KR20190007635A - Method for allocating resource in network system, and network system implementing the same - Google Patents

Abstract

According to the present invention, a method for allocating a resource in a network system including a service providing server for providing a service to a terminal accessed to a network and a manager agent for allocating a resource of the service providing server to a terminal so as to enable service provision, comprises: a step in which the manager agent distinguishes whether a terminal to be accessed is a normal access terminal or an abnormal access terminal; a step in which if the terminal is a normal access terminal, the manager agent predicts traffic of the service providing server and allocates resource to the normal access terminal; a step in which if the service providing server cannot allocate a resource to a normal access terminal, the manager agent sets a corresponding terminal as a standby terminal so as to wait; and a step in which when the service providing server becomes able to allocate a resource, the manager agent activates the standby terminal and allocates a resource to the standby terminal. According to the present invention, there is an effect that the connection environment of the user is significantly improved by limiting or dynamically managing resources such as a network and a server in a cloud environment or a physical environment.

Description

[0001] METHOD FOR ALLOCATING RESOURCES IN NETWORK SYSTEM AND NETWORK SYSTEM [0002]

The present invention relates to a resource allocation method in a network system, and more particularly, to allocating resources evenly in order to stably operate a resource including a connection section, an input / output (IO) load and the like on a network And a method of waiting for an abnormal repeated connection process of the access terminal through a loop back process and releasing loopback when resources of the network system are available and actively allocating resources.

As the information society has developed in recent years, cloud services using high-speed data transmission and mass storage are being actively performed.

In general, cloud computing is a use environment that can perform a desired task remotely from various terminals such as a PC and a mobile phone by storing a program or a material on a large computer that can access the Internet.

Cloud computing makes it easy for users to lease storage, network, platform, and computer resources using distributed processing and virtualization technologies, enabling users to work from anywhere with a device with Internet access and computing capabilities. A cloud is a collection of computers to provide services. In other words, cloud computing means that a large number of PCs or servers form a single set of large cloud shapes.

Cloud computing is a computing service that utilizes Internet technology to provide high-level scalable IT resources to a large number of customers. In a cloud computing environment, users connect to a large set of computers through Internet-connected terminals and use the required IT resources such as application, storage, OS, and security as much as they need at a desired point in time. do.

Cloud computing can easily lease storage, network, platform and computing resources using distributed processing and virtualization technologies. Cloud computing is a well-managed, highly scalable, abstracted set of computing infrastructures that can accommodate a variety of applications. This concept is a combination of utility computing, software as a service (SaaS), and grid computing.

In the server and network cost and management, the cloud computing environment is becoming more common considering efficiency. However, even in the case of cloud computing, there are physical constraints on resources, and it may not be cost-effective or manageable to allocate additional resources in the event or special congestion situation compared with normal traffic.

There is a problem that limited resources such as an application server, a web server, a video server, and a DB server can not be expanded in advance in case of short-term traffic increase even when the server is operated through a physical server rather than a cloud computing environment.

In order to solve such a problem, there is a technology and a system for a limited traffic control method for managing a queue, but there is a problem in that a normal access terminal and an abnormal access terminal (for example, DDos, malicious repeated access) Therefore, when the allocation request is concentrated in the control equipment and the software, there arises a problem that it can not be handled, and there is also a problem that the access to the normal terminal is interrupted.

Korean Patent No. 10-1531834

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and it is an object of the present invention to provide a method and apparatus for predicting traffic in a network environment of a limited resource and allocating the same to terminals, And a method of allocating a resource in a network system such as blocking the network.

The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

In order to achieve the above object, there is provided a network system including a service providing server for providing services to a terminal connected to a network of the present invention, and a manager agent for allocating resources of the service providing server to a terminal and managing the service providing server Wherein the manager agent identifies a normal access terminal or an abnormal access terminal with respect to a terminal to which the manager agent intends to connect; if the terminal is a normal access terminal, the manager agent predicts traffic of the service providing server Allocating a resource to a normal access terminal; if the resource can not be allocated to a normal access terminal in the service providing server, the manager agent sets the terminal as a standby terminal and waits; What you can do When, the manager agent comprising the step of allocating resources by re-activating the air terminal.

