JP2022170005A - Virtualization system and method of monitoring the same - Google Patents

Abstract

To realize superior real-time performance and availability through early detection of hardware failures.SOLUTION: A virtualization system is provided, having at least one virtualization device comprising a plurality of virtual machines and hardware resources including a plurality of hardware elements virtually allocated to correspond to the plurality of virtual machines. Each of the plurality of virtual machines has a monitoring unit for monitoring the operating state of a hardware element corresponding to the virtual machine.SELECTED DRAWING: Figure 1

Description

The present disclosure relates to a virtualization system and a method of monitoring the virtualization system.

For example, a distributed control system (DCS) in which control functions are distributed to a plurality of control panels corresponding to each device is known as a control system for controlling a plant including various devices. Distributed control systems suffer from high manufacturing costs due to the scale of the configuration across multiple control panels. In addition, a controller such as a control panel consists of software and hardware, so when the hardware is updated, the software must be updated accordingly, which is also costly. It is the cause. In order to solve such problems, virtualization technology is used to enable each virtual machine to operate independently in a virtualization device in which a plurality of virtual machines (VMs) are installed on a single physical controller. By running the application on the virtual machine, a distributed control system (virtualized system) with reduced manufacturing costs can be realized.

A virtualization system including this type of virtualization device requires real-time performance, and also requires availability to stably maintain control functions even when a failure occurs. Real-time performance can be realized by making virtualization software (hypervisor) real-time and installing a real-time OS as an OS (Operating System) on the virtual machine. High availability, on the other hand, generally involves redundant physical controllers in case of random hardware failures. The redundant configuration includes an active device that actually outputs control signals to the control target, and a standby device that has the same configuration as the active device, and if a failure occurs in the active device , the control function is maintained by switching to the standby device in control cycle (for example, millisecond) units.

As a control system including a virtualization device using such a virtualization technology, there is Patent Document 1, for example. In Patent Document 1, when a failure is detected in a physical device that runs a virtual machine among virtualized hardware resources, the correspondence between the physical device and the virtual machine is deleted, and a new physical device is created. It is disclosed to maintain the functionality of the control system by associating it with a virtual machine.

Japanese Patent No. 5855724

In a virtualization device included in a virtualization system, when a plurality of virtual machines are constructed on a hardware resource, the hardware resource is divided and assigned to a plurality of hardware elements so as to correspond to each virtual machine. In a conventional virtualization system, the operating states of multiple hardware elements are monitored by a virtualization environment (for example, a hypervisor), and if any one of the hardware elements fails, the virtualization There is a possibility that the availability will be reduced because the entire device will be stopped. In addition, after a failure is detected by the virtualization environment, it is notified to the virtual machine, and then switching between the active device and the standby device occurs. An increase is possible.

Also, such monitoring of the operational status of each hardware element may be performed by an external management system. In this case, when a failure is detected in the management system, a warning or e-mail to that effect is sent. However, if measures are taken after receiving such warnings or e-mail notifications for failure detection, it takes time from failure detection to the implementation of measures. It is conceivable that the operation stoppage period will increase due to the lack of Installation of an external management system also increases costs. Further, if a single management system is configured to detect anomalies in a plurality of virtual environments, it may be impossible to detect failures in all of the virtual environments when the management system fails.

At least one embodiment of the present disclosure has been made in view of the above circumstances, and a virtualization system capable of realizing excellent real-time performance and availability by detecting failures in hardware at an early stage, and a virtualization system The purpose is to provide a monitoring method for

A virtualization system according to at least one embodiment of the present disclosure, in order to solve the above problems,
a plurality of virtual machines;
a hardware resource including a plurality of hardware elements virtually allocated to correspond respectively to the plurality of virtual machines;
A virtualization system having at least one virtualization device comprising:
Each of the plurality of virtual machines has a monitoring unit for monitoring the operating state of the hardware element corresponding to the virtual machine.

