KR102584566B1 - Dynamic system for managing cloud assets - Google Patents

Abstract

The present invention classifies the asset information received from the API linkage unit and the agent into information on basic assets and information on variable assets for each member, and then uses the information on basic assets for each member to determine the status of basic assets for each member. and identify changes in basic assets by comparing the status of identified basic assets with the status of previously stored basic assets, classify information on variable assets by member, status of variable assets for each member, and current operating status of each variable asset. It relates to a dynamic cloud asset management system that identifies changes in variable assets by comparing the status of variable assets of a specific member identified with the status of previously stored variable assets.

Description

Dynamic system for managing cloud assets}

The present invention relates to a system that automatically manages cloud assets of a company or organization that change dynamically in a cloud computing environment.

Cloud computing is attracting attention from the perspective of companies, government agencies, and individuals because it allows them to secure IT resources quickly and as much as they want without any additional investment. Representative companies that currently provide cloud computing include Amazon, Microsoft, Google, and Oracle. Amazon uses AWS (Amazon Web Services), Google uses GCP (Google Cloud Platform), Microsoft uses Azure, and Oracle uses OCI (Oracle Cloud). It provides a cloud computing service called Infrastructure.

Taking Amazon's AWS as an example, the cloud computing network provided by these cloud operators is divided into a plurality of regions (10), as shown in Figure 1, and each of the plurality of regions (10) has a plurality of available Includes an Availability Zone (AZ) (20). And each of the plurality of available services 20 includes a plurality of VPCs (Virtual Private Clouds, 30), each of the plurality of VPCs 30 includes a plurality of subnets 40, and each of the plurality of subnets 40 includes a gateway, a network firewall, at least one virtual host 51 (i.e., a virtual server), and in some cases, at least one container 52.

In a cloud computing environment, a member of a cloud operator, that is, a company (company) or a national organization, creates and uses at least one VPC (30). To explain this with reference to FIG. 2, company A owns one VPC (30), company B owns two VPCs (30), and company C owns and operates three VPCs (30). Each company and organization owns and operates at least one VPC (30).

The VPC 30 owned by each company or organization varies in terms of the number of subnets constituting the VPC 30, the number of virtual hosts and containers included in each subnet, and the number and type of programs installed on the virtual hosts and containers. And at least one of the number of VPCs, number of subnets, number of virtual hosts, number of containers, and number and type of programs (software) installed on virtual hosts and containers is highly variable.

Hereinafter, virtual hosts, containers, programs installed in each virtual host, programs installed in each container, and programs that perform specific functions in connection with each virtual host and each container are referred to as asset elements, and asset elements are collectively referred to as cloud assets. .

Among the cloud asset elements, virtual hosts and containers can be easily created through auto scaling, and some of the cloud asset elements change depending on employees joining or leaving the company, moving departments, etc.

Accordingly, each company or organization is constantly checking the status of cloud assets, but the current status of cloud assets has been manually performed by workers, so it takes a lot of time and has poor management efficiency, including low accuracy. there is.

1. Domestic registered patent No. 10-1730474 (registration date, 2017.04.20)

The present invention provides a dynamic cloud asset management system that can monitor changes in cloud assets for each member and determine the current status.

Additionally, the present invention provides a dynamic cloud asset management system that monitors and manages illegal use of software and use of performance-degrading software.