The manager agent verifies the connection section and the agent information of the terminal to be connected, generates a pair key if the agent is a normal agent, And establishes a trusted section.

The manager agent adds the waiting terminal to the queue list according to the order, and when the manager agent is in a state capable of allocating resources in the service providing server, Resources can be allocated by activating a standby terminal according to the order recorded in the list.

The manager agent transmits an authentication script to the abnormal access terminal by transmitting a loop back script to the corresponding terminal in case of an abnormal access terminal, and the manager agent transmits the loopback script to the abnormal access terminal through the authentication script, , The manager agent may cancel the connection blocking and register the terminal in the waiting list.

In the step of setting and waiting for the standby terminal, the manager agent can provide a standby screen for displaying the information including the expected standby time and the order number to the standby terminal.

Based on data including average usage time, amount of traffic, number of sections, load processing time, and the amount of resources set by the user in the connection section, machine learning can calculate the expected wait time .

The network system of the present invention includes a service providing server that provides services to terminals connected to a network, and a manager agent that allocates resources of the service providing server to terminals and manages the services so that services can be provided.

The manager agent distinguishes between a normal access terminal and an abnormal access terminal for a terminal to be accessed. If the access agent is a normal access terminal, the manager agent predicts traffic of the service providing server and assigns the resource to the normal access terminal. If the provision server can not allocate the resource to the normal access terminal, the terminal is set as a standby terminal and is queued. If the provision server can allocate the resource, the standby terminal is activated again to allocate the resource do.

The manager agent verifies the connection section and the agent information of the terminal to be connected, authenticates the normal access terminal by generating a pair key if the agent is a normal agent, and forms a trusted section with the connection request terminal have.

The manager agent adds the waiting terminal to the waiting queue list according to the order of the numbers, and when the manager agent becomes able to allocate resources in the service providing server, the manager agent activates the waiting terminal according to the order recorded in the waiting queue list To allocate resources.

In case of an abnormal access terminal, the manager agent sends a loopback script to the terminal to block the connection, transmits the authentication script to the abnormal access terminal, and if the abnormal access terminal succeeds in authentication through the authentication script, And registers the terminal in the waiting list.

The manager agent can provide a standby screen to the standby terminal in which information including the expected standby time and the order number is displayed.

Based on data including average usage time, amount of traffic, number of sections, load processing time, and the amount of resources set by the user in the connection section, machine learning can calculate the expected wait time .

According to the present invention, there is an effect that the connection environment of the user is significantly improved by limiting or dynamically managing resource resources such as a network and a server in a cloud environment or a physical environment.

In addition, according to the present invention, it is possible to provide a variety of service environments by allowing a software-based traffic control distribution, which enables a large-capacity service or a limited control service temporarily, regardless of hardware resources.

In addition, by real-time monitoring of traffic volume, load level, and speed of perception between server and user without load application, it is possible to improve service status and quality from the user's point of view regardless of the state of service resource .

1 is a network conceptual diagram according to an embodiment of the present invention.
2 is a diagram illustrating a schematic service flow when a user connects to a server according to an embodiment of the present invention.
3 is a flowchart illustrating a terminal authentication process according to an embodiment of the present invention.
4 is a diagram for explaining a service access procedure of a terminal in which a loopback client is operating according to an embodiment of the present invention.
5 is a diagram for explaining a connection method for two types of networks of a terminal operating a loopback client according to an embodiment of the present invention.
FIG. 6 is a diagram for explaining a process of connecting a terminal shown in FIG. 5 to a private network according to an embodiment of the present invention.
FIG. 7 is a view for explaining a process of transferring section information from a PC to a mobile according to an embodiment of the present invention.
8 is a conceptual diagram for explaining the availability measurement process according to an embodiment of the present invention.
FIG. 9 illustrates a process of synchronizing a cloud queue with a system queue according to an embodiment of the present invention. Referring to FIG.
10 is a diagram illustrating a queue management configuration according to an embodiment of the present invention.
11 is a diagram illustrating user connected client session measurement information according to an embodiment of the present invention.
FIG. 12 is a diagram showing connection service server change amount measurement information according to an embodiment of the present invention.
13 is a chart illustrating statistical recording according to prediction data according to an embodiment of the present invention.

