JP7401776B2 - Control method, control program and information processing device - Google Patents

Description

The present invention relates to a control method, a control program, and an information processing device.

In the field of information processing, virtualization technology is used to run multiple virtual computers (sometimes called virtual machines or virtual hosts) on a physical computer (sometimes called physical machines or physical hosts). It's being used. Software such as an OS (Operating System) can be executed on each virtual machine. Furthermore, a relatively large number of virtual machines can be executed in an information processing system.

By the way, in an information processing system, an information processing apparatus such as a server computer may receive requests for predetermined processing or collect information from a plurality of client computers.

For example, there have been proposals for automatic communication devices that download information such as newspaper articles from a host computer. The proposed automatic communication device uses the user's personal information or a number unique to the device to determine the date and time to start communication with the host computer via the network line based on the set collection date and time.

There is also a proposal for a computer that determines the timing of a download request to a content server using random numbers within a time range selected by the user, and transmits download request information to the content server in accordance with the determined download request timing.

Japanese Patent Application Publication No. 2001-75909 Japanese Patent Application Publication No. 2003-208376

An information processing device may receive information from multiple virtual machines. In this case, if information transmission by a plurality of virtual machines is concentrated within a relatively short period of time, the load on the information processing device that receives the information increases.

In one aspect, the present invention aims to provide a control method, a control program, and an information processing device that can reduce load concentration.

In one aspect, a method for controlling a virtual machine is provided that is executed in a system including a first information processing apparatus and one or more second information processing apparatuses that operate a plurality of virtual machines. In this control method, when the first information processing device or each of the plurality of virtual machines acquires specific information that identifies the virtual machine, the first information processing device or each of the plurality of virtual machines calculates a function value of a hash function using the specific information as input, and Each of the virtual machines transmits information to the first information processing device at a timing based on a function value corresponding to its own virtual machine.

Also, in one aspect, a control program is provided.
Further, in one aspect, an information processing device is provided.

One aspect is that load concentration can be reduced.

FIG. 3 is a diagram illustrating an example of processing of the information processing apparatus according to the first embodiment. FIG. 3 is a diagram illustrating an example of an information processing system according to a second embodiment. It is a diagram showing an example of hardware of a management server. FIG. 3 is a diagram illustrating an example of a virtualization mechanism. FIG. 3 is a diagram illustrating an example of information used to identify a VM. It is a figure showing an example of data acquisition by a management server. FIG. 3 is a diagram illustrating a functional example of a management server. FIG. 3 is a diagram illustrating a functional example of a VM. FIG. 3 is a diagram showing an example of an access authority management table. FIG. 3 is a diagram showing an example of request time data. 3 is a flowchart illustrating an example of VM processing. 12 is a flowchart illustrating an example of processing of request time provision by the management server. 12 is a flowchart illustrating an example of processing for updating access authority of the management server. FIG. 3 is a diagram illustrating an example of VM-specific information and hash values. FIG. 3 is a diagram illustrating an example of converting a hash value into time. FIG. 3 is a diagram illustrating an example of request distribution. FIG. 7 is a diagram illustrating a functional example of a management server according to a third embodiment. FIG. 3 is a diagram illustrating a functional example of a VM. 3 is a flowchart illustrating an example of VM processing.

The present embodiment will be described below with reference to the drawings.
[First embodiment]
A first embodiment will be described.

FIG. 1 is a diagram illustrating a processing example of the information processing apparatus according to the first embodiment.
System 1 includes information processing devices 10 and 20. Information processing devices 10 and 20 are connected via a network. The information processing device 10 receives information from a plurality of virtual machines operating in the system 1. The information processing device 20 executes multiple virtual machines. The system 1 may include a plurality of information processing devices each operating one or more virtual machines.

The information processing device 10 includes a storage section 11 and a processing section 12. The information processing device 20 includes a storage section 21 and a processing section 22.
The storage units 11 and 21 may be volatile storage devices such as RAM (Random Access Memory), or non-volatile storage devices such as HDD (Hard Disk Drive) or flash memory. The processing units 12 and 22 may include a CPU (Central Processing Unit), a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), and the like. The processing unit 12 may be a processor that executes a program. The term "processor" here may also include a set of multiple processors (multiprocessor).

For example, in the information processing device 20, the processing unit 22 executes software called a hypervisor, and the functions of the hypervisor allocate resources of the storage unit 21 and the processing unit 22 to virtual machines on the information processing device 20. The information processing device 20 executes virtual machines 31, 32, 33, . . . .

In the system 1, each of the virtual machines 31, 32, 33, . . . may transmit predetermined information, such as a request for a specific process, to the information processing device 10. In the system 1, the timing of information transmission from each of the virtual machines 31, 32, 33, . . . to the information processing device 10 is controlled as follows.

First, each of the virtual machines 31, 32, 33, ... receives a message from its own virtual machine from a control device (not shown in FIG. Obtain specific information that identifies a machine. The specific information is information that uniquely identifies a virtual machine within the system 1. An example of the specific information depends on the virtual machine management method in the management device. For example, the specific information may be a virtual machine ID (IDentifier) uniquely given to each virtual machine. Alternatively, if the virtual machines 31, 32, 33, etc. are provided by a cloud service system, the specific information may include the contract ID indicating the contract for use of the cloud service and the name given to the virtual machine by the user. It may also be combination information that includes.

For example, the virtual machine 31 acquires specific information k1 that specifies the virtual machine 31. The virtual machine 32 acquires specific information k2 that specifies the virtual machine 32. The virtual machine 33 acquires specific information k3 that specifies the virtual machine 33. Other virtual machines also acquire specific information that identifies their own virtual machines. The acquired specific information is stored in the storage unit 21.

