 200 manages patches to be applied to the OS and applications that constitute the system, and manages policy information as a condition for permitting connection to the business LAN 500.

  In FIG. 5, the security management server 200 includes security management means 202, patch storage means 203, and policy storage means 204. The internal configuration of the security management server 200 shown in FIG. 5 corresponds to the internal configuration of the management unit 20 shown in FIG.

  The security management unit 220 provides patches and policy information to the business machine 300. The patch storage unit 230 stores patch binaries. The policy storage unit 240 stores policy information indicating conditions for permitting connection to the business LAN 500.

(Business machine)
In FIG. 5, a business machine 300 that is a backup target system includes a backup client device 320 and a plurality of network interfaces (hereinafter referred to as NIC 330).

  The backup client device 320 includes a patch application unit 340, a security determination unit 350, and a network control unit 360. The internal configuration of the business machine 300 shown in FIG. 5 corresponds to the internal configuration of the information processing system 30 shown in FIG.

  In response to a request from the backup server 100, the backup client device 320 reads data necessary for starting the machine including the OS area of the business machine 300. Then, the backup client device 320 transmits the read data to the backup server 100.

  The patch application unit 340 has a function of collecting OS and application version information installed in the business machine 300. The patch application unit 340 has a function of inquiring of the security management server 200 to download a necessary patch and applying the downloaded patch to bring the system to the latest state.

  The security determination unit 350 downloads policy information describing conditions that must be satisfied in order to connect to the business LAN 500 from the security management server 200. Then, the security determination unit 350 compares the OS and application version information installed on the business machine 300, setting information such as a firewall, and the like with the policy information. The security determination unit 350 instructs the network control unit 360 to enable the network when the setting information satisfies the policy, and to disable the network when the setting information does not satisfy the policy.

  The network control unit 360 validates / invalidates the NIC 330 in accordance with an instruction from the security determination unit 350, and isolates or returns the business machine 300 from the network. However, when invalidating the NIC 330, the network control unit 360 configures a firewall without invalidating the NIC 330 communicating with the security management server 200 so that only the backup management apparatus can communicate. That is, the network control unit 360 can communicate only with the backup management apparatus (the backup server 100 and the security management server 200) when the NIC 330 is invalidated.

(Virtual host)
FIG. 5 shows a virtual host 400 comprising a virtual environment hypervisor. In the virtual host 400, a temporary machine 410 having a plurality of network interfaces (hereinafter referred to as NIC 430) is restored, and a backup client device 420 having the same configuration as the backup client device 320 is configured. The temporary machine 410 includes a patch application unit 440, a security determination unit 450, and a network control unit 460.

  The virtual host 400 is connected to the temporary LAN 600 corresponding to the virtual network by the NIC 430. The temporary LAN 600 is connected to the backup server 100 and the security management server 200, but is not connected to the business machine 300 or the business LAN 500. The internal configuration of the virtual host 400 shown in FIG. 5 corresponds to the internal configuration of the virtual host 40 shown in FIG.

  The virtual host 400 includes a virtual environment hypervisor, generates a virtual machine based on an instruction from the backup data update processing unit 170, and operates the generated virtual machine as the temporary machine 410. The temporary machine 410 is a virtual machine that operates on the virtual host 400. In the temporary machine 410, the backup data of the business machine 300 is restored, and the business machine 300 at the time of backup is reproduced. The backup client device 420, the patch application unit 440, the security determination unit 450, and the network control unit 460 are installed on the business machine 300 at the time of backup.

(Backup / restore operation UI device)
The backup / restore operation UI device 700 is a console (control means) provided with input / output means for a user to operate backup and restore of a business machine system. The backup / restore operation UI device 700 is realized by a configuration having input devices (input means) such as a keyboard, a mouse, and a touch panel, and display devices (display means) such as a display. Note that the backup / restore operation UI device 700 may be included in the backup management device according to the present embodiment, but the operation information may be transmitted to the backup management device from a mobile terminal owned by the user.

  The above is the description regarding the configuration according to the first exemplary embodiment of the present invention. The above-described configuration is an example for realizing the backup management apparatus according to the first embodiment of the present invention, and various additions and changes can be added.

(Operation)
Next, the operation of the backup management apparatus according to this embodiment having the configuration shown in FIG. 5 will be described with reference to FIGS. The operation of the backup management apparatus according to the present embodiment includes a backup process for storing backup data, a backup data update process for updating the backup data, and a system recovery process for restoring the system based on the backup data. It is.

  In this embodiment, backup is performed for the business machine 300 to be protected. The backup cycle is set according to the user's request. A general backup operation may be performed at a specific cycle such as one week or every day, or may be performed irregularly before or after a specific event such as patch application. Similarly, in this embodiment, it is assumed that backup is executed before or after a specific period or a specific event. In this embodiment, data for a plurality of generations is backed up.

(Backup process)
First, backup processing according to the present embodiment will be described with reference to FIGS. 6 and 7. FIG. 6 is a conceptual diagram regarding the backup processing operation of the backup client device 320 according to the present embodiment. FIG. 7 is a sequence diagram showing the operation / relationship of each component in the backup processing operation of the backup client device 320 according to the present embodiment. In addition, regarding some steps in FIG. 7, exchanges between components are shown by flow lines (dotted lines) with balloons in FIG. 6.

  In FIG. 7, the backup / restore operation UI device 700 issues a backup start instruction for the backup target system (business machine 300) to the backup execution unit 130 based on the setting from the user (step S101).

  The backup execution unit 130 connects to the backup client device 320 on the business machine 300 in response to an instruction to start backup of the business machine 300 by the backup / restore operation UI device 700 (step S102).

