JP6464704B2 - Fault tolerant system, active device, standby device, failover method, and failover program - Google Patents

Description

  The present invention relates to a technique for realizing fault tolerance of a virtual machine.

  In a server system that provides a service, fault tolerance is required to continue the service even if a failure occurs in the server. Therefore, in such a server system, a redundant configuration including an active server and a standby server is employed. Even when the server is a virtual machine, a technique for realizing fault tolerance by operating a standby virtual machine on a server different from the server on which the active virtual machine operates is known.

  For example, Patent Document 1 describes a fault tolerant system for a virtual machine that does not require a standby server. In this related technique, a plurality of virtual machines are operated on a plurality of servers, respectively. Specifically, each server operates one or more primary virtual machines and one or more secondary virtual machines. Further, a secondary virtual machine that is paired with a primary virtual machine that operates on a certain server is configured to operate on another server. Then, the primary virtual machine data is periodically transmitted from the server on which the primary virtual machine data operates to the server on which the paired secondary virtual machine operates. As a result, this related technology realizes fault tolerance of the virtual machine operating on each server without requiring a standby server.

  Patent Document 2 describes a technique for reducing the data transfer amount between an active virtual machine and a standby virtual machine. This related technique is based on the premise that storage is shared between a machine on which an active virtual machine operates and a machine on which a standby virtual machine operates. When a read command is generated in the shared storage, the active virtual machine stores the read position, read position, and read size of the read command. Then, the active virtual machine transfers the reading position, the reading position, and the reading size to the standby system. The standby virtual machine reads data on the shared storage into the virtual machine memory according to the received read position, read position, and read size. As a result, this related technique eliminates the need to transfer the contents of the virtual machine memory itself between the active and standby virtual machines and reduces the data transfer amount.

  Patent Document 2 describes that this related technique can be applied to the realization of fault tolerance for a plurality of virtual machines. In this related technology, a virtual machine that synchronizes with a virtual machine that operates on a certain active machine and a virtual machine that synchronizes with a virtual machine that operates on another active machine operate on a single standby apparatus.

JP 2012-190175 A JP 2012-221064 A

  However, those described in Patent Document 1 and Patent Document 2 have a problem that the cost for operating the standby virtual machine is high. Hereinafter, the cost for operating the standby virtual machine is also simply referred to as the cost for the standby system.

  For example, the related technology described in Patent Document 1 requires the same number of standby virtual machines for N active virtual machines. Furthermore, since this related technique operates a total of N × 2 virtual machines in a distributed manner, a plurality of machines capable of operating a plurality of virtual machines are required. Here, a machine capable of operating a plurality of virtual machines generally has a high cost. Therefore, this related technique increases the cost of the standby system as the number of active virtual machines increases.

  Further, the related art described in Patent Document 2 requires the same number of standby machines for N active virtual machines. Therefore, according to this related technology, the larger the number of active virtual machines, the more standby devices are required, which increases the cost of the standby system.

  Alternatively, the related technology described in Patent Document 2 requires a standby machine that enables the operation of N virtual machines for N active virtual machines. As described above, a machine capable of operating a plurality of virtual machines generally has a high cost. Further, as the number of active virtual machines increases, the standby machine requires more resources to operate more virtual machines. Therefore, this related technique increases the cost of the standby system as the number of active virtual machines increases.

  As described above, in the related technology described above, the machine or the resource for operating the standby virtual machine increases as the scale of the system increases. For this reason, there is a problem that the cost (machine cost, maintenance cost, power cost, etc.) required for the standby system increases.

  The present invention has been made to solve the above-described problems. That is, an object of the present invention is to provide a technique for realizing fault tolerance while suppressing the cost of a standby system even when the scale of a server system configured by virtual machines increases.

  The fault-tolerant system of the present invention includes a shared storage shared by an active system device and a standby system device, and contents (memory area data) of a virtual machine memory area of an active virtual machine operating on the active system device. A memory area data duplexing unit that transfers data from the active device to the shared storage and duplicates it, a failure detection unit that detects a failure in the active device, and an active system that operates in the active device in which the failure is detected A memory area data acquisition unit that transfers memory area data of a virtual machine from the shared storage to the standby system device, and a memory area acquired by the memory area data acquisition unit when a failure occurrence is detected by the failure detection unit The standby virtual machine is operated in the standby system using the data, and the failure is Generation and a switching section for switching so as to continue the function of operating system virtual machine operating in operating system device detected by the standby virtual machine.

  Moreover, the active system apparatus of this invention has the said memory area data duplication part in the above-mentioned fault tolerant system.

  Further, the standby system apparatus of the present invention includes the memory area data acquisition unit and the switching unit in the fault tolerant system described above.

  In addition, the failover method of the present invention uses the shared storage shared by the active device and the standby device, and uses the contents of the virtual machine memory area (memory area) of the active virtual machine operating on the active device. Data) is transferred from the active device to the shared storage and duplicated, and when the occurrence of a failure in the active device is detected, the memory area data of the active virtual machine that operates in the active device that has detected the failure is Transfer from the shared storage to the standby system device, operate the standby virtual machine using the memory area data transferred from the shared storage in the standby system, and operate in the active system device that detected the failure occurrence The function of the active virtual machine to be switched is switched to continue with the standby virtual machine.

  In addition, another failover method of the present invention uses a shared storage in which the contents of the virtual machine memory area (memory area data) of the active virtual machine operating on the active system are duplicated by the standby system. When the occurrence of a failure in the active device is detected, the memory area data of the active virtual machine operating in the active device in which the failure has been detected is acquired from the shared storage, and the memory acquired from the shared storage The standby virtual machine is operated using the area data, and the function of the active virtual machine operating in the active device in which the occurrence of the failure is detected is switched to continue in the standby virtual machine.

  In addition, the failover program of the present invention uses the shared storage in which the contents (memory area data) of the virtual machine memory area of the active virtual machine operating on the active system are duplicated, and the failure of the active system When one occurrence is detected, a memory region data acquisition step for acquiring memory region data of an active virtual machine operating in the active device in which the failure has been detected from the shared storage; and a memory region data acquisition step A standby virtual machine operation step for operating the standby virtual machine using the acquired memory area data, and a function of the active virtual machine that operates in the active device in which the occurrence of the failure is detected are described in the standby virtual machine. The standby system device executes the switching step for switching to continue.

  In addition, according to another failover method of the present invention, the active system device stores the contents of the virtual machine memory area of the active virtual machine operating on the own device in the shared storage shared by the own device and the standby system device ( (Memory area data) is transferred and duplicated.

  In addition, another failover program of the present invention stores the contents (memory area data) of the virtual machine memory area of the active virtual machine operating on the own apparatus in the shared storage shared by the own apparatus and the standby apparatus. The operating system apparatus is caused to execute a memory area data duplexing step for transferring and duplicating.

