WO2013084305A1 - Virtualization multi-system configuration control method and computer system - Google Patents

Virtualization multi-system configuration control method and computer system Download PDF

Info

Publication number
WO2013084305A1
WO2013084305A1 PCT/JP2011/078218 JP2011078218W WO2013084305A1 WO 2013084305 A1 WO2013084305 A1 WO 2013084305A1 JP 2011078218 W JP2011078218 W JP 2011078218W WO 2013084305 A1 WO2013084305 A1 WO 2013084305A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual
master
information
control unit
virtual machine
Prior art date
Application number
PCT/JP2011/078218
Other languages
French (fr)
Japanese (ja)
Inventor
成昊 金
貴広 池田
崇博 大平
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to PCT/JP2011/078218 priority Critical patent/WO2013084305A1/en
Publication of WO2013084305A1 publication Critical patent/WO2013084305A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2023Failover techniques
    • G06F11/2028Failover techniques eliminating a faulty processor or activating a spare
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/461Saving or restoring of program or task context
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1479Generic software techniques for error detection or fault masking
    • G06F11/1482Generic software techniques for error detection or fault masking by means of middleware or OS functionality
    • G06F11/1484Generic software techniques for error detection or fault masking by means of middleware or OS functionality involving virtual machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2035Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant without idle spare hardware

Definitions

  • the present invention relates to a virtualized multisystem configuration control method and a computer system, and in particular, an output from a virtual machine in a virtual multisystem configuration computer system that performs multisystem configuration control between virtual machines constructed on a physical computer.
  • the present invention relates to processing and system switching control.
  • Server virtualization technology has the advantage of reducing operating costs, computer installation location, power consumption, etc. by executing multiple virtual machines on one physical computer and reducing the number of physical computers. Has been. Recently, in order to ensure the same reliability as the system operated by the physical computer, the multiplexing system configuration of the virtual computer that is controlled and operated by each physical computer as well as the multiplexing of the physical computer that provides the virtual environment Is also required.
  • Patent Document 1 discloses a cluster configuration having a system switching method using hot standby and cold standby in a server virtualization environment in which a large number of guest OSs exist.
  • a cluster system is disclosed that realizes a suitable cluster configuration by selecting a system switching method that satisfies the high availability requirement for specifying the performance of the system and switching the system switching method.
  • the multi-system configuration control in the virtual environment described in Patent Document 1 has a master-slave relationship between virtual machines, and the virtual machine determines whether to output control information based on its own state. For this reason, when a fault occurs in a certain virtual machine and the master / slave system is switched, it takes time for the virtual machine that was the slave to take over the calculation process, and the output of control information during that time is lost. is there.
  • An object of the present invention is to provide a virtualized multisystem configuration control method and a computer system that prevent loss of control information when performing system switching of virtual machines in the multisystem configuration control of a virtual machine.
  • a host OS and a plurality of physical computers having one or a plurality of virtual computers constructed on the host OS are connected via an interface, and the virtual computer Is a virtual multiplex system configuration control method in a computer system that can input and output from a commonly connected external device,
  • a multi-system controller that can set a master-slave relationship between paired virtual computers belonging to different physical computers and change the master-slave relationship is installed.
  • the multi-system control unit of one transfers the packet to and from the other multi-system control unit, monitors the life / death state of the virtual machine in the physical computer of the partner in the master-slave relationship, and The management information indicating the life / death status of the virtual machines in the master-slave relationship is updated according to the result of the above, and the packet is transmitted to the other multi-system control unit according to the monitoring result.
  • the multi-system control unit 1 transfers the input information received from the external device to the virtual machine having a master-slave relationship, and obtains output information that is a result processed by the virtual computer having a master-slave relationship And a virtual multiplex system configuration control method for transferring output information from the primary or secondary virtual machine to the external device.
  • a host OS and a plurality of physical computers having one or more virtual machines constructed on the host OS are connected via an interface and belong to different physical computers.
  • a master-slave relationship is set for a virtual machine, and the virtual machine is a computer system that can input and output from a commonly connected external device,
  • a multiplex system control unit capable of setting a master-slave relationship between paired virtual computers belonging to different physical computers and changing the master-slave relationship.
  • the system control unit can transmit a packet to communicate management information and control information with each other, and the multiplex system control unit First management means for managing the master-slave relationship of the virtual machine and information on the life and death of the virtual machine in correspondence with the virtual machine; Input information received from the external device, second management means for managing output information output to the external device as a result of processing in the virtual machine having a master-slave relationship corresponding to the input information;
  • the packet is transferred to and from the other multi-system control unit to monitor the life / death status of the virtual machine in the physical computer of the partner in the master-slave relationship, and the master-slave relationship in accordance with the monitoring result Update the contents of the first management means indicating the life or death status of the virtual machines, and change the master-slave relationship between the virtual machines by sending packets to the other multi-system controller according to the monitoring results.
  • First control means for controlling so as to The input information received from the external device is transferred to the virtual machine in a master-slave relationship, and output information that is a result processed by the virtual computer in a master-slave relationship is acquired and stored in the second management unit And a second control unit that controls the output information from the primary or secondary virtual machine to be transferred to the external device.
  • the plurality of multi-system controllers are a VM state management table that manages master / slave relationships of the virtual machines in a paired relationship, and information on the life / death state of the virtual machines, Input information received from the external device, a control information management table for managing output information that is a result of processing in the virtual machine having a master-slave relationship corresponding to the input information, corresponding to the virtual machine,
  • the multi-system control unit stores the output information obtained from the virtual machine that has transferred the input information in the control information management table, and has a master-slave relationship stored in the VM state management table. With reference to the life / death information of the virtual machine, it is decided to transfer the output information stored in the control information management table to the external device.
  • the multiplex system control unit refers to the control information management table and controls output information necessary for the next output processing from a processing result at the time of the failure.
  • the multi-system control unit that manages the primary virtual machine manages the secondary virtual machine.
  • the packet is transferred to the other multi-system control unit to notify the failure, and one multi-system control unit and the other multi-system control unit switch the master-slave relationship of the pair of virtual machines.
  • the multiplex system control unit of one updates the state of the virtual machine in which the failure has occurred, and transmits the status information of the virtual machine in which the failure has occurred and the final output information at the time of the failure to the other multiplex units.
  • Sent to the system controller The other multiplex system control unit updates the status information of the virtual machine in the VM status management table, and refers to the control information management table to input information necessary for the next output processing of the final output information, Transfer to the virtual machine in the master-slave relationship with the virtual machine in which the failure has occurred, and further switch the master-slave relationship.
  • the other multi-system control unit outputs the output information stored in the control information management table, which is output information from the virtual machine, whose master-slave relationship has been switched, to the external device.
