JP2016162387A - Virtual server system, virtual server control method, and virtual server program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent a system from being unauthorizedly used due to an unauthorized transfer of a virtual server.SOLUTION: A virtual server system comprises at least one information processor 900 for operating a virtual server 91, and a management module 92 that operates outside the virtual server 91. The virtual server 91 includes a control unit 90 for attempting to establish a communication path for transmitting/receiving data to/from the management module 92, and inhibiting the operation of a system in the virtual server 91 in the case of failing in the establishment of the communication path.SELECTED DRAWING: Figure 14

Description

  The present invention relates to a virtual server system, a virtual server control method, and a virtual server program, and more particularly to a technique for preventing unauthorized use of a system in a virtual server.

  Vertically integrated server (vertical integrated system) that supports specific tasks by linking multiple virtual servers on one physical server and linking application systems that can operate independently on multiple virtual servers Has proposed a mechanism for monitoring individual virtual servers from the outside.

  For example, Patent Document 1 discloses a technique for managing by assigning an ID to each of a plurality of virtual servers. Patent Document 2 discloses a technique for managing information on a plurality of virtual servers and verifying tampering.

  However, with such a technology, since the virtual servers that are guests can operate independently, there is a problem that it is not possible to prevent the virtual server from being illegally transferred to another physical server and used. is there.

  For example, there is a license system that performs authentication based on a MAC (Media Access Control) address. When the MAC address of a server is different from a predetermined MAC address, this license system suppresses the use of the system in that server. In the case of a physical server, the MAC address is a unique value for each physical server, and thus is effective as an identifier at the time of authentication.

International Publication No. 2012/132815 JP 2014-154050 A

  However, since the MAC address of the virtual server can be set arbitrarily, it is illegal to move the virtual server illegally by copying the virtual server image and set the same MAC address as the regular virtual server. There is a problem that the system can be used by bypassing authentication. However, the above technique has not dealt with this problem.

  An object of the present invention is to provide a virtual server system, a virtual server control method, and a virtual server program that can prevent unauthorized use of the system due to unauthorized transfer of a virtual server in order to solve the above-described problems. That is.

  The virtual server system according to the first aspect of the present invention includes at least one information processing apparatus that operates a virtual server and a management module that operates outside the virtual server, and the virtual server includes the management module When the establishment of a communication path for transmitting and receiving data to and from the server fails and the establishment of the communication path fails, a control unit that suppresses the operation of the system in the virtual server is provided.

  A virtual server control method according to a second aspect of the present invention is a virtual server control method in a virtual server that operates on an information processing apparatus, and the information processing apparatus is the same as or different from the information processing apparatus outside the virtual server. And a step of attempting to establish a communication path for transmitting and receiving data to and from an operating management module; and a step of suppressing system operation in the virtual server when the establishment of the communication path fails. It is a thing.

  A virtual server program according to a third aspect of the present invention is a virtual server program for causing an information processing apparatus to operate as a virtual server, in an information processing apparatus that is the same as or different from the information processing apparatus, outside the virtual server. A process of attempting to establish a communication path for transmitting and receiving data to and from an operating management module; and a process of suppressing the operation of the system in the virtual server if the establishment of the communication path fails. This is executed by the information processing apparatus.

  According to each aspect described above, it is possible to provide a virtual server system, a virtual server control method, and a virtual server program that can prevent unauthorized use of the system due to unauthorized transfer of a virtual server.

1 is a diagram illustrating a configuration of a virtual server system according to a first embodiment. 3 is a flowchart showing processing of the virtual server system according to the first embodiment. It is a figure which shows the structure of the virtual server system which concerns on Embodiment 2. FIG. 10 is a flowchart illustrating processing of the virtual server system according to the second embodiment. FIG. 10 is a diagram illustrating a configuration of a virtual server system according to a third embodiment. 10 is a flowchart illustrating a first process of the virtual server system according to the third embodiment. 10 is a flowchart illustrating a second process of the virtual server system according to the third embodiment. It is a figure which shows the structure of the virtual server system which concerns on Embodiment 4. FIG. 14 is a flowchart illustrating a first process of the virtual server system according to the fourth embodiment. 10 is a flowchart showing a second process of the virtual server system according to the fourth embodiment. It is a figure which shows the structure of the virtual server system which concerns on other embodiment. It is a figure which shows the structure of the virtual server system which concerns on other embodiment. It is a figure which shows the structure of the virtual server system which concerns on other embodiment. 1 is a diagram illustrating a schematic configuration of a virtual server system according to Embodiment 1. FIG.

  Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings. Specific numerical values and the like shown in the following embodiments are merely examples for facilitating understanding of the invention, and are not limited thereto unless otherwise specified. In the following description and drawings, matters obvious to those skilled in the art are omitted or simplified as appropriate for the sake of clarity.