In order to solve the above problems, a virtualization system monitoring method according to at least one embodiment of the present disclosure includes:
a plurality of virtual machines;
a hardware resource including a plurality of hardware elements virtually allocated to correspond respectively to the plurality of virtual machines;
A method of monitoring a virtualization system having at least one virtualization device comprising:
Each of the plurality of virtual machines monitors the operating state of the hardware element corresponding to the virtual machine.

According to at least one embodiment of the present disclosure, it is possible to provide a virtualization system capable of achieving excellent real-time performance and availability by detecting failures in hardware at an early stage, and a method of monitoring the virtualization system.

1 is a configuration diagram of a virtualization system according to a first embodiment; FIG. It is the 1st modification of FIG. FIG. 11 is a configuration diagram of a virtualization system according to a second embodiment; FIG. 11 is a configuration diagram of a virtualization system according to a third embodiment;

Several embodiments of the present disclosure will now be described with reference to the accompanying drawings. However, the dimensions, materials, shapes, relative arrangements, etc. of the components described as the embodiment or shown in the drawings are not meant to limit the scope of the present disclosure, but are merely illustrative examples. do not have.

FIG. 1 is a configuration diagram of a virtualization system 100A according to the first embodiment. The virtualization system 100A is a virtualized control system for controlling a controlled object (not shown). The virtualization system 100A functions as a control system to output control signals for controlling controlled objects. The controlled object can include any device that can be controlled based on the control signal output from the virtualization system 100A, but in this embodiment, a plant composed of various devices will be described as an example. The plant is, for example, a power plant (a thermal power plant, a nuclear power plant, a hydroelectric power plant, a wind power plant, etc.).

A virtualization system 100A includes at least one virtualization device 1 . FIG. 1 illustrates a case where the virtualization system 100A includes one virtualization device 1 . The virtualization apparatus 1 has, as hardware resources 2, electronic components such as a central processing unit 4 (CPU: Central Processing Unit), a storage device 6 (memory), a disk 8, and a device 10. A plurality of virtual machines VM1, VM2, . The virtual machines VM1, VM2, . . . are constructed by executing virtualization software. It is built to virtually simulate each control panel that The number of virtual machines VM1, VM2, . . . constructed in the virtualization device 1 may be arbitrary.

A hardware resource 2 of the virtualization device 1 is divided by virtualization software into hardware elements 2-1, 2-2, . . . respectively corresponding to a plurality of virtual machines VM1, VM2. Specifically, the hardware element 2-1 includes a central processing unit 4-1, a storage device 6-1, a disk 8-1, and a device 10-1 allocated to the virtual machine VM1. -2 includes a central processing unit 4-2, a storage device 6-2, a disk 8-2, and a device 10-2 corresponding to the virtual machine VM2. In other words, the central processing unit 4 is divided by the virtualization software into central processing units 4-1, 4-2, . . . corresponding to the virtual machines VM1, VM2, . The virtualization software divides the disk 8 into storage devices 6-1, 6-2, . . . corresponding to the virtual machines VM1, VM2, . are divided into disks 8-1, 8-2, . . . respectively corresponding to . 10-2, . . .

Each of the virtual machines VM1, VM2, . The monitoring units 14-1, 14-2, . . . monitor the operating states of the hardware elements 2-1, 2-2, . It determines whether or not a failure has occurred in the hardware elements 2-1, 2-2, . . . Such monitoring operations by the monitoring units 14-1, 14-2, . . . may be performed, for example, by the virtual machines VM1, VM2, .

Here, the mode of fault detection by the monitoring operations of the monitoring units 14-1, 14-2, .

Of the hardware elements 2-1, 2-2, . , the processing loads of the central processing units 4-1, 4-2, . . . are periodically measured by the application software in the virtual machines VM1, VM2, . Then, the central processing units 4-1, 4-2, . By extending the function calls of the hypervisor 12, the monitoring units 14-1, 14-2, . . . - Measure the internal core temperature of 2, . . . Detection judgment may be performed. Also, the monitoring units 14-1, 14-2, . Stopping of the central processing units 4-1, 4-2, . Failure detection may be performed by

If a failure occurs in the storage devices 6-1, 6-2, . . . among the hardware elements 2-1, 2-2, . Unit), the monitoring units 14-1, 14-2, . Failure detection can be performed when access to a virtual address not on the page table occurs due to garbled bits (soft error). If the virtual machines VM1, VM2, . . . , 6-2, . When the storage devices 6-1, 6-2, . . . without MMU are used, the monitoring units 14-1, 14-2, . . . periodically run memory self-diagnosis such as bit walk test by application software in virtual machines VM1, VM2, . A determination may be made.