  • the multi-system control unit when it receives output information from a virtual machine within a predetermined cycle time, it refers to the VM state management table and outputs the master-slave of the virtual machine. Determine the state, As a result of the determination, in the case of the main system, the output information obtained from the virtual machine is stored in the control information management table, and then the output information stored in the control information management table is transferred to the external device.
  • input information from the external device is controlled to be input to the multiple system control unit of the physical computer in which the virtual computer of the main system exists, and the master system and the slave system
  • the multiplex system control unit in the physical computer in which the virtual computer exists is configured to transmit and receive the acquired input information and a synchronization packet transferred between the multiplex system control unit including the master and slave virtual computers.
  • the multiplex system control unit of 1 confirms whether the virtual computer that is the transfer source of the packet is a primary system or a slave system based on the synchronization packet transferred and received from the other multiplex system control unit, As a result of the confirmation, in the case of the main system, waiting for the reception of the synchronization packet transferred from the other multi-system control unit, As a result of the confirmation, in the case of the slave, the acquired input information is stored in the input information synchronization management table, and the information in the synchronous transmission state is stored in the input information synchronization management table, indicating that the reception is completed. The synchronization packet is transferred to the other multiplex system control unit as the transmission source.
  • system switching between virtual machines is not performed by a virtual machine as in the prior art, but by a multi-system control unit (for example, a multi-system output control infrastructure program) provided on a host OS of a physical computer. Since the control information is output and the system switching process is performed from the virtual machine, the overhead of the system switching process can be reduced. In addition, it is possible to control the output of control information while preventing loss of control information when a failure occurs. In addition, since the multi-system output control infrastructure program is aware of the multi-system configuration form and manages whether or not the control information of the virtual machine is output, the virtual machine can perform multi-configuration control without being aware of the multi-system configuration form.
  • a multi-system control unit for example, a multi-system output control infrastructure program
  • FIG. 1 is an overall configuration diagram of a computer system for virtual multiplex system control in one embodiment.
  • FIG. FIG. 3 is a diagram illustrating a configuration of a VM state management table in the first embodiment.
  • FIG. 3 is a diagram illustrating a configuration of a control information management table in the first embodiment.
  • FIG. 3 is a diagram showing a format configuration of a packet for communication between computer nodes in the first embodiment.
  • FIG. 3 is a diagram illustrating an outline of a virtual communication I / F according to the first embodiment.
  • 1 is a flowchart of overall processing of a virtualized multiplex system according to Embodiment 1.
  • FIG. FIG. 6 is a process flowchart of the input information management program according to the first embodiment.
  • FIG. 6 is a process flowchart of an output information management program according to the first embodiment.
  • FIG. 6 is a process flowchart of a subordinate information management program according to the first embodiment.
  • FIG. 6 is a flowchart of control information verification / addition processing S904 in the first embodiment.
  • FIG. FIG. 6 is a process flowchart of the VM-HOST life and death monitoring program according to the first embodiment.
  • FIG. FIG. 3 is a VM state update communication format diagram according to the first embodiment.
  • FIG. 10 is a process flowchart of a VM state update program according to the first embodiment.
  • FIG. 6 is an overall configuration diagram of a virtual environment multiple control computer system according to a second embodiment.
  • FIG. 10 is an overall configuration diagram of an input information synchronization management table in Embodiment 2. The block diagram of the communication format between computer nodes for input synchronization in Example 2.
  • FIG. FIG. 10 is a process flowchart of an input information management program according to the second embodiment.
  • FIG. 10 is a process flowchart diagram of an input synchronization management program according to the second embodiment. The figure which shows the schematic comparison of the virtual multiplex system structure control of this invention and a prior art.
  • FIG. 1 shows an overall configuration diagram of a computer system for virtual multiplex system configuration control according to an embodiment of the present invention.
  • This computer system is configured by connecting a terminal 9 to the virtualization multiplex system 1 via an external network 802.
  • the virtual multiplex system 1 includes a plurality of computer nodes 100 (computer nodes 100-A and 100-B in the illustrated example) and an internal network 801 that connects these computer nodes.
  • the computer node 100-A and the computer node 100-B (which are collectively expressed as 100) have the same configuration. Detailed illustration of the configuration contents of the computer node 100-B is omitted.
  • the computer node 100 includes a memory 101, a processor 102, a storage device 103, an external communication interface (I / F) 104, and an inter-node communication I / F 105 as physical computers.
  • the memory 101 includes a host operating system (OS) 400, a multi-system output control program 300, and one or a plurality of virtual machines (VM) 200-A to 200-C constructed on the host OS 400 (collectively, 200). In the host OS 400, a virtualization program 401 and a device control program 402 are held.
  • Each VM 200 of the computer node 100-A has a virtual communication I / F 213 that communicates with the application (AP) 211, the guest OS 212, and the multi-system output control program 300.
  • Each VM 201 of the computer node 100-B has the same configuration.
  • the VM 200 is a virtual execution environment created by the virtualization program 401 in which a unique program or operating system can operate.
  • programs and operating systems that operate in different VMs 200 may be the same or different.
  • programs and operating systems operating in different VMs 200 do not directly affect each other.
  • Each VM 200 has a unique identifier within the virtualized multiplexing system 1. For example, the VM 200-A in FIG.
  • the AP 211 processes the request from the terminal 9.
  • the guest OS 212 controls the AP 211 within the VM 200 environment and transmits the processing result of the AP 211 to the virtual communication IF 213.
  • the virtual communication IF 213 receives the processing result of the AP 211 from the guest OS 212 and outputs it to the multi-system output control infrastructure program 300.
  • the VM 200 in the computer node 100-A and the VM 201 in the computer node 100-B constitute a multiplex system.
  • the VM 200-A and the VM 201-A form a multiplex configuration
  • the VM 200-B and the VM 201-B form a multiplex configuration.
  • which VM is the primary system and which is the secondary system depends on the management of the VM state management table. This will be described later with reference to FIG.
  • the terminal 9 and the computer node 100 are connected via an external network 802. Further, the computer node 100-A and the computer node 100-B in the virtual multisystem 1 are connected via an internal network 801.
  • the external network 802 is connected to the external communication I / F 104, and the internal network 801 is connected to the inter-node communication I / F 105.
  • the terminal 9 transmits a request to the virtual multiplex system 1 via the external network 802, and the virtual multiplex system 1 returns a result of processing the request to the terminal 9.
  • the request transmitted from the terminal 9 is received by the computer node 100-A and the computer node 100-B, and the same processing is performed in the VMs constituting the multiplex system in both computer nodes.