<Embodiment 1 of the Invention>
First, the virtual server system 1000 according to the first embodiment of the present invention will be described. With reference to FIG. 1, the configuration of a virtual server system 1000 according to Embodiment 1 of the present invention will be described.

  As illustrated in FIG. 1, the virtual server system 1000 includes a host 100. The host 100 includes a plurality of virtual servers 1 and a management module 5. That is, the information processing apparatus can operate a plurality of virtual servers 1. The host 100 is typically a physical server. The virtual server system 1000 functions as, for example, a vertically integrated system that supports specific tasks.

  Each of the plurality of virtual servers 1 includes a system 2, an operating system 3, and a management client 4. Each of the plurality of virtual servers 1 is realized by a CPU (Central Processing Unit) (not shown) of the host 100 executing a program for executing a function as the virtual server 1.

  The system 2 is an application program (system) that operates on the operating system 3 of the virtual server 1. The system 2 is an application program in a vertically integrated system, for example. That is, the function as a vertically integrated system is realized by the system 2 in each of the plurality of virtual servers 1 operating in cooperation.

  The operating system 3 is an operating system that operates on the virtual server 1. That is, the operating system 3 is a so-called guest OS (Operating System) in the virtualization technology.

  The management client 4 is a function that the virtual server 1 has. The management client 4 is, for example, an application program that runs on the operating system 3, virtual device data (for example, virtual device driver) loaded when the virtual server 1 is started, or a program supplied to the virtual server 1 as a virtual dongle. This is realized by the virtual server 1 executing.

  The management client 4 manages the virtual server 1. The management client 4 includes a communication unit 10 and a control unit 11. The communication unit 10 transmits / receives arbitrary data to / from the management module 5. The control unit 11 performs control to prevent unauthorized use of the system 2 in the virtual server 1.

  The management module 5 manages a plurality of virtual servers 1. The management module 5 operates in an environment where the host 100 is not virtualized. That is, the management module 5 operates outside the virtual server 1 in the host 100. The management module 5 is realized by the CPU of the host 100 executing a program for executing the function as the management module 5. For example, when the virtualization method in the host 100 is a host OS type, the management module 5 is a program that operates on a so-called host OS (Operating System) or a program that is incorporated in the host OS. When the virtualization method in the host 100 is a hypervisor type, the program is incorporated in the hypervisor.

  The virtual server 1 described above is created on the host 100 by virtualization software or a hypervisor operating on the host 100. As a program for creating such a virtual server 1, for example, there is VMware (registered trademark).

  The management module 5 includes a communication unit 20 and a control unit 21. The communication unit 20 transmits / receives arbitrary data to / from each of the plurality of virtual servers 1. Control to prevent unauthorized use of the system 2 in the virtual server 1 is performed.

  Therefore, the communication unit 10 and the communication unit 20 transmit / receive data to / from each other. For example, the control unit 11 executes a control process based on data received from the control unit 21 via the communication unit 10. The control unit 21 also executes control processing based on data received from the control unit 11 via the communication unit 20.

  Then, with reference to FIG. 2, the process of the virtual server system which concerns on Embodiment 1 of this invention is demonstrated. This process may be performed at an arbitrary timing after the start-up in addition to the start-up of the virtual server 1.

  The control unit 11 generates control data and outputs the generated control data to the communication unit 10 (S1). The control data may include arbitrary information such as information indicating at least one of the state of the virtual server 1, the state of the system 2, and the state of the operating system 3. The communication unit 10 tries to establish a communication path with the communication unit 20 in response to the input of control data from the control unit 11 (S2).

  This communication path corresponds to, for example, a connection in the TCP / IP protocol established within the host 100 via a virtual network (for example, including a virtual switch) that connects a plurality of virtual servers 1 and the management module 5. .

  If the communication path is successfully established (S2: success), the communication unit 10 transmits control data to the communication unit 20 via the established communication path (S3). The communication unit 20 outputs the control data received from the communication unit 10 to the control unit 21 (S4).

  The control part 21 confirms the control data input from the communication part 20, and performs a process according to the content of the control data (S5). As this process, an arbitrary process may be executed. The control unit 21 generates control data indicating the execution result of this process, and outputs the generated control data to the communication unit 20 (S6). That is, this control data functions as a response to the control data from the management client 4. In the process in step S5, only control data that is a response to the control data from the management client 4 may be generated.

  The communication unit 20 transmits the control data input from the control unit 21 to the communication unit 10 (S7). The communication unit 10 outputs the control data received from the communication unit 20 to the control unit 11 (S8).

  The control part 11 confirms the control data input from the communication part 10, and performs a process according to the content of the control data (S9). As this process, an arbitrary process may be executed. Moreover, the control part 11 produces | generates the control data which show the execution result of this process as needed, and outputs the produced | generated control data to the communication part 20 (S1). That is, the control data may be transmitted to the management module 5 again, and the processes from Steps S1 to S9 may be repeated.

