JPH11346224A - Network management system and method therefor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To obtain a management console for managing the connecting situation of a physical network and the information of a user using an equipment in a batch by providing a function for executing a processing according to the operation of reference and change of an operator for the information of the user or the information of an organization to which the user is belonging. SOLUTION: The information of a user and the information of an organization to which the user is belonging are displayed at the time of executing the operation of reference and change for the constitution information of plural networks and the setting information of an equipment on a network. Then, this system is provided with a function for executing a processing according to the operation of reference and change of an operator. Then, a virtual network management system is constituted of a control manager 22 having a function for collecting MIB information necessary or the display of a management console 21, a function for preparing detail setting information for setting the change of the constitution of a virtual network instructed from the management console 21 at each equipment to be controlled, and a function for executing the change of the setting of each equipment to be controlled.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for efficiently operating and managing virtual network segments constituted by respective virtual network systems in a network environment including virtual networks constituted by one or more virtual network systems. Related to the device.

[0002]

2. Description of the Related Art Conventionally, a router device and a bridge device have been widely used as a method of dividing a network into a plurality of segments and controlling communication traffic. Also,
There is a method of using a band efficiently by a switch device such as an ATM (Asynchronous Transfer Mode). Some switch devices can form a virtual network, which is a logical network segment, under the control of a switch. The virtual network system has a plurality of standards by companies or industry groups. For example, ATM by ATM Forum
There are a LAN emulation method on a network, a frame tagging method, IEEE802.lq, and the like. As a method for managing devices on the network, RF
SNMP (Simple Network) specified by C1907 etc.
Management Protocol) is generally used, and it is possible to refer to and change the setting status of each device and to monitor the operation status.

On the other hand, a directory service defined by X.500 is used as an international standard as a method of managing information on users using network services such as electronic mail using a database.

[0004] Further, with the spread and large scale of the corporate network, a large number of users have come to share limited network resources, so that the network bandwidth is effectively utilized and unnecessary traffic is reduced. A switching device has been developed as a relay device. In the switch device, it is possible to reduce traffic by relaying a packet from a certain port only to a port designated in advance. According to this principle, the concept of a virtual network that can configure a logical network segment has been devised by setting a network that relays packets in a switch device in advance.

[0005] However, a plurality of different systems are defined in the virtual network mounting system. For example, for ATM, the industry standardization organization ATM Forum
LAN emulation standardized by
E) has been implemented. For example, Open Network 19
In the “High-Tech Campus of Gifu University, in which a Network Runs at 622 Mbps ATM” described in the February 1997 issue, pp. 74 to 81, a flexible network is configured by utilizing the LANE function of the ATM. In addition to the VLAN system (IEEE802.lq) whose standardization is being discussed by the international standardization organization IEEE, there are mounting systems in which various vendors independently extend the Ethernet switch device. For example, Open Network, June 1997 issue 45
The DEC Switching Network Strategy on page 53 proposes a new architecture that can extend the VLAN method and flexibly build a LAN system that is an infrastructure in a company.

[0006]

As described above, in a network environment where a plurality of virtual networks of different mounting systems are used together, there is a problem in system operation management.

The problem is that when a plurality of virtual network systems are mixed, it is extremely difficult to uniformly operate and manage the setting change of the virtual network. This is because many virtual network implementation methods are independent of higher-level protocols such as IP, so they can be connected to each other by a router device. This is because it is necessary to perform a setting operation for each virtual network, since it depends on the implementation method of the virtual network.

FIG. 1 is a specific example of the above problem. In this example, one ATM switch device 102 and two L switches
AN emulation servers (hereinafter, LES) 104a and 104b and a LAN emulation configuration server (hereinafter, LECS) 10 for managing LES
1 emulated LAN (ELAN) 1
07a and 107b are configured, and the VLANs 108a and 108b are managed by the Ethernet switch 106, and a total of four virtual network segments are configured. When it is necessary to change the components of each virtual network segment, it is necessary to individually change the settings for each server that manages each virtual network segment.