There is provided a resource allocation method in a network system including a service providing server for providing a service to a terminal connected to a network of the present invention and a manager agent for allocating resources of the service providing server to a terminal so as to be able to provide a service, , The manager agent distinguishing whether it is a normal access terminal or an abnormal access terminal with respect to a terminal to be connected; if the terminal is a normal access terminal, the manager agent predicts traffic of the service providing server and allocates resources to the normal access terminal The method comprising the steps of: if the service providing server can not allocate a resource to a normal access terminal, the manager agent sets a corresponding terminal as a standby terminal and waits; and when the service providing server becomes able to allocate resources, The manager agent And activating the standby terminal to allocate resources.

The manager agent verifies the connection section and the agent information of the terminal to be connected, generates a pair key if the agent is a normal agent, And establishes a trusted section.

The manager agent adds the waiting terminal to the queue list according to the order, and when the manager agent is in a state capable of allocating resources in the service providing server, Resources can be allocated by activating a standby terminal according to the order recorded in the list.

The manager agent transmits an authentication script to the abnormal access terminal by transmitting a loop back script to the corresponding terminal in case of an abnormal access terminal, and the manager agent transmits the loopback script to the abnormal access terminal through the authentication script, , The manager agent may cancel the connection blocking and register the terminal in the waiting list.

In the step of setting and waiting for the standby terminal, the manager agent can provide a standby screen for displaying the information including the expected standby time and the order number to the standby terminal.

Based on data including average usage time, amount of traffic, number of sections, load processing time, and the amount of resources set by the user in the connection section, machine learning can calculate the expected wait time .

The network system of the present invention includes a service providing server that provides services to terminals connected to a network, and a manager agent that allocates resources of the service providing server to terminals and manages the services so that services can be provided.

The manager agent distinguishes between a normal access terminal and an abnormal access terminal for a terminal to be accessed. If the access agent is a normal access terminal, the manager agent predicts traffic of the service providing server and assigns the resource to the normal access terminal. If the provision server can not allocate the resource to the normal access terminal, the terminal is set as a standby terminal and is queued. If the provision server can allocate the resource, the standby terminal is activated again to allocate the resource do.

The manager agent verifies the connection section and the agent information of the terminal to be connected, authenticates the normal access terminal by generating a pair key if the agent is a normal agent, and forms a trusted section with the connection request terminal have.

The manager agent adds the waiting terminal to the waiting queue list according to the order of the numbers, and when the manager agent becomes able to allocate resources in the service providing server, the manager agent activates the waiting terminal according to the order recorded in the waiting queue list To allocate resources.

In case of an abnormal access terminal, the manager agent sends a loopback script to the terminal to block the connection, transmits the authentication script to the abnormal access terminal, and if the abnormal access terminal succeeds in authentication through the authentication script, And registers the terminal in the waiting list.

The manager agent can provide a standby screen to the standby terminal in which information including the expected standby time and the order number is displayed.

Based on data including average usage time, amount of traffic, number of sections, load processing time, and the amount of resources set by the user in the connection section, machine learning can calculate the expected wait time .

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted in an ideal or overly formal sense unless expressly defined in the present application Do not.

In the following description of the present invention with reference to the accompanying drawings, the same components are denoted by the same reference numerals regardless of the reference numerals, and redundant explanations thereof will be omitted. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail.

Hereinafter, a cloud system in which a cloud computing environment is constructed will be described as an example of the present invention.

1 is a network conceptual diagram according to an embodiment of the present invention.

In the embodiment of FIG. 1, there are four types of request terminals for traffic control and distribution.