Further, when a failure occurs in the disks 8-1, 8-2, . . . among the hardware elements 2-1, 2-2, . Failure detection judgment in the disks 8-1, 8-2, . . . may be performed.

When a failure occurs in the devices 10-1, 10-2, . . . among the hardware elements 2-1, 2-2, . By expanding the function calls of the hypervisor 12, etc., self-diagnosis of the devices 10-1, 10-2, . . . . . may be operated periodically by application software in the devices 10-1, 10-2, .

As described above, in the first embodiment, each of the virtual machines VM1, VM2, . are monitored for the operating states of the hardware elements 2-1, 2-2, . . .
In this way, the hardware elements 2-1, 2-2 belonging to each virtual machine VM1, VM2, . . . , . . . , it is possible to detect failures in the hardware elements 2-1, 2-2, . can effectively reduce the time required to execute As a result, it is possible to suppress the deterioration of the real-time performance and the deterioration of the operation rate due to the delay in execution of the processing necessary for solving or avoiding the failure.

FIG. 2 shows a first modification of FIG. The virtualization system 100A′ according to this modification further includes a hardware resource monitoring unit 16 for monitoring the hardware resources 2 . The hardware resource monitoring unit 16 is a part of the virtualization system 100A' provided for monitoring the hardware resource 2 outside the virtualization apparatus 1. FIG. The hardware resource monitoring unit 16 monitors the hardware resource 2, and when detecting the occurrence of a failure in the hardware resource 2, sends a signal (warning, e-mail, etc.) to that effect to the virtualization device 1. configured to Destinations of signals from the hardware resource monitoring unit 16 are basically the virtual machines VM1, VM2, .・ It is also possible to send limitedly to

In this embodiment, according to commands from the monitoring units 14-1, 14-2, . , a signal to that effect is sent. As a result, even when the hardware resource monitoring unit 16 installed outside the virtualization apparatus 1 performs fault monitoring, each virtual machine VM1, VM2, . . . By monitoring the hardware elements 2-1, 2-2, . . . belonging to the respective virtual machines VM1, VM2, . It is possible to detect failures in 1, 2-2, .

Next, FIG. 3 is a configuration diagram of a virtualization system 100B according to the second embodiment. The virtualization system 100B basically has the same configuration as the above-described virtualization system 100A, but multiple virtual machines VM1, VM2, . It includes a first virtual machine VM1 and a second virtual machine VM2 that have been combined. In the virtualization apparatus 1, during normal operation, one of the first virtual machine VM1 and the second virtual machine VM2 that are multiplexed or redundant with each other, the first virtual machine VM1 is in an operating state, and the second virtual machine VM2 is It is in a standby state (hot standby state) as a backup of the first virtual machine VM1.

In the virtualization system 100B, each virtual machine VM1, VM2, . The virtualization environment control units 18-1, 18-2, . . . Specifically, the monitoring unit 14-1 determines that a fault Tr has occurred in the hardware element 2-1 (the central processing unit 4-1 of the hardware element 2-1 in FIG. 3). In this case, the virtualization environment of the virtualization apparatus 1 is controlled so that the first virtual machine VM1 in the operating state is stopped and the second virtual machine VM2 in the standby state (hot standby state) is switched to the operating state. do.

As a result, in the virtualization system 100B, when the failure Tr is detected in the hardware element 2-1 corresponding to the first virtual machine VM1 in operation, one of the first virtual machines VM1 in operation is stopped. At the same time, by switching the other second virtual machine VM2 in the standby state to the operating state, it is possible to suppress a decrease in the operation rate of the entire virtualization system 100B and achieve high availability.