Further, since there is no database that defines which user corresponds to which device, when it is necessary to change the setting of the user information, it is necessary to change the corresponding device setting individually. is there.

According to the present invention, in a network environment in which a plurality of virtual network systems coexist, a plurality of network configuration states such as a physical network configuration state and a virtual network configuration state are each regarded as one network layer. By defining a cooperative relationship, a method that can be handled as a common database, and a virtual network segment configured by each virtual network method can be switched and displayed on the same screen, and the settings can be changed with a single operation By providing a way to
The purpose is to solve the above problems.

[0011]

In order to solve the above-mentioned problems, according to the present invention, an MIB (Management
(1) a function of individually displaying a plurality of network configuration diagrams and directory structure diagrams in an inclusion tree, a function of switching these display screens, for each controlled device having an SNMP agent for acquiring information of Information Base, A management console having a function of inputting an instruction to change the configuration of a virtual network or the like from a network administrator; and (2) an MIB required for displaying the management console
It has a function to collect information, a function to create detailed setting information that should be set for each controlled device, and a configuration change such as a virtual network specified by the management console, and a function to change the setting of each controlled device. A virtual network management system is configured by the management manager.

Further, for the above-mentioned virtual network management system, a directory server having (3) a function of managing a directory database and a function of interfacing with the management manager is provided, and (4) a user who manages the directory database. By storing table information that defines the correspondence between information and configuration information managed by the management manager, a virtual network management system capable of operating and managing a virtual network is configured using logical objects such as user information as keys. I do.

[0013]

DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described with reference to FIGS.

FIG. 2 is a diagram showing an outline of a virtual network management method and apparatus of the present system. In the network 20, a management console computer (hereinafter, management console) 21, a management manager computer (hereinafter, management manager) 22, a directory service server computer (hereinafter, directory server) 23, and a control target device 24 to be managed. is there. 211, 212, and 213 are program modules that operate on the management console 21,
Reference numeral 221 denotes a device setting information database managed by the management manager 22, 222, 223, 224, and 225 denote program modules operated by the management manager;
Is a directory database, 232 and 233 are server programs running on the directory server, and 24 are
Reference numerals 1 and 242 denote device control programs that operate on the device to be controlled.

The management console 21 includes a containment tree display processing module 211 for realizing a function of displaying a network configuration status to a network administrator, and an input control module 21 for realizing a function of inputting an instruction by the network administrator.
2 and a download processing module 214.

The containment tree display processing module 211 operating on the management console 21 communicates with the download processing module 213 of the management console 21 and the upload processing module 222 of the management manager 22,
It is downloaded from the management manager 22. At this time, if the function of the management console 22 is such that the inclusion tree display processing module 211 is created so as to perform the inclusion tree display using the Java Applet, the HTML (Hyper Text Mark) is used.
up Language) It can be created so as to operate on a browser, and can be operated on almost any computer capable of using WWW (World Wide Wed).

The management manager 22 manages the management console 2
An upload control module 222 that communicates with the first download processing 214; a database that provides an interface function to the containment tree display processing module and implements a control function of a database that manages information necessary for display on the management console An access / control module 223; a device control procedure creation module 224 for realizing a function of expanding a network administrator's instruction acquired from the management console 21 into device management information;
And an SNMP manager module 225 that actually performs control processing on the server.

The directory server 23 comprises a directory database 231, a directory server module 232 for controlling the database, and a communication control module for communicating with the management manager 22. Control target device 24
Is assumed to be a general network device, a setting console control module 241 for setting by connecting a setting console device, and an SN for managing the device by SNMP which is a standard network management method.
It is composed of an MP agent module 242.

FIG. 3 is a diagram for explaining a correlation between program modules operating on each device. As described above, the download processing module 213 on the management console 21 communicates with the upload control module 222 on the management manager, transfers the other modules on the management console to the management console 21, and activates each module.

