JP2020197766A - System, network device, control method, and program - Google Patents

Abstract

To provide sufficient services even if it takes a long time from creation of a customer tenant to registration of the setting information into the customer tenant.SOLUTION: A network device receives from a device management server an event indicating that device information of the network device has been registered in a customer tenant, which is a dedicated storage area of a customer who owns the network device, and transmits setting information of an application to the application server in response to the reception of the event. The event is transmitted to the network device, when the customer tenant is created and the device information of the network device is moved from a tenant different from the customer tenant to the customer tenant.SELECTED DRAWING: Figure 13

Description

The present invention relates to systems, network devices, control methods, and programs.

With the spread of cloud services and IoT (Internet of Things), a system is known in which a network device such as an image forming apparatus is connected to a device management server by communication and managed by the device management server. In such a system, a large number of network devices can be registered with the device management server for each customer.

Here, in the management system described in Patent Document 1, in order to start the monitoring service of the image forming apparatus, it is necessary to register the management information of the image forming apparatus in the management server. After the image forming apparatus is installed in the customer system, the image forming apparatus makes a registration confirmation request to the management server to confirm whether or not its own management information is registered according to the instruction of the installer. If the management information is not registered, the image forming apparatus resends the registration confirmation request until it receives a response indicating registration completion from the management server.

In addition, device management server users include not only customers who receive services, but also sales companies that are entrusted with the installation and management of their devices. The device management server manages the data of sales companies and customers in a tenant, which is a dedicated area in the database. The customer can access only the tenant to which he / she belongs (customer tenant), and manages backup data related to the settings of the application running on the device in his / her own tenant. On the other hand, the sales company can access the tenant to which it belongs (sales company tenant) and the tenant of the customer who owns the managed device.

Japanese Patent Application Laid-Open No. 2013-114654 Public Relations

When a person in charge of installation installs a network device such as an image forming device in a customer's office or the like, the person in charge of installation performs a process for registering device information in a device management server. In addition, the installer also configures the applications that run on the device.

Here, when the device is installed, the customer tenant may not have been created on the device management server yet. In such a case, the device information can be temporarily registered in another tenant and later moved to the customer tenant. However, when trying to register application setting information in the application server for the purpose of backup or the like, there is a possibility that it cannot be temporarily registered in a tenant other than the customer tenant. If it takes a long time from the creation of the customer tenant to the registration of the setting information in the customer tenant, it will not be possible to provide sufficient services during that time.

Therefore, the present invention provides a mechanism for registering application setting information in the customer tenant when the customer tenant is created and the device information is moved from a tenant different from the customer tenant to the customer tenant. The purpose is to provide.

In order to solve the above problems, the present invention is a system including a network device, a device management server that manages information on the network device, and an application server that communicates with an application running on the network device. The device management server transmits an event indicating that the device information of the network device has been registered in the customer tenant, which is a dedicated storage area of the customer who owns the network device, to the network device. The network device has means, a receiving means for receiving the transmitted event, and a second transmitting means for transmitting the setting information of the application to the application server in response to the reception of the event. The application server has a first registration means for receiving the transmitted setting information of the application and registering the received setting information in the customer tenant, and the first transmission means has. The feature is that when the customer tenant is created and the device information of the network device is moved from a tenant different from the customer tenant to the customer tenant, the event is transmitted to the network device. And.

According to the present invention, application setting information can be registered in the customer tenant when the customer tenant is created and the device information is moved from a tenant different from the customer tenant to the customer tenant. ..

System diagram of this embodiment Hardware configuration diagram of server and multifunction device in this embodiment Configuration diagram showing the system configuration of the server application Functional block diagram Data structure diagram Sequence diagram of sales company tenant and customer tenant creation process Sequence diagram of device registration process Sequence diagram of authority update process Sequence diagram of application setting value synchronization processing Sequence diagram showing processing when changing set values UI diagram of application setting screen Sequence diagram of application setting value synchronization processing when resending is not performed Sequence diagram showing processing when moving devices between tenants UI diagram of device tenant movement instruction screen Sequence diagram of set value synchronization processing by timer UI diagram of application device list screen

Hereinafter, the best mode for carrying out the present invention will be described with reference to the drawings.

FIG. 1 is a system configuration diagram of this embodiment.

This system is composed of a device management server 101, a message server 102, an application server 103, a terminal 104, a device 105, and a network 106.