  • correct processing data is returned to the terminal 9 from the VM 200 (eg, VM 200-A) of one computer node (eg, the primary node 100-A).
  • the storage device 103 of the computer node 100 stores a host OS 400, a multiplex system output control program (including programs and various table information) 300, an AP 211 that configures the VM 200, a guest OS 212, and a virtual communication I / F 213.
  • the processor 102 expands and executes the configuration of the host OS 400, the multiplex system output control program 300, and the VM 200 from the storage device 103 to the memory 101, and further processes an interrupt from the external communication I / F 104 or the inter-node communication I / F 105. .
  • the external communication I / F 104 transmits / receives data to / from the terminal 9 through the external network 802.
  • the inter-node communication I / F 105 transmits / receives data to / from another computer node 100 through the internal network 801.
  • the virtualization program 401 is a program for creating and managing the VM 200
  • the device control program 402 is a program for accessing devices such as the external communication I / F 104, the inter-node communication I / F 105, and the storage device 103.
  • the host OS 400 uses the virtualization program 401 and the device control program 402 to control the execution of the multi-system output program 300 and the VM 200, and controls access to the external communication I / F 104, the inter-node communication I / F 105, and the storage device 103. Do.
  • the multi-system output control infrastructure program 300 exchanges control information with the multi-system output control infrastructure program 300 ′ operating in the other computer node 100 -B, so that the VM 200 and the VM 201 in the virtual multi-system 1 are exchanged.
  • the master-slave relationship between the control information and the control information is controlled.
  • the multi-system output control infrastructure program 300 includes a VM state management table 301, a control information management table 302, an input information management program 303, an output information management program 304, a subordinate information management program 305, a HOST- It consists of a HOST life / death monitoring program 306, a VM-HOST life / death monitoring program 307, and a VM status update program 308.
  • the execution processes of the management tables 301 and 302 and the various programs 303 to 308 included in the multiplex system output control infrastructure program 300 will be described later with reference to FIGS.
  • the multi-system output control infrastructure program 300 operating in the computer node 100-A having the primary virtual computer determines the state of the VM 200 and updates the contents of the VM state management table 301 and the control information management table 302.
  • an instruction to switch the master / slave relationship of the VM is sent to the multi-system output control infrastructure program 300 ′ operating in the other computer node 100-B. This is performed to switch the VM master-slave relationship and update the VM life / death state.
  • the multi-system output control base program 300 ′ operating in the computer node 100-B having the subordinate virtual computer updates the control information management table 302 ′, and switches between the main / slave from the multi-system output control base program 300 ′. And the VM state management table 301 ′ is rewritten.
  • FIG. (A) shows virtual multiplex system configuration control according to the prior art.
  • management of a master-slave relationship of multiple systems and monitoring of VM life and death are performed on VM1 and VM3.
  • Output control of information to the terminal is performed by, for example, middleware on the VM.
  • the VM1 side on the host OS 400 side is the primary system
  • the VM3 side on the host OS 400 ′ side is the secondary system.
  • the VM3 on the secondary host OS 400 ′ side periodically sends a health check request (REQ) to the primary VM1 and receives a health check response (ACK) from the VM1 to monitor life and death. Yes. If a failure occurs in the primary VM 1 at time T0, the VM 1 processing is stopped, while the VM 3 switches itself from the secondary to the primary. Similarly, VM1 switches itself from the main system to the subordinate system. According to this prior art, VM1 and VM3 perform VM life / death monitoring and output control, and therefore T11, T12, T21, T22, and T2 are required. Overhead. For this reason, the time for outputting the result (output information) processed by the main VM 1 to the terminal is delayed, and the output information may be lost when the system is switched.
  • REQ health check request
  • ACK health check response
  • FIG. (B) shows virtual multiplex system configuration control according to the present invention.
  • multi-system master / slave management is performed under the control of the multi-system output control infrastructure program of the host OS 400, 400 ′, and output control to the terminal is performed under the control of the host OS.
  • the host OS 400, 400 ′ multi-system output control infrastructure program continuously monitors the life and death of the VM 1 and VM 3 formed in the host OS 400, and further exchanges health checks between the host OSs. In this case, if a failure occurs in the primary VM 1 at time T 0, the multi-system output control infrastructure program of the host OS 400 stops the processing of the VM 1 and switches itself from the primary system to the secondary system.
  • the multiplex system output control infrastructure program of the slave host OS 400 ′ switches itself from the slave system to the master system. According to this, since all the processing is performed between the host OSs, the overhead can be reduced, and the VM does not need to be involved in the multiple configuration control. Therefore, the host OS can easily form a multiplexed system configuration of VMs. . In order to perform this virtual multiplex system configuration control, various programs and tables in the multiplex system output control infrastructure program 300 function effectively. Details will be described below.
  • FIG. 2 shows the configuration of the VM state management table 301.
  • the VM state management table 301 manages state information regarding life / death states and master-slave relationships of all VMs created in the computer nodes 100-A and 100-B.
  • a similar VM state management table is also held in the multi-system output control infrastructure program 300 '(not shown).
  • the VM state management table holds different state information for each computer node.
  • the VM state management table 301 of the computer node 100-A holds the state information of a plurality of VMs such as the VMs 100-A and 100-B.
  • the VM state management table of the computer node 100-B holds state information of the VMs 201-A, 201-B and the like.
  • the VM identifier 311 stores information for uniquely identifying the VM 200 within the computer node 100-A.
  • the host computer node identifier 312 stores identification information of the computer node 100-A in which the VM 200 is created.
  • the master / slave state flag 313 stores information for identifying the master / slave of the VM 200.
  • the paired VM identifier 314 stores an identifier that uniquely identifies the VM 201 of the partner (ie, in the computer node 100-B) in the VM master-slave relationship of the VM identifier 311.
  • the paired host computer node identifier 315 stores the identification information of the computer node 100-B in which the paired VM identifier 314 is created.
  • the paired VM life / death state flag 316 stores information on the life / death state of the paired VM. “1” indicates life and “0” indicates death.
  • FIG. 3 shows the configuration of the control information management table 302.
  • the control information management table 302 manages control information input to and output from the VM, and is prepared for each VM 200-A, 200-B, and the like. For example, when the computer node 100-A has two VMs 200, two control information management tables 302 are prepared. Similarly, this management table is prepared for each VM in the computer node 100-B.
  • the VM identifier 321 stores information for identifying the VM in the computer node 100.
  • the sequence number 322 stores information for identifying control information.
  • the input information 323 stores input information received from the terminal 9.
  • the period time 324 stores the time required for the VM periodic task.
  • the output information 325 stores control information output from the VM 200.
  • the output time 326 stores the time (date and time) when the VM 200 outputs the control information.