In the first example, when the virtual machines 31, 32, 33,... acquire specific information k1, k2, k3,..., respectively, they transmit the acquired specific information k1, k2, k3,... to the information processing device 10. do. In this case, acquisition of specific information by each of the virtual machines 31, 32, 33, . . . and transmission of specific information to the information processing device 10 is executed when the corresponding virtual machine is created and started. Since the timings at which the virtual machines 31, 32, 33, ... are created and started are often different from each other, the specific information k1, k2, k3, ... is transmitted to the information processing device 10 at different timings. There is a high possibility that the

The information processing device 10 acquires specific information that specifies the virtual machines from each of the virtual machines 31, 32, 33, . . . . The acquired specific information is stored in the storage unit 11. Upon acquiring the specific information, the information processing device 10 calculates a function value of a hash function using the specific information as input.

Here, the variable is x, and the hash function is expressed as hash(x). For the hash function hash(x), for example, SHA-256 (Secure Hash Algorithm 256-bits) or MD5 (message digest algorithm 5) can be used. The function value of a hash function is sometimes called a hash value.

For example, upon acquiring the specific information k1 from the virtual machine 31, the processing unit 12 calculates a function value hash(k1) of a hash function using the specific information k1 as input. Furthermore, the processing unit 12 uses the function f (hash (x)) that converts the function value hash (x) into a time, and calculates the time time1=f (hash (k1)) corresponding to the function value hash (k1). demand. The processing unit 12 transmits the obtained time time1 to the virtual machine 31.

Here, the function f(hash(x)) is a function that associates the function value hash(x) with any time included in the specific period. For example, the function f (hash (x)) may uniquely associate one function value hash ( x) may be associated with one time included in the specific period. For example, MD5 has a 128-bit function value, and SHA-256 has a 256-bit function value. Therefore, even if the number of virtual machines is relatively large (for example, about 10,000) and the length of the specific period is relatively short (for example, about one week), two or more pieces of specific information , it is unlikely that the times determined by the function f(hash(x)) will collide.

The processing unit 12 provides time time2=f(hash(k2)) to the virtual machine 32. The processing unit 12 provides time time3=f(hash(k3)) to the virtual machine 33. The processing unit 12 also provides other virtual machines with the time corresponding to the function value of the hash function that inputs the specific information of the other virtual machines.

In this way, in the first example, the processing unit 12 sets the timing for transmitting information from the virtual machine to the information processing device 10 for each of the plurality of virtual machines based on the function value corresponding to each of the plurality of virtual machines. give instructions to

As a second example, instead of the information processing device 10, each of the virtual machines 31, 32, 33, . You may also ask for Note that the processing executed by each of the virtual machines 31, 32, 33, . . . can be said to be processing executed by the processing unit 22.

For example, the virtual machine 31 may calculate time time1=f(hash(k1)) based on the acquired specific information k1. Further, the virtual machine 32 may obtain time time2=f(hash(k2)) based on the acquired specific information k2. Furthermore, the virtual machine 33 may obtain time time3=f(hash(k3)) based on the acquired specific information k3. The same applies to other virtual machines. In the case of the second example, the virtual machines 31, 32, 33, . . . do not need to transmit specific information to the information processing device 10.

Each of the virtual machines 31, 32, 33, . . . transmits information to the information processing device 10 at a timing based on the function value of the hash function corresponding to the virtual machine.
For example, when the virtual machine 31 detects that the time time1 has been reached, the virtual machine 31 transmits information to the information processing device 10. When the virtual machine 32 detects that time 2 has been reached, it transmits information to the information processing device 10. When the virtual machine 33 detects that time 3 has been reached, it transmits information to the information processing device 10.

In this way, when the information processing device 10 or the virtual machines 31, 32, 33, ... acquires the specific information that identifies the virtual machine, the function value of the hash function using the specific information as input is calculated. . The virtual machines 31, 32, 33, . . . transmit information to the information processing apparatus 10 at timings based on the function values corresponding to the virtual machines.

Thereby, load concentration on the information processing device 10 can be reduced.
That is, by using the hash function hash(x), it is possible to obtain sufficiently distributed hash values for the specific information x of the virtual machine. Therefore, by transmitting information from each of the virtual machines 31, 32, 33, ... to the information processing apparatus 10 at a timing based on the hash value, the transmission timing by each of the virtual machines 31, 32, 33, ... is adjusted. Can be properly dispersed. For example, times time 1, time 2, time 3, . . . indicating transmission timings by the virtual machines 31, 32, 33, . . . can be appropriately distributed. Therefore, the possibility that a large amount of information will be intensively transmitted from the virtual machines 31, 32, 33, . . . to the information processing apparatus 10 in a relatively short period of time is reduced. As a result, load concentration on the information processing device 10 can be reduced.

[Second embodiment]
Next, a second embodiment will be described.
FIG. 2 is a diagram illustrating an example of an information processing system according to the second embodiment.

The information processing system of the second embodiment includes cloud service systems 2 and 3, cloud storage 4, and management server 100. Cloud service systems 2 and 3, cloud storage 4, and management server 100 are connected to network 5. The network 5 is, for example, the Internet.

The cloud service systems 2 and 3 are computer systems that provide cloud services to users. Cloud service system 2 includes physical machines 200 and 200a. The cloud service system 3 includes physical machines 300 and 300a. However, each of the cloud service systems 2 and 3 may include three or more physical machines. Examples of cloud services include Azure (registered trademark) and AWS (registered trademark).

The physical machines 200 and 300 are server computers that execute multiple virtual machines.
The physical machines 200a and 300a are server computers that control creation and startup/stop of virtual machines for the physical machines 200 and 300, respectively.

The cloud storage 4 is a storage device that can be accessed by a plurality of virtual machines operating in the cloud service systems 2 and 3 and the management server 100.
Business operators (vendors) that provide the cloud service systems 2 and 3 and the cloud storage 4 may be the same or different. A user can build various applications by linking multiple virtual machines provided by the cloud service systems 2 and 3. In this way, a user's application construction or operation environment that uses multiple cloud service systems is sometimes called a multi-cloud.

The management server 100 is a server computer that manages a plurality of virtual machines operating in the cloud service systems 2 and 3. The management server 100 manages the operating status of each of the plurality of virtual machines and manages the access authority to the cloud storage 4 by each of the plurality of virtual machines. The business that provides the management server 100 may be the same as or different from the business that provides the cloud service systems 2 and 3 and the cloud storage 4.