The device management server 101, the message server 102, the application server 103, the terminal 104, and the device 105 are connected to the network 106 and can communicate with each other.

The device management server 101 is a server that manages information on the device 105 to be managed and the tenant that manages the device 105. The message server 102 is a server that performs asynchronous message communication between the device management server 101 and the application server 103. The application server 103 is a server that provides various application functions to the device 105. Specifically, there are a backup service for backing up the setting information of the device 105 and the like, a so-called pull print service for acquiring a print target from the application server 103 and printing, and the like, but the present invention is not limited thereto. The terminal 104 is a so-called personal computer that gives instructions to the device management server 101 and the application server 103 via the network 106.

The device 105 is a network device that communicates with the device management server 101 and the application server 103 via the network 106 to provide a function. The device 105 of this embodiment is a so-called IoT device. In this embodiment, the device 105 will be described below as a multifunction device, but the device is not limited to the multifunction device. Any device managed via the Internet is included in the scope of this embodiment. The network 106 is, for example, any of LAN such as the Internet, WAN, telephone line, dedicated digital line, ATM and frame relay line, cable TV line, wireless line for data broadcasting, and the like. Alternatively, it is a so-called communication network realized by a combination of these.

FIG. 2 is a hardware configuration diagram of this embodiment.

FIG. 2A is a hardware configuration diagram of the device management server 101, the message server 102, the application server 103, and the terminal 104. These can be configured by the hardware of a general information processing device (so-called PC). When the device management server 101 is a virtual machine, the information processing device also includes a server computer on which the virtual machine functioning as the device management server 101 operates. The same applies to each of the message server 102 and the application server 103.

The CPU 201 executes a program stored in the ROM 203 and a program such as an OS (operating system) or an application loaded from the external memory 210 into the RAM 202. That is, the CPU 201 functions as each processing unit that executes the processing of each flowchart described later by executing the program stored in the readable storage medium. The RAM 202 is the main memory of the CPU 201 and functions as a work area or the like. The keyboard controller 204 controls operation input from the keyboard 208 and a pointing device (mouse, touch pad, touch panel, trackball, etc.) (not shown). The display controller 205 controls the display of the display 209. The disk controller 206 controls data access to an external memory 210 such as a hard disk (HD) or a flexible disk (FD) that stores various data. The network I / F 207 is connected to the network and executes communication control processing with other devices connected to the network. Each control unit and CPU are interconnected by an internal bus 211.

FIG. 2B is a diagram showing an internal configuration of the device 105. The device 105 is an example of an image forming apparatus. The CPU 221 includes a program stored in the ROM 223 (including a program that realizes each process described later), and controls each device comprehensively via the internal bus 231. The RAM 222 functions as a memory or a work area of the CPU 221. The network I / F 225 exchanges data with an external network device in one direction or two directions. The proximity communication I / F 226 is a network I / F for proximity communication such as NFC and Bluetooth (registered trademark), and communicates with a mobile terminal 102 or the like to exchange data. The device control 227 controls the printing unit 228.

The CPU 221 performs a program execution process together with the RAM 222 and the ROM 223, and also performs a process of recording image data on a recording medium such as a storage device 224. The storage device 224 functions as an external storage device. The input / output device 230 shows a plurality of configurations for input / output in the device 105. Specifically, it receives an input from a user (button input, etc.) and transmits a signal corresponding to the input to each of the above-mentioned processing units by input / output I / F 229. In addition, the input / output device 230 also includes a display device (touch panel, etc.) for providing necessary information to the user and accepting user operations. Further, the input / output device 230 may include a scanning device for reading a document and receiving electronic data as an input. The timer 232 performs a process of detecting that the predetermined time has come, generating an interrupt, and notifying the CPU 221. By registering the schedule determined based on the program in the timer 232, the CPU 221 can drive the periodic processing from the interrupt and operate it.

FIG. 3 is a diagram showing the system configuration of the server and the application and the connection state on the software. This system is a management system composed of a plurality of application servers 103, and manages device information of each application by using a common device management server 101. Each application server 103 and the device management server 101 have a configuration capable of communicating with each other by general TCP communication or the like.