A dynamic cloud asset system according to an embodiment of the present invention to solve the above problem includes an API linkage unit that performs API communication and receives information about the basic asset for each member from the cloud operator system; an agent linkage unit that communicates with agents installed in each virtual host and each container for each member to receive information about variable assets installed in each virtual host and container; an asset classification unit that classifies asset information received from the API linking unit and the agent into information on basic assets and information on variable assets for each member; A basic asset identification unit that determines the status of basic assets for each member using information on basic assets for each member received from the asset classification unit 103; A change monitoring unit that compares the basic asset status of a specific member received from the basic asset identification unit with the status of basic assets already stored for the specific member and determines changes in the basic asset; an agent management unit that connects to the newly added basic asset identified from the change monitoring unit and installs an agent; a variable asset identification unit that classifies information on variable assets received from the asset classification unit by member and determines the current status of variable assets for each member and the current operating status of each variable asset; A variable asset comparison unit that determines changes in variable assets by comparing the status of variable assets of a specific member identified in the variable asset identification unit with the status of previously stored variable assets; And a visualization processing unit that visualizes information received from the basic asset identification unit, the change monitoring unit, the variable asset identification unit, and the variable asset comparison unit, wherein the basic assets are a virtual host and a container, and the variable asset It may be a program installed in each virtual host, a program installed in each container, or a program that is connected to each virtual host and each container and performs a specific function.

The dynamic cloud asset management system according to an embodiment of the present invention receives the type of variable asset, the number of each type of variable asset, and the version of each variable asset from the variable asset identification unit, and the number of licenses for each type of previously stored variable asset and A violation monitoring unit is added that compares versions of each type of variable asset and monitors whether there are more variable assets than the number of previously stored licenses, whether there are variable assets with a lower version than the stored version, and whether there are variable assets that have not been updated with the latest security patch. It can be included.

The dynamic cloud asset management system according to an embodiment of the present invention further includes an operation monitoring unit that monitors whether each variable asset identified by the variable asset identification unit is currently active or inactive and provides the monitoring result to the visualization processing unit. can do.

The operation monitoring unit may monitor whether an inactive variable asset is in an inactive state for more than a set date, and if there is a variable asset in an inactive state for more than a set date, it may be provided to the visualization processing unit.

A dynamic cloud asset system according to another embodiment of the present invention to solve the above problem includes an API linkage unit that performs API communication to receive change events for basic assets for each member from the cloud operator system; an agent linkage unit that communicates with agents installed in each virtual host and each container for each member to receive change events for variable assets installed in each virtual host and container; an event confirmation unit that determines the type of event and changed asset elements included in the change event received from the API linkage unit and the agent; Identify the asset elements of the changed basic asset using the asset elements of the changed basic asset and the event type received through the event confirmation unit, and identify the subnet and VPC containing the asset elements of the changed basic asset. and a basic asset confirmation unit that reflects change information on asset elements of the changed basic asset in the status of the previously stored basic asset; Identifying the asset elements of the changed variable asset using the asset elements of the changed variable asset and the event type received through the event confirmation unit, and identifying the basic asset containing the asset element of the changed variable asset, , a variable asset confirmation unit that reflects change information on asset elements of the changed variable asset in the status of the previously stored variable asset; A visualization processing unit that visualizes information received from the event confirmation unit, the basic asset confirmation unit, the variable asset confirmation unit, and the variable asset comparison unit; And it may include an agent management unit that connects to the newly added basic asset identified from the basic asset confirmation unit and installs an agent.

The dynamic cloud asset system according to another embodiment of the present invention to solve the above problem includes a violation monitoring unit that compares the number of licenses for variable elements in which change events occur and displays a warning when more licenses are installed than the number of previously stored licenses. It can be included.

The violation monitoring unit may compare the basic version set for the variable element in which the change event occurred and display a warning if the version of the additionally installed application is lower than the basic version.

The dynamic cloud asset system according to another embodiment of the present invention to solve the above problem monitors whether each variable asset identified by the variable asset identification unit is currently active or inactive and provides the monitoring result to the visualization processing unit. It may further include a motion monitoring unit.

The operation monitoring unit may monitor whether an inactive variable asset is in an inactive state for more than a set date, and if there is a variable asset in an inactive state for more than a set date, it may be provided to the visualization processing unit.

The present invention facilitates cloud asset management by automatically monitoring changes in cloud assets for each member and visualizing and providing the monitoring results. In addition, the present invention enables appropriate use and updates of software by informing the user of illegal use of software and use of low-performance software through software asset management.