Here, the information processing system of the second embodiment is an example of the system 1 of the first embodiment. The management server 100 is an example of the information processing device 10 of the first embodiment. The physical machines 200 and 300 are examples of the information processing device 20 of the first embodiment.

FIG. 3 is a diagram showing an example of the hardware of the management server.
The management server 100 includes a CPU 101 , a RAM 102 , an HDD 103 , an image signal processing section 104 , an input signal processing section 105 , a medium reader 106 , and an NIC (Network Interface Card) 107 . Note that the CPU 101 is an example of the processing unit 12 of the first embodiment. The RAM 102 or the HDD 103 is an example of the storage unit 11 of the first embodiment.

The CPU 101 is a processor that executes program instructions. The CPU 101 loads at least part of the program and data stored in the HDD 103 into the RAM 102, and executes the program. Note that the CPU 101 may include multiple processor cores. Furthermore, the management server 100 may include multiple processors. The processing described below may be performed in parallel using multiple processors or processor cores. Furthermore, a set of multiple processors is sometimes referred to as a "multiprocessor" or simply "processor."

The RAM 102 is a volatile semiconductor memory that temporarily stores programs executed by the CPU 101 and data used for calculations by the CPU 101. Note that the management server 100 may include a type of memory other than RAM, or may include a plurality of memories.

The HDD 103 is a nonvolatile storage device that stores software programs such as an OS, middleware, and application software, and data. Note that the management server 100 may include other types of storage devices such as flash memory and SSD (Solid State Drive), or may include a plurality of nonvolatile storage devices.

The image signal processing unit 104 outputs an image to the display 51 connected to the management server 100 according to instructions from the CPU 101. As the display 51, any type of display can be used, such as a CRT (Cathode Ray Tube) display, a Liquid Crystal Display (LCD), a plasma display, or an Organic Electro-Luminescence (OEL) display.

The input signal processing unit 105 acquires an input signal from the input device 52 connected to the management server 100 and outputs it to the CPU 101. As the input device 52, a pointing device such as a mouse, a touch panel, a touch pad, a trackball, a keyboard, a remote controller, a button switch, etc. can be used. Furthermore, multiple types of input devices may be connected to the management server 100.

The medium reader 106 is a reading device that reads programs and data recorded on the recording medium 53. As the recording medium 53, for example, a magnetic disk, an optical disk, a magneto-optical disk (MO), a semiconductor memory, etc. can be used. Magnetic disks include flexible disks (FDs) and HDDs. Optical discs include CDs (Compact Discs) and DVDs (Digital Versatile Discs).

For example, the media reader 106 copies programs and data read from the recording medium 53 to other recording media such as the RAM 102 and the HDD 103. The read program is executed by the CPU 101, for example. Note that the recording medium 53 may be a portable recording medium, and may be used for distributing programs and data. Further, the recording medium 53 and the HDD 103 are sometimes referred to as computer-readable recording media.

The NIC 107 is an interface that is connected to the network 5 via a communication device such as a switch or router, and communicates with other computers via the network 5. The NIC 107 is connected to a communication device such as a switch or a router by a cable, for example.

Note that the physical machines 200, 200a, 300, and 300a are also realized by the same hardware as the management server 100.
FIG. 4 is a diagram illustrating an example of a virtualization mechanism.

The physical machine 200 has hardware hw1. The physical machine 200 uses the hardware hw1 to operate the hypervisor hv1 and the virtual machines 201 and 202. On the physical machine 200, one virtual machine may operate, or three or more virtual machines may operate on the physical machine 200.

The hardware hw1 is a physical resource for data input/output and calculation in the physical machine 200. The hardware hw1 includes a CPU, RAM, etc. that the physical machine 200 is equipped with.

The hypervisor hv1 operates the virtual machines 201 and 202 on the physical machine 200 by allocating the hardware hw1 of the physical machine 200 to the virtual machines 201 and 202. The hypervisor hv1 has the function of a virtual switch that relays communication between the virtual machines 201 and 202.

The virtual machines 201 and 202 are virtual computers that operate using the resources of the hardware hw1.
Note that, like the physical machine 200, the physical machine 300 also executes one or more virtual machines.

Further, the virtualization mechanism illustrated in FIG. 4 is just an example, and for example, software corresponding to the hypervisor hv1 may be executed on the OS of the physical machine 200 to operate the virtual machines 201 and 202. In the following description, a virtual machine may be abbreviated as VM (Virtual Machine).

FIG. 5 is a diagram illustrating an example of information used to identify a VM.
For example, in the cloud service systems 2 and 3, VMs are identified by the following information in units of usage contracts by users.

One contract unit is called a subscription. A subscription is identified by a subscription ID. The subscription ID is globally unique.
One or more resource groups belong to a subscription. A resource group is a collection of resources that can be used with a corresponding subscription. Resources may include computing resources such as CPU and RAM, communication resources such as switches, storage resources such as HDD and SSD, and VM.

A resource group name is assigned to a resource group by a user. Resource group names are unique within a subscription. Further, a resource is identified by a resource ID. The resource ID is globally unique.

A virtual machine name (VM name) is assigned to a VM by a user. VM names are unique within a resource group.
Further, a VM is identified by a virtual machine ID (vmID). vmID is globally unique.

In this way, a resource ID and a vmID are assigned to a VM as globally unique identification information.
Note that depending on the cloud service, a VM may be identified using globally unique identification information called an instance ID.

For example, a globally unique subscription ID, resource ID, and vmID (or instance ID) are given by the physical machines 200a and 300a that manage VMs.

In the example of FIG. 5, subscriptions 60 and 70 are illustrated. The subscription ID of the subscription 60 is "ss1". The subscription ID of the subscription 70 is "ss2". Here, the VMs 203 to 208 operate in the cloud service system 2 similarly to the VMs 201 and 202.