  The present invention can provide a technique for realizing fault tolerance while suppressing the cost of a standby system even when the scale of a server system configured by virtual machines increases.

It is a block diagram which shows the structure of the fault tolerant system as the 1st Embodiment of this invention. It is a figure which shows an example of the internal structure of the fault tolerant system as the 1st Embodiment of this invention. It is a figure which shows the functional block structure of the fault tolerant system as the 1st Embodiment of this invention. It is a flowchart explaining the memory area data duplication operation | movement of the fault tolerant system as the 1st Embodiment of this invention. It is a flowchart explaining the fault detection operation | movement of the fault tolerant system as the 1st Embodiment of this invention. It is a flowchart explaining the failover operation | movement of the fault tolerant system as the 1st Embodiment of this invention. It is a figure which shows the functional block structure of the fault tolerant system as the 2nd Embodiment of this invention. It is a flowchart explaining the failure detection operation | movement of the fault tolerant system as the 2nd Embodiment of this invention. It is a figure which shows the functional block structure of the fault tolerant system as the 3rd Embodiment of this invention. It is a flowchart explaining the failover operation | movement of the fault tolerant system as the 3rd Embodiment of this invention. It is a figure which shows the functional block structure of the fault tolerant system as the 4th Embodiment of this invention. It is a flowchart explaining the failure detection and failover operation of the fault tolerant system as the fourth embodiment of the present invention. It is a figure which shows the functional block structure of the fault tolerant system as the 5th Embodiment of this invention. It is a flowchart explaining the failure detection and failover operation of the fault tolerant system as the fifth exemplary embodiment of the present invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

(First embodiment)
FIG. 1 shows the configuration of a fault tolerant system 1 as a first embodiment of the present invention. In FIG. 1, the fault-tolerant system 1 includes one or more active devices 10, a standby device 20, a shared storage 30, and a failure detection device 40. Although FIG. 1 shows three active devices, one standby device, one shared storage, and one failure detection device, the number of devices included in the fault-tolerant system of the present invention is shown. It is not limited. The active system device 10 and the standby system device 20 are communicably connected to the shared storage 30 via a network. In addition, the active system device 10 and the standby system device 20 are communicably connected to the failure detection device 40 via a network.

  FIG. 2 shows an example of the hardware configuration of each device constituting the fault tolerant system 1.

  2, the active system device 10 can be configured by a computer device including hardware elements such as a CPU (Central Processing Unit) 1001, a memory 1002, a local storage 1003, and a network interface 1004. The memory 1002 includes a RAM (Random Access Memory), a ROM (Read Only Memory), and the like. The local storage 1003 stores a virtual machine control program, an active fault tolerant program, and the like. The network interface 1004 is an interface connected to the network.

  The CPU 1001 reads a virtual machine control program from the local storage 1003 and executes it. As a result, the hypervisor 101 operates on the memory 1002. Further, the hypervisor 101 constructs and operates the virtual machine 100 on the memory 1002. Hereinafter, the virtual machine 100 operating on the active system device 10 is also referred to as the active virtual machine 100. The active virtual machine 100 operates using the virtual machine memory area 102 secured in the memory 1002. Further, local data of the active virtual machine 100 is stored in the shared storage 30.

  Further, the CPU 1001 reads and executes an active fault tolerant program from the local storage 1003. As a result, the CPU 1001 implements functional blocks to be described later on the active device 10 while controlling the network interface 1004.

  The standby device 20 can be configured by a computer device including a CPU 2001, a memory 2002, a local storage 2003, a network interface 2004, and the like. The memory 2002 includes a RAM, a ROM, and the like. The local storage 2003 stores a virtual machine control program, a standby fault tolerant program, and the like. A network interface 2004 is an interface connected to a network.

  The CPU 2001 reads a virtual machine control program from the memory 2002 and executes it. As a result, the hypervisor 201 operates on the memory 2002. Further, the hypervisor 201 can construct and operate the virtual machine 200 on the memory 2002. However, the virtual machine 200 of the standby system device 20 is stopped at a normal time when no failure has occurred in any active system device 10. Hereinafter, the virtual machine 200 that can operate on the standby device 20 is also referred to as a standby virtual machine 200. The standby virtual machine 200 operates using the virtual machine memory area 202 secured in the memory 2002. The standby virtual machine 200 is configured to be able to operate using local data of any active virtual machine 100 stored in the shared storage 30.

  Further, the CPU 2001 reads and executes a standby fault-tolerant program from the memory 2002. As a result, the CPU 2001 implements a later-described functional block on the standby system device 20 while controlling the network interface 2004.

  The shared storage 30 is connected to the network and is shared by the active system device 10 and the standby system device 20. Note that a network interface for connecting the shared storage 30 to the network and hardware elements such as a processor and a memory for controlling the operation are not shown. For example, the shared storage 30 may be configured by a SAN (Storage Area Network) system or a NAS (Network Attached Storage). The shared storage 30 may be a device that functions as RAID (Redundant Arrays of Inexpensive Disks).

  The failure detection device 40 can be configured by a computer device including hardware elements such as a CPU 4001, a memory 4002, a local storage 4003, and a network interface 4004. The memory 4002 is configured by a RAM, a ROM, and the like. The local storage 4003 stores a program for operating the failure detection apparatus 40 of the present embodiment. The network interface 4004 is an interface connected to the network. The CPU 4001 reads the program from the local storage 4003 and executes it, thereby realizing the later-described functions of the failure detection device 40 while controlling the network interface 4004.

  Note that the hardware configuration of each device and each functional block constituting the fault-tolerant system 1 is not limited to the above-described configuration.

  Next, the functional block configuration of the fault tolerant system 1 is shown in FIG. In FIG. 3, the active system device 10 includes a memory area data duplication unit 11. The standby system device 20 includes a memory area data acquisition unit 21 and a switching unit 22. Further, the failure detection device 40 has a failure detection unit 41.

  The memory area data duplexing unit 11 duplexes data by storing the contents (memory area data) of the virtual machine memory area 102 used by the active virtual machine 100 in the shared storage 30. The memory area data includes data of a virtual memory (main storage device) used by the active virtual machine 100, CPU context, network transmission buffer contents, and the like. Note that the memory area data duplication unit 11 stores the memory area data in the shared storage 30 so that it can be identified as the information of the virtual machine on its own device. For example, the memory area data duplication unit 11 may store the memory area data in the shared storage 30 in association with the identification information of the active virtual machine 100. Further, for example, the memory area data duplication unit 11 may delay copy the memory area data to the shared storage 30 at every predetermined timing. Further, for example, the memory area data duplication unit 11 may delay copy a dirty page in the memory area data. Note that the memory area data duplexing unit 11 can employ various known techniques as a technique for storing the memory area data in the shared storage 30 and duplexing.