  • This control information management table can be used to prevent loss of control information output from each VM and to correct a deviation in calculation results (output control information) between VMs in a master-slave relationship. That is, VM1 and VM3 are in a master-slave relationship, and the same input information is input to the control information management table for managing both, so basically the control information managed by both is the same. However, the cycle time may be disturbed due to a failure or an interrupt, and the output information corresponding to the input information may not be output within the predicted time. In this case, by monitoring the control information management tables of each other and checking whether or not output information is output and its output time, it is confirmed that control information output from each VM is missing, and there is a master-slave relationship. Differences in calculation results between VMs can be confirmed.
  • FIG. 4 shows a format structure of a packet for communication between computer nodes.
  • the format of the packet 40 for communication between computer nodes is a format of communication data transmitted / received between the multiple system output control infrastructure programs 300 and 300 ′ of the different computer nodes 100-A and 100-B. Is used for the transmission of the master and the switching of the master-slave.
  • the computer node identifier 401 stores an identifier that identifies the destination computer node 100
  • the VM identifier 402 stores an identifier that identifies the destination VM.
  • the sequence number 403 and the output information 404 respectively store the sequence number 321 of the control information management table 302 and the output information in the latest row.
  • the output information 404 may be empty. This is because if the output information 404 is present, the transmission is a communication for transmission of the main system output information, and if there is no output information 404, it is determined that the communication is a communication for switching between the master and the slave.
  • FIG. 14 shows a format structure of a packet for VM state update communication.
  • the VM state update communication packet 70 is communication data transmitted / received between the multiplex system output control infrastructure programs of different computer nodes 100-A and 100-B, and updates the paired VM life / death state flag in the VM state management table 301. Used to do.
  • the computer node identifier 701 stores an identifier that identifies the destination computer node 100
  • the VM identifier 702 stores an identifier that identifies the destination VM.
  • the life / death state 703 stores the state of the VM to be updated. When the VM is alive, “1” is stored, and when the VM is dead, “0” is stored.
  • FIG. 5 shows an outline of processing of the virtual communication I / F 213.
  • the virtual communication I / F 213 is an interface that connects between the multiplex output control infrastructure program 300 and the VM.
  • the input information 322 stored in the control information management table 302 is received.
  • the received input information is processed by the application 211 on the VM 200, and the control information 500 is generated as a result of the processing.
  • the virtual communication I / F 213 receives the control information 500 and outputs it to the multi-system output control infrastructure program 300.
  • the control information 500 is stored in the output information 325 of the control information management table 302. Note that the virtual notification interface of other VMs performs the same operation.
  • FIG. 6 shows a flowchart of the overall processing of the virtual multiplex system 1.
  • the overall processing of the virtualized multisystem 1 includes the start processing of the multisystem output control infrastructure program 300, the input information management program 303, the output information management program 304, the subordinate information management program 305, the VM-HOST life / death monitoring program 306, This is performed by executing each program of the HOST-HOST life / death monitoring program 307.
  • the host OS 400 and the processor 102 load the multi-system output control infrastructure program 300 and the VM 200 initially stored in the storage device 103, expand them in the memory 101 of the computer node 100, and process the multi-system control infrastructure program 300. To start.
  • the multi-system output control infrastructure program 300 reads the VM state management table 301 and the control information management table 302 stored in the storage device 103 into the memory 101 (S601), and activates each VM 200 ( S602).
  • the multiplex system output control infrastructure program 300 activates each VM 200 and then activates each program 303 to 307 (S603). The processing operation of each program will be described below.
  • FIG. 7 shows a processing flowchart of the input information management program 303.
  • the multiplex system output control infrastructure program 300 starts up each VM 200 and starts up the input information management program 303.
  • the input information management program 303 stands by until input information is received from the terminal 9 (S701).
  • S702 When the input information is acquired (S702), a new sequence number is added to the sequence number 322 of the control information management table 302 (S703), and the input information output from the terminal 9 is added to the added row of the sequence number. It is stored in the input information 323 (S704).
  • FIG. 8 is a processing flowchart of the output information management program 304.
  • the multiplex system output control infrastructure program 300 starts up each VM 200 and starts up the output information management program 304.
  • the output information management program 304 acquires the period processing time of each VM and stores it in the period time 324 of the control information management table 302 (S800).
  • the cycle time can be determined from an external input by overwriting the acquired cycle time of the cycle time 324.
  • the control information management table 302 is searched, and the input information 323 is selected in sequence order for the input information 323 that exists but the output information 325 does not exist, and is transferred to each VM 200 by multicast (S801). After the input information is transferred, the next input information is similarly transferred to the VM 200 after waiting for the cycle time 324.
  • the host OS can synchronize the VMs. That is, the difference in output information between the master and slave systems can be suppressed to one at maximum.
  • the master / slave state of the output VM 200 is determined with reference to the master / slave flag 313 of the VM state management table 301. (S803).
  • the output information received from the VM is written to the output information 325 of the control information management table 302 (S804), and the time when the output information is received is written to the output time 326 (S805).
  • a packet 40 is generated in order to output the calculation result of the main system (S806).
  • the packet 40 is generated by storing an identifier and information in each field of the packet. That is, as shown in FIG. 4, the paired host computer node identifier 315 in the VM state management table 301 is stored in the computer node identifier 401 of the packet 40, and the paired VM identifier 314 is stored in the VM identifier 402. Further, the sequence number 322 of the added control information management table 302 is stored in the sequence number 403, and the output information 325 is stored in the output information 404 (S806).
  • the packet is transmitted to another multiplex system output control infrastructure program 300 ′ (S807). Thereafter, the added output information 325 is output to the external communication I / F 104 (S808).
  • the result of S803 is a subordinate system, in order to maintain consistency with the data received from the main system, it is checked whether output information has already been written in the output information 325 of the control information management table 302 (S810). As a result, when it is written in the output information 325 (the result of S810 is “Yes”), the output information 325 is compared with the output information received from the VM (S811). If they match as a result of the comparison (the result of S811 is “match”), nothing is done. On the other hand, if they do not match as a result of the comparison (the result of S811 is “mismatch”), the VM is not consistent, and fail-safe processing is executed (S812). In the fail-safe process, the VM may be stopped, or may be reset and participate in the master-slave relationship again.
  • FIG. 9 is a process flowchart of the subordinate information management program 305.
  • the multi-system output control infrastructure program 300 starts up each VM 200 and starts up the sub system information management program 305.
  • the secondary information management program 305 receives the packet 40 transmitted from the multi-system output control infrastructure program 300 ′ (S 901), the secondary information management program 305 acquires the output information 404 from the packet (S 902). Then, it is determined whether data is stored in the output information 404 (S903). As a result of the determination, when data is stored in the output information 404 (the result of S903 is “Yes”), the control information of the result calculated in the main system has been received. (S904) (This process will be described in detail with reference to FIG. 10).