  On the other hand, when the establishment of the communication path has failed (S2: failure), the communication unit 10 outputs data notifying the communication failure to the control unit 11. The control unit 11 performs control processing according to the data input from the communication unit 10 (S9). As a control process when the establishment of the communication path fails, the control unit 11 stops the activation process of the virtual server 1 according to the data input from the communication unit 10.

  According to this, when the virtual server 1 is illegally moved to another host, the management module 5 does not exist in the non-regular host, so that establishment of a communication path fails. Therefore, the activation of the virtual server 1 is suppressed, and unauthorized use of the system 2 in the virtual server 1 can be prevented.

  If this process is executed at an arbitrary timing after activation, the operation of the virtual server 1 may be stopped (for example, the operating system 3 is shut down). Further, as long as the operation of the system 2 can be suppressed, the operation is not limited to the start / stop or operation stop of the virtual server 1 itself, and only the system 2 may be stopped. This is because unauthorized use of the system 2 can be prevented.

  Moreover, the start / stop (operation stop) of the virtual server 1 is not limited to when the establishment of the communication path has failed. The start / stop (operation stop) of the virtual server 1 may include, for example, a case where the virtual server 1 fails to load virtual device data on the host 100 (that is, the management client 4 receives virtual device data). As provided). In this case, even if the virtual server 1 is in a state where it can communicate with the management module 5 on the host 100, loading of the virtual device data (management client 4) for transmitting control data will fail. The server 1 is started and stopped.

  According to this, even when the virtual server 1 is illegally moved to another host, even if the virtual server 1 is in an environment where it can communicate with the management module 5 (or is illegal by a third party). Even if the management module 5 is prepared), since the virtual device data does not exist in the non-regular host, the virtual device data cannot be loaded and fails. Therefore, the activation of the virtual server 1 is suppressed, and unauthorized use of the system 2 in the virtual server 1 can be prevented.

  In addition, this process is not limited to the start from the process of step S1. For example, you may start from the process of step S5. That is, the control unit 21 may first generate control data and transmit it to the management client 4 via the communication unit 20. Further, as described above, the present process may be terminated when the processes from step S1 to S9 are executed, or the processes from step S1 to S9 may be continuously repeated. .

  According to the first embodiment described above, unauthorized use of the application program (system 2) due to unauthorized transfer of the virtual server 1 can be prevented. The reason is that the existence of a legitimate host server (management module 5) is confirmed from the virtual server 1 side, and the operation is stopped when it cannot be confirmed. That is, when the control unit 11 of the virtual server 1 tries to establish a communication path for transmitting / receiving data to / from the management module 5 and fails to establish the communication path, the operation of the system 2 in the virtual server 1 It is because it suppresses.

<Embodiment 2 of the Invention>
Next, a virtual server system according to Embodiment 2 of the present invention will be described. For the sake of simplification of explanation, the same contents as those of the virtual server system according to the first embodiment are denoted by the same reference numerals, and the description thereof is omitted as appropriate.

  With reference to FIG. 3, the configuration of the virtual server system according to Embodiment 2 of the present invention will be described. As shown in FIG. 3, in the virtual server system according to the second embodiment of the present invention, compared to the first embodiment, the management client 4 has a control unit 12 instead of the control unit 11, and includes a management module. 5 has a control unit 22 instead of the control unit 21.

  The control unit 11 includes a response data confirmation unit 30 and inquiry data 40. The control unit 21 includes a response data confirmation unit 31 and verification data 41.

  The response data confirmation unit 30 confirms the consistency of the response data in response to the control data transmitted to the management module 5 based on the collation data 40, so that the response data is a response from the regular management module 5. Make sure.

  The response data confirmation unit 31 generates response data in response to the control data received from the management client 4 based on the collation data 41.

  In each of the collation data 40 and 41, control data and an expected value of control data (response data) responding to the control data are paired. Strictly speaking, the collation data 40 and 41 are stored in a storage device (such as a memory or a hard disk) included in the host 100.

  Then, with reference to FIG. 4, the process of the virtual server system which concerns on Embodiment 2 of this invention is demonstrated. Note that this processing may also be performed at an arbitrary timing after the startup as well as when the virtual server 1 is started, as in the first embodiment.

  The control unit 12 generates control data and outputs the generated control data to the communication unit 10 (S11). As this control data, control data defined in the collation data 40 is generated. The communication unit 10 establishes a communication path with the communication unit 20 in response to input of control data from the control unit 12 (S12). Even when the establishment of this communication path fails, the control unit 12 suppresses the operation of the system 2 in the virtual server 1 as in the first embodiment.

  The communication unit 10 transmits control data to the communication unit 20 via the established communication path (S13). The communication unit 20 outputs the control data received from the communication unit 10 to the control unit 22 (S14).

  The control part 22 confirms the control data input from the communication part 20, and performs a process according to the content of the control data. As this processing, in the second embodiment, the response data confirmation unit 31 of the control unit 22 generates response data (control data) in response to the control data from the management client 4 based on the collation data 41 ( S15).