  The backup execution unit 130 reads backup data including data necessary for OS startup, such as an OS area, application files, and registry, from the business machine 300 (step S103). Note that the backup data includes information such as the disk capacity, the number of NICs, the number of CPUs, and the memory capacity of the business machine 300 necessary for configuring the temporary machine 118 as a virtual machine (CPU: Central Processing Unit). An image in which the backup execution unit 130 acquires backup data from the business machine 300 in step S103 of FIG. 7 is shown as a flow line (dotted line) of the balloon 1 in FIG.

  The backup execution unit 130 stores the acquired backup data in the backup data storage unit 150 (step S104). An image of the backup execution unit 130 storing backup data in the backup data storage unit 150 in step S104 of FIG. 7 is shown as a flow line (dotted line) of the balloon 2 in FIG.

  Further, the backup execution unit 130 generates catalog information of backup data (step S105). The catalog information of the backup data includes the date when the backup target system was backed up, the host name of the business machine, the file name of the backup data, and the retention period. Further, the backup data catalog information includes a backup ID, which is a unique identifier for specifying the backup data (ID: Identification).

  The backup execution unit 130 transmits the generated catalog information to the backup catalog management unit 120 (step S106).

  The backup catalog management unit 120 stores the catalog information acquired from the backup execution unit 130 in the backup catalog storage unit 140 (step S107). In steps S106 and S107 of FIG. 7, an image in which catalog information is stored in the backup catalog storage unit 150 from the backup execution unit 130 via the backup catalog management unit 120 is shown as a flow line (dotted line) of the balloon 3 in FIG. Show.

  Further, the backup catalog management means 120 responds to the inquiry from the backup / restore operation UI device 700 and returns a list of stored backup data (step S108). Note that the step S108 may be independent of the steps S101 to S107.

  Further, the backup catalog management unit 120 determines whether the backup data is valid according to the storage period included in the catalog information, and deletes the backup data and catalog information whose storage period has passed (step S109). Note that the step S109 may be independent of the steps S101 to S107 and the step S108.

  The above is the description regarding the backup processing operation of the backup client device 320 by the backup device 100 according to the present embodiment.

(Backup data update processing)
Next, the backup data update process will be described with reference to FIGS. Note that the backup data update process includes a restore process that restores the system based on the backup data, an update process that updates the restored backup data, and a storage process that stores the updated backup data. included.

  The backup data update process is executed at a timing preset in the update process activation control unit 180. Note that the timing set in the update process activation control unit 180 may be selected from the schedule stored in the update process schedule storage unit 160 or may be set by the backup / restore operation UI device 700. . The timing for performing the backup data update process is preferably, for example, immediately after system backup, when an OS or application patch is released, or when a condition or policy for connecting to the business LAN is changed. Note that the backup data update processing does not have to be executed every time the above-described event occurs, and may be executed a plurality of times collectively or periodically at regular intervals. However, if the interval between update processes becomes longer, patches released during the update process will be applied at one time.Therefore, there is an increased risk of failure to update due to a patch installer failure. Must be considered. Further, the backup data update process may be executed at a timing determined by the user or administrator of the backup client device 320.

  The backup data update process is performed on all generations of backup data stored in the backup data storage unit 150. In the case of backup data that has been updated in the past, a new update process is performed on the new backup data generated as a result of the update process.

[Virtual restore processing]
First, backup data virtual restoration processing will be described with reference to FIGS. FIG. 8 is a conceptual diagram related to virtual restore processing of backup data according to the present embodiment. FIG. 9 is a sequence diagram showing the operation / relationship of each component in the backup data virtual restoration process according to this embodiment. For some of the steps in FIG. 9, the interaction between the components is indicated by the flow lines (dotted lines) with balloons in FIG. 8.

  In FIG. 9, the update process activation control unit 180 issues a backup data update process start instruction to the backup data update process unit 170 at a preset timing (step S201). The backup data update process start instruction includes a backup ID for specifying backup data to be processed. In FIG. 9, an image in which the update process activation control unit 180 issues a backup data update process start instruction to the backup data update process unit 170 as a flow line (dotted line) of a balloon 4 in FIG. 8. Show.

  When the backup data update processing unit 170 receives an instruction to start the backup data update processing from the update processing activation control unit 180, the backup data update processing unit 170 instructs the virtual host 400 to generate a virtual machine (step S202). An image in which the backup data update processing means 170 instructs the virtual host 400 to generate a virtual machine in step S202 of FIG. 9 is shown as a flow line (dotted line) of the balloon 5 in FIG.

  The virtual host 400 causes itself to generate a virtual machine (temporary machine 410) in accordance with an instruction from the backup data update processing unit 170 (step S203). The virtual hardware configuration such as the disk capacity, the number of NICs, the number of CPUs, and the memory capacity of the temporary machine 410 is the same as that of the business machine 300 by referring to the information of the business machine 300 included in the backup data to be updated. Make the configuration.

  Next, the backup data update processing unit 170 instructs the backup execution unit 130 to restore the backup data of the business machine 300 indicated by the backup data update processing start instruction to the temporary machine 410 (step). S204).

  The backup execution unit 130 that has received the restore instruction reads the backup data instructed from the backup data storage unit 150 (step S205).

  The backup execution unit 130 restores the system to the temporary machine 410 based on the backup data through the temporary LAN 600 (step S206).

  An image in which the backup execution unit 130 reads the backup data from the backup data storage unit 150 and restores the system to the temporary machine 410 in steps S205 and S206 of FIG. 9 is shown as a flow line (dotted line) of the balloon 6 in FIG.

  The system restore to the temporary machine 410 can be realized by using a disaster recovery function or a P2V function that general backup software has (P2V: Physical to Virtual).