  • FIG. 10 is a flowchart showing details of the control information verification / addition processing S904.
  • the sequence number 402 stored in the received packet 40 is acquired (S1001), the same sequence number as that number is searched from the control information management table 302, and it is checked whether the output information 325 is stored in that row.
  • the slave calculation is more advanced than the master system.
  • the output information 325 and the received output information 404 are compared and matched (the result of S1003 is “match”), and the process ends without further processing. (S1004).
  • the comparison result does not match (the result of S1003 is “mismatch”), the consistency of the output result of the slave is not satisfied, and therefore fail-safe processing S1005 such as retry processing is performed.
  • FIG. 11 is a flowchart showing details of the master-slave switching process S905.
  • This process is a process for switching the primary system and the secondary system and outputting the calculation result of the secondary system because a failure has occurred in the primary system.
  • a sequence number 403 (assumed to be n) is acquired from the received packet 40 (S1101).
  • the control information management table 302 is searched to check whether the output information 325 is stored in the row having the same sequence number 322 as the received sequence number 403 (S1102). As a result, when the output information 325 is stored in the row of the same sequence number 322 (the result of S1102 is “Yes”), the stored control information is transmitted to the external communication I / F 104 (S1103).
  • the result of S1102 is “none”.
  • the master-slave update flag in the VM state management table is updated to “M” (S1107), and the process ends (S1108).
  • FIG. 12 is a process flowchart of the VM-HOST life and death monitoring program.
  • each VM 200 is started and the VM-HOST life / death monitoring program 306 is started.
  • the VM life / death monitoring packet is transmitted to each VM 200 (S1201), and it is confirmed whether there is a response to the “life monitoring” within the life / death monitoring time (S1202).
  • the VM life / death monitoring packet has a destination VM identifier and a command code for confirmation of life / death.
  • the confirmation if there is a response related to “life / death monitoring” within the life / death monitoring time (the result of S1202 is “Yes”), nothing is done and life / death monitoring is continued.
  • the master / slave flag 313 of the VM state management table 301 is referred to and the state of the master / slave of the VM 200 not responding is determined.
  • the pair's VM life / death state flag 316 of the VM state management table 301 is referred to in order to examine the life / death state of the pair of VMs (S1204). If the paired VM is dead (the result of S1204 is “dead”), it is determined that a failure has occurred in both the primary and secondary VMs, and a fail-safe process is performed (S1209).
  • the system switching packet 40 is generated (S1205).
  • the system switching packet 40 stores the paired host computer node identifier 315 in the VM state management table in the computer node identifier 401, stores the paired VM identifier 314 in the VM identifier 402, and stores the latest control information.
  • the sequence number 322 of the management table is stored in the sequence number 403.
  • the generated system switching packet 40 is transmitted to the multiplex system output control infrastructure program 300 'of the other computer node 100-B (S1206). Thereafter, the master-slave flag 313 of the VM state management table 301 is updated to “S” (S1207), and the fail-safe process S1208 is executed.
  • a VM state update packet 70 (FIG. 14) is generated (S1210).
  • the host computer node identifier 315 of the notification destination pair and the VM identifier 314 of the pair are acquired from the VM state management table 300, and the VM Store in the corresponding location of the status update packet 70.
  • the VM state update packet 70 is transmitted to the multi-system output control infrastructure program 300 ′ of the other computer node 100-B (S1211), and the fail-safe process is executed (S1212).
  • FIG. 13 is a process flowchart of the HOST-HOST life and death monitoring program.
  • each VM is started up and the HOST-HOST life / death monitoring program 306 is started up.
  • the packet for life and death monitoring is transmitted to the multiplex system output control infrastructure program 300 ′ of the other computer node 100-B (S1301).
  • the VM life / death monitoring packet has a host computer node identifier, a destination VM identifier, and a command code for confirmation of life / death. If a response to “life / death monitoring” is received within the life / death monitoring time (the result of S1302 is “Yes”), nothing is done and life / death monitoring is continued.
  • FIG. 15 is a flowchart of the VM state update program.
  • the VM 200 is started up and the VM state update program 308 is started up.
  • a VM state update packet is received from the multiplex system output control infrastructure program 300 'of another computer node 100-B (S1501)
  • a life / death state 703 is acquired from the VM state update packet (S1502).
  • the VM life / death state flag 316 of the VM state management table 301 is updated to the life / death state 703 (S1503).
  • the above processing operation is executed in the same manner for the same type of program that the multi-system output control infrastructure program 300 'of the other computer node 100-B has.
  • the first embodiment is an example in which information from the external terminal 9 is input to both the primary and secondary computer nodes via the external communication I / Fs 104 and 104 ′.
  • the input information from the external terminal 9 is input only to the primary computer node 100-A, and is input from the primary computer node 100-A to the secondary computer node 100-B.
  • This is an example of synchronizing information. Since processing other than the synchronization of input information is the same as that in the first embodiment, the description thereof is omitted.
  • FIG. 16 and subsequent figures the same reference numerals are given to the same parts of the drawings in the first embodiment.
  • FIG. 16 shows the overall configuration of a virtual environment multiplex control computer system. The difference from the computer system shown in FIG. 1 is that an input information synchronization management table 161 and an input synchronization management program 162 are added. This input information synchronization management table 161 exists in the multi-system output control infrastructure program of the computer nodes constituting the primary system and the secondary system.
  • the VM identifier 1711 stores an identifier for identifying the VM in the computer node 100.
  • the sequence number 1712 identifies input information to be synchronized.
  • the input information 1713 stores the input information received from the terminal 9 when the VM identifier is “M” from the VM state management table 301.
  • the input information from the computer node for example, computer node 100-A
  • the synchronous transmission state 1714 stores “1” indicating transmission completion after transmission to the slave.
  • the synchronous reception state 1715 stores “1” indicating that it has been received upon reception from the secondary.
  • FIG. 18 shows a format configuration of a packet 180 for communication between computer nodes for input synchronization.
  • This packet 180 is communicated between computer nodes in order to synchronize input between the master and slave systems.
  • the transmission source computer node identifier 1811 stores the transmission source computer node identifier
  • the transmission source VM identifier 1812 stores the transmission source VM identifier.
  • the computer node identifier 1813 stores a reception source computer node identifier
  • the VM identifier 1814 stores a reception source VM identifier.
  • As for the sequence number 1815 and the input information 1816 information from the external terminal 9 is stored in the main system. On the other hand, in the slave system, information received from the master system is copied and stored.