  More specifically, in the collation data 41, it is assumed that the control data (Y) is associated with the response data (Y ′) as the expected value of the response. At that time, if the control data input from the communication unit 20 is control data (Y), the response data confirmation unit 31 manages response data (Y ′) corresponding to the control data (Y). It is generated as control data that responds to the client 4. The control unit 22 outputs the response data generated by the response data confirmation unit 31 to the communication unit 20 (S16).

  The communication unit 20 transmits the response data input from the control unit 22 to the communication unit 10 (S17). The communication unit 10 outputs the response data received from the communication unit 20 to the control unit 12 (S18).

  The control part 12 confirms the response data input from the communication part 10, and performs a process according to the content of the response data. As this process, in the second embodiment, the response data confirmation unit 30 of the control unit 12 generates the response data (Y ′) input from the communication unit 10 in the verification data 40 in step S11 and manages the module. The response data (X ′) associated with the control data (X) transmitted toward 5 is inquired (compared) (S19).

  If the response data (Y ′) received from the management module 5 matches the response data (X ′) that is the expected value as a result of the inquiry, the response data confirmation unit 30 determines whether the management client 4, the management module 5, (S19: When consistency is confirmed). In this case, the control unit 12 continues the operations of the system 2 and the operating system 3 in the virtual server 1.

  On the other hand, if the response data (Y ′) received from the management module 5 does not match the expected response data (X ′) as a result of the collation, the response data confirmation unit 30 determines that the management client 4 and the management module 5 is determined not to be confirmed (S19: When consistency cannot be confirmed). In this case, the control unit 12 stops the operation of the system 2 or the operating system 3 in the virtual server 1. That is, the operation of the system 2 in the virtual server 1 is suppressed.

  According to the second embodiment described above, even if an unauthorized management module 5 for returning dummy response data is prepared by a third party, unauthorized use of the application program (system 2) by moving the virtual server 1 is prevented. Can be prevented. This is because the consistency of data transmitted and received between the management client 4 and the management module 5 is confirmed.

  In the second embodiment, more preferably, in the collation data 40 and 41, the pairing value between the control data and the response data is set to a different value for each of the plurality of virtual servers 1. . Then, the virtual server 1 transmits control data having a value corresponding to itself to the management module 5. According to this, when the response data confirmation unit 31 receives the control data having the same value from a plurality of different virtual servers 1, it is possible to detect unauthorized transfer of the virtual server 1. In this case, for example, the response data confirmation unit 31 may generate response data instructing suppression of the operation of the system 2 in the virtual server 1 (for example, stop of the system 2 or the operating system 3).

  Further, by adding identification information such as an IP address to the control data, the management module 5 may determine whether or not the virtual server 1 that is the transmission source of the control data is an authorized transmission source. For example, information indicating a list of regular IP addresses of a plurality of virtual servers 1 is stored in advance in the storage device of the host 100. Then, the management module 5 detects that the virtual server 1 has been illegally moved when the source IP address in the packet header of the received control data does not correspond to any IP address in the list indicated by the information. To do. In this case, for example, the response data confirmation unit 31 may generate response data instructing suppression of the operation of the system 2 in the virtual server 1 (for example, stop of the system 2 or the operating system 3).

<Third Embodiment of the Invention>
Next, a virtual server system according to Embodiment 3 of the present invention will be described. For the sake of simplification of description, the same contents as those of the virtual server systems according to Embodiments 1 and 2 are denoted by the same reference numerals, and the description thereof is omitted as appropriate.

  The configuration of the virtual server system according to Embodiment 3 of the present invention will be described with reference to FIG. As shown in FIG. 5, in the virtual server system according to the third embodiment of the present invention, the management client 4 has a control unit 13 instead of the control unit 11 as compared with the second embodiment. 5 has a control unit 23 instead of the control unit 21.

  The control unit 13 includes a monitoring unit 32. The control unit 23 includes a monitoring unit 33, a display unit 34, control information data 42, and state holding data 43.

  The monitoring unit 32 monitors the state in the virtual server 1 and detects an abnormality that has occurred in the virtual server 1. For example, the monitoring unit 32 detects an abnormality in the system 2 and the operating system 3 operating in the virtual server 1.

  The monitoring unit 33 monitors the status of a plurality of virtual servers 1 operating on the host 100. The monitoring unit 33 monitors the plurality of virtual servers 1 by confirming the state of each virtual server 1 notified from the plurality of virtual servers 1. When the monitoring unit 33 detects an abnormality in the virtual server 1, the monitoring unit 33 instructs the virtual server 1 to execute processing according to the abnormality.

  The display unit 34 displays the respective states of the plurality of virtual servers 1 indicated by the state holding data 43 and the state of the entire vertical integrated system (virtual server system 1000) and notifies the user. This display is performed by, for example, a display device (a liquid crystal display or an organic EL display) included in the host 100.