The messaging server 102 is an asynchronous messaging server for relaying and delivering events that occur in this system. By registering the event information to be received to the messaging server 102 in advance, each application can activate the specified function when the corresponding event is sent to the messaging server 102. .. Such a service that executes lightweight processing in response to an event that occurs for a specific computing resource is called an event-driven computing service. For example, there are AWS Lambda, Google Cloud Functions, Microsoft Azure Functions and the like. In these services, the program code for realizing the desired processing for the cloud computing service is registered in advance by designating the specifications such as the CPU and memory of the virtual machine that executes the program code. Then, the registered program code is associated with the computing resource and a specific event that occurs for the computing resource. In this embodiment, all the events transmitted by the device management server 101 are received by the application server 103 via the messaging server 102. In the following description, the description of the messaging server 102 will be omitted, but it is assumed that the events generated by all the device management servers 101 pass through the messaging server 102.

On the other hand, the device 105 is also composed of a plurality of applications. The configuration includes a device management application 301 that communicates with the device management server 101 and performs authentication and authorization, and an application 303 that is responsible for the functionality of each application server 103. When communicating with the application server 103, the application 303 acquires an access token for communicating with the device management server 101 through the device management application 301. The application 303 assigns the token and communicates with the application server 103. The application server 103 verifies the validity of the given token by using the information provided by the device management server 101. As a result, the authentication status and the relationship between the managed devices can be centrally managed by the device management server 101.

The event generated by the device management application 301 is executed by using the callback function registered in advance by each application 303.

FIG. 4 is a functional block diagram showing each function of the first embodiment of the present invention. In this embodiment, each functional block represents a block of programs processed by a CPU mounted as hardware.

The device management server 101 is composed of a tenant management unit 401, a device management unit 402, and a credential management unit 403. The tenant management unit 401 manages information about so-called tenants for using this application system. The device management unit 402 manages the state and information about the device 105 associated with each tenant. The credential management unit 403 manages so-called credential, which is information corresponding to a password for the device to communicate with the device management server.

The application server 103 is composed of a customer management unit 411, a device management unit 412, an application setting management unit 413, and an application processing unit 414. The customer management unit 411 manages the tenant information of the customer who uses the application on the device 105 owned by the customer management unit 411. The device management unit 412 manages information and status regarding the device that uses this application. The application setting management unit 413 manages the value set in the device and the value to be set in the device for each device when the device uses this application. The application processing unit 414 executes an application based on a request from a device or a user based on the setting contents of the application setting management unit 413 for each application.

The device management application 301 is composed of the connection destination management unit 421. The connection destination management unit 421 acquires information on which tenant the device 105 is associated with from the device management server 101, and holds credential information for communicating with the tenant.

The application 303 is composed of an application setting management unit 431 and an application processing unit 432. The application setting management unit 431 manages application-specific setting values on the device side. Further, it has a function of transmitting and receiving its own setting value to the application server 103. The application processing unit 432 performs application-specific processing based on the setting contents of the application setting management unit 431.

In the following examples, the flow with a single application will be described, but as described above, the application does not have to be a single application. Further, the description of the application in this embodiment is described as being a backup application for backing up the setting values of the device.

FIG. 5 is a diagram showing a data structure of each functional block of this embodiment.

The functions in this embodiment are roughly divided into five components: "tenant creation", "device registration", "change of setting value from application", "device movement", and "regular synchronization of application setting value". Hereinafter, these functions will be described with reference to each processing unit of FIG. 4 and the data structure diagram of FIG.

<Create tenant>
FIG. 6 is a diagram showing a sequence diagram of the tenant creation process.

In this embodiment, the data of each device 105 is managed by the device management server 101 in a state of being logically separated for each customer organization and sales company organization. Therefore, in the device management server 101, a “tenant”, which is a dedicated storage area as a virtual organization, is created in units of the customer organization or the sales company organization and assigned to the customer organization or the sales company organization. Then, by registering the device 105 in advance for each tenant assigned to the customer organization or the sales company organization, the data of the device 105 can be managed separately for each tenant.

First, the terminal 104 transmits a sales company creation request for creating a sales company tenant to the device management server 101 by user operation (S601). Upon receiving the sales company creation request from the terminal 104, the tenant management unit 401 of the device management server 101 creates a tenant entry in its own database (not shown) (S602). The contents of the created tenant entry are shown in FIG. 5 (a). In FIG. 5A, the tenant ID and the display name are included in the sales company creation request. The license is data given only to the customer when the customer is created, which will be described later. The sales company / customer is data for determining whether the created tenant is a sales company or a customer. The connection key is a character string unique in the system used in the device registration flow described later. A detailed usage method will be described later with reference to FIG. 7.