  The shared storage 30 stores each memory area data for each active virtual machine 100.

  The failure detection unit 41 detects the occurrence of a failure in the active system device 10. As a method for detecting the occurrence of a failure in the active system device 10, various known methods for detecting a physical failure of the computer device can be employed. Further, the failure detection unit 41 notifies the standby system device 20 of detection information indicating the occurrence of a failure in the active system device 10. For example, the failure detection unit 41 may notify the standby system device 20 of information identifying the active system device 10 in which the failure has occurred as detection information.

  The memory area data acquisition unit 21 acquires the memory area data of the active virtual machine 100 operating in the active system 10 in which the occurrence of the failure is detected from the shared storage 30. For example, the memory area data acquisition unit 21 stores the acquired memory area data in the virtual machine memory area 202 in the memory 2002 of the own apparatus. Hereinafter, the active virtual machine 100 operating in the active system 10 in which the occurrence of a failure is detected is also simply referred to as “active virtual machine 100 in which a failure has occurred”.

  When the failure detection unit 41 detects the occurrence of a failure, the switching unit 22 operates the standby virtual machine 200 using the memory area data acquired by the memory area data acquisition unit 21. For example, the switching unit 22 may activate the standby virtual machine 200 so as to operate using the virtual machine memory area 202 of its own apparatus in which the memory area data of the active virtual machine 100 in which the failure has occurred is stored. . Further, the switching unit 22 may activate the standby virtual machine 200 so that information stored in the shared storage 30 as local data of the active virtual machine 100 in which a failure has occurred is used as local data.

  Then, the switching unit 22 performs a process (failover) for switching the function of the active virtual machine 100 in which the failure has occurred to be continued in the standby virtual machine 200 started on the own device.

  The operation of the fault tolerant system 1 configured as described above will be described with reference to the drawings.

  First, the memory area data duplication operation of the fault tolerant system 1 is shown in FIG.

  In FIG. 4, first, the memory area data duplication unit 11 of the active system apparatus 10 stores the memory area data being used by the active virtual machine 100 operating on the own apparatus in the shared storage 30 (step S <b> 1).

  As described above, the memory area data duplication unit 11 may store the dirty page in the memory area data in the shared storage 30. Further, the memory area data duplication unit 11 stores the memory area data in the shared storage 30 so that it can be identified as the information of the own device.

  The memory area data duplication unit 11 repeats the above operation at predetermined intervals. As a result, memory area data is duplicated in the shared storage 30 for each active virtual machine 100 operating on each active device 10.

  Next, the fault detection operation of the fault tolerant system 1 is shown in FIG.

  In FIG. 5, first, the failure detection unit 41 of the failure detection device 40 checks whether or not a failure has occurred in each active system device 10 (step S11).

  Here, when there is an active device 10 in which a failure has occurred, the failure detection unit 41 notifies the standby device 20 of information representing the active device 10 (step S12).

  The failure detection unit 41 repeats the above operation at predetermined intervals.

  Next, the failover operation of the fault tolerant system 1 is shown in FIG.

  In FIG. 6, first, the standby device 20 starts the following operation when a failure occurrence is notified from the failure detection device 40 (Y in step S21).

  Here, first, the memory area data acquisition unit 21 acquires memory area data stored for the active virtual machine 100 in which a failure has occurred from the shared storage 30 (step S22). Then, the memory area data acquisition unit 21 expands the acquired memory area data in the virtual machine memory area 202 of the own device.

  Next, the switching unit 22 activates the standby virtual machine 200 to operate using the virtual machine memory area 202 of the own device (step S23).

  Next, the switching unit 22 performs switching so that the function of the active virtual machine 100 is continued in the standby virtual machine 200 (step S24).

  This is the end of the description of the failover operation.

  Next, effects of the first exemplary embodiment of the present invention will be described.

  The fault-tolerant system as the first embodiment of the present invention can realize fault tolerance while suppressing the cost of the standby system even if the scale of the server system configured by virtual machines increases.

  This is because the memory area data duplication unit of each active system device duplicates the memory area data of the active virtual machine by storing it in the shared storage. When a failure of the active device is detected by the failure detection device, the memory area data acquisition unit of the standby device acquires the memory area data of the virtual machine on the active device where the failure is detected from the shared storage. get. This is because the switching unit of the standby system starts the standby virtual machine using the acquired memory area data, and switches the function of the active virtual machine in which the failure has occurred to continue in the standby virtual machine.

  As described above, in this embodiment, the memory area data of each active virtual machine is stored in the shared storage to be duplicated, and the memory area data of the corresponding active virtual machine is transferred to the standby system when a failure occurs. Then start and switch the active virtual machine. Therefore, in the present embodiment, it is not necessary to wait for the same number of standby virtual machines as active virtual machines, and it is sufficient if there is at least one standby system device. In addition, the standby apparatus only needs to be capable of operating at least one standby virtual machine, and does not require a large amount of resources. For example, the standby system device may have substantially the same performance as the active system device. As a result, according to the present embodiment, it is possible to realize fault tolerance while suppressing the cost of the standby system regardless of the number of active virtual machines. For example, the present embodiment is particularly effective in a system in which failures frequently occur and the standby system is often in a standby state when the active system and the standby system are on a one-to-one basis.

(Second Embodiment)
Next, a second embodiment of the present invention will be described in detail with reference to the drawings. In the first embodiment of the present invention, the configuration has been described in which the failure detection device, which is an embodiment of the failure detection unit of the present invention, detects a failure in the active device and notifies the standby device. In the present embodiment, an example will be described in which one embodiment of the failure detection unit of the present invention is distributed and arranged in an active system device and a standby system device.

  Note that, in each drawing referred to in the description of the present embodiment, the same reference numerals are given to the same configuration and steps that operate in the same manner as in the first embodiment of the present invention, and the detailed description in the present embodiment. Description is omitted.

  First, FIG. 7 shows a configuration of a fault tolerant system 2 as a second embodiment of the present invention. In FIG. 7, the fault tolerant system 2 is in standby for the fault tolerant system 1 according to the first embodiment of the present invention, instead of the active device 10 and the active device 50 and the standby device 20. The system apparatus 60 is different and the failure detection apparatus 40 is not included. Note that the hardware configuration of the fault tolerant system 2 can be configured by hardware elements excluding the failure detection device 40 among the hardware elements of the first embodiment of the present invention shown in FIG. However, the hardware configuration of each device and each functional block constituting the fault-tolerant system 2 is not limited to the above-described configuration.

  The active system device 50 includes a failure detection unit 52 in addition to the same configuration as that of the active system device 10 according to the first exemplary embodiment of the present invention.