  The control information data 42 indicates the processing contents to be executed as the vertically integrated system when an abnormality occurs in the virtual server 1 and the dependency relationship between the plurality of virtual servers 1. The processing content may indicate only the processing content for the virtual server 1 in which an abnormality has occurred, or may indicate the processing content for another virtual server 1 that depends on the virtual server 1 (that is, the dependency relationship is present). It may also indicate the processing content when it collapses). For example, if the control information data 42 indicates that the virtual server B is necessary for the operation of the virtual server A as a dependency relationship (the virtual server A depends on the virtual server B), there is an abnormality in the virtual server B. As the processing content when it occurs, the stop of the operation of the virtual server B and the stop of the operation of the virtual server A may be indicated.

  The state holding data 43 indicates the state of each of the plurality of virtual servers 1 and the state of the entire vertically integrated system. The state holding data 43 includes, for example, a field indicating contents for identifying a plurality of virtual servers 1 and a state field indicating the states of the plurality of virtual servers 1. The state holding data 43 is updated by the monitoring unit 33. For example, the monitoring unit 33 updates each state of each virtual server 1 indicated by the state holding data 43 based on notifications from each of the plurality of virtual servers 1 and comprehensively considers the states of these virtual servers 1. The state of the whole vertically integrated system is also updated to indicate the state.

  Subsequently, a first process of the virtual server system according to the third embodiment of the present invention will be described with reference to FIG. Note that this processing may also be performed at an arbitrary timing after the startup, in addition to when the virtual server 1 is started, as in the first and second embodiments.

  When an abnormality occurs in the system 2 or the operating system 3, the monitoring unit 32 detects the abnormality (S21). The control unit 13 generates state data indicating the abnormality detected by the monitoring unit 32 as control data, and outputs the generated control data to the communication unit 10 (S22). In addition, it is not limited to transmitting control data indicating an abnormality only when an abnormality is detected in this way, but the occurrence of an abnormality is confirmed at every certain period, and if an abnormality is detected, the abnormality is detected. Control data indicating that the data is normal may be transmitted if no abnormality is detected.

  The communication unit 10 transmits the state data output from the control unit 13 to the communication unit 20 (S23). Note that, even if the establishment of the communication path fails at this time, the operation of the system 2 in the virtual server 1 is suppressed as in the first embodiment. The communication unit 20 outputs the state data received from the communication unit 10 to the control unit 23 (S24).

  The control unit 23 checks the state data (control data) input from the communication unit 20, and executes processing according to the content of the state data. As this process, in the third embodiment, the monitoring unit 33 of the control unit 23 updates the state holding data 43 based on the state data input from the communication unit 20 (S25). For example, when the state data received from the management client 4 of the virtual server 1 indicates an abnormality, the monitoring unit 33 updates the state holding data 43 so as to indicate an abnormality as the state of the virtual server 1. The display unit 34 of the control unit 23 displays the information indicated by the updated state holding data 43 to the user (S26).

  Further, the monitoring unit 33 generates response data (control data) in response to the status data from the virtual server 1 based on the control information data 42.

  More specifically, when the status data indicates an abnormality, the monitoring unit 33 executes the processing contents when an abnormality occurs in the virtual server 1 that transmitted the status data, which is indicated by the control information data 42. Response data to be instructed is generated, and the generated response data is output to the communication unit 20 (S27).

  For example, it is assumed that the status data indicates that an abnormality of the system 2 has occurred, and the control information data 42 indicates that the operating system 3 is stopped as the processing content when the abnormality of the system 2 occurs. . In this case, the monitoring unit 33 generates response data instructing shutdown of the operating system 3 and outputs the response data to the communication unit 20. If the status data does not indicate an abnormality, response data is generated that instructs the system 2 and the operating system 3 to continue operating.

  The communication unit 20 transmits the response data input from the control unit 23 to the communication unit 10 (S28). The communication unit 10 from the control unit 23 outputs the response data received from the communication unit 20 to the control unit 13 (S29).

  The control unit 13 confirms the response data (control data) input from the communication unit 10 and executes processing with the processing content indicated by the response data. As this process, in this Embodiment 3, the monitoring part 32 of the control part 13 performs a process with the processing content which the response data input from the communication part 10 shows (S30). For example, when the response data indicates the shutdown of the operating system 3 as the processing content, the monitoring unit 33 shuts down the operating system 3.

  Next, a second process of the virtual server system according to the third embodiment of the present invention will be described with reference to FIG. Note that this processing may also be performed at an arbitrary timing after the startup, in addition to when the virtual server 1 is started, as in the first and second embodiments. In addition, since the process of step S21-S30 is the same as that of step S21-S30 in the 1st process demonstrated with reference to FIG. 6, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  This process describes an example in which when the occurrence of an abnormality of the virtual server 1 is notified, the abnormality of the virtual server 1 affects other virtual servers 1. After step S26, the monitoring unit 33 confirms the processing contents when an abnormality of the virtual server 1 indicated by the status data occurs in the control information data 42 (S31). In addition to the processing contents for the virtual server 1 (hereinafter referred to as “virtual server A”) in which the control information data 42 has transmitted the status data, the monitoring unit 33 determines that the other virtual server 1 (hereinafter “virtual server B”). It is determined whether or not the processing content is also shown (S32).