The containment tree display processing module 212 communicates with the database access / control module 223 to search the device setting information database 221 for information necessary for screen display, and searches the device setting information database 221. If the necessary information is not in the device setting information database, the database access / control module 223 requests the device control procedure creation module 224 to acquire necessary data from the control target device 24.
The device control procedure creation module 224 creates a sequence for acquiring necessary device information, acquires device information from the SNMP agent 242 on the device to be controlled through the SNMP manager 225, and acquires device settings through the database access / control module 223. At the same time as being stored in the information database 221, it is notified to the inclusion tree display processing module 212.

Further, the containment tree display processing module 212
Communicates with the database access / control module 213 to obtain directory service information, and obtains directory service information. The directory service information acquired at this time is associated with the device setting information acquired from each control device, and the information of the association is stored in the device setting information database 221.

The input control module 211 receives an instruction to change the device setting from the user, and transfers the instruction to the device control procedure creation module 224. The device control procedure creation module 224 analyzes the contents of the instruction, creates a sequence for setting change information in each control target device 24, and sets device information from the SNMP agent 242 on the control target device through the SNMP manager 225. I do.

FIG. 4 is a diagram showing a configuration of a computer on which the management console 21 operates. 41 is a computer main body, 41
1 is a disk controller, 412 is a main storage device, 41
3 is a CPU, 414 is a communication I / O interface controller, 415 is a keyboard mouse controller, 45
Is a keyboard, 416 is a video board controller, 4
6 is a display device, 42 is a floppy disk device, 43 is a fixed disk device, 431 is a containment tree display processing program file, 432 is an input control program file, 433 is a download processing program file,
441 is a containment tree display processing program module, 422
Indicates an input control program module, 443 indicates a download processing program module, and 44 indicates a program load area.

FIG. 5 is a diagram showing a configuration of a computer on which the management manager 22 operates. 51 is a computer main body, 51
1 is a disk controller, 512 is a main storage device, 51
3 is a CPU, 514 is a communication I / O interface controller, 515 is a keyboard mouse controller, 55
Is a keyboard, 516 is a video board controller, 5
6, a display device, 52, a floppy disk device, 53, a fixed disk device, 531, an upload control setting file, 532, a device control setting database,
533 is a device control procedure template file, 534 is an MIB database file, 541 is an update control server module, and 542 is a database access /
A control program module, 543 is a device control procedure creation processing program module, 544 is an SNMP manager module, and 54 is a program load area.

FIG. 6 is a diagram showing a configuration of a computer on which the directory server 23 operates. 61 is the main body of the computer,
611 is a disk controller, 612 is a main storage device,
613 is a CPU, 614 is a communication I / O interface controller, 615 is a keyboard and mouse controller,
65 is a keyboard, 616 is a video board controller, 66 is a display device, 62 is a floppy disk device, 63 is a fixed disk device, 631 is a directory database, 641 is a directory server module, 641 is a communication control server module, 64 is a program load area. Is shown.

FIGS. 7 and 8 are operation flow charts for explaining the operation of the present system.

FIG. 7 is an operation flow diagram from the start of the system to the completion of the inclusion tree display. When the system activation 72 is performed, the download control module 214 of the management console 73 communicates with the upload control module 221 of the management manager 22, and downloads other program modules. At this time, an HTTP server can be realized as an upload control module, and HTML and a Wed browser can be realized as a download processing module.

When the download of the program module is completed, the process of creating the inclusion tree display data of the inclusion tree display processing module is started (732). In the containment tree display data creation processing 732, device setting information necessary for displaying each network configuration diagram of the physical network and the virtual network, for example, a list of devices to be displayed, interconnection information of devices, device types, and the like. Then, a search is made from the device setting information database (742).