  The failure detection unit 52 performs processing for confirming that its own device is operating normally. Further, when the failure detection unit 52 confirms that the device itself is operating normally, the failure detection unit 52 transmits information (confirmation information) indicating that the device is operating normally to the standby system device 60. For example, the failure detection unit 52 may check whether or not the own device has updated the shared memory at predetermined intervals. In this case, when the failure detection unit 52 confirms the update of the shared memory, the failure detection unit 52 transmits confirmation information indicating that to the standby system device 60, assuming that the device itself is operating normally.

  The standby system device 60 includes a failure detection unit 63 in addition to the same configuration as that of the standby system device 20 according to the first embodiment of the present invention.

  The failure detection unit 63 detects the occurrence of a failure in the active system device 50 based on the reception status of confirmation information from the active system device 50. For example, the failure detection unit 63 may determine that a failure has occurred in the active device 50 when the confirmation information that should be periodically transmitted from the active device 50 has not been received for a predetermined period. .

  The operation of the fault tolerant system 2 configured as described above will be described with reference to the drawings. Note that the memory area data duplication operation and the failover operation of the fault tolerant system 2 are the same as the operations of the first embodiment of the present invention described with reference to FIG. 4 and FIG. The description in the form is omitted. Here, the fault detection operation of the fault tolerant system 2 is shown in FIG. In FIG. 8, the left diagram shows the operation of the active system device 50, and the right diagram shows the operation of the standby system device 60. In addition, broken arrows connecting the left and right indicate the flow of data.

  In FIG. 8, first, the failure detection unit 52 of the active device 50 confirms whether or not the device itself is operating normally, and transmits confirmation information to the standby device 60 (step S31).

  Note that this step is not executed when the active device 50 is not operating normally.

  And the failure detection part 52 repeats the operation | movement of step S31 for every predetermined interval.

  Next, the failure detection unit 63 of the standby system device 60 receives confirmation information from the active system device 50 (step S33).

  Next, the failure detection unit 63 determines whether or not there is an active device 50 whose elapsed time from the reception of the previous confirmation information is equal to or longer than a predetermined time (step S34).

  Here, when there is an active device 50 whose elapsed time from the reception of the previous confirmation information is equal to or longer than a predetermined time, the failure detection unit 63 determines that a failure has occurred in the active device 50. Then, the failure detection unit 63 notifies the switching unit 22 of the active device 50 in which the failure has occurred (step S35).

  Thus, the fault tolerant system 2 ends the failure detection operation.

  Then, the switching unit 22 notified of the occurrence of the failure uses the memory area data acquisition unit 21 to execute steps S22 to S24 in FIG.

  In the present embodiment, the failure detection unit 52 of each active system device 50 uses not only the standby system device 60 but also other active system devices 50 as confirmation information indicating that the device itself is operating normally. May be sent to. In this case, the failure detection unit 52 detects the occurrence of a failure in the other active device 50 based on the reception status of the confirmation information from the other active device 50. For example, the failure detecting unit 52 determines that a failure has occurred in the active device 50 when the confirmation information that should be periodically transmitted from the other active device 50 has not been received for a predetermined period. Also good. In this case, the failure detection unit 52 may transmit information representing another active device 50 that has detected the failure to the standby device 60.

  Further, in the present embodiment, the failure detection unit 63 of the standby system device 60 may transmit confirmation information indicating that the device itself is operating normally to the active system device 50. In this case, the failure detection unit 52 of the active device 50 detects the occurrence of a failure in the standby device 60 based on the reception status of confirmation information from the standby device 60. Then, when a failure occurrence is detected in the standby system device 60, the active system device 50 may output that fact. Alternatively, when the fault tolerant system 2 includes a plurality of standby system devices 60, the failure detection unit 52 of the active system device 50 may notify the standby system device 60 in which the failure has occurred to the other standby system devices 60. As a result, the standby device 60 in which no failure has occurred can perform failover.

  Next, the effect of the second exemplary embodiment of the present invention will be described.

  The fault tolerant system according to the second embodiment of the present invention is a server system constituted by virtual servers. When the fault tolerance is realized while reducing the cost of the standby system, the failure of the active system apparatus is more sure. Can be detected.

  The reason is that the failure detection unit of the active device sends confirmation information to the standby device when the normal operation of the own device is confirmed, and the failure detection unit of the standby device receives the confirmation information from the active device. This is because the occurrence of a failure in the active system is detected based on the above.

  Furthermore, an effect in the case where the failure detection unit of the active device is configured to detect the occurrence of a failure in the other active device by transmitting / receiving confirmation information to / from another active device will be described. . In this case, according to the present embodiment, it is possible to detect the occurrence of a failure in the active system apparatus with higher accuracy and perform failover. This is because the standby system device detects the failure of the active system device A based on the notification of the occurrence of the failure related to the active system device A from the other active system device B in addition to the reception status of the confirmation information from the active system device A. This is because it can be detected. For example, even if a certain active device A is operating normally, a failure may occur in the network between the standby device and the active device A. In such a case, the standby apparatus determines that a failure has occurred in the active apparatus A based only on the reception status of the confirmation information from the active apparatus A. At this time, if there is no notification from the active system device B regarding the occurrence of the fault related to the active system device A, the standby system device can determine that there is a network fault.

  Furthermore, the failure detection unit of the standby device transmits confirmation information indicating that the device is operating normally to the active device, and the active device detects the occurrence of a failure of the standby device. The effect of taking this will be described. In this case, the present embodiment can notify the user of the occurrence of a failure in the standby system device. In addition, according to the present embodiment, failover can be more reliably performed using a standby system device that is operating normally among a plurality of standby system devices.

  As described above, according to the present embodiment, fault tolerance can be more accurately and more reliably realized by distributing failure detection units to each active system device and standby system device and confirming normal operations with each other. it can.

(Third embodiment)
Next, a third embodiment of the present invention will be described in detail with reference to the drawings. In the first and second embodiments of the present invention, the processing of writing the memory area data of the active virtual machine on the shared storage 30 to the memory area for the standby virtual machine is performed at the timing at which failover occurs. I was going. For this reason, the first and second embodiments of the present invention can reduce the cost of the standby system as compared to a system in which the standby system is operated from the normal time. There has been a problem of increasing. In the present embodiment, an example will be described in which measures against the problems of the first and second embodiments are taken.

  Note that, in each drawing referred to in the description of the present embodiment, the same configurations and steps that operate in the same manner as in the first and second embodiments of the present invention are denoted by the same reference numerals, and the present embodiment. The detailed description in is omitted.