  When the control information data 42 also indicates the processing content for the other virtual server B (S32: YES), the monitoring unit 33 generates response data instructing execution of the processing content for the virtual server A and sends it to the communication unit 20. While outputting (S27), the control data which instruct | indicate execution of the processing content with respect to the virtual server B are also produced | generated, and it outputs to the communication part 20 (S33).

  For example, the status of the virtual server A indicated by the status data indicates that an abnormality of the system 2 has occurred. In the control information data 42, as the processing contents when an abnormality of the system 2 has occurred, It is assumed that the stop of the operating system 3 and the stop of the operating system 3 of another virtual server B are shown. In this case, the monitoring unit 33 generates response data that instructs the virtual server A to shut down the operating system 3 and outputs the response data to the communication unit 20.

  In addition, the monitoring unit 33 confirms the dependency relationship indicated by the control information data 42 and identifies the virtual server B that depends on the virtual server A. The monitoring unit 33 generates control data that instructs the identified virtual server B to shut down the operating system 3 and outputs the control data to the communication unit 20. In this case, this control data is also transmitted to the virtual server B via the communication unit 20 in the same manner as the response data (S28, S29).

  On the other hand, when the control information data 42 does not indicate the processing content for the other virtual server B (S32: NO), the monitoring unit 33 generates response data instructing execution of the processing content for the virtual server A and performs communication. It outputs to the part 20 (S27), and the response data with respect to another virtual server B is not produced | generated.

  According to the third embodiment described above, it is possible to implement an optimum countermeasure as the virtual server system 1000 (vertically integrated system). The reason is that when an abnormality occurs in the virtual server 1 (for example, the system 2 or the operating system 3), the management client 4 notifies the management module 5 and processing for dealing with the abnormality based on the control information data 42 is virtually performed. This is because it can be executed in the server 1.

  Further, according to the third embodiment described above, the user can easily grasp the state of the virtual server system 1000. The reason is that, when an abnormality occurs in the virtual server 1 (for example, the system 2 or the operating system 3), the management client 4 notifies the management module 5 so that the status of each virtual server 1 is collectively managed and the user is notified. This is because it can be notified.

<Embodiment 4 of the Invention>
Next, a virtual server system according to Embodiment 4 of the present invention will be described. For the sake of simplification of explanation, the same contents as those in the virtual server systems according to the first to third embodiments are denoted by the same reference numerals, and the description thereof is omitted as appropriate.

  With reference to FIG. 8, the configuration of the virtual server system according to Embodiment 4 of the present invention will be described. As shown in FIG. 8, in the virtual server system according to the fourth embodiment of the present invention, the management module 5 has a control unit 24 instead of the control unit 23 as compared with the third embodiment.

  The control unit 24 includes a monitoring unit 33, a display unit 34, state holding data 43, and control information data 44. Compared with the control unit 23 according to the third embodiment, the control unit 24 further controls activation of the plurality of virtual servers 1.

  The control information data 44 further indicates the activation order of the plurality of virtual servers 1 as compared with the control information data 42 according to the fourth embodiment.

  Subsequently, a first process of the virtual server system according to the fourth embodiment of the present invention will be described with reference to FIG. This process is performed at the timing when the plurality of virtual servers 1 are activated.

  The control unit 24 activates a plurality of virtual servers 1 based on the control information data 44 and the state holding data 43 (S41). More specifically, the control unit 24 activates the plurality of virtual servers 1 in the activation order indicated by the control information data 44. Further, in the state of each virtual server 1 indicated by the state holding data 43, the control unit 24 may suppress the activation of the virtual server 1 when there is a virtual server 1 indicating an abnormality. For example, when an abnormality occurs in the system 2 or the operating system 3 of the virtual server 1 at the previous startup of the virtual server 1 and the operating system 3 is shut down, the state of the virtual server 1 is regarded as abnormal.

  The processing of steps S42 to S50 is the same as the processing of steps S21 to S30 in the third embodiment described with reference to FIG. 6 (note that step S32 corresponds to the two steps S21 and S22). Description is omitted.

  That is, according to this process, the control unit 13 of the management client 4 notifies the management module 5 of the state when the virtual server 1 is started (S42 to S43). The monitoring unit 33 of the management module 5 instructs the processing contents of the virtual server 1 to the management client 4 according to the state of the virtual server 1 notified from the management client 4 (S45 to S48). The control unit 13 of the management client 4 executes processing with the processing content instructed from the management module 5 (S49 to S50). For example, if an abnormality occurs in the virtual server 1 when the virtual server 1 is started up, the management module 5 is notified of this, and the management module 5 instructs the virtual server 1 to shut down, and the virtual server 1 is started up. Can be suppressed.