Subscription 60 has resource groups 61 and 62. The resource group name of the resource group 61 is "rg1". The resource group name of the resource group 62 is "rg2".

Resource group 61 includes VMs 201 and 202. The VM name of the VM 201 is "vm1". The VM name of the VM 202 is "vm2".
The resource group 62 includes VMs 203 and 204. The VM name of the VM 203 is "vm1". The VM name of the VM 204 is "vm3".

Subscription 70 has resource groups 71 and 72. The resource group name of the resource group 71 is "rg1". The resource group name of the resource group 72 is "rg3".

Resource group 71 has VMs 205 and 206. The VM name of the VM 205 is "vm1". The VM name of the VM 206 is "vm2".
The resource group 72 includes VMs 207 and 208. The VM name of the VM 207 is "vm1". The VM name of the VM 208 is "vm3".

In this way, each VM is identified by a globally unique vmID and resource ID, as well as globally unique identification information such as a subscription ID, and locally unique identification information such as within a subscription or resource group. It may also be identified in combination with a given name.

For example, the VM 201 is globally uniquely identified by the combination of the subscription ID "ss1", the resource group name "rg1", and the VM name "vm1".
Similarly, for example, the VM 205 is globally uniquely identified by the combination of the subscription ID "ss2", the resource group name "rg1", and the VM name "vm1".

As described above, the identification information that globally uniquely identifies each VM is referred to as "VM-specific information." The VM specific information is an example of specific information in the first embodiment.
FIG. 6 is a diagram showing an example of data acquisition by the management server.

Predetermined software is installed in the VMs 201, 202, . . . by a service provided by the management server 100. The management server 100 acquires VM information regarding the VMs 201, 202, . . . and software information regarding software installed on the VMs 201, 202, .

Here, the VMs 201, 202, ... do not directly transmit VM information and software information to the management server 100, but notify the management server 100 of the VM information and software information via the cloud storage 4. That is, the VMs 201, 202, . . . store their own VM information and software information in the cloud storage 4 at predetermined timing. The management server 100 then refers to VM information and software information for each VM stored in the cloud storage 4. This allows the management server 100 to acquire VM information and software information at a timing convenient for the management server 100.

However, in order to store information from each of the VMs 201, 202, . . . in the cloud storage 4, the VMs 201, 202, . For example, when the cloud storage 4 is provided by the above-mentioned Azure, the access authority is granted by a shared access signature.

Since the access authority to the cloud storage 4 has an expiration date, it is necessary to update the access authority periodically. The management server 100 manages access authority for each of the VMs 201, 202, . . . and updates the access authority in response to an access authority update request received from each of the VMs 201, 202, .

In this case, if the VMs 201, 202, etc. make access authority update requests to the management server 100 in a concentrated manner at specific timings such as Sunday 0:00:00, the load on the management server 100 increases. do. Therefore, the management server 100 provides a function to control the VMs 201, 202, . . . to request access authority updates in a distributed manner at different timings.

FIG. 7 is a diagram showing an example of the functions of the management server.
The management server 100 includes a storage section 110, a VM-specific information reception section 120, a hash value calculation section 130, a conversion section 140, a time transmission section 150, an authority update request reception section 160, and an authority management section 170.

For the storage unit 110, a storage area of the RAM 102 or the HDD 103 is used. The VM-specific information receiving unit 120, the hash value calculating unit 130, the converting unit 140, the time transmitting unit 150, the authority update request receiving unit 160, and the authority managing unit 170 are realized by executing a program stored in the RAM 102 by the CPU 101. be done.

The storage unit 110 stores an access authority management table. The access authority management table is a table for managing access authority to the cloud storage 4 of VMs operating in each of the cloud service systems 2 and 3.

The VM-specific information receiving unit 120 receives VM-specific information from each VM, and outputs the VM-specific information to the hash value calculating unit 130. The VM-specific information receiving unit 120 may store the received VM-specific information in the storage unit 110 (the relationship line between the VM-specific information receiving unit 120 and the storage unit 110 is omitted in FIG. 7). For example, the VM-specific information may be used to manage access privileges for each VM in an access privilege management table.

The hash value calculation unit 130 calculates a function value of a hash function using the VM-specific information as input. The function value of a hash function is called a hash value. For example, SHA-256 or MD5 is used as the hash function. However, the hash function may be a function that calculates a hash value using another algorithm. A hash function that obtains a hash value using an algorithm such as SHA-256 or MD5 is sometimes called a one-way hash function.

The conversion unit 140 converts the hash value calculated by the hash value calculation unit 130 into time. For example, the expiration date of each VM's access authority to the cloud storage 4 is one week. In this case, the conversion unit 140 takes one week from Sunday 0:00:00 a.m. to Saturday 23:59:59 p.m. as a unit period. The conversion unit 140 assigns the hash value to any time in the unit period to find the time corresponding to the hash value. As the time, for example, Universal Time Coordinated (UTC) is used. The time determined by the conversion unit 140 is the time at which the corresponding VM is requested to update the access authority. The time at which the VM is requested to update the access authority is referred to as the "request time."

The time transmitter 150 transmits the requested time obtained by the converter 140 to the corresponding VM.
The authority update request receiving unit 160 receives an access authority update request from the VM, and outputs the update request to the authority management unit 170.

Upon receiving the access authority update request, the authority management unit 170 updates the access authority of the corresponding VM recorded in the access authority management table. For example, the authority management unit 170 extends the validity period of the existing access authority for the corresponding VM by one week. The authority management unit 170 responds to the corresponding VM with the completion of updating the access authority. The update completion response includes authority information such as the updated authority validity period, the access destination in the cloud storage 4, and authentication information in the cloud storage 4.

FIG. 8 is a diagram showing an example of the functions of the VM.
The VM 201 includes a storage unit 210, a VM-specific information acquisition unit 220, a VM-specific information transmission unit 230, a time reception unit 240, an authority update request unit 250, and a storage access processing unit 260.