  This completes the description of the operation of the backup data virtual restore processing according to the present embodiment.

[Renewal process]
Next, backup data update processing will be described with reference to FIGS. 10 and 11. FIG. FIG. 10 is a conceptual diagram regarding backup data update processing according to the present embodiment. FIG. 11 is a sequence diagram showing the operation / relationship of each component in the backup data update processing according to the present embodiment. In addition, regarding some steps in FIG. 11, exchanges between constituent elements and state changes of the constituent elements are shown by flow lines and marks with balloons in FIG. 10.

  The backup data update process is a process for applying the latest patch to the OS or application of the temporary machine 410 after the restoration of the backup data to the temporary machine 410 is completed in the restore process. That is, the backup data update process is a security measure process in preparation for restoring the system to the business machine 300 based on the backup data.

  After the restoration process described with reference to FIGS. 8 and 9 is completed, the virtual host 400 starts the virtual machine (temporary machine 410), and the backup data update process is started.

  Here, the network to which the temporary machine 410 is connected is the temporary LAN 600. The temporary LAN 600 is a network independent of the business LAN 500. In addition to the temporary machine 410, the security management server 200, the backup server 100, and the virtual host 400 are connected to the temporary LAN 600. Therefore, the partners with which the temporary machine 410 can communicate via the temporary LAN 600 are limited to the temporary machine 410, the security management server 200, the backup server 100, and the virtual host 400. That is, the temporary machine 410 is isolated from the external network including the business LAN 500.

  The patch application unit 440 transmits a list of patches applied to the temporary machine 410 to the security management unit 220 of the security management server 200 and inquires whether there is a patch newer than the applied patch (step). S301).

  The security management unit 220 compares the patch list applied to the temporary machine 410 received from the patch application unit 440 and the version of the patch stored in the patch storage unit 230 (step S302).

  If a new patch exists, the security management unit 220 transmits a patch installer to the patch application unit 440 (step S303).

  An image in which the security management unit 220 transmits the patch installer from the patch storage unit 230 to the patch application unit 440 in steps S302 and S303 of FIG. 11 is shown as a flow line (broken line) of the balloon 7 in FIG.

  Upon receipt of the patch installer, the patch application unit 440 executes the received patch installer (step S304). If no new patch exists in step S302, steps S303 and S304 are omitted, and the process proceeds to step S305.

  After all the installers have been executed, the patch application unit 440 instructs the security determination unit 450 to execute the security determination (step S305).

  Here, the security determination unit 450 instructed to execute the security determination from the patch application unit 440 checks whether or not the condition for the temporary machine 410 to connect to the business LAN 500 is satisfied by the following procedure.

  The security determination unit 450 requests the security management unit 220 of the security management server 200 to transmit policy information that should be satisfied in order for the business machine 300 to connect to the business LAN 500 (step S306).

  Upon receiving the policy transmission request from the security determination unit 450, the security management unit 220 transmits the policy information stored in the policy storage unit 240 to the security determination unit 450 (step S307). The policy information includes patch application status, prohibited applications, and prohibited services.

  An image in which the security management unit 220 transmits policy information from the policy storage unit 240 to the security determination unit 450 in steps S306 and S307 in FIG. 11 is shown as a flow line (dotted line) of the balloon 8 in FIG.

  The security determination unit 450 compares the status of the temporary machine 410 with the policy indicated by the policy information, and determines policy determination as to whether or not the temporary machine 410 satisfies the policy for connecting to the business LAN 500 (step S308). .

  If it is determined in step S308 that the policy is not satisfied, the security determination unit 450 considers that the backup data update processing has failed. The security determination unit 450 notifies the backup data update processing unit 170 that the backup data update processing has failed, and ends the backup data update processing.

  If it is determined in the policy determination in step S308 that the policy is satisfied, the security determination unit 450 instructs the network control unit 460 to invalidate communication with other than the security management server (step S309). ).

  Upon receiving an instruction to invalidate communication with other than the security management server, the network control unit 460 issues an instruction to the OS of the temporary machine 410 and sets the NIC 430 other than the NIC 430 used for communication with the security management server 200 to be invalid. (Step S310).

  In FIG. 11, an image in which the network control unit 460 invalidates communication with other than the security management server in step S310 in FIG.

  Next, the network control unit 460 enables a firewall for the NIC 430 used for communication with the security management server 200, and sets a firewall rule (step S311). The firewall rule set in step S311 is a rule that blocks communication other than the purpose of communicating with the security management server.

  Thereafter, the network control unit 460 notifies the backup data update processing unit 170 of the completion of the firewall rule setting process, and ends the backup data update process (step S312).

  The above is the description regarding the operation of the backup data update processing according to the present embodiment.

[Storage processing]
Next, backup data storage processing will be described with reference to FIGS. FIG. 12 is a conceptual diagram regarding backup data storage processing according to the present embodiment. FIG. 13 is a sequence diagram showing the operation / relationship of each component in the backup data storage processing according to this embodiment. In addition, regarding some steps in FIG. 13, exchanges between components are shown by flow lines (dotted lines) with balloons in FIG. 12.

  After the backup data update processing is completed, in FIG. 13, the backup data update processing means 170 instructs the backup execution means 130 to back up the temporary machine 410 (step S401).

  Receiving the backup instruction of the temporary machine 410, the backup execution unit 130 connects to the backup client device 420 on the temporary machine 410 (step S402).

  Then, the backup execution unit 130 reads backup data including data necessary for OS startup, such as the OS area, application files, and registry, from the temporary machine 410 (step S403).

  Further, the backup execution unit 130 stores the received backup data in the backup data storage unit 150 (step S404).