  Subsequently, a second process of the virtual server system according to the fourth embodiment of the present invention will be described with reference to FIG. This process is also performed at the time of starting up the plurality of virtual servers 1. In addition, since the process of step S41-S50 is the same as that of step S41-S50 in the 1st process demonstrated with reference to FIG. 9, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  This process describes an example in which an abnormality of the virtual server 1 affects other virtual servers 1. After step S46, the monitoring unit 33 determines whether an abnormality of the system 2 or the operating system 3 of the virtual server 1 is notified by the status data from the management client 4 (S51).

  When the abnormality of the system 2 or the operating system 3 is notified (S51: YES), the monitoring unit 33 displays the state as the processing content when the abnormality of the virtual server 1 indicated by the state data occurs in the control information data 42. In addition to the processing contents for the virtual server A that transmitted the data, it is determined whether or not the processing contents for the other virtual server B are also indicated (S52), and depending on the determination result, the virtual server A or the virtual server A Then, control data for the virtual server B is generated and transmitted (S53 or S54). That is, the processes in steps S52 to S54 are the same as the processes in steps S32, S33, and S27 in the third embodiment described with reference to FIG.

  On the other hand, when the abnormality of the system 2 or the operating system 3 is not notified (S51: NO), the monitoring unit 33 generates response data instructing continuation of the startup process of the virtual server 1 and outputs the response data to the communication unit 20. (S47).

  According to the above-described fourth embodiment, as in the third embodiment, the virtual server system 1000 (vertically integrated system) can be optimally dealt with, and the state of the virtual server system 1000 can be easily made by the user. Can grasp. In particular, according to the fourth embodiment, when a plurality of virtual servers 1 are started, the start of other virtual servers depending on the virtual server 1 in which an abnormality has occurred is optimal, for example, as a vertically integrated system. Processing can be performed.

<Other embodiments of the present invention>
In each of the above-described embodiments, an example in which the management client 4 includes the communication unit 10 and the control units 11, 12, and 13 outside the system 2 in the virtual server 1 has been described, but is not limited thereto.

  For example, as illustrated in FIG. 11, in the virtual server 1, the system 200 may include a communication unit 10 and a control unit 11. That is, the system 200 corresponds to the system 2 including the communication unit 10 and the control unit 11.

  In each of the above-described embodiments, the example in which the management module 5 is operated in an environment that is not virtualized in the host 100 has been described. However, the present invention is not limited to this.

  For example, as illustrated in FIG. 12, the virtual server 300 may be operated in the host 100 and the management module 5 may be operated on the virtual server 300.

  In each of the above-described embodiments, the example in which the virtual server 1 and the management module 5 operate on one host 100 has been described. However, the present invention is not limited to this.

  For example, as shown in FIG. 13, the management module 5 may be operated on a host 400 different from the host 100 on which the virtual server 1 operates. That is, the management module 5 may be constructed on a physical server different from the physical server on which the virtual server 1 is constructed. Although FIG. 13 shows an example in which the management module 5 is operated on the virtual server 300 operating on the host 400, the host 400 does not have the virtual server 300 and is not virtualized. The management module 5 may be operated as described above.

  11 to 13, if only the virtual server 1 is illegally moved to another host and the management client 4 and the management module 5 of the virtual server 1 cannot communicate with each other, the virtual server 1 can be prevented from being illegally used. Even if the management client 4 of the virtual server 1 that has been illegally moved and the management module 5 that has been illegally prepared can communicate with each other, as described in the second embodiment, the management client 4 And the management module 5 make it possible to prevent the unauthorized use of the system 2 in the virtual server 1 by checking the consistency with the verification data 40.

  On the other hand, it is preferable to operate the management module 5 in an environment that is not virtualized, as shown in FIGS. According to this, the virtual server 300 on which the management module 5 operates together with the virtual server 1 is also illegally moved, so that the management client 4 and the management module 5 of the virtual server 1 can communicate with each other, and no abnormality is detected. can do.

  Note that the present invention is not limited to the above-described embodiment, and can be changed as appropriate without departing from the spirit of the present invention.

  The virtual server system 1000 according to the present embodiment described above can also be regarded as a virtual server system 9000 described below as a schematic configuration. The virtual server system 9000 will be described with reference to FIG.

The virtual server system 9000 includes an information processing apparatus 900. The virtual server system 9000 corresponds to the virtual server system 1000. The information processing apparatus 900 corresponds to the hosts 100 and 400.
The information processing apparatus 900 operates the virtual server 91 and the management module 92 that operates outside the virtual server 91. Although FIG. 14 shows an example in which the virtual server system 9000 has only one information processing apparatus, it may have two or more information processing apparatuses. For example, the virtual server 91 and the management module 92 may be operating on different information processing apparatuses. The virtual server 91 corresponds to the virtual server 1, and the management module 92 corresponds to the management module 5.