Next, the terminal 104 transmits a customer creation request for creating a customer tenant to the device management server 101 by user operation (S603). The customer creation request contains license information. The license information indicates whether or not the customer who creates the application can use each application. Specifically, it may be a JSON character string such as {“applicationA”: “available”, “application”: “not available”}.

Upon receiving the customer creation request from the terminal 104, the tenant management unit 401 of the device management server 101 creates a tenant entry in its own database (S604). In this tenant entry, the sales company tenant ID is an ID for associating which sales company manages the customer.

After confirming that the created customer tenant has been licensed, the tenant management unit 401 of the device management server 101 sends a license grant event to each application server 103 (S605). The licensing event includes the customer's tenant ID, the sales company's tenant ID, the customer's display name, and the granted license. Upon receiving the license grant event, the customer management unit 411 of the application server 103 confirms whether or not the license can provide the application (S606). This process is performed by confirming that the license of the own application is included in the license included in the license grant event and that the content is appropriate. When the license can provide the application to the customer, the application server 103 creates a customer entry in its own database (not shown) (S607). FIG. 5 (f) shows the contents of the customer entity created and stored by the application server 103.

According to this flow, each application creates customer information based on the license of the customer tenant created on the device management server. When creating a customer tenant using a sales company tenant that has already been created, the customer tenant may be created multiple times without creating the sales company tenant. In addition, when the following device registration process is performed for the customer tenant that has already been created, this creation flow can be omitted.

<Device registration>
FIG. 7 is a sequence diagram showing a flow of device registration processing in this embodiment. The device registration process is a process for associating a tenant with a device.

The user operates the UI of the device management application 301 and inputs the connection key created in S602 or S604. Here, if the customer tenant has been created, the connection key for accessing the customer tenant is entered, and if the customer tenant has not been created, the connection key for accessing another tenant such as the sales company tenant is entered. To. The connection destination management unit 421 of the device management application 301 transmits the content input to the user as a device registration request to the device management server 101 (S701). The tenant management unit 401 of the device management server 101 searches for a tenant having a connection key that matches the connection key included in the device registration request from its own tenant entities (S702). If the tenant with the specified connection key cannot be found (No in S703), the connection destination management unit 421 of the device management application 301 displays that the tenant corresponding to the input connection key cannot be found and displays the flow. It ends (S704). When the tenant is found (Yes in S703), the device management unit 402 of the device management server creates and saves the device entity (S705). FIG. 5B shows the contents of the device entity. In FIG. 5B, the tenant ID refers to the tenant ID possessed by the tenant searched in S702.

Further, the credential management unit 403 of the device management server 101 creates and stores a credential for communication by the application that has sent the device registration request (S706). The contents of the credential are shown in FIG. 5 (c). In FIG. 5C, the credential ID indicates a unique character string determined by the system, the password indicates a random character string determined by the system, and the authority indicates the access right possessed by the credential. The credential management unit 403 of the device management server 101 returns the credential created in S706 to the device management application 301. The connection destination management unit 421 of the device management application 301 saves the received credentials in its own storage (S707). FIG. 5 (i) then issues a device registration event to each application that uses the device management application (S708). The device registration event includes the tenant ID and device serial. The application 303 performs the set value synchronization process with the reception of the device registration event as a trigger (S900). The contents of the setting synchronization process will be described later with reference to FIG.

On the other hand, the device management unit 402 of the device management server 101 transmits a device registration event to each application server 103 after the generation of the credential of S706 is completed (S710). The device management unit 412 of the application server 103 performs the authority update process (S800) triggered by the device registration event. The content of the authority update process will be described later with reference to FIG. In addition to the content of the device registration event transmitted by the device management application 301, the event transmitted by the device management server 101 includes the client ID. This is so that the application server can properly grant or remove permissions to the client depending on its own circumstances.

FIG. 8 is a sequence diagram showing the contents of the authority update process in this embodiment. First, the customer management unit 411 of the application server 103 searches the customer entity for the customer corresponding to the tenant ID included in the device registration event (S801). If the customer exists, it is known that the customer has the correct license, so the device management unit 412 of the application server 103 creates and saves the device entity (S802).