For the storage unit 210, a storage area such as a RAM or an HDD provided in the physical machine 200 is used. The VM-specific information acquisition unit 220, the VM-specific information transmission unit 230, the time reception unit 240, the authority update request unit 250, and the storage access processing unit 260 allow the CPU of the physical machine 200 to execute programs stored in the RAM of the physical machine 200. This is achieved by executing.

The VM-specific information acquisition unit 220 acquires VM-specific information corresponding to the VM 201 from the physical machine 200a, and outputs the VM-specific information to the VM-specific information transmission unit 230. The VM-specific information acquisition unit 220 acquires VM-specific information from the physical machine 200a using an API (Application Programming Interface) for acquiring VM-specific information when the VM 201 is created and started on the physical machine 200. The VM-specific information acquisition unit 220 may store the acquired VM-specific information in the storage unit 210 so that it can be reused, for example, at the time of the next authority update.

When the VM-specific information transmission unit 230 acquires the VM-specific information from the VM-specific information acquisition unit 220, the VM-specific information transmission unit 230 transmits the VM-specific information to the management server 100 using the VM-specific information transmission API. The timing at which the VM-specific information is acquired for each VM is the timing at which the VM is created and started on the physical machine, as described above. Creation and activation of each VM by the physical machine 200a is performed at different timings for each VM. Therefore, the timing at which the VM-specific information is transmitted from each VM to the management server 100 is likely to be different for each VM.

The time receiving unit 240 receives the requested time from the management server 100 and stores the received requested time in the storage unit 210. When the time receiving unit 240 receives a new requested time, it may notify the authority update requesting unit 250 of this fact.

The authority update requesting unit 250 monitors whether the current time has reached the requested time stored in the storage unit 210. When the current time reaches the requested time, the authority update requesting unit 250 transmits a request to update the access authority for the cloud storage 4 to the management server 100. The authority update request unit 250 receives a response from the management server 100 indicating that the access authority has been updated. The response includes authority information for accessing the cloud storage 4. Then, the authority update requesting unit 250 notifies the storage access processing unit 260 of the authority information for accessing the cloud storage 4.

Further, if the current time has not reached the requested time, the authority update requesting unit 250 waits without transmitting an update request until the current time reaches the requested time.
The storage access processing unit 260 uses the authority information acquired from the authority update requesting unit 250 to access the cloud storage 4 and writes VM information and software information.

Note that other VMs operating in the cloud service systems 2 and 3 also have the same functions as the VM 201.
FIG. 9 is a diagram showing an example of an access authority management table.

The access authority management table 111 is stored in the storage unit 110. The access authority management table 111 includes items such as vmID, access destination, and authority validity period.
vmID is registered in the vmID item. In the access destination field, addresses indicating directories that are allowed to be accessed in the cloud storage 4 are registered. The validity period of the access authority is registered in the authority validity period item.

For example, in the access authority management table 111, a record of vmID "vmID1", access destination "cs1", and authority validity period "20200501_12:00:00 to 20200508_11:59:59" is registered. This record shows that the VM with vmID "vmID1" is stored in the directory indicated by the address "cs1" of cloud storage 4 from 12:00:00 on May 1, 2020 to 11:59:59 on May 8, 2020. Indicates that access is permitted for a period of seconds. Here, it is assumed that the vmID "vmID1" is the vmID of the VM 201.

Access authority records for other VMs are similarly registered in the access authority management table 111.
Note that in the example of FIG. 9, the authority validity period is managed by associating it with the vmID, but the management server 100 manages the authority validity period by associating it with VM-specific information other than the vmID that is notified from each virtual machine. You can also manage the period.

FIG. 10 is a diagram showing an example of request time data.
Request time data 211 is stored in storage unit 210. A request time is registered in the request time data 211. For example, in the request time data 211, request time “20200508_12:00:00” is registered. Based on the request time data 211, the VM 201 transmits a request to update the access authority for the cloud storage 4 to the management server 100 at 12:00:00 on May 8, 2020.

Note that the access authority update request from the VM 201 to the management server 100 may be made after the validity period of the access authority managed by the management server 100 has expired, or may be made before the validity period expires. good. If a request to update the access authority is made before the validity period expires, the management server 100 extends the validity period of the access authority of the VM 201 for a predetermined period (one week in this example).

Next, the processing procedure of the second embodiment will be explained.
Although the VM 201 will be mainly explained below as an example, the procedure for other VMs operating in the cloud service systems 2 and 3 is similar to that for the VM 201.

FIG. 11 is a flowchart showing an example of VM processing.
(S10) The VM-specific information acquisition unit 220 acquires VM-specific information of the VM 201 from the cloud service. For example, the VM-specific information acquisition unit 220 can acquire VM-specific information from the physical machine 200a that manages the cloud service.

(S11) The VM-specific information transmitting unit 230 transmits VM-specific information to the management server 100.
(S12) The time receiving unit 240 receives the requested time from the management server 100, and stores the requested time data 211 indicating the received requested time in the storage unit 210.

(S13) When the current time reaches the request time indicated by the request time data 211 stored in the storage unit 210, the authority update request unit 250 transmits a request to update the access authority for the cloud storage 4 to the management server 100.

(S14) The authority update request unit 250 receives an access authority update completion response from the management server 100. For example, the update completion response may include authority information used to access the cloud storage 4. Then, the processing of the VM 201 ends.

Note that the storage access processing unit 260 accesses the cloud storage 4 using the authority information acquired by the authority update requesting unit 250 from the management server 100, and writes VM information and software information. Writing of VM information and software information to the cloud storage 4 by the storage access processing unit 260 may be performed immediately after step S14, or may be performed at any other timing within the validity period of the updated access authority. good.

Further, for example, if the validity period of the access authority is one week, the VM 201 may send an access authority update request to the management server 100 every week from the previous request time indicated by the request time data 211. . Alternatively, the VM 201 may send the VM-specific information acquired from the cloud service to the management server 100 again, for example, at the beginning of the next week or when the VM 201 is started after the expiration of the authority validity period, and update the information from the management server 100. You may also obtain the requested time.