  An image in which the backup execution unit 130 transmits backup data from the temporary machine 410 to the backup data storage unit 150 in steps S403 and S404 in FIG. 13 is shown as a flow line (dotted line) of the balloon 10 in FIG.

  Further, the backup execution unit 130 generates backup data catalog information including a backup ID, which is a unique identifier for specifying the backup data file name and backup data (step S405).

  Then, the backup execution unit 130 transmits the catalog information of the generated backup data to the backup catalog management unit 120 (Step S406). Here, as the backup date, the business machine host name, and the storage period described in the catalog information, the same period as when the original business machine 300 was backed up is used. Further, the date and time when the backup data update process is executed is also included in the catalog information as additional information.

  The backup catalog management unit 120 stores the catalog information passed from the backup execution unit 130 in the backup catalog storage unit 140 (step S407).

  In steps S405 to S407, an image in which the backup catalog management unit 120 stores the catalog information generated by the backup execution unit 130 in the backup catalog storage unit 140 is shown as a flow line (dotted line) of the balloon 11 in FIG.

  This completes the description of the backup data storage processing operation according to the present embodiment.

(Operation example of backup data update processing)
Here, an example of the operation for performing the backup data update process will be described with reference to FIG.

FIG. 14 shows an example of a schedule that assumes that backup data for five generations is held in an environment where backup is performed weekly. In the example of FIG. 14, it is assumed that the following events occur during the five weeks when backup is executed.
(At the time of backup five weeks ago) AP1 and AP2 were installed.
(At the time of backup 4 weeks ago) AP1 was uninstalled.
(At the time of backup three weeks ago) AP3 was newly installed.
(At the time of backup two weeks ago) Support for AP1 was lost and vulnerabilities were also found. (At the time of backup one week ago) It was discovered that AP3 had been infected with a virus before, and AP3 had been uninstalled.
(Several days ago) An OS patch has been released.

According to the example of FIG. 14, five generations of backup data remain at the current time point. The backup data update process is executed at an interval of one week, and is set to start after the OS patch is released. In this example, the current backup data is in the following state, and the second generation and the fifth generation can be used for system recovery.
(First generation backed up five weeks ago) AP1 is installed. Since the support of AP1 was stopped three weeks ago, it cannot be updated by the backup data update process two weeks ago and cannot be used for system recovery.
(Second generation backed up four weeks ago) No AP1 or AP3. This can be updated to the latest state by the backup data update processing up to now, and can be used for system recovery.
(3rd generation backed up 3 weeks ago) AP3 is included. In the backup data update process one week ago, AP3 was regarded as an application whose use was prohibited, and the judgment by the security judgment device did not pass. For this reason, it cannot be used for system recovery.
(4th generation backed up 2 weeks ago) Same as 3rd generation and cannot be used for system recovery.
(5th generation backed up one week ago) Backed up after AP3 was uninstalled. For this reason, it can be used for system recovery.

  In the example of FIG. 14, it is assumed that new backup data is created every time backup data update processing is performed. The storage period of backup data is set to the same period as the original backup data that backed up the original business machine 300. Therefore, the backup catalog management unit 120 discards all backup data whose storage period has expired at the same time as the storage period of the original backup data expires. The original backup data is backup data acquired at the beginning, and is backup data that has not been updated.

  After the backup data update process, the backup data created by the previous backup data update process is left. Therefore, it is possible to cope with the case where it is not desired to return to the latest state, for example, when a defect is found in the latest patch. Further, by leaving the original backup data, it is possible to cope with the case where it is necessary to leave the original backup data without rewriting, such as auditing or trail management.

  On the other hand, the backup data storage means 150 requires a total capacity of the capacity of the original backup data and the capacity of all the backup data update processes executed for the original backup data. For example, if a storage having a deduplication function is used for the backup data storage unit 150, the capacity required for the update processing of the original backup data and all backup data can be reduced.

(System recovery processing)
Next, system recovery processing will be described with reference to FIGS. The system recovery process includes a restore process (FIGS. 15 and 16) for restoring the backed up system to the business machine 300, an update process (FIGS. 17 and 18) for updating the system restored to the business machine 300, including.

[Restore processing]
First, restore processing included in system recovery processing according to the present embodiment will be described with reference to FIGS. 15 and 16. FIG. 15 is a conceptual diagram relating to a restore process included in the system recovery process according to the present embodiment. FIG. 16 is a sequence diagram showing the operation / relationship of each component in the restore process included in the system recovery process according to this embodiment. In addition, regarding some steps in FIG. 16, exchanges between components are shown by flow lines (dotted lines) with balloons in FIG. 15.

  First, a restore process included in the system recovery process according to the present embodiment will be described. Here, it is assumed that the user uses the backup / restore operation UI device 700 to instruct backup data to be restored.

  At this time, the backup / restore operation UI device 700 requests the backup catalog management unit 120 of the backup server 100 for a list of backup data of the business machine 300 (step S501). The backup data list is included in the catalog information, and the backup date and backup ID of the backup data of the business machine 300 are collected as a list.

  The backup catalog management unit 120 acquires a backup data list of backup data of the business machine 300 from the backup catalog storage unit 140 (step S502).

  Then, the backup catalog management unit 120 transmits the acquired backup data list to the backup / restore operation UI device 700 (step S503). When the backup data update process is performed on the backup data, the backup data information after the backup data update process is also added to the backup data list.

  In steps S502 and S503, an image in which the backup catalog management unit 120 transmits a list from the backup catalog storage unit 140 to the backup / restore operation UI device 700 is shown as a flow line (dotted line) of the balloon 12 in FIG.