Figure 1 is a diagram showing a general AWS cloud computing network.
Figure 2 is a diagram showing the VPC holding status for each general company.
Figure 3 is a diagram showing the network environment of a dynamic cloud asset management system according to an embodiment of the present invention.
Figure 4 is a block diagram of a dynamic cloud asset management system according to the first embodiment of the present invention.
Figure 5 is an operation flowchart of the dynamic cloud asset management system according to the first embodiment of the present invention.
Figure 6 is a block diagram of a dynamic cloud asset management system according to a second embodiment of the present invention.
Figure 7 is a dashboard showing asset status according to an embodiment of the present invention.

Hereinafter, embodiments disclosed in the present specification will be described in detail with reference to the attached drawings. However, identical or similar components will be assigned the same reference numbers regardless of reference numerals, and duplicate descriptions thereof will be omitted. Additionally, in describing the embodiments disclosed in this specification, if it is determined that detailed descriptions of related known technologies may obscure the gist of the embodiments disclosed in this specification, the detailed descriptions will be omitted.

Terms containing ordinal numbers, such as first, second, etc., may be used to describe various components, but the components are not limited by the terms. The above terms are used only for the purpose of distinguishing one component from another.

Singular expressions include plural expressions unless the context clearly dictates otherwise.

In this application, each step described may be performed regardless of the listed order, except when it must be performed in the listed order due to a special causal relationship.

In this application, terms such as “comprise” or “have” are intended to designate the presence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, but are not intended to indicate the presence of one or more other features. It should be understood that this does not exclude in advance the possibility of the existence or addition of elements, numbers, steps, operations, components, parts, or combinations thereof.

Hereinafter, the present invention will be described with reference to the attached drawings.

Figure 3 is a diagram showing the network environment of a dynamic cloud asset management system according to an embodiment of the present invention. Referring to FIG. 3, the dynamic cloud asset management system 100 according to an embodiment of the present invention performs API (Application Programming Interface) communication with the cloud operator system 200, and a virtual host 51 and a container 52. Communicates with the agent 300 installed in . Here, the agent installed in the virtual host 51 and the agent installed in the container 52 have the same function and operation, so they are given the same reference numerals.

The cloud operator system 200 provides information on basic cloud assets for each member, that is, each account, provided by the cloud operator to the dynamic cloud asset management system 100 through API communication. At this time, information on basic cloud assets may be provided when the dynamic cloud asset management system 100 requests it, may be provided at a set cycle time, or may be provided when a change in the basic cloud assets occurs. Of course, the dynamic cloud asset management system 100 may request information about the basic cloud asset at a set cycle time or when an administrator's request event occurs.

Here, the basic cloud asset is a cloud asset managed by the cloud operator, which allows companies or organizations registered as members to create VPCs and subnets. For example, basic cloud assets are virtual hosts and containers created by the company or organization, and information about basic cloud assets includes information about virtual hosts, information about containers, information about the operating system (OS) of each virtual host, This includes CPU information and storage volume information for each virtual host.

Information about virtual hosts includes identification information of the VPC to which each virtual host belongs, identification information of the subnet to which each virtual host belongs, identification information of each virtual host (e.g. IP address, etc.), creation date of the virtual host, etc., and information about the container. The information includes identification information of the VPC to which each container belongs, identification information of the subnet to which each container belongs, identification information of each container (e.g. IP address, etc.), and creation date of each container. OS information includes the type, version, and installation date of the OS, and CPU information includes the type, version, and installation date of the CPU.

The agent 300 is installed by the dynamic cloud asset management system 100, identifies variable cloud assets for the virtual host or container on which it is installed, and matches the identification information of the virtual host or container to provide information about the variable cloud assets. Information is provided to the dynamic cloud asset management system 100. Additionally, the agent 300 provides information on whether the virtual host or container on which it is installed is active (i.e., whether it is operating) to the dynamic cloud asset management system 100.