Next, the procedure for providing the requested time by the management server 100 will be explained.
FIG. 12 is a flowchart illustrating an example of processing of request time provision by the management server.
(S20) The VM-specific information receiving unit 120 receives VM-specific information from the VM 201.

(S21) The hash value calculation unit 130 calculates a hash value from the VM-specific information. That is, the hash value calculation unit 130 calculates a hash value for the VM-specific information by inputting the VM-specific information into a hash function.

(S22) The conversion unit 140 converts the hash value into a time. For example, the conversion unit 140 converts the hash value into any time that belongs to the time range from 0:00:00 on Sunday of the following week to 23:59:59 on Saturday of the following week. For example, UTC is used as the time.

(S23) The time transmitting unit 150 transmits the obtained time to the VM 201 as the requested time. Then, the process of providing the requested time ends.
FIG. 13 is a flowchart illustrating an example of processing for updating access authority of the management server.

(S30) The authority update request receiving unit 160 receives an access authority update request from the VM 201.
(S31) The authority management unit 170 updates the access authority of the VM 201 to the cloud storage 4 based on the received update request. For example, the authority management unit 170 may extend the authority validity period of the VM 201 in the access authority management table 111 by one week from the current time, or by one week from the expiration of the current authority validity period.

(S32) The authority management unit 170 transmits an access authority update completion response to the VM 201. The update completion response may include authority information such as the updated authority validity period, the access destination in the cloud storage 4, and authentication information in the cloud storage 4. Then, the access authority update process ends.

FIG. 14 is a diagram illustrating an example of VM-specific information and hash values.
For example, when the VM 201 is created and started on the physical machine 200, the VM 201 acquires the VM specific information 81 of the VM 201 from the physical machine 200a.

For example, the above-mentioned vmID can be used as the VM specific information 81. The size of vmID is, for example, 36 bytes.
The VM 201 provides the management server 100 with VM-specific information 81. Then, the hash value calculation unit 130 calculates a hash value 82 based on the VM-specific information 81. When using MD5 as the hash function, for example, a 128-bit hash value 82 is obtained from the VM specific information 81. In FIG. 14, a hash value 82 is represented by 32 hexadecimal numbers.

Note that as the VM specific information 81, information other than vmID can be used as described above. For example, the VM specific information 81 may be a combination of a subscription ID, a resource group name, and a VM name. Further, the VM specific information 81 may be a resource ID. Among the combination of subscription ID, resource group name, and VM name, resource ID, and vmID that are candidates for the VM-specific information 81, the amount of information of vmID may be the smallest. Furthermore, instead of the vmID described above, an instance ID may also be used as identification information that globally uniquely identifies a VM. The size of the instance ID may be about 17 bytes.

FIG. 15 is a diagram showing an example of converting a hash value into a time.
The hash value range 90 is the range of values that the hash value determined by MD5 can take. In FIG. 15, the hash value is represented by 32 hexadecimal numbers. The number of hash values included in the hash value range 90 is 2^128.

Here, one week is 604,800 seconds. Therefore, the conversion unit 140 divides the hash value range 90, which includes 2^128 hash values, into 604,800 sub-ranges, and divides each sub-range into a time starting from 0:00:00 on Sunday. map to. The number of hash values belonging to one subrange is 2^128/604,800=5.6*10^32.

For example, the conversion unit 140 associates the first sub-range including the minimum value of the hash value range 90 with Sunday 0:00:00, the next sub-range with Sunday 0:00:01,... In this way, hash values belonging to each sub-range are associated with time. The converting unit 140 may associate the times so that the hash value becomes earlier in order, or it may associate the times so that the hash value becomes earlier in order.

Here, the number of VMs whose access privileges to the cloud storage 4 are managed by the management server 100 is a, the time required for a transaction for one access privilege update request is b, and the number of update requests accepted by the management server 100 is Let c be the number of parallel lines.

Then, the total time required for exchanges regarding the access authority update request between a VMs and the management server 100 is ab/c. For example, if a=10000, c=1, and b=10 seconds, the total required time is 100,000 seconds.

FIG. 16 is a diagram illustrating an example of request distribution.
FIG. 16(A) shows an example in which requests from VMs are appropriately distributed. The example in FIG. 16A is a case where each VM transmits an access authority update request at an update time determined by the management server 100 using a hash value of VM-specific information.

The update request group rq1 is 10,000 update requests sent from 10,000 VMs. In the example of FIG. 16A, each VM sends an access authority update request to the management server 100 at almost non-overlapping timings at each time of one week (604,800 seconds).

FIG. 16(B) shows an example in which requests from VMs are not appropriately distributed. FIG. 16(B) is a comparative example of FIG. 16(A). The example in FIG. 16B is a case where each VM transmits an access authority update request at a time determined without using the hash value of VM-specific information.

The update request group rq2 is 10,000 update requests sent from 10,000 VMs. In the example of FIG. 16(B), the number of times at which two or more VMs make duplicate update requests at each time in one week (604,800 seconds) is greater than in the case of FIG. 16(A). .

In this way, each VM sends an access authority update request to the management server 100 at the update time determined using the hash value of the VM-specific information, so that load concentration on the management server 100 can be reduced.

That is, by using a hash function, it is possible to obtain sufficiently distributed hash values for the VM-specific information of each VM. Therefore, by transmitting an update request from each VM to the management server 100 at a timing based on the hash value, it is possible to appropriately distribute the timing at which each VM transmits an update request. In other words, the timing at which update requests are sent by each VM is smoothed. Therefore, the possibility that a large number of update requests will be intensively transmitted from each VM to the management server 100 within a relatively short period of time is reduced. As a result, load concentration on the management server 100 can be reduced.

[Third embodiment]
Next, a third embodiment will be described. The points that are different from the second embodiment described above will be mainly explained, and the explanations of the common points will be omitted.

The configuration of the information processing system according to the third embodiment is the same as the example of the information processing system according to the second embodiment illustrated in FIG. 2, so a description thereof will be omitted.
The third embodiment differs from the second embodiment in that the request time is calculated by the VMs 201, 202, . . . instead of the management server 100. Therefore, first, the functions of the management server 100 and the VMs 201, 202, . . . in the third embodiment will be explained.