The backup / restore operation UI device 700 displays the backup data list obtained from the backup catalog management means 120 (step S504). The user can select a suitable process from the options displayed on the backup / restore operation UI device 700. As a method for displaying the backup data list, for example, the following processes 1 to 3 can be selected and narrowed down. Note that the following processing is an example, and processing not included below may be displayed.
(1) Display only the latest backup data among the backup data after the backup data update processing.
(2) Display all backup data after backup data update processing.
(3) Display only the original backup data.

  The selection of the backup data list is set by the user. In actual operation, the backup / restore operation UI device 700 selects the backup data list option based on the conditions set by the user. Will be displayed. When specific backup data is selected from the backup data list by the user, the backup / restore operation UI device 700 instructs the backup execution unit 130 to restore the target system.

  The backup execution unit 130 acquires backup data to be restored from the backup data storage unit 140 in response to an instruction from the backup / restore operation UI device 700 (step S505).

  The backup execution unit 130 restores the acquired backup data to the business machine 300 (step S506). The process of step S505 can be realized by a disaster recovery function of general backup software.

  In steps S505 and S506, an image in which the backup execution unit 130 restores the system from the backup data storage unit 140 to the business machine 300 based on the backup data is shown as a flow line (dotted line) of the balloon 13 in FIG.

  This completes the description of the restore process included in the system recovery process according to the present embodiment.

[Renewal process]
Next, the update process included in the system recovery process according to the present embodiment will be described with reference to FIGS. 17 and 18. FIG. 17 is a conceptual diagram related to the update process included in the system recovery process according to the present embodiment. FIG. 18 is a sequence diagram showing the operation / relationship of each component in the update process included in the system recovery process according to this embodiment. In addition, regarding some steps of FIG. 18, the image of the exchange between components and the state change of components is shown by flow lines (dotted lines) and marks with balloons in FIG.

  First, after the system restoration is completed in the restoration process included in the system restoration process, the business machine 300 is started. The business machine 300 immediately after restoration starts up in a state where it is configured so that it cannot communicate with anything other than the security management server 200. Therefore, the business machine 300 is immediately isolated from the business LAN 500 immediately after restoration.

  The patch application unit 340 transmits a list of patches applied to the business machine 300 to the security management unit 220 of the security management server 200, and inquires whether there is a patch newer than the applied patch (step). S601).

  The security management unit 220 compares the patch list applied to the temporary machine 410 received from the patch application unit 340 and the version of the patch stored in the patch storage unit 230 (step S602).

  If a new patch exists, the security management unit 220 transmits a patch installer to the patch application unit 340 (step S603).

  An image in which the security management unit 220 transmits the patch installer from the patch storage unit 230 to the patch application unit 340 in steps S602 and S603 in FIG. 18 is shown as a flow line (broken line) of the balloon 14 in FIG.

  Upon receipt of the patch installer, the patch application unit 340 executes the received installer (step S604). If no new patch exists, steps S603 and S604 are omitted, and the process proceeds to step S605. Here, the patch for receiving the installer has been released between the last backup data update processing and the present time. For this reason, if the interval for executing the backup data update process is shortened, the number of patches applied here is also reduced.

  After the execution of all the patch installers is completed, the patch application unit 340 instructs the security determination unit 350 to execute the security determination of the business machine 300 (step S605).

  Here, the security determination unit 350 instructed to execute the security determination from the patch application unit 340 checks whether or not the condition for the business machine 300 to connect to the business LAN 500 is satisfied by the following procedure.

  The security determination unit 350 requests the security management unit 220 of the security management server 200 to transmit policy information to be satisfied in order for the business machine 300 to connect to the business LAN 500 (step S606).

  Upon receiving the policy transmission request, the security management unit 220 transmits the policy information stored in the policy storage unit 240 to the security determination unit 350 (step S607).

  An image in which the security management unit 220 transmits policy information from the policy storage unit 240 to the security determination unit 350 in steps S606 and S607 in FIG. 18 is shown as a flow line (dotted line) of the balloon 15 in FIG.

  The security determination unit 350 compares the status of the business machine 300 with the policy indicated by the policy information, and determines whether or not the business machine 300 satisfies the policy for connecting to the business LAN 500 (step S608).

  If the policy is not satisfied in the policy determination in step S608, a message is displayed on the screen of the backup / restore operation UI device 700 to wait for the user's action. In this case, it deviates from the sequence of FIG.

  If the policy is satisfied in the policy determination in step S608, the network control unit 360 is instructed to validate communication (step S609).

  The network control unit 360 instructed by the security determination unit 350 to validate communication with other than the security management server issues a setting change instruction to the OS of the temporary machine 410 (step S610). In step S610, the network control unit 360 sets a NIC other than the NIC used for communication with the security management server 200 to be valid, and performs a setting change to invalidate the rule set in the previous firewall. The balloon 16 in FIG. 17 is an image in which the transition at the time when communication with a server other than the security management server is validated in step S610 in FIG. Show.

  The above is the description regarding the operation of the update process included in the system recovery process according to the present embodiment. If it is certain that the latest backup data that has been backed up need not be updated, the update process included in the system recovery process may be omitted. Further, the hardware or area that is the recovery destination of the system is not necessarily the same as the recovery source.

(effect)
As described above, according to the first embodiment of the present invention, it is possible to provide a backup management apparatus that automates the work up to system recovery while ensuring sufficient security and reduces the time required for system recovery. It becomes possible. Moreover, according to this embodiment, the effects as listed below can be obtained.

  The first effect is that when the system is restored by the method according to the present embodiment, the latest patch is applied when connected to the network after restoration. This is because at least the vulnerability fixed by the patch has no timing to connect to the network in a state including the vulnerability problem, and there is no possibility that the attacker will be attacked by the vulnerability problem.