As shown in FIG. 1, the terminal # 1 is a terminal capable of directly accessing the currently predicted traffic and the set value, and the terminal # 2 and the terminal # 3 are waiting terminals included in the queue and waiting for the order. The terminal # 4 is an automatic access terminal attempting continuous connection by an automatic connection program or the like, and the terminal # 5 is a terminal by a DDos attack agent such as a malicious code. It is to be understood that such a terminal configuration is illustrated for convenience of description and may be implemented in various terminal types and numbers according to an embodiment.

In step S101, the manager agent 10 directly accesses the terminal # 1, and when the corresponding section is connected to the cloud system 100, information such as traffic, section number, system load, And increments the control count by one (S102). When it is determined that the account has reached a predetermined value or a threshold value of the load of the cloud system 100, the queue of the manager agent 10 and the list of the cloud queue 100 of the next access terminal, .

In the case of terminals # 2 and # 3 which are standby terminals, they are added to the queue list 20 according to the order. Then, the idle screen set in the cloud system 100 is transmitted to the terminals # 2 and # 3, or the time, order and service URL to wait in accordance with the service cloud 190 are transmitted to the terminals # 2 and # 3, (S103).

1, the cloud system 100 that performs the above-described series of processes includes an application programming interface (API) virtual machine 170, a cloud virtual machine 180, The components including the virtual machine 190 are logically included.

If temporary traffic is distributed according to the setting of the user, for example, when the threshold value of the server or the service is 100, in order to prevent the threshold value from exceeding the threshold value, the component of the cloud system 100 108) is temporarily copied and configures the cloud virtual machine VM # 2, thereby becoming in a standby state with respect to resources exceeding the threshold value.

In this process, the control method of the agent (Agent) can be updated from time to time by the control 107 of the API virtual machine of the management system of the user server.

There is an advantage of enabling multiple events in the server in case of temporary dispersion over the traffic control, and in the case of exceeding the threshold, processing in the cloud system.

In the case of the terminal # 4 and the terminal # 5 which are abnormal access terminals, it is detected by the web script attack detection engine built in the manager agent 10 or by the firewall engine for DDos detection that can be provided by the cloud system 100 It detects this and transmits a loopback script to the terminal, which is primarily blocked to prevent further connections.

In addition, when the manager agent 10 operates such a defense engine, when it is difficult to detect due to a limitation of a resource or a network traffic limit, the manager agent 10 may control the defense engine by using an API linked with the cloud system 100 Defensive process is performed.

In the case of the terminal # 4, since it is impossible to exclude the possibility of error detection for the repeated connection of the user rather than the automatic connection system, an authentication script such as CAPTCHA is performed in order to check that the connection is not made by the bot , If the authentication is successful through the authentication script, the bot defense is canceled and the normal response is confirmed and registered in the queue list 20 as normal.

2 is a diagram illustrating a schematic service flow when a user connects to a server according to an embodiment of the present invention. FIG. 2 shows the flow control of a service when a user accesses a web server or a network server, which is a service server.

Referring to FIG. 2, when a user accesses a service through a terminal (S201), the cloud system 100 transmits a self response screen to the terminal, Information including the waiting sequence number and the waiting time is displayed on the terminal screen of the user side (S202).

Then, when the resource becomes available, the server actively connects to the user terminal to notify that it has been turned on (Active pushing) (S203), terminates the idle screen, and connects to the service server to provide the service (S204).

In the present invention, in order to distinguish a normal terminal, an abnormal terminal, and a terminal requesting information continuously, a pair key is generated by authenticating the terminal when a web browser is accessed, and a pair of a service server such as a web server and a unique access terminal We propose a structure for authentication.

3 is a flowchart illustrating a terminal authentication process according to an embodiment of the present invention.

As shown in FIG. 3, when the client web browser of the terminal attempts to access the URL (S300), the manager agent 10 transmits the agent information and the connection address of the user requesting the connection section verification, If the request is an unbound request from the agent or the requested information, the request is duplicated and sent back to the browser without generating further sections (S301). For example, a commonly used Internet Explorer agent includes the following information in the header.