At this time, the device control procedure creation module 224 on the management manager 74 creates (743) a MIB value acquisition sequence for confirming the presence or absence of a new device to be controlled, and the SNMP manager follows the sequence. An SNMP command is issued to search for a new device to be controlled (743). If a new control target device exists, it is immediately registered in the device control database.

Also, if the necessary information is not registered in the device setting information database for the existing control target device, the management manager 7 executes the MIB value acquisition sequence for obtaining the necessary setting information from the control target device.
4 is created by the device control procedure creation module 224 (74
3) Then, according to the sequence, the SNMP manager issues an SNMP command or its alternative command to the device to be controlled (743). Control target device 75
By the above SNMP agent or its alternative
The IB value is acquired and notified (751). After this result is registered in the device control database, the process returns to the inclusion tree display data creation processing, and the inclusion tree display data is completed.

Next, in order to create the display data of the organizational structure diagram registered in the directory database (733), the management server 74 is instructed to search the directory database (745). This instruction is relayed to the directory server 76, the directory information is accessed (761), and the information is notified to the management console. Finally, the processing of the management console is completed by displaying the inclusion tree display data completed by the above series of processing as a inclusion tree.

FIG. 8 is a flow chart showing the operation from the display of the inclusion tree to the completion of the device change when the user performs an operation. When the user's operation 82 is performed, the management console 83 receives an input from the user (831) and notifies the setting change information to the management manager 84 (832). The management manager 84 that has received the notification determines the control target device to which the setting change information is to be set, and creates a sequence for performing the setting change for each control target device (841).

The created sequence is passed to the equipment control procedure creation module to create a MIB value setting sequence for each equipment (842). In accordance with this sequence, the SNMP manager or its substitute issues an SNMP command or its substitute command to each control target device (843), so that an appropriate MIB is set for each control target device (851). When the setting result of the MIB value is notified to the management console through the management manager, the management console 83 executes a directory data update process 833 according to the contents of the device setting and a database update process 844 of the database control module on the management manager 84. And the directory service is notified by the directory server (861).

FIGS. 9 to 11 show examples of network configuration diagrams handled by the present system.

FIG. 9 is a configuration diagram of a physical network in which the physical connection relationship of the network handled by the present system is represented by an inclusion tree, and is an example in which the system of the present system is applied to the network configuration example shown in FIG. is there. ATM switch 901, router device 9 connected to the switch
02, the PC 903 on which LECS is running, the PCs 904a and 904b on which LES is running, the PC 905a through the PC 905f on which LEC is running, and the Ethernet switch device 906 are display objects consisting of icons and device names corresponding to these devices. Is arranged as Further, in order to show the mutual connection relationship of the devices, a line indicating the connection relationship is displayed between the display objects.

FIG. 10 is a configuration diagram of a virtual network in which the configuration status of a virtual network segment of a network handled by the present system is displayed as an inclusion tree. An example in which the system of the present system is applied to the network configuration example shown in FIG. It is. LECS1 as a server object of LAN emulation connected to ATM
001, emulated LANs 1002a and 1002b, and VLANs 1003a and 1003b as virtual network segments, and 1004a, 1004b, and 1004c as client objects. Between each server, client object and virtual network segment, there is a server
A line indicating the relationship between the client and the client belonging to the virtual network segment is displayed.

FIG. 11 is an example of a configuration example of a directory service handled by the present system and an example of a user directory configuration diagram in which the correspondence between the users of the network and the departments in the organization is displayed in an inclusion tree. In one organization 1101,
Department # 1 (1102a) and Department # 2
(1102b), and Department #
2 (1102b) and two sections Section # 1 (1103b).
User1 (1104a) to User6 (1104f) belong to the organization in which a) and Section # 2 (1103b) exist. User1 (1104a) and User1 (11
04b) belongs to Department # 1 (1102a), and U
ser3 (1104c) belongs to Department # 2 (1102a), and User4 (1104d) belongs to Section # 1 (1102).
3a), User5 (1104e) and User6
(1104f) belongs to Section # 2 (1103b).