Here, the variable cloud asset is a cloud asset installed in a virtual host or container by a person in charge of a company or organization and is not recognized by the cloud operator system 200. Variable cloud assets include, for example, programs installed in each virtual host, programs installed in each container, and programs that perform specific functions in connection with each virtual host and each container. Information on variable cloud assets includes the types of various applications installed for each virtual host, the types of various applications installed for each container, the number of each application, the version of each application, and whether or not each application is licensed. , whether each application is active, the installation date of each application, etc.

The dynamic cloud asset management system 100 receives information about basic cloud assets received through API communication and information about variable cloud assets received from each agent 300 to determine the status and current status of cloud assets for each member. etc., and visualize the results so that each member can easily understand them.

Hereinafter, ‘basic cloud assets’ are referred to as ‘basic assets’, and ‘variable cloud assets’ are referred to as ‘variable assets’.

Figure 4 is a block diagram of a dynamic cloud asset management system according to the first embodiment of the present invention. Referring to Figure 4, the dynamic cloud asset management system 100 according to the first embodiment of the present invention includes an API linking unit 101, an agent linking unit 102, an asset classification unit 103, and a basic asset identification unit ( 104), change monitoring unit (105), agent management unit (106), variable asset identification unit (107), variable asset comparison unit (108), violation monitoring unit (109), operation monitoring unit (110), visualization processing unit (111) ) and a display unit 112.

The API interconnection unit 101 performs API communication with the cloud operator system 200 to receive information about the basic assets for each member from the cloud operator system 200, and the agent interconnection unit 102 performs API communication for each member. It communicates with the agent 300 installed on the host and container to receive information about variable assets installed on each virtual host and container. The API interconnection unit 101 and the agent interconnection unit 102 may request cloud assets of a specific company or organization from the cloud operator system 200 and the agent 300 of the corresponding virtual host and corresponding container according to the instructions of the administrator. . At this time, the agent interconnection unit 102 identifies virtual hosts and containers owned by a specific company (or organization) and requests cloud assets from the agent installed on the virtual host and container of the specific company.

The asset classification unit 103 classifies the asset information received from the API linking unit 101 and each agent 300 into information about basic assets and information about variable assets for each member, and divides the information about basic assets into basic assets. It is provided to the identification unit 104, and information on variable assets is provided to the variable asset identification unit 107.

The basic asset identification unit 104 uses information on basic assets for each member received from the asset classification unit 103 to identify the basic asset status for each member, and provides the identified information to the visualization processing unit 111. The basic asset status is the number of virtual hosts and containers for each subnet of each VPC owned by a member, based on one member. In order to determine the basic asset status, the basic asset identification unit 104 identifies the relevant member (or account), identifies the VPC held by the relevant member, identifies the subnet for each identified VPC, and identifies each subnet included in each subnet. Identify virtual hosts and containers.

The change monitoring unit 105 compares the basic asset status of a specific company (or institution) received from the basic asset identification unit 104 with the basic asset status already stored corresponding to the company (or institution), and determines whether the virtual host or container Determine whether the network location, number, etc. have changed. The change monitoring unit 105 provides the visualization processing unit 111 with information on virtual hosts or containers whose locations or numbers have changed compared to the previously stored basic asset status and whose locations have changed or have been added or deleted to the relevant company (or It allows the person in charge of the organization to understand change information. And the change monitoring unit 105 provides information about the newly added (created) virtual host or container to the agent management unit 106.

When the agent management unit 106 receives information about a newly added virtual host or container, it connects to the received virtual host or container and installs the agent 300.

The variable asset identification unit 107 classifies the information on variable assets received from the asset classification unit 103 by member (i.e., by account) and determines the status of variable assets for each member and the current operating status of each variable asset. And the identified information is provided to the visualization processing unit 111. The variable asset status is information about the variable assets installed in the virtual host and container owned by the member.