(a) Mozilla / 4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident / 4.0; IPMS / (b) A640400A-14D460801A1-000000426571; TCO_20110131100426; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; Tablet PC 2.0)

This header format differs for each browser, and generally includes a connection OS, browser engine information, version (a), etc., and includes a single ID (b) of the generated agent. And compares it with the registered browser agent information 307 to request the token binding information 310 (S302).

When the bound information arrives (S303), the virtual agent compares the modulated information and blocks the virtual agent, and then requests the user re-authentication.

In the case of a normal agent, a pair key is generated (S304), and the token is bound to form a trusted section. The generated pair key is then used as a single key that is recognized as a single terminal and a section for repeated access, re-connection, and re-authentication of the attached terminal.

Then, the manager agent 10 transmits information including the authentication key to the web browser (S305). At this time, SAML, JSON, XML, or the like is used as the transmission format of the authentication information to be used, and is transmitted according to the analysis engine of the web browser.

In step S306, the authenticated terminal performs a loopback wait process according to the status of the queue in step S306. The authenticated terminal uses the service in step S306.

4 is a diagram for explaining a service access procedure of a terminal in which a loopback client is operating according to an embodiment of the present invention.

FIG. 4 illustrates a process for allowing a user terminal registered in a queue to access the service. Referring to FIG. 4, a process for making a service connection to a terminal operating a loopback client after an initial connection request is described .

Referring to FIG. 4, when a terminal requests a connection to a desired service 408 through a connection request (S400), the manager agent 10 transmits a response page or a response script to the terminal (S401). This response script includes script client information including an authentication section number that indicates that the connection was immediately allowed, a sequence number by calculation of the queue section manager 403, and a waiting time.

The loopback client 402 waits locally based on the transmitted script protocol even if the user tries to make a further connection based on the waiting time requested by the loopback client 402 in an offline manner. The locally installed loop back client 402 automatically updates the waiting time and the connection order number for the user browser based on the requested order number and waiting time of the authenticated terminal without any further connection.

In step S409, if the setting is changed through the process of monitoring resources in step S406 or a section is changed and the corresponding terminal can be connected to the service server, the standby section manager synchronized with the cloud is notified of availability.

Then, the cloud system 100 rearranges the order based on the order of the cloud queue information, transmits the changed order number and the waiting time through the active pushing (S404) process to the loop back client 402 Change the script wait time to display.

After the active pushing (S404), the cloud system 100 performs service pushing to notify the loop back client 402 of the service start.

In this process, a user loopback terminal may access a public network capable of active access, or may be connected to a private network, which is a controlled network, or a network having a firewall.

5 is a diagram for explaining a connection method for two types of networks of a terminal operating a loopback client according to an embodiment of the present invention.

Referring to FIG. 5, in the case of the terminal 480 connected to the open network, the terminal 480 can be directly connected by the exchanged keys in the opened form. However, in the case of the terminal 470 connected to the private network, Type connection is impossible. Accordingly, in the present invention, an address translation technique for an active connection, such as NAT (Network Address Translation) or NAPT (Network Address and Port Translation) (470) is divided into a single service, and a method of allowing service access when available is used.

FIG. 6 is a diagram for explaining a process of connecting a terminal shown in FIG. 5 to a private network according to an embodiment of the present invention.

FIG. 6 shows a process of accessing information stored in a token in a server and changing a header to a client in an active connection notification at the server in order to authenticate a terminal included in the private network in FIG. 5 as a unique terminal have.

As shown in FIG. 6, it is assumed that the client has an internal address 192.168.0.2 allocated internally, and an address 200.1.1.1 is disclosed when connecting to an agent and a web server to provide the service. In this case, all terminals belonging to the private network are connected to the address 200.1.1.1 in the case of not an active connection, and there is irrationality that they should be distinguished only by header information of a client such as a browser.

In order to solve this problem, a connection client transmits an address including an internal address and a port in header information (S601). Unlike the public network, the public client uses public and public point information for token generation (S602). In this process, the agent server or the web server providing the service can know the destination address through the payload of the received packet and change the packet information so that the client A in the internal network can receive the packet through the generated connection do.