FIG. 5 (g) shows the contents of the device entity created by the device management unit 412 of the application server 103. The application setting value indicates the setting value of the application transmitted from the application 303 in the setting value synchronization process described later in FIG. The last update time indicates the date and time when the setting value was last registered from the application 303. In S802, the application setting location and the last update time are created in an empty state. After that, the device management unit 412 requests the device management server 101 to grant the authority to use the own application to the credential having the credential ID added to the tenant registration event (S803). The authority grant request includes authority in addition to the client ID. The authority is a JSON character string such as {"applicationA": "available"}, and indicates whether or not to permit the use of the own application. The authority may be a subdivision of the permission to use the own application. For example, it may be described that one function of the application can be used but another function cannot be used.

Upon receiving the authorization request, the credential management unit 403 of the device management server 101 identifies the credential entity from the credential ID attached to the authorization request, and grants the authority attached to the authorization request to the entity (S804). ). If the customer entity cannot be found in S801, it is determined that the tenant does not have the authority to use the application, and the flow is terminated without granting the authority.

FIG. 9 is a sequence diagram for explaining the contents of the set value synchronization process in this embodiment. First, the application 303 waits for a predetermined time after receiving the device registration event from the device management application 301 (S901). The authority granting process of FIG. 8 and the setting value synchronization process of FIG. 9 are performed asynchronously with an event as a trigger. Therefore, depending on the timing of the event, there is a possibility that the authority confirmation process of S904 may occur before the authority update process of S804. In that case, it is determined that the user does not have the authority even though the access is from a device that should have the authority. In order to avoid it, wait for a predetermined time in S901. Next, the application setting management unit 431 requests the device management application 301 to obtain an access token for acquiring the access token for transmitting the application settings to the application server 103 (S902). The connection destination management unit 421 of the device management application 301 receives an access token acquisition request from the application 303. Then, the connection destination management unit 421 assigns the credential ID and password held by itself to the request, and makes an access token acquisition request to the device management server 101 (S903).

The credential management unit 403 of the device management server 101 verifies the access token acquisition request from the device management application 301 (S904). Specifically, the same credential as the credential ID included in the access token acquisition request is searched, and it is confirmed whether the password of the credential is the same as the password included in the access token acquisition request. Further, it is confirmed whether the authority of the stored credential includes the authority included in the access token acquisition request. If all verifications are OK, determine that the client of the device management application is valid, create an access token entity and save it (S905), and save the created access token, expiration date, and refresh token. Return (S906). If the verification is NG, the access token is not created and the verification failure is returned in S906.

FIG. 5D shows the contents of the access token created by the credential management unit 403 of the device management server 101. In FIG. 5D, the expiration date indicates the expiration date of the access token. Expired access tokens will no longer be available. The refresh token is a token used to reacquire the access token. The access token is called JSON Web Token (hereinafter referred to as JWT), which is the authentication information described in JSON format and the requested authority encrypted using the private key held by the credential management unit 403 of the device management server 101. is there. The server that received the access token can acquire the user's authentication information and its authority information by decrypting the access token using the public key provided by the credential management unit 403 of the device management server 101. It becomes. The connection destination management unit 421 of the device management application 301 passes the confirmation result received from the device management server 101 to the application 303 (S907).

The application setting management unit 413 of the application 303 confirms whether or not the token can be acquired from the device management application 301 (S908). If the token can be obtained, the application setting management unit 431 of the application 303 assigns the token as authentication information and transmits its own setting value to the application server 103 (S909). The device management unit 412 of the application server 103 verifies whether the token included in the request from the application 303 is valid (S910). If there is an authority, the application setting management unit 413 of the application server 103 updates or registers the setting value of the application associated with the device (S911), and ends the process.

If there is no authority in S908, it is highly possible that the authority update process in S804 has not been completed. Therefore, when the number of times the setting information is transmitted is equal to or less than the predetermined number of times, the process returns to S901 and the set value update process is repeated a predetermined number of times (S912). By repeating this operation a predetermined number of times, the authority update process of S804 is completed, and the set value can be appropriately transmitted to the application server 103. If the authority is not granted even after executing a sufficient number of times, it is judged that the state is incorrect and this flow is terminated.

<Change of setting value from application>
FIG. 10 is a sequence diagram showing a process when the user changes the set value in this embodiment. The process when the user operates the application 303 to change the set value will be described with reference to the sequence diagram of FIG.