Note that FIG. 3 illustrates a case where a failure Tr occurs in the central processing unit 4-1 included in the hardware element 2-1 of the hardware resources 2 of the virtualization system 100B. , disk 8-1, and device 10-1.

Next, FIG. 4 is a configuration diagram of a virtualization system 100C according to the third embodiment. The virtualization system 100C comprises a first virtualization device 1A and a second virtualization device 1B. The first virtualization device 1A and the second virtualization device 1B have a configuration equivalent to that of the virtualization device 1 included in the aforementioned virtualization system 100B. The first virtualization device 1A and the second virtualization device 1B are multiplexed or redundant with each other. During normal operation, the first virtualization device 1A is in operation, and the second virtualization device 1B is the first virtual machine. It is in a standby state (hot standby state) as a backup of VM1. That is, the virtual machines VM1, VM2, . )It is in.

The virtual machines VM1, VM2, . prepare for virtualization environment control units 18-1, 18-2, . , and when it is determined that a failure Tr has occurred in the first virtualization device 1A in the operating state, the hardware in which the failure Tr has occurred in the first virtualization device 1A The virtual machine corresponding to the element is stopped, and the corresponding virtual machine of the second virtualization device 1B is switched to the operating state. FIG. 4 illustrates a case where a failure Tr occurs in the hardware element 2-1 (central processing unit 4-1) corresponding to the first virtual machine VM1 provided in the first virtualization device 1A. so that the first virtual machine VM1 corresponding to the hardware element 2-1 is stopped from the operating state and the corresponding first virtual machine VM1 of the second virtualization device 1B is started from the standby state. The virtualization environment is controlled. At this time, since the other virtual machines VM2, . It is

As described above, in the virtualization system 100C, when a failure Tr occurs in the hardware resource 2 in one of the first virtualization devices 1A in the operating state, the virtual machine corresponding to the hardware element 2-1 in which the failure Tr occurs. By stopping the VM1 and switching the corresponding virtual machine VM1 in the standby state in the other second virtualization device 1B to the operating state, a decrease in the operation rate of the entire virtualization system 100C is suppressed and high availability is achieved. be able to.

In addition, it is possible to appropriately replace the components in the above-described embodiments with well-known components without departing from the scope of the present disclosure, and the above-described embodiments may be combined as appropriate.

The contents described in each of the above embodiments are understood as follows, for example.

(1) A virtualization system according to one aspect includes:
a plurality of virtual machines (for example, the virtual machines VM1, VM2, . . . of the above embodiment);
Hardware resources (for example, hardware elements 2-1, 2-2, . hardware resource 2) of the above embodiment;
A virtualization system (for example, the virtualization systems 100A, 100A', 100B, 100C of the above embodiments) having at least one virtualization apparatus (for example, the virtualization apparatuses 1, 1A, 1B of the above embodiments) comprising
Each of the plurality of virtual machines has a monitoring unit (for example, the monitoring units 14-1, 14-2, . Prepare.

According to the aspect (1) above, the operating states of the hardware elements assigned to the respective virtual machines are monitored by the monitoring units respectively provided in the plurality of virtual machines. By monitoring the hardware elements corresponding to each virtual machine for each virtual machine in this way, failures can be detected earlier than in the past. Then, it is possible to effectively reduce the time required to execute the processing necessary to resolve or avoid the failure. As a result, it is possible to suppress the deterioration of the real-time performance and the deterioration of the operation rate due to the delay in execution of the processing necessary for solving or avoiding the failure.

(2) In another aspect, in the aspect of (1) above,
The monitoring unit is configured to actively monitor an operating state of the hardware element corresponding to the virtual machine.