  The second effect is that the hardware configuration does not need to be changed during restoration. In the normal method, there is a high possibility of having a vulnerability problem after restoration, and it is necessary to change the hardware configuration, such as disconnecting from the network until patch application, or connecting to the quarantine network to isolate it. On the other hand, according to the method of the present embodiment, the restored system is set so that it cannot communicate with anything other than the security management server, and participation in the network is automatically performed after applying the patch. Therefore, according to the method of the present embodiment, the work of manually changing the network configuration becomes unnecessary.

  The third effect is that the time required for resuming the operation is short because a patch released after the backup is applied to the restored data. According to the method of the present embodiment, at the time of system restoration, a patch up to the backup data update processing time point has already been applied. Therefore, according to the method of this embodiment, it is possible to shorten the time required for patch application after restoration by frequently performing backup data update processing.

  The fourth effect is that it is possible to prevent a system from being restored by selecting a backup image that cannot be updated. For example, in general, software installed on a business machine is no longer supported, and the latest patch may not be provided. According to the method of the present embodiment, it is possible to detect a situation in which a backup image that cannot be updated is selected and the system is restored by the backup data updating process, and it is possible to cope with it in advance.

  A fifth effect is that it is possible to prevent a problem caused by a patch installer from occurring during system recovery. According to the method of this embodiment, it is possible to determine whether or not the latest patch can be normally applied to the system in the backup data update process.

  As shown in the fourth and fifth effects, the sixth effect is to manage whether or not backup data can be used for system recovery, and the user can use it for system restoration from valid backup data. The backup data can be selected. According to the present embodiment, on the screen for selecting which backup data to restore the system based on, it is possible to display only the backup data effective for system recovery.

(Second Embodiment)
Next, a backup management apparatus according to the second embodiment of the present invention will be described. The backup management apparatus according to the second embodiment has the same configuration as the backup management apparatus according to the first embodiment shown in FIG. Further, since the operation of the backup management apparatus according to the second embodiment is the same as that of the first embodiment except for a part thereof, the description of the portions showing the same operation is omitted.

(Operation)
In the second embodiment, regarding the backup data update processing unit 170, the operation after the backup data update processing of the temporary machine 410 is completed is different from that of the first embodiment. That is, the method according to the present embodiment is different in the storage process of the backup data update process shown in FIG.

  FIG. 19 shows a sequence diagram for explaining the second embodiment of the present invention. Up to step S407 in FIG. 19 is the same as the operation of the storage process of the first embodiment shown in FIG. After step S407, the backup data update processing unit 170 instructs the backup catalog management unit 120 to delete the old backup data created in the previous backup data update processing (step S408).

  The backup catalog management unit 120 deletes old backup data stored in the backup data storage unit 150 in accordance with an instruction from the backup data update processing unit 170 (step S409).

  In the second embodiment, the number of backup data update processing results to be left without being deleted is determined in advance. When the number of backup data update processing results exceeds a predetermined number, the backup data update processing means 170 deletes the old backup data update processing results in order. However, the backup image of the first backup data update process executed immediately after backing up the business machine 300 is not added to the count and is not deleted. That is, if the number of backup data update processing results to be left without being deleted is 1, three backup data of the initial and latest backup data update processing results and the original backup data are left.

  In the present embodiment, the example in which old backup data is deleted after the catalog information in step 407 is stored has been described. However, the old backup data may be deleted immediately after step S404. Further, in order to store the updated backup data after deleting the old backup data, steps S408 and S409 may be added before step S404.

  According to the method of the second embodiment, the capacity required for the backup data storage unit 150 can be reduced. In addition, if any defect is found in the latest patch, the system can be restored from the backup data created by the initial backup data update process. However, in the method of the second embodiment, the number of patches that must be applied after restoration is larger than that in the first embodiment.

(Third embodiment)
Next, a backup management apparatus according to the third embodiment of the present invention will be described. The backup management apparatus according to the third embodiment has the same configuration as the backup management apparatus according to the first embodiment shown in FIG. Further, since the operation of the backup management apparatus according to the third embodiment is the same as that of the second embodiment except for a part thereof, the description of the portions showing the same operation is omitted.

  In the third embodiment of the present invention, the backup data update processing unit 170 is different from the first and second embodiments in the operation after the backup data update processing of the temporary machine 410 is completed. That is, the operation of the third embodiment is different from that of the second embodiment in the operation of step S409 in FIG.

  In the third embodiment, the backup image of the first backup data update processing executed immediately after backing up the business machine 300 is also counted as a deletion target. For example, if the number of backup data update processing results that remain without being deleted is 1, only the latest backup data update processing results and the original backup data remain. In other words, in the third embodiment, the latest backup data update processing result and the original backup data are not deleted, and only the latest backup data update processing result is stored. Become.

  According to the method of the third embodiment, the capacity required for the backup data storage unit 150 can be further reduced as compared with the second embodiment. On the other hand, if any defect is found in the latest patch, the system cannot be restored from the latest backup data created by the backup data update process. Therefore, in the third embodiment, it is necessary to restore the system from the original backup data and isolate the network from the network and apply the patch manually as in the existing recovery method.

(Fourth embodiment)
Next, a backup management apparatus according to the fourth embodiment of the present invention will be described. The backup management apparatus according to the fourth embodiment has the same configuration as the backup management apparatus according to the first embodiment shown in FIG. Further, since the operation of the backup management apparatus according to the fourth embodiment is the same as that of the second embodiment except for a part thereof, the description of the portions showing the same operation is omitted.