  First, FIG. 9 shows a configuration of a fault tolerant system 3 as a third embodiment of the present invention. In FIG. 9, the fault tolerant system 3 is different from the fault tolerant system 2 as the second embodiment of the present invention in that a standby system device 70 is provided instead of the standby system device 60. The standby system device 70 is different from the standby system device 60 according to the second embodiment of the present invention in that a memory area data acquisition unit 71 is provided instead of the memory area data acquisition unit 21. The hardware configuration of the fault tolerant system 3 can be configured by hardware elements excluding the failure detection device 40 among the hardware elements of the first embodiment of the present invention shown in FIG. However, the hardware configuration of each device and each functional block constituting the fault-tolerant system 3 is not limited to the above-described configuration.

  The memory area data acquisition unit 71 acquires a part of the memory area data of each active virtual machine 100 stored in the shared storage 30 at the normal time when the active system device 50 has not failed. . Specifically, the memory area data acquisition unit 71 may acquire and update a part of each memory area data at a predetermined timing in normal times. Further, the memory area data acquisition unit 71 writes a part of the acquired memory area data of each active virtual machine 100 in the virtual machine memory area 202 in the memory 2002 of the own device. That is, a part of the memory area data of each active virtual machine 100 is stored and updated in the virtual machine memory area 202. The size of a part of each memory area data to be acquired may be determined in advance. For example, when the size of the virtual machine memory area 102 allocated to each active virtual machine 100 is 3 GB (gigabytes), the memory area data acquisition unit 71 acquires and updates 1 GB each at a predetermined timing. Also good.

  Further, for example, some contents to be acquired from the memory area data may be determined based on the update frequency. For example, the memory area data acquisition unit 71 may preferentially acquire a part with a low update frequency from the memory area data of the active virtual machine 100 stored on the shared storage 30. Specifically, the memory area data acquisition unit 71 may acquire data satisfying a predetermined infrequent update condition among the memory area data of the active virtual machine 100 stored on the shared storage 30. Alternatively, the memory area data acquisition unit 71 may acquire data up to a predetermined size in order from the least frequently updated memory area data of the active virtual machine 100 stored on the shared storage 30. .

  Then, when a failure occurs, the memory area data acquisition unit 71 acquires from the shared storage 30 the remaining memory area data of the active virtual machine 100 that operates in the active device 50 in which the failure has been detected. For example, as described above, a case where 1 GB of the memory area data 3 GB of each active virtual machine 100 is loaded into the virtual machine memory area 202 will be described. In this case, the memory area data acquisition unit 71 discards the memory area data of the active virtual machine 100 in which no failure has occurred among the data loaded in the virtual machine memory area 202. Then, the memory area data acquisition unit 71 may acquire the remaining 2 GB of memory area data of the active virtual machine 100 in which a failure has occurred from the shared storage 30 and load it into the virtual machine memory area 202.

  The operation of the fault tolerant system 3 configured as described above will be described with reference to the drawings. Note that the memory area data duplication operation is the same as that of the first embodiment of the present invention described with reference to FIG. Further, since the failure detection operation is the same as that of the second embodiment of the present invention described with reference to FIG. 8, the description in this embodiment is omitted.

  Here, the failover operation of the fault tolerant system 3 is shown in FIG. Note that the standby system device 70 performs the following operation for each active system device 50.

  In FIG. 10, first, the memory area data acquisition unit 71 acquires a part of the memory area data of the active virtual machine 100 stored in the shared storage 30 during normal operation (step S <b> 41).

  Next, the memory area data acquisition unit 71 determines whether or not a failure has been detected by the failure detection unit 63 (step 42).

  If no failure has occurred in the active system device 50, the memory area data acquisition unit 71 repeats the operation from step S41 after a predetermined interval has elapsed.

  On the other hand, when a failure occurs in the active device 50, the memory area data acquisition unit 71 operates as follows. That is, the memory area data acquisition unit 71 acquires the remaining memory area data of the active virtual machine 100 operating in the active system device 50 in which the failure has been detected from the shared storage 30 (step S44).

  Thereafter, the standby system device 70 operates in the same manner as in the first embodiment of the present invention from step S23 to S24. As a result, the standby virtual machine 200 is activated using the memory area data of the active virtual machine 100 in which the failure has occurred. Then, the operation is switched from the active virtual machine 100 to the standby virtual machine 200.

  This is the end of the description of the failover operation.

  Next, effects of the third exemplary embodiment of the present invention will be described.

  The fault tolerant system according to the third embodiment of the present invention reduces the downtime at the time of failover in the server system constituted by virtual servers while realizing the fault tolerance while suppressing the cost of the standby system. be able to.

  The reason will be described. In the present embodiment, the memory area data duplication unit of each active system device duplicates the memory area data of the active virtual machine by storing it in the shared storage. Then, the memory area data acquisition unit of the standby system apparatus acquires a part of the memory area data of each active virtual machine from the shared storage at the normal time. When a failure is detected in the active device, the memory area data acquisition unit acquires the remaining memory area data of the virtual machine on the active device in which the failure has occurred from the shared storage. Then, the switching unit of the standby device starts up the standby virtual machine using the memory area data that combines the part acquired during normal operation and the rest acquired when a failure occurs, and the active virtual machine in which the failure occurred This is because the function of the machine is switched to continue in the standby virtual machine.

  As described above, in this embodiment, the memory area data of each active virtual machine is duplicated in the shared storage, and the corresponding active virtual machine is started and switched when a failure occurs. As in the first embodiment, it is sufficient that there is at least one standby system device. Furthermore, this embodiment does not transfer all the memory area data of the active virtual machine in which a failure has occurred to the standby system when a failure occurs, but transfers a part of it in the normal state and remains in the event of a failure. Forward. As a result, the present embodiment can reduce the downtime by reducing the amount of memory area data that needs to be transferred when a failure occurs, while reducing the cost of the standby system.

  Furthermore, in the present embodiment, when the memory area data acquisition unit of the standby system device gives priority to a part of the memory area data acquired from the shared storage that is less frequently updated at normal time, The memory area data acquisition load can be reduced.

(Fourth embodiment)
Next, a fourth embodiment of the present invention will be described in detail with reference to the drawings. In the present embodiment, an example in which measures different from those in the third embodiment of the present invention are applied to the above-described problem of increased downtime at the time of failover in the first and second embodiments of the present invention. Will be described.

  Note that, in each drawing referred to in the description of the present embodiment, the same configurations and steps that operate in the same manner as in the first and second embodiments of the present invention are denoted by the same reference numerals, and the present embodiment. The detailed description in is omitted.