Then, the client receives the binding information included in the network header and the browser agent, and the binding information includes the internal port number and the external port number. This information is stored in the loopback client script. Therefore, if the server is in the sequence of a queue and needs to connect to the client, the NAT will send all the IPs and ports of the connected connection section directly to the corresponding terminal. In this process, only the IP port of the specific server can be transmitted for security, and this process depends on the value set in the filtering process.

A user who wishes to use such a service may use a single terminal or may own a terminal. However, in many cases, two terminals such as a PC and a mobile terminal are used at the same time. In this process, a tokenized user section It is necessary to transfer them to a plurality of terminals or notify them by active connection. Therefore, the present invention proposes a method of allowing transfer of user terminal information to another terminal after the first connection.

FIG. 7 is a view for explaining a process of transferring section information from a PC to a mobile according to an embodiment of the present invention.

7 is a diagram for explaining a processing procedure when a user requests to transfer section information from a PC (first terminal) to a mobile (second terminal).

Referring to FIG. 7, the user receives the authentication section key at the time of initial connection (S701, S702).

If the user wishes to transfer to the mobile station while maintaining the order of the connection, the mobile station requests the substitution of the other mobile terminal by clicking on the idle screen (S703). In step S704, the manager agent 10 transmits the unique generated QR code or the associated password key code to the user screen in the connection section. In the embodiment of the present invention, the QR code and the password are exemplified as a method for authentication, but the present invention is not limited to this, and covers all methods of transferring while maintaining section information.

When the mobile terminal (second terminal) captures a QR code or inputs a password (S705), the manager agent 10 authenticates it, installs a loopback client in the mobile terminal as a connected terminal, and replaces the queue information (S706). In step S707, the mobile terminal (second terminal) is notified of the sequence number by the connected time and sequence information. It is the same as the above-mentioned process that the mobile is connected after the turn.

The manager agent 10 regularly monitors the web server, the DB server and the network resource device connected thereto in order to determine whether to allow and wait for the user connection. The monitored data predicts whether the next connection is allowed to exceed the resource limit or how much the load will change. Of course, irrespective of the predicted value thus determined, if the user sets the limit, the priority permits resource allocation up to the user defined range.

Generally, a guide setting value for setting a resource allocation amount by a user is displayed according to a predefined value for each system capacity in the present invention. Conversely, data values obtained during system operation are recorded as a real time load change amount and a new connection is made , It is used as predictive training data.

Currently, this resource monitoring method mainly measures the system, network, and application load according to the number of connections that are not reflected in the measurement index of the user terminal (request, response time, number of requests and loss rate, However, in the present invention, a method of predicting the amount of change according to each session is used in order to restrict or expand a resource according to the performance of a user's position.

11 is a diagram illustrating user connected client session measurement information according to an embodiment of the present invention.

In FIG. 11, the user access client session information is measured at the time of connection between the user terminal and the server, and the measurement is made at the time of the first connection, and the change is measured by updating each time of the request.

11 is a basic item for a value for measuring individual user information through a user terminal agent, and additionally, information that an agent can acquire can be added.

FIG. 12 is a diagram showing connection service server change amount measurement information according to an embodiment of the present invention.

Upon each connected individual session connection, the manager agent communicates with the web server and the web application server to obtain the amount of information change in Fig. This change amount is stored and monitored in real time, and measurement data of FIG. 11 is linked to enable a new connection load prediction.

8 is a conceptual diagram for explaining the availability measurement process according to an embodiment of the present invention.

FIG. 8 shows a case where a session is created with the measurement information of FIG. 11 (S801), and the session change value is recorded in the memory of each of the current measured value and the latest measured value (S802) The predicted variation is compared with the total predicted value extracted from the predicted-calculated data by comparing with the measurement index (S803).

Even if a new session is created, the amount of change in the session is not necessarily increased, but may be reduced. This is because, if the system has a certain amount of load, the cache system or the method of writing the job data at a time can be taken. In this case, the session conversion value has a negative value, but the present invention treats it as an absolute value.