  In the fourth embodiment of the present invention, the backup data update processing unit 170 differs from the first to third embodiments in the operation after the backup data update processing of the temporary machine 410 is completed. That is, the operation of the fourth embodiment is different from the second embodiment in the operation of step S409 in FIG.

  In the fourth embodiment, the original backup data is counted as a deletion target. For example, if the number of backup data update processing results that remain without being deleted is 1, only the first and latest backup data update processing results remain. That is, in the fourth embodiment, the original backup data is not left, the first backup data is always left, and the latest backup data update processing result is sequentially overwritten and stored.

  According to the fourth embodiment, the capacity required for the backup data storage unit 150 can be reduced as compared with the second embodiment. In addition, if any defect is found in the latest patch, it can be recovered from the backup data created by the initial backup data update process. However, in the fourth embodiment, more patches have to be applied after restoration than in the first embodiment. Further, in the fourth embodiment, the original backup data is also deleted, so that it is impossible to cope with the case where confirmation or trail management is required.

  Here, the difference in backup data stored in the backup data storage unit 150 in the first to fourth embodiments will be described with reference to the backup data storage table 151 of FIG. As shown in FIG. 20, the backup data storage unit 150 stores at least two backup data among a set of backup data including at least one updated backup data and the original backup data of the business machine 300.

  As shown in FIG. 20, in the first embodiment, all backup update processing results including the original backup data are stored in the backup data storage unit 150. In the second embodiment, the initial and latest backup update processing results including the original backup data are stored in the backup data storage unit 150. In the third embodiment, the latest backup update processing result including the original backup data is stored in the backup data storage unit 150. In the fourth embodiment, the original backup data is not stored, and the initial and latest backup update processing results are stored in the backup data storage unit 150. The effects of the respective embodiments are as described for the respective embodiments.

  The backup data stored in the backup data storage unit 150 is not limited to the pattern shown in the backup data storage table 151. For example, the previous and latest backup update processing results may be stored in the backup storage unit 150 regardless of whether or not the original backup data is stored. Further, for example, an arbitrary n-th and latest backup update processing result may be stored in the backup storage unit 150 (n is an arbitrary natural number). Further, for example, any n backup update process results and the latest backup update process result may be stored in the backup storage unit 150.

  The methods according to the first to fourth embodiments may be selected according to the specifications of the backup server 100. For example, when many storage means are not provided, the methods of the second to fourth embodiments are suitable. For example, the method according to the first embodiment is effective for a system in which a large number of patches are applied due to a high system update frequency and an urgent restoration may be required. For example, the method according to the third embodiment is sufficient for a system that applies few patches because the system update frequency is low. For example, in a system where confirmation and trail management are not required, the method according to the fourth embodiment is sufficient. The method according to the second embodiment is sufficient for a system that requires verification and trail management but does not apply many patches.

  The method according to the embodiment of the present invention can be used as a backup area for various systems. Specifically, it can be used in an environment where centralized backup of a web server or an employee's personal terminal is performed. This is particularly suitable when it is desired to avoid the intervention of an administrator for a system restore request, or when it is desired to shorten the time required for system recovery.

(Related technology)
Finally, problems of related technologies including the technologies described in the background art are listed, and it is clarified that the problems of the related technologies can be solved by the technology according to the present embodiment.

  The first problem is that if the system is restored using old backup data in a computer environment where the system is backed up in case of a failure, the system immediately after the restoration will not be applied with the latest patch. is there. For this reason, a system started after restoration is highly likely to contain a problem of vulnerability, and if the system is connected to the network as it is, there is a possibility that the vulnerability of the system is used by an attacker.

  The second problem is that in order to deal with the first problem, after restoring the system, it is necessary to disconnect from the network, connect to the quarantine network, or change the system hardware configuration to isolate it. It is. That is, if it is necessary to change the hardware configuration, it is difficult to automate system recovery.

  The third problem is that, in order to deal with the first problem, the latest patch must be applied to the system after the system is restored and before the operation is resumed. Since it takes time to apply the latest patch to the system, it takes a long time to resume the business.

  The fourth problem is that the latest patch may not be applied to the restored system after the system is restored from the old backup data. For example, it is assumed that the software installed on the business machine is no longer supported and the latest patch is not provided. If the software support status is not known in advance before the system is restored, the software support will be stopped only when the patch application is attempted after the system is restored. As a result, it is necessary to reselect a backup image to which the latest patch can be applied, and the time required for resuming the operation becomes longer. The older the backup data used to restore the system, that is, the older the installed application, the higher the risk that application support is stopped.

  The fifth problem is that after restoring a system from old backup data, it cannot be determined before restoration whether the latest patch can be normally applied to the restored system. Patch application may not work properly due to a bug in the installer or application. When patch application fails after patch application after system restoration, it is necessary to deal with the failure of patch application, and the time required for resuming the operation becomes longer. The older the backup data used for restore and the more patches required to bring the system up-to-date, the higher the risk of patch application failure.

  The sixth problem is that backup data that cannot be updated is not managed as mentioned in the fourth and fifth problems. That is, since it is not managed whether the backup data is the latest data, it is impossible to determine from which backup image the backup data should be restored.

  According to the method according to the embodiment of the present invention, the above-described problems can be solved.

  Even if the backup management method by the backup management apparatus according to the above-described embodiment is realized by an apparatus / means having a configuration different from the above-described configuration, as long as the method of the present embodiment is applied, Included in the range. A backup management program that causes a computer to execute the method according to the present embodiment is also included in the scope of the present invention. Furthermore, a program recording medium that records the program according to the present embodiment is also included in the present invention.