The user inputs a setting value into the UI of the application 303 (S1001). An example of the UI is shown in FIG. FIG. 11 is a diagram showing an example of a UI screen for setting application setting values in this embodiment. In this embodiment, it is assumed that when the backup is performed is input in order to perform the backup regularly.

When the user presses the input confirmation button 1101, the application setting management unit 431 of the application 303 displays on the UI that the setting is completed (S1002). Further, the application setting management unit 431 of the application 303 registers the setting value in the application server asynchronously with the UI processing (S1200). The processing of S1200 will be described later with reference to FIG.

FIG. 12 is a sequence diagram showing a detailed processing content of the set value synchronization processing when the retransmission is not performed. This process is the same as the sequence diagram of FIG. 9 except that there is no wait process of S901 and a retry process when the authority confirmation fails in S912 as compared with the case of performing the retransmission described with reference to FIG. In the set value synchronization process of FIG. 9, since the authority confirmation process of S904 may occur before the authority update process of S804 due to the configuration in which each processing unit operates depending on the event, the retransmission process is required. However, in the setting value synchronization process of FIG. 12, since it is not a function executed by an event, it is assumed that the authority has already been granted. Therefore, it is possible to realize the same function without retransmitting.

In FIG. 12, the processes from S902 to S907 are the same as those shown in FIG. 9, and thus are omitted. The application setting management unit 413 of the application 303 confirms whether or not the token can be acquired from the device management application 301 (S1208). If the token cannot be obtained, it is judged that synchronization is not possible, and this flow is terminated. If the token can be obtained, the set value transmission process of S909 is performed. Since the processes from S909 to S911 are the same as those described in FIG. 9, the description thereof will be omitted.

According to the above procedure, when the setting value is changed from the UI, the setting value can be synchronized with the application server 103. Note that this procedure can be performed even when the device is not connected to the customer tenant. That is, it is possible to perform the device movement process after being registered with the sales company.

<Move device information>
Next, the process of moving device information will be described with reference to the sequence diagram of FIG.

First, the user operates the terminal 104 and gives an instruction to move the device information to the device management unit 402 of the device management server 101 (S1301). Upon receiving the move instruction of the device information, the device management unit 402 of the device management server 101 creates and saves the device move entity from the contents of the move instruction. FIG. 5 (e) shows the contents of the device movement entity. The device move entity indicates which device information should be moved from which tenant to which tenant. FIG. 14 shows an example of a UI screen provided by the device management server 101 for giving an instruction to move device information. This UI is a UI that can display a list of devices connected to the tenant for each tenant. In addition to the basic device information, a destination selection box 1401 for selecting a destination is displayed for each device information. A user who wants to move the device information can send a move instruction by selecting a move destination customer from the move destination selection box 1401 and pressing the move button 1402. Further, it is possible to delete the created movement instruction by pressing the movement cancel button 1403 for the device information for which the movement instruction has already been given. The description of the movement instruction deletion sequence will be omitted in this embodiment.

After that, the connection destination management unit 421 of the device management application 301 assigns the held credential information to the device management server 101, and confirms whether or not the device information movement instruction has been issued (S1302). ). The timing of performing this processing is not limited, but it is desirable to perform this processing immediately before communication from another application occurs, such as before processing an access token request from another application. That is, at the timing of communication by another application, the connection destination management unit 421 confirms whether or not the device information movement instruction has been issued. As a result, there is a high possibility that the set value synchronization process can be performed earlier than in the case where the set value synchronization process is performed according to the periodic schedule described later in FIG.

The device management unit 402 of the device management server 101 searches for the device serial of the access source from the device movement entity (S1303), and confirms the presence or absence of the movement instruction (S1304). If the device move entity does not exist, since the move instruction has not been issued, it responds to the device management application 301 that there is no move instruction, and ends this flow. If the device move entity exists, the device move process is performed. Specifically, first, the device management unit 402 of the device management server 101 deletes the device information associated with the tenant of the movement source. Further, the credential management unit 403 of the device management server 101 deletes all the credentials and access tokens of the device associated with the tenant of the movement source (S1305).