FIG. 17 is a diagram illustrating a functional example of the management server according to the third embodiment.
The management server 100 includes a storage section 110, an authority update request receiving section 160, and an authority management section 170. The storage unit 110, the authority update request receiving unit 160, and the authority management unit 170 have the same functions as the functions with the same names in the second embodiment illustrated in FIG. In the example of the third embodiment, the management server 100 does not need to have the functions of the VM-specific information receiving section 120, the hash value calculating section 130, the converting section 140, and the time transmitting section 150.

FIG. 18 is a diagram illustrating a functional example of a VM.
The VM 201 includes a storage unit 210, a VM-specific information acquisition unit 220, an authority update request unit 250, a storage access processing unit 260, a hash value calculation unit 270, and a conversion unit 280. The storage unit 210, the VM-specific information acquisition unit 220, the authority update request unit 250, and the storage access processing unit 260 are the same functions as the functions with the same names in the second embodiment illustrated in FIG. The third embodiment differs from the second embodiment in that the VM 201 includes a hash value calculation unit 270 and a conversion unit 280, but does not include a VM-specific information transmission unit 230 and a time reception unit 240.

The hash value calculation unit 270 calculates a function value of a hash function using the VM-specific information acquired by the VM-specific information acquisition unit 220 as input, that is, a hash value. For example, SHA-256 or MD5 is used as the hash function. However, a function that obtains a hash value using other algorithms may be used as the hash function.

The conversion unit 280 converts the hash value calculated by the hash value calculation unit 270 into time. The time corresponds to the request time in the second embodiment. The conversion unit 280 stores the obtained request time in the storage unit 210. The conversion unit 280 may notify the authority update request unit 250 that the request time has been updated.

Note that other VMs operating in the cloud service systems 2 and 3 also have the same functions as the VM 201.
Next, a processing procedure in the third embodiment will be explained. In the third embodiment, the processing procedure of each VM is different from the second embodiment. Specifically, the management server 100 does not need to execute the request time provision process of the second embodiment illustrated in FIG. Calculation of request time is performed by each VM. Although the VM 201 will be mainly described below as an example, other VMs also perform similar procedures.

FIG. 19 is a flowchart showing an example of VM processing.
(S40) The VM-specific information acquisition unit 220 acquires VM-specific information of the VM 201 from the cloud service. For example, the VM-specific information acquisition unit 220 can acquire VM-specific information from the physical machine 200a that manages the cloud service.

(S41) The hash value calculation unit 270 calculates a hash value from the acquired VM-specific information. That is, the hash value calculation unit 270 calculates a hash value for the VM-specific information by inputting the VM-specific information into a hash function.

(S42) The conversion unit 280 converts the hash value into time. For example, the conversion unit 280 converts the hash value into a time that falls within the time range from 0:00:00 on Sunday of the following week to 23:59:59 on Saturday of the following week. For example, UTC is used as the time.

(S43) The conversion unit 280 sets the obtained time as the requested time. The conversion unit 280 stores request time data 211 indicating the request time in the storage unit 210.
(S44) When the current time reaches the request time indicated by the request time data 211 stored in the storage unit 210, the authority update request unit 250 transmits a request to update the access authority for the cloud storage 4 to the management server 100.

(S45) The authority update request unit 250 receives the access authority update completion response from the management server 100. For example, the update completion response may include authority information used to access the cloud storage 4. Then, the processing of the VM 201 ends.

Note that the storage access processing unit 260 accesses the cloud storage 4 using the authority information acquired by the authority update requesting unit 250 from the management server 100, and writes VM information and software information. Writing of VM information and software information to the cloud storage 4 by the storage access processing unit 260 may be performed immediately after step S45, or may be performed at any other timing within the validity period of the updated access authority. good.

Furthermore, the access authority update process by the management server 100 is similar to the procedure illustrated in FIG. 13 .
In this way, each VM sends an access authority update request to the management server 100 at the update time determined using the hash value of the VM-specific information, so that load concentration on the management server 100 can be reduced.

That is, by using a hash function, it is possible to obtain sufficiently distributed hash values for the VM-specific information of each VM. Therefore, by transmitting an update request from each VM to the management server 100 at a timing based on the hash value, it is possible to appropriately distribute the timing at which each VM transmits an update request. In other words, the timing at which update requests are sent by each VM is smoothed. Therefore, the possibility that a large number of update requests will be intensively transmitted from each VM to the management server 100 within a relatively short period of time is reduced. As a result, load concentration on the management server 100 can be reduced.

In the second and third embodiments, an example was explained in which the management server 100 determines the timing at which each VM sends an update request for access authority to the cloud storage 4. The timing of transmitting the information may also be determined. The method for determining this timing is based on requests from each VM that are not real-time, that is, requests that occur regularly at fixed time intervals, and when the number of clients increases, the load on the management server increases. This is particularly useful in cases where

For example, a service can be considered in which website visitor information is periodically sent to the management server 100 at regular intervals for each web server built on each VM. In this case, if multiple Web servers simultaneously send visitor information to the management server 100, the load on the management server 100 may increase. On the other hand, the management server 100 appropriately distributes the timing at which each VM sends visitor information by determining the time to send visitor information for each VM based on the hash value of the VM-specific information of each VM. can be done. As a result, load concentration on the management server 100 can be reduced.

When transmitting other information from each VM to the management server 100, the timing of transmitting the information can be appropriately distributed for each VM using a similar method, and load concentration on the management server 100 can be reduced. .

As a comparative example with respect to the second and third embodiments, for example, when setting up a VM, the management server 100 inquires from each VM about the free time at which it is possible to receive information, and saves it in a configuration file within the VM. It is also possible to transmit information from the VM at the relevant time.

However, a VM is often created by replicating a single VM image and scaled out by being started. Therefore, for example, there is a high possibility that the number of VMs with the same configuration file will increase, and there will be a high possibility that information will be transmitted from all VMs at the same time.