  • the multiplex system output control infrastructure program 300 starts up each VM and starts up the input information management program 303.
  • the input information management program 303 stands by until input information is received from the terminal 9 (S1901).
  • S1902 When the input information from the terminal 9 is acquired (S1902), it is confirmed whether the VM that processes the input information is the primary system or the secondary system (S1903).
  • the slave it waits until it receives the input information from the terminal 9 (S1901).
  • a new sequence number is added to the sequence number 1612 of the input information synchronization management table 161 (S1911).
  • the input information output from the terminal 9 is stored in the input information 1713 of the input information synchronization management table 161 in the added sequence number row (S1912).
  • the communication packet 180 for communication between computer nodes for input synchronization is created (S1913).
  • the packet 180 is transmitted to the computer node that controls the subordinate VM (S1914).
  • “1” is stored in the synchronous transmission state 1614, and the transmission is completed (S1915).
  • the multiplex system output control infrastructure program 300 starts up each VM and starts up the input synchronization management program 162.
  • the input synchronization management program 162 stands by until it receives the packet 180 for communication between input synchronization computer nodes from the other computer node 100-B (its multiple system output control infrastructure program) (S2011).
  • S2011 input synchronization computer nodes from the other computer node 100-B
  • S2012 input synchronization computer nodes from the other computer node 100-B
  • S2013 the primary system
  • it waits until it receives a packet 180 for communication between computer nodes for input synchronization from another computer node (S2011).
  • the sequence number 1815 of the packet 180 is stored in the sequence number 1712 of the input information synchronization management table 161 (S2031). Thereafter, the input information 1816 of the packet 180 is stored in the input information 1713 in the row of the added sequence number (S2032). “1” is stored in the synchronous transmission state 1714, indicating that transmission has been made from the computer node that controls the VM of the transmission source VM identifier 1712. The packet 180 is sent back to notify the transmission source computer node that the reception has been completed (S2035). In order to indicate that the data has been sent back, “1” is stored in the synchronous reception state 1715 of the input information synchronization management table 161.
  • the stored sequence number 1712 is stored in the sequence number 322 of the control information management table 302 (S2037).
  • the input information 1613 is stored in the input information 323 of the control information management table 302 (S2038). This completes the input synchronization management process.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Hardware Redundancy (AREA)

Abstract

In order to prevent the loss of control information when a virtual computer system is switched in the multi-system configuration control of a virtual computer, multi-system control units, which set a master/slave relationship between a pair of virtual computers belonging to different physical computers, and which are capable of changing the master/slave relationship, are installed in the operating systems of multiple physical computers. One multi-system control unit transmits packets to the other multi-system control unit and monitors the health status of the virtual computer in the physical computer that is the counterpart in terms of the master/slave relationship, and, in accordance with the monitoring result, updates management information indicating the health status of the virtual computers in the master/slave relationship. In addition, in accordance with the monitoring result, this one multi-system control unit transmits packets to other multi-system control units so as to designate a change in the master/slave relationship between the virtual computers. Furthermore, one multi-system control unit transmits input information received from an external device to the virtual computers that are in a master/slave relationship, and obtains and manages output information, which is the result of processing by the virtual computers in the master/slave relationship, and transmits to the external device the output information from the master system or the slave system virtual computer.

Description

仮想化多重系構成制御方法及び計算機システムVirtualization multisystem configuration control method and computer system
 本発明は、仮想化多重系構成制御方法及び計算機システムに係り、特に物理計算機上に構築された仮想計算機間で多重系構成制御を行う仮想化多重系構成の計算機システムにおける、仮想計算機からの出力処理及び系切替の制御に関するものである。 The present invention relates to a virtualized multisystem configuration control method and a computer system, and in particular, an output from a virtual machine in a virtual multisystem configuration computer system that performs multisystem configuration control between virtual machines constructed on a physical computer. The present invention relates to processing and system switching control.
 サーバ仮想化技術は、1台の物理計算機上で複数の仮想計算機を実行し、物理計算機の台数を削減することで、運用コスト、計算機の設置場所及び消費電力等を削減できる利点があり、注目されている。最近では、物理計算機で運用していたシステムと同等の信頼性を確保するために、仮想化環境を提供する物理計算機の多重化とともに、各物理計算機で制御・運用される仮想計算機の多重系構成も要求されている。 Server virtualization technology has the advantage of reducing operating costs, computer installation location, power consumption, etc. by executing multiple virtual machines on one physical computer and reducing the number of physical computers. Has been. Recently, in order to ensure the same reliability as the system operated by the physical computer, the multiplexing system configuration of the virtual computer that is controlled and operated by each physical computer as well as the multiplexing of the physical computer that provides the virtual environment Is also required.
 この種の技術として、特許文献1には、ゲストOSが多数存在するサーバ仮想化環境において、ホットスタンバイとコールドスタンバイによる系切り替え手法を有するクラスタ構成であって、ゲストOS上のアプリケーションの系切り替え時の性能を指定する高可用性要件を満たす系切り替え手法を選択し、系切り替え手法を切り換えることで、好適なクラスタ構成を実現するクラスタシステムが開示されている。 As this type of technology, Patent Document 1 discloses a cluster configuration having a system switching method using hot standby and cold standby in a server virtualization environment in which a large number of guest OSs exist. A cluster system is disclosed that realizes a suitable cluster configuration by selecting a system switching method that satisfies the high availability requirement for specifying the performance of the system and switching the system switching method.
特開2008-269332号公報JP 2008-269332 A
特許文献1に記載の仮想化環境における多重系構成制御は、仮想計算機同士で主従関係があり、仮想計算機は自身の状態を元に制御情報の出力の可否を決定している。そのため、ある仮想計算機に障害が発生し、主従の系切り替えを実施した場合、従系であった仮想計算機が計算処理を引き継ぐまでに時間がかかり、その間の制御情報の出力が失われるという問題がある。 The multi-system configuration control in the virtual environment described in Patent Document 1 has a master-slave relationship between virtual machines, and the virtual machine determines whether to output control information based on its own state. For this reason, when a fault occurs in a certain virtual machine and the master / slave system is switched, it takes time for the virtual machine that was the slave to take over the calculation process, and the output of control information during that time is lost. is there.
 本発明の目的は、仮想計算機の多重系構成制御において仮想計算機の系切り替えを行う場合に制御情報が消失することを防止する、仮想化多重系構成制御方法及び計算機システムを提供することにある。 An object of the present invention is to provide a virtualized multisystem configuration control method and a computer system that prevent loss of control information when performing system switching of virtual machines in the multisystem configuration control of a virtual machine.