The variable asset comparison unit 108 compares the variable asset status of a specific company (or institution) identified by the variable asset identification unit 107 with the previously stored variable asset status. The comparison at this time is performed for each virtual host and each container. For example, the variable asset comparison unit 10 compares the current variable asset status identified for the first virtual host with the variable asset status previously stored for the first virtual host. The variable asset comparison unit 108 identifies variable assets with changes through comparison of the current status of the variable assets, and provides the identified information to the visualization processing unit 111.

The violation monitoring unit 111 receives the type of variable asset, the number of each type of variable asset, and the version of each variable asset from the variable asset identification unit 107, and the number of licenses for each type of variable asset already stored (i.e., held). Compare versions of each type of variable asset and monitor whether there are more variable assets than the number of licenses already stored, whether there are variable assets with a lower version than the stored version, and whether there are variable assets that have not been updated with the latest security patch. The violation monitoring unit 111 provides this to the visualization processing unit 111 if there are more variable assets installed than the number of licenses, that is, applications, applications with a lower version, or applications that have not been updated with the latest security patch.

The operation monitoring unit 110 monitors whether each variable asset identified by the variable asset identification unit 107 is currently active or inactive and provides the monitoring result to the visualization processing unit 111. Additionally, the operation monitoring unit 110 monitors whether the variable asset in an inactive state is inactive for more than a set date, and if there is a variable asset in an inactive state for more than the set date, provides it to the visualization processing unit 111.

The visualization processing unit 111 includes a basic asset identification unit 104, a change monitoring unit 105, a variable asset identification unit 107, a variable asset comparison unit 108, a violation monitoring unit 109, and an operation monitoring unit 110. Information received from is visualized and provided to the display unit 112.

The display unit 112 displays the results processed by the visualization processing unit 111 on the screen. The processing results of the visualization processing unit 111 displayed through the display unit 112 are shown in FIG. 7 . Referring to FIG. 7, the visualization processing unit 111 classifies and visualizes cloud assets by operators such as AWS, AZURE, NCP, and NHN, and in the case of AWS, the virtual hosts and containers owned by the company (or organization) belong to them. The number of VPCs, number of regions, number of AZs, and number of subnets are displayed, and the number of virtual hosts, number of docker containers, etc. are visualized.

Figure 5 is an operation flowchart of the dynamic cloud asset management system according to the first embodiment of the present invention. Referring to FIG. 5, the system 100 collects cloud assets of each company and organization through the API linking unit 110 and the agent linking unit 120 (S501), and classifies the collected cloud assets into the asset classification unit 103. ) is used to classify by member (i.e., by each company and institution) (S502).

Meanwhile, as another example, the system 100 requests the basic assets of a specific member, such as Company A, from the cloud provider system 200 through the API interconnection unit 110, and requests the virtual host and container of Company A to the agent interconnection unit 120. By providing an IP address or access address for , the agent linkage unit 120 can request and obtain company A's variable assets from the agent 300 installed on company A's virtual host and container.

Returning again, the system 100 uses the asset classification unit 103 to classify the cloud assets classified by member into basic assets and variable assets (S503).

Information about the basic asset is analyzed by the basic asset identification unit 104, and accordingly, the system 100 identifies the subnet to which each virtual host belongs, identifies the VPC to which the subnet of the virtual host belongs, and determines whether each container is Identify the subnet to which the container belongs and identify the VPC to which the subnet of the container belongs. Through this, the basic asset identification unit 104 determines the number of VPCs held by the relevant member (corresponding account) and the number of subnets belonging to each VPC (S504). , Determine the number of virtual hosts and containers belonging to each subnet (S505).

The system 100 visualizes the number of virtual hosts and containers for each subnet identified in S505 as the current asset status and displays it on the screen (S509).

The system 100 compares the number of virtual hosts and containers for each subnet, which is determined by the current basic asset status through the change monitoring unit 105, with the previously stored number of virtual hosts and containers for each subnet (S506). , determine whether there is a change (S507). The S506 process can compare the identification information (or IP address) of the virtual host and container for each subnet with the previously stored identification information (or IP address) of the virtual host and container for each subnet.