  First, FIG. 11 shows a configuration of a fault tolerant system 4 as a fourth embodiment of the present invention. In FIG. 11, the fault tolerant system 4 is different from the fault tolerant system 2 as the second embodiment of the present invention in that a standby system device 80 is provided instead of the standby system device 60. The standby system device 80 is different from the standby system device 60 according to the second embodiment of the present invention in that it replaces the memory area data acquisition unit 21 with a memory area data acquisition unit 81 and a failure detection unit 63. The difference is that a failure detection unit 83 is provided. The hardware configuration of the fault tolerant system 4 can be configured by hardware elements excluding the failure detection device 40 among the hardware elements of the first embodiment of the present invention shown in FIG. However, the hardware configuration of each device and each functional block constituting the fault-tolerant system 4 is not limited to the above-described configuration.

  The failure detection unit 83 detects a failure occurrence sign in the active system device 50 in addition to detection of a failure occurrence in the active system device 50. Specifically, the failure detection unit 83 may determine a failure occurrence sign and a failure occurrence for each active system device 50 based on the elapsed time from the reception of the previous confirmation information.

  For example, the failure detection unit 83 may determine that a sign of the occurrence of a failure has been detected for each active device 50 when the elapsed time since the last reception of confirmation information exceeds the first threshold. In this case, the failure detection unit 83 may determine that the failure has been detected when the elapsed time further exceeds the second threshold. However, in this case, the second threshold value is larger than the first threshold value. Further, the first threshold value is a value larger than a predetermined interval determined so that the confirmation information is transmitted.

  As a specific example, when the active device 50 is operating normally, it is assumed that the shared memory is designed to be updated every 100 milliseconds. In this case, the failure detection unit 52 of the active device 50 is configured to perform a process of checking whether or not the shared memory area of the own device has been updated every 100 milliseconds, and to transmit the confirmation information. Suppose that In addition, it is assumed that 400 milliseconds is set as the first threshold and 800 milliseconds is set as the second threshold. In this case, the failure detection unit 83 determines that a failure occurrence sign has been detected in the active device 50 that has not received confirmation information for 400 milliseconds or longer. Further, the failure detection unit 83 determines that a failure has been detected in the active system device 50 that has not received confirmation information for 400 milliseconds (total 800 milliseconds) or more.

  The memory area data acquisition unit 81 is configured to operate as follows when the failure detection unit 83 detects a failure occurrence sign. That is, in this case, the memory area data acquisition unit 81 starts acquiring the memory area data stored in the shared storage 30 for the active virtual machine 100 operating in the active apparatus 50 in which the failure occurrence sign is detected. . Hereinafter, the active virtual machine 100 operating in the active device 50 in which the failure occurrence sign is detected is also simply referred to as “the active virtual machine 100 in which the failure occurrence sign is detected”. Thereafter, when a failure occurrence is further detected for the active system device 50 in which the failure occurrence sign is detected, the memory area data acquisition unit 81 is configured to operate as follows. That is, in this case, the memory area data acquisition unit 81 continuously completes the acquisition of the memory area data of the active virtual machine 100 in which the failure occurrence is detected.

  When no failure occurrence is detected in the active system device 50 in which the failure occurrence sign is detected, the memory area data acquisition unit 81 stores the memory area data of the active virtual machine 100 in which the failure occurrence sign is detected. You can cancel the acquisition. For example, if a failure occurrence is not detected even after the elapsed time that is the above-described second threshold has elapsed since the sign of the occurrence of the failure has been detected, the memory region data acquisition unit 81 can detect Data acquisition should be stopped.

  The operation of the fault tolerant system 4 configured as described above will be described with reference to the drawings. Note that the memory area data duplication operation is the same as that of the first embodiment of the present invention described with reference to FIG.

  Here, the fault detection / failover operation of the fault tolerant system 4 is shown in FIG. Note that the standby system device 80 performs the following operation for each active system device 50.

  In FIG. 12, first, the failure detection unit 83 of the standby system device 80 checks whether or not there is a failure occurrence sign for the active system device 50 (step S51). For example, as described above, the failure detection unit 83 may determine whether or not the elapsed time since the reception of the previous confirmation information has exceeded the first threshold value.

  If it is determined that there is a failure occurrence sign, the memory area data acquisition unit 81 starts acquiring memory area data from the shared storage 30 for the active virtual machine 100 in which the failure occurrence sign is detected ( Step S52).

  Next, the failure detection unit 83 confirms whether or not a failure has occurred in the active system device 50 having a failure occurrence sign (step S53). For example, as described above, the failure detection unit 83 may determine whether or not the elapsed time since the reception of the previous confirmation information has exceeded the second threshold for the corresponding active device 50.

  If it is determined that a failure has occurred, the memory area data acquisition unit 81 continues to complete the acquisition of the memory area data of the corresponding active virtual machine 100 (step S64).

  If no failure is detected in the active system device 50, the memory area data acquisition unit 81 may stop acquiring the memory area data of the corresponding active virtual machine 100.

  Thereafter, the standby system device 60 operates in the same manner as in the first embodiment of the present invention from step S23 to S24. As a result, the standby virtual machine 200 is activated using the memory area data of the active virtual machine 100 in which the failure is detected. Then, the operation is switched from the active virtual machine 100 to the standby virtual machine 200.

  This is the end of the description of the failover operation.

  Next, effects of the fourth exemplary embodiment of the present invention will be described.

  The fault tolerant system as the fourth embodiment of the present invention reduces downtime at the time of failover in a server system constituted by virtual machines while realizing fault tolerance while reducing the cost of the standby system. be able to.

  The reason will be described. In the present embodiment, the memory area data duplication unit of each active system device duplicates the memory area data of the active virtual machine by storing it in the shared storage. Then, the failure detection unit confirms a failure sign for each active device. When a failure occurrence sign is detected, the memory area data acquisition unit of the standby device starts acquiring from the shared storage the memory area data of the active virtual machine where the failure occurrence sign is detected. It is. Further, when the occurrence of a failure is detected in the standby system apparatus in which the failure occurrence sign is detected, the acquisition of the corresponding memory area data is continuously completed. This is because the switching unit starts the standby virtual machine using the acquired memory area data, and switches the function of the active virtual machine on the failure occurrence device to be continued in the standby virtual machine.

  As described above, in this embodiment, the memory area data of each active virtual machine is duplicated in the shared storage, and the corresponding active virtual machine is started and switched when a failure occurs. As in the first embodiment, it is sufficient that there is at least one standby system device. Furthermore, this embodiment does not transfer all the memory area data of the active virtual machine on the active device in which the failure has been detected to the standby device after the failure has occurred, but displays an indication of the failure. When it is detected, the acquisition is started. In this embodiment, when a failure occurs, the acquisition of the corresponding memory area data is continuously completed. As a result, the present embodiment can reduce the downtime by reducing the amount of memory area data that needs to be transferred after a failure occurs, while reducing the cost of the standby system.