FIG. 12 is a diagram showing an example of handling of the interrelationship between layers when a plurality of network configuration diagrams and directory configuration diagrams handled by the present system are displayed as a containment tree. Each containing tree in the figure is a diagram of each network and directory shown in FIGS. 9 to 11.

Directory structure diagram 120 showing organizational structure
Each object 1 has a corresponding relationship with each object in the structural diagram 1202 showing the structure of the virtual network. In this example, Department # 1 (1102a)
And Department # 2 (1102b) are LA
Virtual segment 100 with N emulation
2a and 1002b, Section # 1
(1103a) and Section # 2 (1103b) are divided into virtual segments 1003a and 1003.
b. Further, the relationship between the user and each LEC object of the virtual network is defined.

Each object in the structural diagram 1202 showing the structure of the virtual network has a correspondence with each object in the structural diagram 1203 showing the structure of the physical network. Thus, when changing the setting of each object on the virtual network, it is possible to know which device should be operated. Alternatively, when the affiliation of each user is changed, it is possible to know how to change the configuration of the virtual network and to which device the configuration change should be set.

FIG. 13 is a diagram showing an example of a data structure for handling object data on a plurality of network configuration diagrams handled by the present system. 1301a and 1301b are a part of the main memory of the management manager, and 1301a indicates data of one object displayed on any network layer. The object ID includes an ID of a network layer to which the object belongs and an identifier of an object on the layer. Each information 1302b to 1302i is implemented as a pointer to each area of the main storage area 1301b that actually stores information related to another object in the same network or an object on another network layer.

For example, in order to know what kind of object is represented in the physical network layer, the object information 130 of the physical network layer can be used.
By referring to 2b and accessing the area where the attribute information of the object is stored, the target information can be obtained. In order to know the relationship between the above-mentioned object and other objects in the physical network layer, the link information 1 in the physical network layer can be used.
By accessing the area where the attribute information of the object is stored with reference to the object 302c, it is possible to obtain target information. By adding these object-related information, it is possible to easily add information on services and the like on other networks which are not specifically described in this embodiment.

FIGS. 14 to 17 show display examples of a management console screen of the present system and a plurality of network configuration and directory configuration diagrams handled by the present system when the configuration diagram display screen is switched to display each configuration. It is a figure which shows the example of handling of the mutual relationship of a figure.

FIG. 14 is an example of a management console screen when the system is started. Application area 1401
Includes an area 1402 for displaying a menu for instructing a display switching operation of each layer, and an area 14 for displaying a containment tree.
There is 03.

FIG. 15 shows a display switching menu 1402.
FIG. 14 is a diagram in which a directory structure is displayed as an inclusion tree in an area 1403 where the inclusion tree is displayed. To show the relationship between the displayed object 1502 in the directory structure and the object in the virtual network structure, select the displayed object 1502 in the directory structure and switch the display to the virtual network layer by the display switching menu 1402. Then, as shown in FIG. 16, the related object 1602 on the virtual network layer is automatically selected. Thereby, it becomes possible to visually know which object on the virtual network configuration diagram reflects the change in the attribute of the user object on the directory structure diagram.

In order to show the relationship between the displayed object 1602 on the virtual network configuration and the object on the physical network configuration, the displayed object 1602 on the virtual network configuration is selected, and the display switching menu 1402 is used. When the display is switched to the physical network layer, as shown in FIG.
02 is automatically selected. With this display, for example, when a failure occurs in the virtual network, it is easy to analogize which part of the actual device has failed.

Alternatively, when changing the setting of the virtual network, it is possible to know which device the server installed in should perform the setting change operation. As described above, the actual setting change operation is performed by the management manager through the SNMP manager or its alternative means. However, it is very difficult for the network operation management to grasp which device setting is affected by this setting change operation. Is an important factor.