If there is a subnet with changes in basic assets, the system 100 determines whether a virtual host or/and container has been added or deleted from the subnet (S508), and the identified change information is reflected in the current basic asset status and displayed on the screen. Make it displayed (S509).

Next, information on variable assets is analyzed by the variable asset identification unit 107, and each variable asset, that is, various applications, is classified by virtual host and container accordingly (S510).

The system 100 identifies the type of application for each virtual host and each container through the variable asset identification unit 107, determines the number of each type of application (S511), and visualizes this as the current variable asset status. Displayed on the screen (S509).

The system 100 compares the identified variable asset status with the previously stored variable asset status for each virtual host and container to determine whether there are any applications that have changed in the virtual host or container, and if there are any changes, that is, deleted or newly installed applications. This is displayed along with the current variable asset status.

The system 100 uses the violation monitoring unit 109 to identify applications that require a license among applications, compares the number of installed applications requiring a license with the number of licenses (S512), and calculates the number of installed applications. If the number of licenses is exceeded (S513), this is displayed as a “program installation violation” along with the current variable asset status (S516).

In addition, the system 100 compares the version for each type of currently installed application with the setting version for each set application through the violation monitoring unit 109 (S514), and determines whether there is an application set to a version lower than the setting version among the installed applications. In this case (S515), this is displayed as “program lower version” for the application of the corresponding virtual host or container along with the current variable asset status (S516).

Meanwhile, the system 100 uses the basic asset identification unit 104 to determine whether the corresponding virtual host is active or inactive by determining whether the OS of each virtual host is active or inactive among the information about the basic asset. It can be figured out. Alternatively, the system 100 uses the operation monitoring unit 110 to determine whether the application installed in each virtual host or container is active or inactive among the information on variable assets, thereby determining whether the virtual host or container is active or not. You can check if it is inactive.

Additionally, the system 100 can check whether each application has a security patch, check whether it has been updated to the latest security patch, visualize the results, and display them on the screen.

Figure 6 is a block diagram of a dynamic cloud asset management system according to a second embodiment of the present invention. Referring to Figure 6, the dynamic cloud asset management system 100a according to the second embodiment of the present invention includes an API linking unit 101, an agent linking unit 102, an event confirmation unit 103a, and a basic asset confirmation unit ( 105a), agent management unit 106, variable asset confirmation unit 108a, violation monitoring unit 109a, operation monitoring unit 110, visualization processing unit 111, and display unit 112.

In Figure 6, components that perform the same operation as the first embodiment of the present invention are given the same reference numerals as those of the first embodiment of the present invention. Accordingly, the description of the same configuration as the first embodiment of the present invention will be omitted below.

The API interconnection unit 101 performs API communication with the cloud operator system 200 and receives change events for basic assets from the cloud operator system 200, and the agent interconnection unit 102 monitors each virtual asset for each member. It communicates with the agents 300 installed on the host and container to receive change events for variable assets from each agent 300. Here, the change event includes information about asset elements and information about the type of event. Information about the type of event includes new installation (creation) of an asset, deletion of an asset, change of an asset, etc., and change of an asset is a change from an inactive state to an activated state and a change from an activated state to a deactivated state.

When the event confirmation unit 103a receives a change event from the API linking unit 101 and each agent 300, it determines the type of asset element and event included in the received change event. If the asset element is for a basic asset, the event confirmation unit 103a provides a change event to the basic asset comparison unit 105a, and if the type of the asset element is for a variable asset and the variable asset is newly installed or deleted, the variable asset is compared. A change event is provided to the unit 108a and the violation monitoring unit 109a, and if it is about a change in an asset, the change event is provided to the operation monitoring unit 110.