According to the above aspect (2), each of the plurality of virtual machines of the virtualization device actively monitors the hardware elements allocated corresponding to each, so that the failure can be detected. Note that "actively" means that each virtual machine monitors the operating state of its own assigned hardware element, and that the operating state of each hardware element is monitored by a configuration other than the monitoring unit. If monitored, configure the configuration such that if a failure is detected in the configuration, monitoring results are sent only to the virtual machine corresponding to the hardware element on which the failure was detected. including setting

(3) In another aspect, in the above aspect (1) or (2),
The monitoring unit is configured to monitor an operating state of the hardware element corresponding to the virtual machine by an application executed by the virtual machine.

According to aspect (3) above, the virtual machine can actively monitor the operating state of the hardware element corresponding to the virtual machine by executing the application.

(4) In another aspect, in the above aspect (1) or (2),
further comprising a hardware resource monitoring unit (for example, the hardware resource monitoring unit 16 of the above embodiment) for monitoring the hardware resources;
The monitoring unit is arranged so that, when the hardware resource monitoring unit detects a failure, only the virtual machine corresponding to the hardware element in which the failure has occurred receives the signal from the hardware resource monitoring unit. and setting the hardware resource monitoring unit.

According to aspect (4) above, when the hardware resource monitoring unit monitors a failure in a hardware resource, when a failure is detected, the destination of a signal from the hardware resource monitoring unit is set to the hardware element in which the failure has occurred. A hardware resource monitor is actively configured by the monitor to limit to only the corresponding virtual machine. This makes it possible to detect failures in hardware elements earlier than in the past, and effectively reduce the time required to execute the processing necessary to resolve or avoid the failure.

(5) In another aspect, in any one aspect of (1) to (4) above,
The plurality of virtual machines includes a first virtual machine (for example, the first virtual machine VM1 in the above embodiment) and a second virtual machine (for example, the second virtual machine VM2 in the above embodiment) that are multiplexed or redundant with each other. ,
When a failure is detected by the monitoring unit, one of the first virtual machine and the second virtual machine in which the failure is detected is stopped from an operating state, and the other is started from a standby state. be.

According to aspect (5) above, in a virtualization system comprising a plurality of multiplexed or redundant virtual machines, when a failure is detected in a hardware element corresponding to one of the virtual machines in operation, By stopping the virtual machine from the operating state and activating the other virtual machine in the standby state, it is possible to suppress the decrease in the operating rate of the entire virtualization system and achieve high availability.

(6) In another aspect, in any one aspect of (1) to (4) above,
The at least one virtualization device includes a first virtualization device (for example, the first virtualization device 1A in the above embodiment) and a second virtualization device (for example, the second virtualization device in the above embodiment) that are multiplexed or redundant with each other. conversion device 1B),
When a failure is detected by the monitoring unit, one of the first virtualization device and the second virtualization device stops the virtual machine in which the failure is detected, and the other virtualization device stops the virtual machine. is configured to switch the virtual machine corresponding to from a standby state to an active state.

According to aspect (6) above, in a virtualization system comprising a plurality of multiplexed or redundant virtualization devices, in one virtualization device in operation, a hardware element corresponding to a specific virtual machine In the event of a failure, the virtual machine in question is stopped from operating status, and the corresponding virtual machine on the other virtualization device is switched from standby status to operating status, thereby suppressing a decrease in the operating rate of the entire virtualization system. , high availability can be achieved.

(7) In another aspect, in any one aspect of (1) to (6) above,
The monitoring unit is configured to monitor whether or not there is a failure in each hardware component included in the hardware element.

According to the above aspect (7), the monitoring by the monitoring unit is performed for each hardware component included in the hardware component.

(8) In another aspect, in any one aspect of (1) to (7) above,
The plurality of virtual machines are configured to generate control signals for controlled objects.

According to aspect (8) above, a virtualized system having excellent real-time performance and availability can be realized by applying a controller that generates a control signal for a controlled object to a virtualized system.

(9) In another aspect, in the aspect of (8) above,
The controlled object is a plant or a mobile object.

According to the above aspect (9), it is suitable for applications that require high real-time performance and availability, such as a controller that controls a plant such as a thermal power plant. Moreover, when the object to be controlled is a moving object, the present invention can be applied to, for example, a ground transportation system, a watercraft on the sea, or an underwater vehicle.