[0048]

As described above, according to the present invention, in a network environment in which a plurality of virtual networks are mixed, a physical network connection status, a virtual network configuration status, and devices are used. Provides a management console that collectively manages user information and the configuration status of services running on the network, and enables the visual management of multiple pieces of such configuration information, enabling the operation and management of virtual networks Can be realized very easily.

[Brief description of the drawings]

FIG. 1 is a configuration diagram showing a virtual network management system according to an embodiment of the present invention.

FIG. 2 is a diagram showing an outline of an entire system according to an embodiment of the present invention.

FIG. 3 is a diagram showing a relationship between program modules according to the embodiment of the present invention.

FIG. 4 is a diagram showing a configuration of a management console computer according to an embodiment of the present invention.

FIG. 5 is a diagram showing a configuration of a management computer according to an embodiment of the present invention.

FIG. 6 is a diagram showing a configuration of a directory server computer according to an embodiment of the present invention.

FIG. 7 is an operation flowchart illustrating the operation of the system according to the embodiment of the present invention.

FIG. 8 is an operation flowchart illustrating the operation of the system according to the embodiment of the present invention.

FIG. 9 is a diagram illustrating an example of a physical network configuration according to an embodiment of the present invention.

FIG. 10 is a diagram illustrating an example of a virtual network configuration according to an embodiment of the present invention.

FIG. 11 is a diagram showing a configuration example of a logical network according to an embodiment of the present invention.

FIG. 12 is a diagram showing an example of handling of mutual relations between layers when a plurality of network configuration diagrams and directory configuration diagrams according to the embodiment of the present invention are displayed as a containment tree.

FIG. 13 is a diagram showing an example of a data structure for handling object data on a plurality of network configuration diagrams according to the embodiment of the present invention.

FIG. 14 shows a display example of a management console screen according to an embodiment of the present invention, and a plurality of network configuration diagrams and directory configuration diagrams handled by the present system displayed by switching the configuration diagram display screen. It is a figure showing an example of handling of mutual relation.

FIG. 15 is a view showing an example of a display of a management console screen according to the embodiment of the present invention and a plurality of network configuration diagrams and directory configuration diagrams handled by the present system displayed by switching the configuration diagram display screen. It is a figure showing an example of handling of mutual relation.

FIG. 16 shows a display example of a management console screen according to the embodiment of the present invention, and a plurality of network configuration diagrams and directory configuration diagrams handled by the present system displayed by switching the configuration diagram display screen. It is a figure showing an example of handling of mutual relation.

FIG. 17 is a diagram showing an example of a display of a management console screen according to the embodiment of the present invention and a plurality of network configuration diagrams and directory configuration diagrams handled by the present system displayed by switching the configuration diagram display screen. It is a figure showing an example of handling of mutual relation.

[Explanation of symbols]

21 management console, 22 management manager, 23 directory server, 24 controlled equipment, 101 LAN emulation configuration server (LECS), 102 ATM switch device, 103 router device, 104a LAN emulation server (LES) ), 104b ... LAN emulation server (LES), 105a-105c ... LA
N emulation client (LEC), 105d
To 105f: Client PC, 106: Ethernet switch, 107a to 107b: Emulated LA
N, 108a, 108b ... VLAN, 109 ... Interne
other network, 211-213: management console program module, 221: device setting information database, 222-225: management manager program module, 231, directory database, 2
32 to 233: directory server program module; 241, to 242: program modules mounted on the control target device; 907: physical network configuration diagram;
1006 ... Virtual network configuration diagram 1105 ...
Directory structure diagram, 1401 management console application, 1501 management console application, 1601 management console application, 17
01 ... Management console application.

Continued on the front page (51) Int.Cl. ⁶ Identification code FI H04Q 3/00 (72) Inventor Satoshi Miyazaki 1099 Ozenji Temple, Aso-ku, Kawasaki-shi, Kanagawa Prefecture Hitachi, Ltd. System Development Laboratory Co., Ltd. (72) Inventor Kurosaki Yoshiyuki 5030 Totsuka-cho, Totsuka-ku, Yokohama-shi, Kanagawa Pref. Software Development Division, Hitachi, Ltd.