The basic asset confirmation unit 105a determines the basic asset status of each member that has been previously stored, and upon receiving the asset elements and event types of the changed basic asset through the event confirmation unit 103a, the asset elements of the changed basic asset are checked. Identify subnets and VPCs containing changed asset elements, and reflect the identified change information in the status of the underlying asset according to the event type. In other words, the basic asset confirmation unit 105a determines whether a virtual host or container has been added or deleted to the subnet of the VPC, reflects the changes in the identified basic asset to the previously stored basic asset status, and displays the reflected basic asset status in the visualization processing unit. Provided at (111). And when the type of event is a new addition of a basic asset, the basic asset confirmation unit 105a provides information about the newly (newly) added basic asset to the agent management unit 106.

The variable asset confirmation unit 108a determines the status of the variable assets for each member that has been previously stored, and when the asset element and event type of the changed variable asset are received through the event confirmation unit 103a, the asset element of the changed variable asset is Identify the virtual host or container to which it belongs, identify variable elements, that is, the type of application, and determine whether the application has been added or deleted. In addition, the variable asset confirmation unit 108a reflects changes in the identified variable assets to the previously stored variable asset status and provides the reflected variable asset status to the visualization processing unit 111.

When a change event is received through the event confirmation unit 103a, the violation monitoring unit 109a analyzes the change event to determine the type of application in which the change event occurred and whether the application has been added or deleted, and determines whether the application has been added or deleted. In this case, the total number of currently installed applications of that type is compared with the number of licenses for the application already stored, and if more than the number of licenses already stored is installed, a "Program Installation Violation" warning is displayed for the program.

In addition, the violation monitoring unit 109a compares the version of the additionally installed application with the basic version set for the corresponding type of application and displays a warning saying “lower version installed” if the version of the additionally installed application is lower than the basic version. Do.

The technical features disclosed in each embodiment of the present invention are not limited to the corresponding embodiment, and unless they are incompatible with each other, the technical features disclosed in each embodiment may be combined and applied to other embodiments.

Therefore, in each embodiment, each technical feature is mainly explained, but unless the technical features are incompatible with each other, they can be applied in combination with each other.

The present invention is not limited to the above-described embodiments and the accompanying drawings, and various modifications and variations will be possible from the perspective of those skilled in the art to which the present invention pertains. Therefore, the scope of the present invention should be determined not only by the claims of this specification but also by equivalents to these claims.

10: Region 20: Availability Zone (AZ)
30: VPC 40: Subnet
51: virtual host 52: container
100: Dynamic Cloud Asset Management System
200: Cloud operator system 300: Agent
101: API linking part 102: Agent linking part
103: Asset classification unit 104: Basic asset identification unit
105: Change monitoring unit 106: Agent management unit
107: Variable asset identification unit 108: Variable asset comparison unit
109, 109a: violation monitoring unit 110: operation monitoring unit
111: visualization processing unit 112: display unit
103a: Event confirmation unit 105a: Basic asset confirmation unit
108a: Variable asset confirmation unit

Claims (9)