It is also conceivable to transmit information at random timing using, for example, the time when a program is executed in the VM as a random number seed. However, as described above, since the same program runs at the same time in VM clones created by copying the same VM image, there is a high possibility that the timing of information transmission by each VM will eventually conflict.

On the other hand, VM-specific information, which can be obtained with a general cloud service, has a different value for each VM even if the same VM image is duplicated. Therefore, as in the second and third embodiments, by transmitting information from each VM to the management server 100 at a time determined using a hash value of VM-specific information, the timing of information transmission by each VM is improved. are appropriately distributed, and load concentration on the management server 100 can be reduced.

To summarize the above, the information processing systems of the second and third embodiments have, for example, the following functions.
When each of the management server 100 or the VMs 201, 202, . . . acquires specific information that specifies the VM, it calculates a function value of a hash function using the specific information as input, that is, a hash value. Each of the VMs 201, 202, . . . transmits information to the management server 100 at a timing based on the hash value corresponding to the own VM.

Thereby, load concentration on the management server 100 can be reduced.
For example, when the management server 100 calculates a hash value, the management server 100 sets multiple timings for transmitting information from the VM to the management server 100 (own device) based on the hash values corresponding to each of the multiple VMs. instructions to each VM.

Alternatively, when each of the VMs 201, 202, ... calculates a hash value, each of the VMs 201, 202, ... transmits information from its own VM to the management server 100 that collects information about each VM at a timing based on the hash value. do.

The information sent to the management server 100 from each of the VMs 201, 202, . This prevents the management server 100 from concentrating the processing of extending the validity period of the execution authority in a relatively short period of time, and reduces the concentration of load on the management server 100 due to the processing of extending the validity period.

Furthermore, each of the management server 100 or the VMs 201, 202, .

Thereby, the time at which each VM transmits information can be appropriately obtained so that the timing of the transmission is distributed within the predetermined period.
Further, the information processing systems of the second and third embodiments include cloud service systems 2 and 3 having physical machines 200 and 300.

In this case, the specific information may be first identification information of the VM that is uniquely assigned to each VM by each of the cloud service systems 2 and 3. Each of the above-mentioned vmID, instance ID, and resource ID is an example of first identification information.

Alternatively, the specific information may include second identification information that is uniquely assigned by each of the cloud service systems 2 and 3 for each cloud service usage contract provided by the cloud service systems 2 and 3, and a VM name that the user assigns to the VM. It may be combination information including. The aforementioned subscription ID is an example of second identification information. Additionally, as described above, the combination information may include other information provided by the user, such as a resource group name.

Thereby, the required hash values can be appropriately distributed to each VM, and the possibility that the timings of information transmission by two or more VMs will collide (or overlap) can be reduced. Therefore, load concentration on the management server 100 can be further reduced.

Note that the information processing in the first embodiment can be realized by causing the processing units 12 and 22 to execute a program. Further, the information processing in the second and third embodiments can be realized by causing the CPU 101 or the CPUs of the physical machines 200 and 300 to execute programs. The program can be recorded on a computer-readable recording medium 53.

For example, the program can be distributed by distributing the recording medium 53 on which the program is recorded. Alternatively, the program may be stored in another computer and distributed via a network. For example, the computer may store (install) a program recorded on the recording medium 53 or a program received from another computer in a storage device such as the RAM 102 or the HDD 103, and read and execute the program from the storage device. good.

1 System 10, 20 Information processing device 11, 21 Storage unit 12, 22 Processing unit 31, 32, 33 Virtual machine

Claims (8)

In a method for controlling a virtual machine executed in a system including a first information processing device and one or more second information processing devices that operate a plurality of virtual machines,
When the first information processing device or each of the plurality of virtual machines obtains specific information that identifies the virtual machine, calculates a function value of a hash function using the specific information as input;
each of the plurality of virtual machines transmits information to the first information processing device at a timing based on the function value corresponding to the virtual machine;
Control method. 2. The control method according to claim 1, wherein the information is an application to extend the expiration date of the authority to execute a specific process by the virtual machine. 2. The method according to claim 1, wherein the first information processing device or each of the plurality of virtual machines determines a time corresponding to the function value that belongs to a predetermined period as the timing at which the virtual machine transmits the information. Control method. The system includes a cloud service system including the second information processing device,
The specific information may be first identification information of the virtual machine that is uniquely assigned to each virtual machine by the cloud service system, or may be first identification information that is uniquely assigned to each virtual machine by the cloud service system, or Combination information including second identification information uniquely given by the service system and a virtual machine name given by the user to the virtual machine;
The control method according to claim 1. to the computer,
Upon obtaining specific information that identifies a virtual machine from each of a plurality of virtual machines operating on one or more information processing devices, calculating a function value of a hash function using the specific information as input;
Instructing each of the plurality of virtual machines when to transmit information from the virtual machine to the computer based on the function value corresponding to each of the plurality of virtual machines;
A control program that executes processing. to the computer,
Upon obtaining specific information that identifies a virtual machine running on the computer, calculating a function value of a hash function using the specific information as input;
transmitting the information from the virtual machine to an information processing device that collects information on a plurality of virtual machines including the virtual machine at a timing based on the function value;
A control program that executes processing. a storage unit that stores specific information for identifying a virtual machine acquired from each of a plurality of virtual machines operating on one or more other information processing devices;
A function value of a hash function that takes the specific information as input is calculated, and based on the function value corresponding to each of the plurality of virtual machines, the timing for transmitting information from the virtual machine to its own device is determined by the plurality of virtual machines. A processing unit that instructs each machine,
An information processing device having: a storage unit that stores specific information that identifies the virtual machine, which is acquired by a virtual machine running on its own device;
A function value of a hash function that takes the specific information as input is calculated, and the information is transmitted from the virtual machine to another information processing device that collects information on a plurality of virtual machines including the virtual machine at a timing based on the function value. a processing unit that transmits information;
An information processing device having:

Images