 本発明に係る仮想化多重系構成制御方法は、好ましくは、ホストOSおよび該ホストOS上に構築される1又は複数の仮想計算機を有する複数の物理計算機がインタフェースを介して接続され、該仮想計算機は共通に接続された外部装置から入出力することができる計算機システムにおける仮想化多重系構成制御方法であって、
該複数の物理計算機の該OS上には、異なる該物理計算機に属する対となる仮想計算機間で主従関係を設定し、該主従関係を変更することができる多重系制御部を設置し、
1の該多重系制御部は、他の該多重系制御部との間でパケットを転送して、主従関係にある相手の該物理計算機内の該仮想計算機の生死の状態を監視し、該監視の結果に従って、主従関係にある該仮想計算機の生死の状態を示す管理情報を更新し、かつ、該監視の結果に従って、他の該多重系制御部へパケットを送信して、該仮想計算機間の主従関係を変更するように指示し、
1の該多重系制御部は、該外部装置から受け付ける該入力情報を、主従関係にある該仮想計算機へ転送し、かつ主従関係にある該仮想計算機で処理された結果である出力情報を取得して管理し、主系又は従系の該仮想計算機からの出力情報を該外部装置へ転送する、仮想化多重系構成制御方法として構成される。 In the virtual multiplex system configuration control method according to the present invention, preferably, a host OS and a plurality of physical computers having one or a plurality of virtual computers constructed on the host OS are connected via an interface, and the virtual computer Is a virtual multiplex system configuration control method in a computer system that can input and output from a commonly connected external device,
On the OS of the plurality of physical computers, a multi-system controller that can set a master-slave relationship between paired virtual computers belonging to different physical computers and change the master-slave relationship is installed.
The multi-system control unit of one transfers the packet to and from the other multi-system control unit, monitors the life / death state of the virtual machine in the physical computer of the partner in the master-slave relationship, and The management information indicating the life / death status of the virtual machines in the master-slave relationship is updated according to the result of the above, and the packet is transmitted to the other multi-system control unit according to the monitoring result. Instructing the master-detail relationship to change,
The multi-system control unit 1 transfers the input information received from the external device to the virtual machine having a master-slave relationship, and obtains output information that is a result processed by the virtual computer having a master-slave relationship And a virtual multiplex system configuration control method for transferring output information from the primary or secondary virtual machine to the external device.
 また、本発明に係る計算機システムは、好ましくは、ホストOSおよび該ホストOS上に構築される1又は複数の仮想計算機を有する複数の物理計算機がインタフェースを介して接続され、かつ異なる物理計算機に属する仮想計算機に主従関係が設定され、該仮想計算機は共通に接続された外部装置から入出力することができる計算機システムであって、
該複数の物理計算機の該ホストOS上にそれぞれ、異なる該物理計算機に属する対となる仮想計算機間で主従関係を設定し、該主従関係を変更することができる多重系制御部を設け、該多重系制御部はパケットを伝送してお互いに管理情報及び制御情報を連絡することができ、かつ該多重系制御部は、
該仮想計算機対応に該仮想計算機の主従関係と、該仮想計算機の生死に関する情報を管理する第1管理手段と、
該外部装置から受け付ける入力情報、該入力情報に対応して主従関係にある該仮想計算機で処理された結果であって該外部装置へ出力する出力情報を管理する第2管理手段と、
他の該多重系制御部との間でパケットを転送して、主従関係にある相手の該物理計算機内の該仮想計算機の生死の状態を監視し、該監視の結果に従って、主従関係にある該仮想計算機の生死の状態を示す該第1管理手段の内容を更新し、かつ、該監視の結果に従って、他の該多重系制御部へパケットを送信して、該仮想計算機間の主従関係を変更するように制御する第1制御手段と、
該外部装置から受け付ける該入力情報を、主従関係にある該仮想計算機へ転送し、かつ主従関係にある該仮想計算機で処理された結果である出力情報を取得して該第2管理手段に保管して管理し、主系又は従系の該仮想計算機からの出力情報を該外部装置へ転送するように制御する第2制御手段と、を有する計算機システムとして構成される。 In the computer system according to the present invention, preferably, a host OS and a plurality of physical computers having one or more virtual machines constructed on the host OS are connected via an interface and belong to different physical computers. A master-slave relationship is set for a virtual machine, and the virtual machine is a computer system that can input and output from a commonly connected external device,
Provided on the host OS of the plurality of physical computers is a multiplex system control unit capable of setting a master-slave relationship between paired virtual computers belonging to different physical computers and changing the master-slave relationship. The system control unit can transmit a packet to communicate management information and control information with each other, and the multiplex system control unit
First management means for managing the master-slave relationship of the virtual machine and information on the life and death of the virtual machine in correspondence with the virtual machine;
Input information received from the external device, second management means for managing output information output to the external device as a result of processing in the virtual machine having a master-slave relationship corresponding to the input information;
The packet is transferred to and from the other multi-system control unit to monitor the life / death status of the virtual machine in the physical computer of the partner in the master-slave relationship, and the master-slave relationship in accordance with the monitoring result Update the contents of the first management means indicating the life or death status of the virtual machines, and change the master-slave relationship between the virtual machines by sending packets to the other multi-system controller according to the monitoring results. First control means for controlling so as to
The input information received from the external device is transferred to the virtual machine in a master-slave relationship, and output information that is a result processed by the virtual computer in a master-slave relationship is acquired and stored in the second management unit And a second control unit that controls the output information from the primary or secondary virtual machine to be transferred to the external device.
 好ましい例によれば、前記複数の多重系制御部は、対の関係にある該仮想計算機の主従関係と、該仮想計算機の生死状態に関する情報を管理するVM状態管理テーブルと、
該外部装置から受け付ける入力情報、該入力情報に対応して主従関係にある該仮想計算機で処理された結果である出力情報を、該仮想計算機対応に管理する制御情報管理テーブルを有し、
前記多重系制御部は、該入力情報を転送した該仮想計算機から得られた該出力情報を該制御情報管理テーブルに格納しておき、かつ
該VM状態管理テーブルに格納された、主従関係にある該仮想計算機の該生死状態の情報を参照して、該該制御情報管理テーブルに格納された該出力情報を該外部装置へ転送することを決める。 According to a preferred example, the plurality of multi-system controllers are a VM state management table that manages master / slave relationships of the virtual machines in a paired relationship, and information on the life / death state of the virtual machines,
Input information received from the external device, a control information management table for managing output information that is a result of processing in the virtual machine having a master-slave relationship corresponding to the input information, corresponding to the virtual machine,
The multi-system control unit stores the output information obtained from the virtual machine that has transferred the input information in the control information management table, and has a master-slave relationship stored in the VM state management table. With reference to the life / death information of the virtual machine, it is decided to transfer the output information stored in the control information management table to the external device.