An API linkage unit that performs API communication and receives information about basic assets for each member from the cloud operator system;
an agent linkage unit that communicates with agents installed in each virtual host and each container for each member to receive information about variable assets installed in each virtual host and container;
an asset classification unit that classifies asset information received from the API linking unit and the agent into information on basic assets and information on variable assets for each member;
A basic asset identification unit that determines the status of each member's basic assets using information on each member's basic assets received from the asset classification unit;
a change monitoring unit that compares the basic asset status of a specific member received from the basic asset identification unit with the status of basic assets already stored for the specific member and determines changes in the basic asset;
an agent management unit that connects to the newly added basic asset identified from the change monitoring unit and installs the agent interlocking unit;
a variable asset identification unit that classifies information on variable assets received from the asset classification unit by member and determines the current status of variable assets for each member and the current operating status of each variable asset;
A variable asset comparison unit that determines changes in variable assets by comparing the status of variable assets of a specific member identified in the variable asset identification unit with the status of previously stored variable assets;
A visualization processing unit that visualizes information received from the basic asset identification unit, the change monitoring unit, the variable asset identification unit, and the variable asset comparison unit; and
Receives the type of variable asset, the number of each type of variable asset, and the version of each variable asset from the variable asset identification unit, compares the number of licenses for each type of variable asset already stored and the version for each type of variable asset, and calculates the number of licenses already stored. It includes a violation monitoring unit that monitors whether there are more variable assets, whether there are variable assets with a lower version than the saved version, and whether there are variable assets that have not been updated with the latest security patch.
The violation monitoring unit compares the basic version set for the variable element in which the change event occurred and displays a warning if the version of the additionally installed application is lower than the basic version,
The above basic asset is a cloud asset managed by a cloud provider, which allows companies or organizations registered as members to create VPCs and subnets, and provides information about virtual hosts and containers created by the company or organization. Contains,
The information about the virtual hosts includes identification information of the VPC to which each virtual host belongs, identification information of the subnet to which each virtual host belongs, identification information of each virtual host, and the creation date of the virtual host,
The information about the containers includes identification information of the VPC to which each container belongs, identification information of the subnet to which each container belongs, identification information of each container, and creation date of each container,
The variable assets include programs installed in each virtual host, programs installed in each container, and programs that are connected to each virtual host and each container to perform specific functions,
A dynamic cloud asset management system further comprising an operation monitoring unit that monitors whether each variable asset identified by the variable asset identification unit is currently active or inactive and provides a monitoring result to the visualization processing unit. delete delete According to claim 1,
The operation monitoring unit monitors whether an inactive variable asset is inactive for more than a set date, and if there is a variable asset in an inactive state for more than a set date, provides it to the visualization processing unit. A dynamic cloud asset management system. An API linkage unit that performs API communication and receives change events for basic assets for each member from the cloud provider system;
an agent linkage unit that communicates with agents installed in each virtual host and each container for each member to receive change events for variable assets installed in each virtual host and container;
an event confirmation unit that determines the type of event and changed asset elements included in the change event received from the API linkage unit and the agent;
Identify the asset elements of the changed basic asset using the asset elements of the changed basic asset and the event type received through the event confirmation unit, and identify the subnet and VPC containing the asset elements of the changed basic asset. and a basic asset confirmation unit that reflects change information on asset elements of the changed basic asset in the status of the previously stored basic asset;
Identifying the asset elements of the changed variable asset using the asset elements of the changed variable asset and the event type received through the event confirmation unit, and identifying the basic asset containing the asset element of the changed variable asset, , a variable asset confirmation unit that reflects change information on asset elements of the changed variable asset in the status of the previously stored variable asset;
A visualization processing unit that visualizes information received from the event confirmation unit, the basic asset confirmation unit, and the variable asset confirmation unit;
an agent management unit that connects to the newly added basic asset identified from the basic asset confirmation unit and installs an agent; and
It includes a violation monitoring unit that compares the number of licenses for variable elements in which a change event occurred and displays a warning if more licenses are installed than the number of pre-stored licenses,
The violation monitoring unit compares the default version set for the variable element in which the change event occurred and displays a warning if the version of the additionally installed application is lower than the default version,
The above basic asset is a cloud asset managed by a cloud provider, which allows companies or organizations registered as members to create VPCs and subnets, and provides information about virtual hosts and containers created by the company or organization. Contains,
The information about the virtual hosts includes identification information of the VPC to which each virtual host belongs, identification information of the subnet to which each virtual host belongs, identification information of each virtual host, and the creation date of the virtual host,
The information about the containers includes identification information of the VPC to which each container belongs, identification information of the subnet to which each container belongs, identification information of each container, and creation date of each container,
The variable assets include programs installed in each virtual host, programs installed in each container, and programs that are connected to each virtual host and each container and perform specific functions,
A dynamic cloud asset management system further comprising an operation monitoring unit that monitors whether each variable asset identified by the variable asset confirmation unit is currently active or inactive and provides a monitoring result to the visualization processing unit. delete delete delete According to clause 5,
The operation monitoring unit monitors whether an inactive variable asset is inactive for more than a set date, and if there is a variable asset in an inactive state for more than a set date, provides it to the visualization processing unit. A dynamic cloud asset management system.