Next, the device management unit 402 of the device management server 101 creates device information (S1306) under the tenant of the destination. Further, the credential management unit 403 of the device management server 101 creates a new credential for the device management application 301 (S1307). The created credential is transmitted to the device management application 301 as a response. Finally, the device management unit 402 of the device management server 101 creates a device information registration event and transmits it to each application server (S1310). The application server then performs the authority update process (S800), but the description thereof will be omitted because the contents are the same as those shown in FIG. When the connection destination management unit 421 of the device management application 301 receives the credential from the device management server 101, it replaces the credential held by itself with the received one and saves it (S1308). After that, the connection destination management unit 421 of the device management application 301 creates a device information registration event and transmits it to each application (S1309). The application 303 then performs the set value synchronization process (S900), but the description thereof will be omitted because the contents are the same as those shown in FIG.

By using the above flow, it is possible to send the device setting value to the new tenant after the device information movement instruction is issued to the cloud.

<Regular synchronization of application settings>
Finally, periodic synchronization processing of application setting values will be described. FIG. 15 is a sequence diagram showing the contents of periodic synchronization of application setting values.

As described with reference to FIG. 13, by receiving the device information registration event and operating each application, it is possible to immediately synchronize the set value with the moved tenant. However, for example, when the transmission of the set value fails due to a communication error, or when the application is forcibly terminated and cannot be started, the device information registration event cannot be processed and the set value is sent to the server. However, it may not be possible to send. Even in such a case, in order to surely transmit the set value to the application server, it is preferable to use the timer process to periodically transmit the set value of the application 303 to the application server 103.

First, the application setting management unit 431 of the application 303 sets a timer for the operating system in which it operates to periodically perform processing (S1501). The contents of the timer may be set so that the timer processing can be appropriately executed at a predetermined timing even if the power of the device is cut off at the time of starting the timer, for example, starting once a day. After that, the application setting management unit 431 of the application 303 waits for the timer to start from the operating system (S1502), and performs the set value synchronization process by starting the timer (S1200). Since the content of S1200 is the same as that described with reference to FIG. 12, the description thereof will be omitted.

Finally, the UI of the application will be described. FIG. 16 is a diagram showing an example of a UI included in the application 303.

On the UI of the application, the same device as the device registered in the device management server 101 is always displayed due to the device registration event from the device management server 101. Further, the unique value (set value, last update time) of the application 303 can be confirmed from the UI. In FIG. 16, for example, in the device whose device serial is AAA00000, the set value is reflected on the UI and the last update time is displayed. This state indicates a state in which the set value synchronization process shown in FIGS. 9 or 12 is correctly performed and the set value is synchronized with the application server 103. On the other hand, in the device whose device serial is AAA00001, the set value is displayed in an empty state even though the device is displayed on the UI of the customer tenant. This indicates a state in which the device registration event from the device management server 101 is properly processed, but the processing of the device registration event from the device management application 301 fails.

As explained above, it is possible to temporarily register the device information in another tenant when installing the device and then move it to the customer tenant later, but the application setting information is temporarily registered in the tenant other than the customer tenant. You may not be able to. Therefore, in this embodiment, when the customer tenant is created and the device information is moved from the tenant different from the customer tenant to the customer tenant, the device management server sends an event to the device. did. As a result, the device can send the setting information of the application to the application server and register it in response to the event reception. In other words, compared to the case where the setting information is registered in the customer tenant according to the setting information transmission schedule, the time from the creation of the customer tenant to the registration of the setting information is shortened, which hinders the provision of services. You don't have to come.

(Other Examples)
The present invention also includes an apparatus or system configured by appropriately combining the above-described embodiments and a method thereof.

Here, the present invention is a device or system that is a main body that executes one or more software (programs) that realize the functions of the above-described embodiments. In addition, a method for realizing the above-described embodiment executed by the device or system is also one of the present inventions. Further, the program is supplied to the system or device via a network or various storage media, and the program is read and executed by one or more computers (CPU, MPU, etc.) of the system or device. That is, as one of the present inventions, the program itself or various storage media that can be read by the computer that stores the program are also included. The present invention can also be realized by a circuit (for example, an ASIC) that realizes the functions of the above-described embodiment.