(10) A virtualization system monitoring method according to an aspect includes:
a plurality of virtual machines (for example, the virtual machines VM1, VM2, . . . of the above embodiment);
Hardware resources (for example, hardware elements 2-1, 2-2, . hardware resource 2) of the above embodiment;
A method for monitoring a virtualization system (for example, the virtualization systems 100A, 100A', 100B, 100C of the above embodiments) having at least one virtualization apparatus (for example, the virtualization apparatuses 1, 1A, 1B of the above embodiments) comprising There is
Each of the plurality of virtual machines monitors the operating state of the hardware element corresponding to the virtual machine.

According to aspect (10) above, the operating states of the hardware elements assigned to each virtual machine are monitored by the plurality of virtual machines. By monitoring the hardware elements corresponding to each virtual machine for each virtual machine in this way, failures can be detected earlier than in the past. Then, it is possible to effectively reduce the time required to execute the processing necessary to resolve or avoid the failure. As a result, it is possible to suppress the deterioration of the real-time performance and the deterioration of the operation rate due to the delay in execution of the processing necessary for solving or avoiding the failure.

1 virtualization device 1A first virtualization device 1B second virtualization device 2 hardware resources 2a, 2b, ... hardware elements 4 central processing unit 6 storage device 8 disk 10 device 12 hypervisor 14 monitoring unit 16 hardware Resource monitoring unit 18 Virtual environment control unit 100 (100A, 100B, 100C, 100A') Virtualization system Tr Failure VM1, VM2, ... Virtual machine

Claims (10)

a plurality of virtual machines;
a hardware resource including a plurality of hardware elements virtually allocated to correspond respectively to the plurality of virtual machines;
A virtualization system having at least one virtualization device comprising:
A virtualization system, wherein each of the plurality of virtual machines includes a monitoring unit for monitoring an operating state of the hardware element corresponding to the virtual machine. 2. The virtualization system according to claim 1, wherein said monitoring unit is configured to actively monitor the operating state of said hardware element corresponding to said virtual machine. 3. The virtualization system according to claim 1, wherein the monitoring unit is configured to monitor the operating state of the hardware element corresponding to the virtual machine by an application executed by the virtual machine. further comprising a hardware resource monitoring unit for monitoring the hardware resources;
The monitoring unit is arranged so that, when the hardware resource monitoring unit detects a failure, only the virtual machine corresponding to the hardware element in which the failure has occurred receives the signal from the hardware resource monitoring unit. 3. The virtualization system according to claim 1 or 2, configured to set said hardware resource monitoring unit to . the plurality of virtual machines includes a first virtual machine and a second virtual machine that are multiplexed or redundant with each other;
When a failure is detected by the monitoring unit, one of the first virtual machine and the second virtual machine in which the failure is detected is stopped from an operating state, and the other is started from a standby state. A virtualization system according to any one of claims 1 to 4. the at least one virtualization device includes a first virtualization device and a second virtualization device that are multiplexed or redundant with each other;
When a failure is detected by the monitoring unit, one of the first virtualization device and the second virtualization device stops the virtual machine in which the failure is detected, and the other virtualization device stops the virtual machine. 5. A virtualization system according to any one of claims 1 to 4, arranged to switch the virtual machine corresponding to a from a standby state to an active state. 7. The virtualization system according to any one of claims 1 to 6, wherein said monitoring unit is configured to monitor the presence or absence of a failure in each hardware component included in said hardware element. 8. A virtualization system according to any preceding claim, wherein said plurality of virtual machines are configured to generate control signals for controlled objects. 9. The virtualization system according to claim 8, wherein said controlled object is a plant or a mobile object. a plurality of virtual machines;
a hardware resource including a plurality of hardware elements virtually allocated to correspond respectively to the plurality of virtual machines;
A method of monitoring a virtualization system having at least one virtualization device comprising:
A monitoring method for a virtualization system, wherein each of the plurality of virtual machines monitors the operating state of the hardware element corresponding to the virtual machine.

Images