Claims (19)

[Claims] When performing operations of referring to and changing configuration information of a plurality of logical networks having different protocols and setting information of a plurality of devices on the network,
It has a function of displaying the user information on the network and the information of the organization to which the user belongs, and executing the reference and change processing in conjunction with the operator's reference and change operations for the user information or the information of the organization to which the user belongs. A network management system, characterized in that: 2. The system according to claim 1, wherein the plurality of logical networks having different protocols include a plurality of virtual networks having different physical connection states and logical network nodes. Network management system. 3. A plurality of logical networks having different protocols, for example, TCP / IP, SPX / I
2. The network management system according to claim 1, wherein the network management system is configured by a logical network based on a protocol such as PX, NetBEUI or the like, which is expressed by a layer higher than the network layer of the OSI reference model. 4. A network management system comprising: a management console for providing an operation environment for an operator such as a network manager; a database unit for managing the user information and information on an organization to which the user belongs; and a logical network. 2. The network management system according to claim 1, further comprising a network management manager having a database unit for managing information on the configuration and setting information of each device on the network. 5. The management console includes: user information on a network, information of an organization to which the user belongs, configuration information of a plurality of logical networks having different protocols,
2. The information processing apparatus according to claim 1, further comprising a function of displaying any one of the physical connection information of the devices on the network, and having a function of appropriately switching to any one of the displays by an operation of an operator. Network management system. 6. When switching the display of the management console, if the operator has previously selected a management object displayed on the management console, the corresponding management object is displayed in a state where the corresponding management object is selected in the display after the switching. 2. The network management system according to claim 1, wherein the network management system has a function of performing the operation. 7. The management manager includes: user information on a network, information of an organization to which the user belongs, configuration information of a plurality of logical networks having different protocols,
2. The network management system according to claim 1, wherein each of the physical connection information of the devices on the network has table information for associating the management objects with each other. 8. The method according to claim 1, wherein the reference and update processing for the user information or each network configuration information is automatically converted into a reference and update processing for setting contents of each device on the network. The described network management system. 9. The method according to claim 1, wherein the reference and update processing for the user information or each network configuration information is automatically converted into a reference and update processing for setting contents of each device on the network. The described network management system. 10. The network management system according to claim 1, wherein the logical network configuration information includes virtual network configuration information. 11. The network management system according to claim 1, wherein the user information and the organization information are managed as a hierarchical database by using a directory service. 12. Referring to and changing user information on the network and information on the organization to which the user belongs, referencing and changing configuration information of a plurality of logical networks having different protocols and setting information of devices on the network. A network management method characterized by automatic conversion to operation. 13. The user information on the network described above,
A network management method using table information for associating configuration information of a plurality of logical networks with different protocols and setting information of devices on the network with each other. 14. The network management method according to claim 12, wherein said logical network configuration information includes virtual network configuration information. 15. The network management method according to claim 12, wherein said user information is managed as a hierarchical database according to an organization form by a directory service. 16. A function of individually displaying the logical network configuration information or the user information, and a function of switching the display of each piece of information. When switching the display, the information is associated with each other by the table information. 13. The network management method according to claim 12, wherein an object to be managed is automatically selected and displayed. 17. A function of giving additional information for associating configuration information of a plurality of logical networks with different protocols to devices on the network, and referencing and updating the network configuration information. A network management system for automatically converting a setting into a process of referring to and updating settings of each device on the network. 18. The network management system according to claim 17, wherein said logical network configuration information includes virtual network configuration information. 19. A network which has a function of giving table information for associating user information on a network as an administrator of a device on the network, and performs a process of referring to and updating the user information by the user. A network management system characterized in that it is used as asset management information on a network by automatically converting it into a reference and update process for each of the above devices.