  The virtual server 91 has a control unit 90. The control unit 90 attempts to establish a communication path for transmitting / receiving data to / from the management module 92. And the control part 90 has a control part which suppresses the operation | movement of the system in the virtual server 91, when establishment of a communication path fails.

  According to this configuration, unauthorized use of the system due to unauthorized transfer of the virtual server 1 can be prevented. The reason is that when the virtual server 1 is illegally moved to another information processing apparatus, there is no legitimate management module 92, so a communication path cannot be established, and the system operation in the virtual server 91 is suppressed. This is because that.

  In addition, various types of programs (such as the programs of the virtual server 1 and the management module 5) executed on the above-described hosts 100 and 400 use various types of non-transitory computer readable media. And can be supplied to a computer (host 100, 400). Non-transitory computer readable media include various types of tangible storage media. Examples of non-transitory computer-readable media include magnetic recording media (for example, flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (for example, magneto-optical disks), CD-ROMs (Read Only Memory), CD-Rs, CD-R / W, semiconductor memory (for example, mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM (Random Access Memory)) are included. The program may also be supplied to the computer by various types of transitory computer readable media. Examples of transitory computer readable media include electrical signals, optical signals, and electromagnetic waves. The temporary computer-readable medium can supply the program to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.

1, 91, 300 Virtual server 2, 200 System 3 Operating system 4 Management client 5 92, Management module 10, 20 Communication unit 11, 12, 13, 21, 22, 23, 24, 90 Control unit 30, 31 Response data confirmation Units 32 and 33 Monitoring unit 34 Display units 40 and 41 Verification data 42 and 44 Control information data 43 State holding data 100 and 400 Host 900 Information processing device 1000 and 9000 Virtual server system

Claims (10)

Comprising at least one information processing device for operating a virtual server and a management module operating outside the virtual server;
The virtual server attempts to establish a communication path for transmitting and receiving data to and from the management module, and if the establishment of the communication path fails, a control unit that suppresses system operation in the virtual server. Have
Virtual server system. The at least one information processing apparatus includes a storage unit that stores virtual device data;
The virtual server loads virtual device data from the storage unit, and functions as the control unit by operating based on the loaded virtual device data.
When the virtual server fails to load the virtual device data, the virtual server suppresses the operation of the system in the virtual server.
The virtual server system according to claim 1. The virtual server has collation data in which data to be transmitted to the management module is associated with an expected value of response data for the data,
The control unit compares the response data corresponding to the data transmitted to the management module in the verification data and the response data transmitted from the management module to the data transmitted to the management module, and does not match To suppress the operation of the system in the virtual server,
The virtual server system according to claim 1 or 2. The controller is
A monitoring unit for detecting an abnormality in the virtual server;
As the data, send status data to notify the abnormality detected by the monitoring unit to the management module,
The management module is
Control information data indicating an abnormality in the virtual server and a processing content to be executed in the virtual server in association with the abnormality,
Based on the control information data, the response data indicating the processing content corresponding to the abnormality indicated by the status data transmitted from the virtual server is transmitted to the virtual server,
The control unit executes processing with the processing content indicated by the response data transmitted from the management module.
The virtual server system according to any one of claims 1 to 3. The at least one information processing apparatus operates a plurality of the virtual servers,
The control information data indicates the first processing content as the processing content to be executed by the virtual server for the abnormality in the virtual server, and further indicates the processing content to be executed by the virtual server depending on the virtual server. 2 shows the processing contents
The management module transmits response data indicating the first processing content corresponding to the abnormality indicated by the status data transmitted from the virtual server to the virtual server based on the control information data. Sending response data indicating the second processing content to the dependent virtual server;
The virtual server system according to claim 4. The control information data further indicates an activation order of the plurality of virtual servers,
The management module activates the plurality of virtual servers in the activation order indicated by the control information data,
The monitoring unit detects an abnormality in starting the virtual server;
The virtual server system according to claim 5. The virtual server system includes one physical server that operates the virtual server and the management module as the at least one information processing apparatus.
The virtual server system according to claim 1. The management module operates in a non-virtualized environment in the at least one information processing apparatus;
The virtual server system according to claim 1. A virtual server control method in a virtual server operating on an information processing device,
Attempting to establish a communication path for transmitting and receiving data to and from a management module operating outside the virtual server in the same or different information processing apparatus as the information processing apparatus;
If the establishment of the communication path fails, the step of suppressing the operation of the system in the virtual server;
A virtual server control method comprising: A virtual server program for operating an information processing apparatus as a virtual server,
A process of attempting to establish a communication path for transmitting and receiving data to and from a management module operating outside the virtual server in the same or different information processing apparatus as the information processing apparatus;
When the establishment of the communication path fails, a process for suppressing the operation of the system in the virtual server;
A virtual server program for causing the information processing apparatus to execute the program.

Images