101 Device Management Server 103 Application Server 105 Device 106 Network

Claims (15)

A system including a network device, a device management server that manages information on the network device, and an application server that communicates with an application running on the network device.
The device management server
It has a first transmission means for transmitting an event indicating that the device information of the network device is registered in the customer tenant, which is a dedicated storage area of the customer who owns the network device, to the network device.
The network device is
A receiving means for receiving the transmitted event, and
It has a second transmission means for transmitting the setting information of the application to the application server in response to the reception of the event.
The application server
It has a first registration means for receiving the transmitted setting information of the application and registering the received setting information in the customer tenant.
The first transmission means sends the event to the network device when the customer tenant is created and the device information of the network device is moved from a tenant different from the customer tenant to the customer tenant. A system characterized by sending to. The device management server
It has a second registration means for registering the device information in response to a request from the network device.
The system according to claim 1, wherein the first transmission means transmits the event to the network device after registration by the second registration means. The device management server
It has a first holding means for holding an instruction for moving the device information of the network device from a tenant different from the customer tenant to the customer tenant.
The system according to claim 1 or 2, wherein the device information of the network device is moved from a tenant different from the customer tenant to the customer tenant according to the instruction. The device management server
Further having a first providing means for providing a screen for receiving an instruction from a user for moving the device information of the network device from a tenant different from the customer tenant to the customer tenant.
The system according to claim 3, wherein the holding means holds the received instruction. The application server
When the customer tenant is created, it has a request means for requesting the device management server to grant the customer belonging to the customer tenant the authority to use the application.
The device management server
The system according to any one of claims 1 to 4, wherein the customer has an granting means for granting an authority to use the application in response to the request. When the setting information received by the first registration means is not registered and the number of times the setting information is transmitted is equal to or less than a predetermined number of times, the second transmission means transmits the setting information to the application server. The system according to claim 5, characterized in that transmission is performed. The application
The system according to any one of claims 1 to 6, further comprising a second providing means for providing a screen for inputting the settings of the application. The second transmitting means sends the changed setting information not in response to the reception of the event but in response to the setting of the application being changed on the screen provided by the second providing means. The system according to claim 7, wherein the system is transmitted to the application server. The application
The second transmitting means further includes a second holding means for holding a schedule for transmitting the setting information of the application to the application server.
The second transmission means according to any one of claims 1 to 8, wherein the second transmission means transmits the setting information of the application to the application server according to the schedule, not in response to the reception of the event. Described system. The system according to claim 8 or 9, wherein the second transmission means transmits the setting information of the application to the application server in response to the acquisition of the access token to the customer tenant. The first registration means is
When the setting information of the application is received from the network device owned by the customer who is not authorized to use the application, the received setting information is not registered and the received setting information is not registered.
Any one of claims 1 to 10, wherein when the setting information of the application is received from a network device owned by a customer who is authorized to use the application, the received setting information is registered. The system described in the section. A network device
It is possible to communicate with a device management server that manages information on the network device and an application server that communicates with an application running on the network device.
A receiving means for receiving an event from the device management server indicating that the device information of the network device has been registered in the customer tenant, which is a dedicated storage area of the customer who owns the network device.
It has a transmission means for transmitting the setting information of the application to the application server in response to the reception of the event.
When the customer tenant is created and the device information of the network device is moved from a tenant different from the customer tenant to the customer tenant, the event is transmitted to the network device. A featured network device. A method of controlling a system including a network device, a device management server that manages information on the network device, and an application server that communicates with an application running on the network device.
The device management server
It has a first transmission step of transmitting an event indicating that the device information of the network device has been registered in the customer tenant, which is a dedicated storage area of the customer who owns the network device, to the network device.
The network device is
The receiving process for receiving the transmitted event and
It has a second transmission step of transmitting the setting information of the application to the application server in response to the reception of the event.
The application server
It has a first registration step of receiving the transmitted setting information of the application and registering the received setting information in the customer tenant.
In the first transmission step, when the customer tenant is created and the device information of the network device is moved from a tenant different from the customer tenant to the customer tenant, the event is sent to the network device. A control method characterized in that it is transmitted to. A method of controlling network devices
It is possible to communicate with a device management server that manages information on the network device and an application server that communicates with an application running on the network device.
A receiving process of receiving an event from the device management server indicating that the device information of the network device has been registered in the customer tenant, which is a dedicated storage area of the customer who owns the network device,
It has a transmission step of transmitting the setting information of the application to the application server in response to the reception of the event.
When the customer tenant is created and the device information of the network device is moved from a tenant different from the customer tenant to the customer tenant, the event is transmitted to the network device. Characteristic control method. A program for operating a computer as the means according to claim 12.

Images