Therefore, in the present invention, only the variation according to the session connection is measured. That is, the absolute value of the number of Session # 1 / the number of T1-Session # 2 / T2 is the change amount mapping data according to time. Here, T1 and T2 represent the time during which each session is held.

If the difference is the same as the actual change amount and the predicted value, the training set mapped with% and N is generated and used for the next prediction (S804).

In the next prediction, the% of the actually measured data value and the number N are substituted, the statistical data is firstly extracted based on the time series analysis, and the new statistical data is compared with the previous recorded statistical data to write a new predictive value.

Figure 13 is an example of this statistical record. 13 is a chart illustrating statistical recording according to prediction data according to an embodiment of the present invention.

FIG. 9 illustrates a process of synchronizing a cloud queue with a system queue according to an embodiment of the present invention. Referring to FIG.

The embodiment of FIG. 9 is a description of a method of sequentially arranging a series of sequence numbers through a process of synchronizing the cloud queue and each system.

As shown in FIG. 9, assume that there are servers A and B that can be connected. In this case, the order of connection for each system is from A-1 to A-N and B1 to B-N, respectively.

When Server A and Server B are operated, the resource and network quota and connection tolerance of each can be changed according to the system state. In addition, it is also possible that a specific terminal may be repeatedly connected or the connection time may be the same in each server. Therefore, the cloud queue manager rearranges them in order, notifies the loop back client, and then controls the order arrangement in the corresponding management agent queue. In other words, regardless of the system's serialized state, it means that the cloud queue is controlled and relocated again. Of course, if there is only one system, the cloud queues and system queues are the same. In FIG. 9, when the server A-1 is connected for the first time (901), it puts it into the first queue, and relays the order and number of times, such as 902 and 903, to the cloud queue regardless of the connected server by calculating the time and the authentication response time.

If the waiting client # 5 registered in the queue becomes offline (904) that can not respond after connection, it is notified to the listed server A of the corresponding connection and deleted from the queue (905) (903)

In order to predict the waiting time and actively allow the client to access the client, it is necessary to reduce the resource usage on the server and the client and to allocate the optimized resource based on the time predicted by the patterns such as the usage amount, have.

10 is a diagram illustrating a queue management configuration according to an embodiment of the present invention. FIG. 10 shows an overall configuration for predicting a resource required to issue a ticket to allow a client to connect.

Referring to FIG. 10, in step S900, the resource CPU of the service system, the setting and load of the application, the load of the connection section, and the like are continuously monitored through continuous communication with the network and the web server.

When a user requests a connection, the service system configures a set of IP addresses (address: port) of the connection system, and in response to this connection, a process or thread ID value is generated in the system server. By using the generated value as a key, the variation according to each connection can be individually measured.

Then, TEST and a predicted data set are generated (S901) in order to deduce the predicted time based on the change amount, the statistical usage time of the user, and the amount of traffic and record the actually processed data in the training set (S901) The statistics inference system of the running provides information to the local queue (S902).

If there is a change in the usage time and load of the actual user, the actual result value in the queue is notified (S903), and the method is repeatedly recorded in the training set to continuously increase the accuracy. If an error is found in the process, the queue information 910 is updated again, and the synchronization is synchronized with the user terminal (S902), and the actual access resource is managed in the process of notifying the update based on the synchronized contents (S904) do.

The load on the user terminal and the amount of load on the system are not exactly the same. When there is a measurement script connected to the user terminal, the system can reflect the measurement data of the terminal together and assign a weight value to the load (CPU, memory, etc.) of the system. On the contrary, when the load measured by the user terminal is small and the load of the server is high, it can be determined that the performance of the terminal is good. When a terminal of the same specification is connected, the weight of the terminal of the same session is higher than that of terminals of other sessions, thereby reducing the resource allocation amount. If there is no measurement script, the weight value is applied based on specification value (browser, OS, etc.) without measurement.

In Fig. 10, the values of measurement are divided into a user terminal, an application (a process, etc.), a system (a CPU, a memory, a network, etc.) and are reflected in a queue arrangement. In S903 notification, these balance values are transmitted separately.