(Fifth embodiment)
Next, a fifth embodiment of the present invention will be described in detail with reference to the drawings. In this embodiment, an example in which the third and fourth embodiments of the present invention are combined will be described. In each drawing referred to in the description of the present embodiment, the same reference numerals are given to the same configurations and steps that operate in the same manner as in the third and fourth embodiments of the present invention. The detailed description in is omitted.

  First, FIG. 13 shows a configuration of a fault tolerant system 5 as a fifth embodiment of the present invention. In FIG. 13, the fault tolerant system 5 differs from the fault tolerant system 4 according to the fourth embodiment of the present invention in that a standby system device 90 is provided instead of the standby system device 80. The standby system device 90 is different from the standby system device 80 in the fourth embodiment of the present invention in that it includes a memory area data acquisition unit 91 instead of the memory area data acquisition unit 81. Note that the hardware configuration of the fault tolerant system 5 can be configured by hardware elements excluding the failure detection device 40 among the hardware elements of the first embodiment of the present invention shown in FIG. However, the hardware configuration of each device and each functional block constituting the fault-tolerant system 5 is not limited to the above-described configuration.

  The memory area data acquisition unit 91 is normally configured in the same manner as the memory area data acquisition unit 71 in the third embodiment of the present invention. That is, the memory area data acquisition unit 91 acquires a part of the memory area data of each active virtual machine 100 stored in the shared storage 30 at the normal time when the active apparatus 50 has not failed. Keep it. Then, the memory area data acquisition unit 91 writes the acquired memory area data of each active virtual machine 100 in the virtual machine memory area 202 in the memory 2002 of the own device.

  The memory area data acquisition unit 91 is configured to operate as follows when the failure detection unit 83 detects a failure occurrence sign. In this case, the memory area data acquisition unit 91 acquires, for the active virtual machine 100 in which a failure occurrence sign has been detected, the remaining data that has not been acquired in normal time among the memory area data stored in the shared storage 30. To start. Thereafter, when a failure occurrence is further detected for the active system device 50 in which the failure occurrence sign is detected, the memory area data acquisition unit 91 may continue and complete the acquisition of the memory area data.

  The operation of the fault tolerant system 5 configured as described above will be described with reference to the drawings. Note that the memory area data duplication operation of the fault tolerant system 5 is the same as that of the first embodiment of the present invention described with reference to FIG. Here, the fault detection / failover operation of the fault tolerant system 5 is shown in FIG. Note that the standby system device 90 performs the following operation for each active system device 50.

  In FIG. 14, first, the memory area data acquisition unit 91 acquires a part of the memory area data stored in the shared storage 30 for the active virtual machine 100 operating on the active system device 50 (step S41). .

  Next, the memory area data acquisition unit 91 determines whether or not a failure occurrence sign is detected in the active system device 50 (step S51).

  Here, if no sign of failure has been detected, the memory area data acquisition unit 91 repeats the operation from step S41 after a predetermined interval has elapsed.

  On the other hand, when a failure occurrence sign is detected in the active system device 50, the memory area data acquisition unit 91 operates as follows. That is, the memory area data acquisition unit 91 starts acquiring from the shared storage 30 the remaining memory area data of the active virtual machine 100 in which the failure occurrence sign has been detected, which has not been acquired in the normal time (step) S61).

  Thereafter, the standby system device 90 executes steps S53, S54, S23, and S24 in the same manner as the standby system device 80 according to the fourth embodiment of the present invention. As a result, the standby device 90 continuously completes the acquisition of the memory area data of the corresponding active virtual machine 100 when the occurrence of a failure is further detected for the active device 50 in which the failure occurrence sign is detected. . Then, the standby virtual machine 200 is activated using the memory area data of the active virtual machine 100 in which the failure is detected. Then, the operation is switched from the active virtual machine 100 to the standby virtual machine 200.

  This is the end of the description of the failover operation.

  Next, effects of the fifth exemplary embodiment of the present invention will be described.

  The fault tolerant system according to the fifth embodiment of the present invention is a server system constituted by virtual machines, further reducing the downtime during failover while realizing fault tolerance while reducing the cost of the standby system. can do.

  The reason will be described. In the present embodiment, the memory area data acquisition unit of the standby system apparatus acquires a part of the memory area data of each active system apparatus at the normal time. Then, the memory area data acquisition unit starts acquiring the remaining memory area data that has not been acquired at the normal time for the active virtual machine in which the sign has been detected, when the failure occurrence sign is detected. Then, when a failure occurrence is detected in the active system device in which the failure occurrence sign is detected, the memory area data acquisition unit continuously acquires the remaining memory area data, and the switching unit This is because the machine is started and the operation is switched.

  Thus, this embodiment can further reduce the downtime by combining the configurations for reducing the downtime in the third and fourth embodiments of the present invention.

  In the above-described fourth and fifth embodiments of the present invention, the example in which the failure detection unit detects from the failure occurrence sign to the failure occurrence in two stages of the first threshold value and the second threshold value has been described. However, the present invention is not limited to this, and the failure detection unit may detect a failure occurrence sign to a failure occurrence in three or more stages.

  In the second to fifth embodiments of the present invention described above, an example in which the failure detection unit of each active device confirms whether or not the shared memory is operating normally by confirming whether or not the shared memory has been updated. Explained. Not only this but the failure detection part in each embodiment is realizable also if various well-known techniques which detect the failure of an active system apparatus are employ | adopted.

  Further, in each of the embodiments of the present invention described above, the fault tolerant system has been described mainly with respect to an example in which one standby system device is provided for a plurality of active system devices. However, the present invention is not limited to this, and the fault tolerant system may include N (N> 1) standby devices. In this case, each embodiment can deal with a case where a failure occurs simultaneously in N active devices. Specifically, in this case, each standby device can perform failover for each of the active virtual machines on the failure generating device. When configured in this way, each embodiment can cope with failures that occur simultaneously in a plurality of active devices, and improves reliability. Even in this case, each embodiment does not require the same number of standby virtual machines as the active virtual machines, and can operate a smaller number of standby virtual machines than the active virtual machines. I just need it. Therefore, even in this case, each embodiment can reduce the cost for the standby system.

  Further, in each of the above-described embodiments of the present invention, the active system apparatus and the standby system apparatus have been described focusing on an example in which one virtual machine is operated. However, the present invention is not limited to this, and each embodiment may include an active device or a standby device capable of operating a plurality of virtual machines. Even in such a case, each embodiment does not require the same number of standby virtual machines as the active virtual machines, and can operate a smaller number of standby virtual machines than the active virtual machines. I just need it. Therefore, even in this case, each embodiment can reduce the cost for the standby system.