  Although the present invention has been described with reference to the embodiments, the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

DESCRIPTION OF SYMBOLS 1 Backup management apparatus 10 Backup means 12 Backup catalog management means 13 Backup execution means 14 Backup catalog storage means 15 Backup data storage means 16 Update processing schedule storage means 17 Backup data update processing means 18 Update process start control means 20 Management means 22 Security management means 23 Patch storage means 24 Policy storage means 30 Backup target system 32 Backup client 33 NIC
34 Patch application means 35 Security judgment means 36 Network control means 40 Virtual host 41 Virtual machine 42 Backup client 43 NIC
44 patch application means 45 security judgment means 46 network control means 50 network 60 virtual network 100 backup server 120 backup catalog management means 130 backup execution means 140 backup catalog storage means 150 backup data storage means 160 update processing schedule storage means 170 latest backup data Update processing unit 180 update processing start control unit 200 security management server 202 security management unit 203 patch storage unit 204 policy storage unit 300 business machine 320 backup client device 330 NIC
340 Patch application unit 350 Security determination unit 360 Network control unit 400 Virtual host 410 Temporary machine 420 Backup client device 430 NIC
440 Patch application means 450 Security judgment means 460 Network control means 500 Business LAN
600 Temporary LAN

Claims (10)

A backup management device for managing backup data of a system including a backup client having a function of updating the security status of backup data,
Management means for managing information for updating the system;
In response to an instruction to acquire backup data of the system and restore the system, an instruction to create a virtual machine having the same configuration as the system is issued to a virtual host having a virtual environment hypervisor. In addition, the system restores the system from the backup data of the system to the virtual machine, and instructs the backup client to update the system restored to the virtual machine, and information for updating the system A backup management apparatus comprising backup means for storing backup data of the system updated based on the system. The backup means includes
The backup according to claim 1, wherein the virtual host is instructed to create the virtual machine connected to the backup unit and the management unit via a virtual network independent of a network to which the system is connected. Management device. The management means includes
Managing patch information to be applied to the system and policy information regarding network connection of the system as information for updating the system,
The backup means includes
The patch information to be applied to the system restored to the virtual machine is acquired from the management unit, the acquired patch information is applied to the system restored to the virtual machine, the system is updated, and the update is performed. The backup management apparatus according to claim 1, wherein the backup data of the prepared system is stored as the updated backup data. The backup means includes
Backup execution means for obtaining backup data of the system, restoring the system from the backup data in accordance with an instruction to restore the system, and creating catalog information including meta information of the backup data of the system;
Backup catalog management means for acquiring the catalog information and managing the acquired catalog information;
Backup data storage means for storing backup data of the system;
Backup catalog storage means for storing the catalog information;
An update processing schedule storage means for storing a schedule for updating the backup data;
An update process activation control means for issuing an instruction to start update of the backup data at a preset timing;
Backup data update means for updating the backup data in response to an instruction to start update of the backup data by the update process activation control means,
The management means includes
Security management means for managing information for updating the security status of the system including the patch information and the policy information;
Patch storage means for storing the patch information;
The backup management apparatus according to claim 1, further comprising policy information storage means for storing the policy information.   Control means comprising: input means for inputting instructions to the backup means and the management device; and display means for displaying information including a list of backup data of the system including the updated backup data The backup management apparatus according to any one of claims 1 to 4. The backup catalog management means includes:
In response to a request from the control means, a list of backup data of the system is transmitted to the control means,
The control means includes
Select at least one of the backup data included in the list of backup data of the system,
The backup means includes
The backup management apparatus according to claim 5, wherein the backup data selected by the control unit is restored. The backup data storage means includes
7. At least two backup data among a set of backup data including at least one of the updated backup data and the backup data of the system acquired first is stored. The backup management device according to item. Including a backup client having a function of updating the security state of backup data, and a client in which a system having at least one network interface is constructed;
A virtual host with a virtual environment hypervisor;
A management server for managing patch information to be applied to the system and policy information regarding network connection of the system as information for updating the system;
In response to an instruction to acquire backup data of the system and restore the system, the virtual host is instructed to create a virtual machine having the same configuration as the system in the virtual host, and the created The system is restored to the virtual machine, and the backup client is instructed to update the system restored to the virtual machine and updated based on the information for updating the system. A backup server for storing system backup data,
The backup client
Patch application means for acquiring the patch from the management means and applying the acquired patch to the restored system;
Obtaining the policy information from the management means, making a policy judgment on the network connection of the system to which the patch is applied based on the obtained policy information, and determining the policy according to the result of the policy judgment Security judgment means for issuing an instruction to switch the network connection state of the system;
And a network control unit for controlling a network connection state of the network interface of the system determined by the policy in response to an instruction from the security determination unit. A backup management method for managing backup data of a system including a backup client having a function of updating the security status of backup data,
Manage information for modernizing the system,
Obtain backup data of the system,
In response to an instruction to restore the system, an instruction to create a virtual machine having the same configuration as the system is issued to a virtual host having a virtual environment hypervisor.
Restore the system from the system backup data to the created virtual machine,
Instruct the backup client to update the system restored to the virtual machine,
A backup management method comprising: storing backup data of the system updated based on information for updating the system. A backup management program for managing backup data of a system including a backup client having a function of updating the security status of backup data,
A process for managing information for updating the system;
Processing to obtain backup data of the system;
In response to an instruction to restore the system, a process of issuing an instruction to create a virtual machine having the same configuration as the system to a virtual host having a virtual environment hypervisor;
A process of restoring the system from backup data of the system to the created virtual machine;
Processing to issue an instruction to update the system restored to the virtual machine to the backup client;
A backup management program for causing a computer to execute processing for storing backup data of the system updated based on information for updating the system.

Images