Although the actual process of the present invention has been described above, the scope of modification and improvement of the queuing method by loopback at the time of connection, the method of predicting queues and order, and the connection method of the network section are included in the scope of right .

While the present invention has been described with reference to several preferred embodiments, these embodiments are illustrative and not restrictive. It will be understood by those skilled in the art that various changes and modifications may be made therein without departing from the spirit of the invention and the scope of the appended claims.

100 cloud system
10 manager agent

Claims (12)

A resource allocation method in a network system including a service providing server for providing a service to a terminal connected to a network and a manager agent for allocating resources of the service providing server to a terminal to manage the service providing server,
The manager agent distinguishing whether the terminal is a normal access terminal or an abnormal access terminal;
When the manager agent is a normal access terminal, allocating resources to the normal access terminal by predicting the traffic of the service providing server;
If the resource can not be allocated to the normal access terminal in the service providing server, the manager agent sets the corresponding terminal as a standby terminal and waits; And
And when the resource is allocated to the service providing server, the manager agent activates the standby terminal to allocate the resource.
The method according to claim 1,
In the step of distinguishing the normal access terminal or the abnormal access terminal,
The manager agent verifies the connection section and the agent information of the terminal to be connected, generates a pair key if the agent is a normal agent, and authenticates that the terminal is a normal access terminal by forming a trusted section with the connection request terminal And allocating resources in the network system.
The method according to claim 1,
In the step of setting and waiting for the standby terminal,
The manager agent adds the waiting terminal to the queue list according to the order,
Wherein the manager agent activates a standby terminal according to an order recorded in the queue list and allocates resources when the resource is allocated in the service providing server.
The method of claim 3,
In case of an abnormal access terminal, the manager agent transmits a loop back script to the corresponding terminal to block the connection;
The manager agent transmitting an authentication script to an abnormal access terminal; And
Further comprising the step of, if the abnormal access terminal succeeds in authentication through the authentication script, releasing the connection blocking and registering the corresponding terminal in the waiting list. .
The method of claim 3,
In the step of setting and waiting for the standby terminal,
Wherein the manager agent provides a standby screen to the standby terminal in which information including an expected waiting time and an order number is displayed.
The method of claim 5,
It calculates the expected waiting time through machine learning based on data including average usage time, amount of traffic, number of sections, load processing time, and limit amount of resource set by the user in connection section And allocating resources in the network system.
A service providing server for providing a service to a terminal connected to a network; And
And a manager agent configured to allocate a resource of the service providing server to a terminal to manage the service providing server,
The manager agent identifies a normal access terminal or an abnormal access terminal with respect to a terminal to be accessed. If the access terminal is a normal access terminal, the manager agent predicts traffic of the service providing server and allocates resources to the normal access terminal. If the resource can not be allocated to the normal access terminal, the terminal is set as a standby terminal and is queued. When the service provision server can allocate the resource, the standby terminal is activated again to allocate the resource Characterized by a network system.
The method of claim 7,
The manager agent verifies the connection section and the agent information of the terminal to be connected, generates a pair key if the agent is a normal agent, and authenticates that the terminal is a normal access terminal by forming a trusted section with the connection request terminal Characterized by a network system.
The method of claim 7,
The manager agent adds the waiting terminal to the waiting queue list according to the order of the numbers, and when the manager agent becomes able to allocate resources in the service providing server, the manager agent activates the waiting terminal according to the order recorded in the waiting queue list And allocates resources to the network system.
The method of claim 9,
In case of an abnormal access terminal, the manager agent sends a loopback script to the terminal to block the connection, transmits the authentication script to the abnormal access terminal, and if the abnormal access terminal succeeds in authentication through the authentication script, And registers the terminal in the queue list.
The method of claim 8,
Wherein the manager agent provides a standby screen to the standby terminal in which information including an expected waiting time and an order number is displayed.
The method of claim 11,
It calculates the expected waiting time through machine learning based on data including average usage time, amount of traffic, number of sections, load processing time, and limit amount of resource set by the user in connection section .

Images