  In each embodiment of the present invention described above, the local data of the active system is stored in the shared storage, and the local data used by the active virtual machine on the shared storage is used by the standby virtual machine at the time of failover. It was explained as taking over. Not limited to this, the local data of each active virtual machine only needs to be stored in a location that can be taken over by the standby virtual machine. For example, the standby apparatus may have a storage with a capacity capable of storing all local data used by each active virtual machine. In this case, the storage of the standby device may function as a distributed storage system such as drdb (Distributed Replicated Block Device). Thereby, the active virtual machine can store the local data in the storage of the standby system device. In this case, at the time of failover, the standby virtual machine may take over the local data of the corresponding active virtual machine in the storage of the standby apparatus on which it operates.

  In each of the above-described embodiments of the present invention, the standby system device may operate as the active system device of the present invention after failover is performed due to the occurrence of a failure in the active system device. In this case, the active system device recovered from the failure may operate as the standby system device of the present invention. In such a case, the active system apparatus of each embodiment should just have the functional block of a standby system apparatus. Moreover, the standby system apparatus of each embodiment should just have the functional block of an active system apparatus. In this case, information indicating which of the devices included in the fault-tolerant system is the standby device may be stored on the shared storage.

  In each of the above-described embodiments of the present invention, each functional block of each device constituting the fault-tolerant system is mainly implemented by a CPU that executes a computer program stored in a storage device or ROM. explained. However, the present invention is not limited to this, and some, all, or a combination of each functional block may be realized by dedicated hardware.

  In the above-described embodiments of the present invention, the operations of the respective devices described with reference to the respective flowcharts may be stored in a computer storage device (storage medium) as the computer program of the present invention. . Then, the computer program may be read and executed by the CPU. In such a case, the present invention is constituted by the code of the computer program or a storage medium.

  Moreover, each embodiment mentioned above can be implemented in combination as appropriate.

  The present invention is not limited to the above-described embodiments, and can be implemented in various modes.

1, 2, 3, 4, 5 Fault tolerant system 10, 50 Active system 11 Memory area data duplication unit 20, 60, 70, 80, 90 Standby system 21, 71, 81, 91 Memory area data acquisition unit 22 Switching Unit 30 Shared storage 40 Failure detection device 41 Failure detection unit 52, 63, 83 Failure detection unit 100 Active virtual machine 200 Standby virtual machine 101, 201 Hypervisor 102, 202 Virtual machine memory area 1001, 2001, 4001 CPU
1002, 2002, 4002 Memory 1003, 2003, 4003 Local storage 1004, 2004, 4004 Network interface

Claims (7)

Shared storage shared by active and standby devices,
A memory area data duplication unit for transferring and duplicating the contents (memory area data) of a virtual machine memory area of an active virtual machine operating on the active system apparatus from the active system apparatus to the shared storage;
A failure detection unit for detecting occurrence of a failure in the active device;
A memory area data acquisition unit that transfers memory area data of an active virtual machine that operates in the active apparatus in which the failure occurrence is detected, from the shared storage to the standby apparatus;
When a failure occurrence is detected by the failure detection unit, a standby virtual machine is operated in the standby system device using the memory area data acquired by the memory area data acquisition unit, and the occurrence of the failure is detected. A switching unit that switches the function of the active virtual machine that operates in the active system to continue in the standby virtual machine;
Equipped with a,
The memory area data acquisition unit transfers a part of the memory area data of the active virtual machine stored in the shared storage to the standby system device at a normal time when a failure occurrence is not detected by the failure detection unit. In addition, when a failure occurrence is detected by the failure detection unit, the remaining memory area data of the active virtual machine operating in the detected active device is transferred from the shared storage to the standby device. Features a fault tolerant system. In addition to detecting the occurrence of failure in the active device, the failure detection unit detects a failure occurrence sign in the active device,
When the failure detection unit detects the failure occurrence, the memory area data acquisition unit stores the memory area data stored in the shared storage for the active virtual machine operating in the detected active device. The transfer to the standby system apparatus is started, and thereafter, when the occurrence of a failure is detected for the active system apparatus in which the failure occurrence sign is detected, the transfer of the memory area data is continuously completed. The fault tolerant system according to claim 1 . 3. The fault tolerant system according to claim 1 or 2 , wherein the active device having the memory area data duplication unit. The fault tolerant system according to claim 1 or 2 , wherein the standby system device includes the memory area data acquisition unit and the switching unit. Using shared storage shared by active and standby devices,
The contents (memory area data) of the virtual machine memory area of the active virtual machine operating on the active system device are transferred from the active system device to the shared storage and duplicated,
When the occurrence of a failure of the active device is detected,
Transfer the memory area data of the active virtual machine that operates in the active device that detected the occurrence of the failure from the shared storage to the standby device,
In the standby system device, operate the standby virtual machine using the memory area data transferred from the shared storage,
Switch to continue the function of the active virtual machine that operates in the active device that detected the failure occurrence in the standby virtual machine ,
During normal times when failure of the active device is not detected, a part of the memory area data of the active virtual machine stored in the shared storage is transferred to the standby device,
When the occurrence of a failure in the active device is detected, the remaining memory area data of the active virtual machine operating in the detected active device is transferred from the shared storage to the standby device. Failover method. Standby device
Using shared storage in which the contents of the virtual machine memory area (memory area data) of the active virtual machine running on the active system are duplicated,
When a failure occurrence of the active device is detected,
Obtaining memory area data of the active virtual machine operating in the active device in which the failure occurrence is detected from the shared storage;
Operate the standby virtual machine using the memory area data acquired from the shared storage,
Switching so that the function of the active virtual machine operating in the active system in which the failure occurrence is detected is continued in the standby virtual machine ,
During normal time when the occurrence of a failure of the active device is not detected, a part of the memory area data of the active virtual machine stored in the shared storage is transferred to the standby device,
When the occurrence of a failure in the active device is detected, the remaining memory area data of the active virtual machine operating in the active device in which the failure is detected is acquired from the shared storage.
A failover method characterized by that . Using shared storage in which the contents of the virtual machine memory area (memory area data) of the active virtual machine running on the active system are duplicated,
When a failure occurrence of the active device is detected, a memory region data acquisition step of acquiring memory region data of an active virtual machine operating in the active device where the failure occurrence is detected from the shared storage;
A standby virtual machine operation step of operating a standby virtual machine using the memory area data acquired in the memory area data acquisition step;
A switching step for switching the function of the active virtual machine operating in the active system in which the failure occurrence is detected to continue in the standby virtual machine;
A transfer step of transferring a part of the memory region data of the active virtual machine stored in the shared storage to the standby device at a normal time when the occurrence of a failure of the active device is not detected;
An acquisition step of acquiring, from the shared storage, the remaining memory area data of the active virtual machine operating in the active device in which the occurrence of the failure is detected when the occurrence of a failure in the active device is detected; Failover program that causes the standby system device to execute

Images