 また、好ましくは、前記多重系制御部は、該仮想計算機に障害が発生した場合、該制御情報管理テーブルを参照して、障害時の処理結果から次の出力処理に必要な出力情報を制御する。
また、好ましくは、主系の該仮想計算機に障害が発生した場合、該主系の該仮想計算機を管理している1の該多重系制御部は、従系の該仮想計算機を管理している他の該多重系制御部へパケットを転送して障害を通知し、1の該多重系制御部及び他の該多重系制御部は、対の該仮想計算機の主従関係の切り替えを行う。 Preferably, when a failure occurs in the virtual machine, the multiplex system control unit refers to the control information management table and controls output information necessary for the next output processing from a processing result at the time of the failure. .
Preferably, when a failure occurs in the primary virtual machine, the multi-system control unit that manages the primary virtual machine manages the secondary virtual machine. The packet is transferred to the other multi-system control unit to notify the failure, and one multi-system control unit and the other multi-system control unit switch the master-slave relationship of the pair of virtual machines.
 また、好ましくは、1の該多重系制御部は、障害が発生した該仮想計算機の状態を更新し、障害が発生した該仮想計算機の状態情報と障害時の最終出力情報を、他の該多重系制御部へ送信し、
他の該多重系制御部は、該VM状態管理テーブルにおける該仮想計算機の状態情報を更新し、かつ該制御情報管理テーブルを参照して最終出力情報の次の出力処理に必要な入力情報を、障害が発生した該仮想計算機と主従関係にある該仮想計算機に転送し、更に主従関係を切り替える。 Preferably, the multiplex system control unit of one updates the state of the virtual machine in which the failure has occurred, and transmits the status information of the virtual machine in which the failure has occurred and the final output information at the time of the failure to the other multiplex units. Sent to the system controller
The other multiplex system control unit updates the status information of the virtual machine in the VM status management table, and refers to the control information management table to input information necessary for the next output processing of the final output information, Transfer to the virtual machine in the master-slave relationship with the virtual machine in which the failure has occurred, and further switch the master-slave relationship.
 また、好ましくは、前記他の多重系制御部は、主従関係が切り替わった、該仮想計算機からの出力情報であって前記制御情報管理テーブルに格納された出力情報を該外部装置へ出力する。 Also preferably, the other multi-system control unit outputs the output information stored in the control information management table, which is output information from the virtual machine, whose master-slave relationship has been switched, to the external device.
 また、好ましくは、前記多重系制御部は、予め定められた周期時間内にある仮想計算機からの出力情報を受信した場合、前記VM状態管理テーブルを参照して、出力した該仮想計算機の主従の状態を判定し、
該判定の結果、主系の場合、該仮想計算機から得られた出力情報を該制御情報管理テーブルに格納し、その後、該制御情報管理テーブルに格納された該出力情報を該外部装置へ転送し、かつ他の該多重系制御部へ該出力情報を通知するためのパケットを生成して、他の該多重系制御部へ転送し、
該判定の結果、従系の場合、従系の該仮想計算機から転送された出力情報が該制御情報管理テーブルに格納されているかを確認し、
該確認の結果、格納された該出力情報と、該主系の該仮想計算機から得られた出力情報を比較して、該両者が不一致の場合、主従関係にある仮想計算機間の整合性が取れていないとみなして、フェイルセイフ処理を実行する。 Preferably, when the multi-system control unit receives output information from a virtual machine within a predetermined cycle time, it refers to the VM state management table and outputs the master-slave of the virtual machine. Determine the state,
As a result of the determination, in the case of the main system, the output information obtained from the virtual machine is stored in the control information management table, and then the output information stored in the control information management table is transferred to the external device. And generating a packet for notifying the output information to the other multiplex system control unit and transferring the packet to the other multiplex system control unit,
As a result of the determination, in the case of a secondary system, check whether the output information transferred from the virtual machine of the secondary system is stored in the control information management table,
As a result of the confirmation, the stored output information is compared with the output information obtained from the virtual computer of the main system. When the two do not match, consistency between the virtual computers in the master-slave relationship is obtained. Execute fail-safe processing, assuming that it is not.
 また、好ましくは、該外部装置からの入力情報は、主系の該仮想計算機が存在する該物理計算機の該多重系制御部へ入力されるように制御され、かつ
前記主系及び従系の該仮想計算機が存在する該物理計算機にある、前記多重系制御部は、取得した入力情報と、主系と従系の仮想計算機がある前記多重系制御部間で転送される同期用のパケットの送受信状態を示す情報を、主従関係にある該仮想計算機に対応して管理する入力情報同期管理テーブルを有し、
1の該多重系制御部は、他の該多重系制御部から転送され受信した該同期用パケットを基に、該パケットの転送元の該仮想計算機が主系か従系かを確認し、
該確認の結果、主系の場合、他の該多重系制御部から転送される該同期用のパケットの受信を待ち、
該確認の結果、従系の場合、該入力情報同期管理テーブルに取得した入力情報を格納し、かつ同期送信状態である情報を該入力情報同期管理テーブルに格納し、受信が完了したことを示す同期用のパケットを、送信元となる他の該多重系制御部へ転送する。 Preferably, input information from the external device is controlled to be input to the multiple system control unit of the physical computer in which the virtual computer of the main system exists, and the master system and the slave system The multiplex system control unit in the physical computer in which the virtual computer exists is configured to transmit and receive the acquired input information and a synchronization packet transferred between the multiplex system control unit including the master and slave virtual computers. Having an input information synchronization management table for managing information indicating a state corresponding to the virtual machine in a master-slave relationship;
The multiplex system control unit of 1 confirms whether the virtual computer that is the transfer source of the packet is a primary system or a slave system based on the synchronization packet transferred and received from the other multiplex system control unit,
As a result of the confirmation, in the case of the main system, waiting for the reception of the synchronization packet transferred from the other multi-system control unit,
As a result of the confirmation, in the case of the slave, the acquired input information is stored in the input information synchronization management table, and the information in the synchronous transmission state is stored in the input information synchronization management table, indicating that the reception is completed. The synchronization packet is transferred to the other multiplex system control unit as the transmission source.
 本発明によれば、仮想計算機間の系切替を従来技術のように仮想計算機で行わずに、物理計算機が有するホストOS上に設けた多重系制御部(例えば多重系出力制御基盤プログラム)によって、仮想計算機からの制御情報の出力処理及び系切替処理を行うように制御するので、系切替処理のオーバヘッドを削減することができる。また、障害発生時に制御情報の欠落を防いで、制御情報の出力制御を行うことが可能である。
また、多重系出力制御基盤プログラムが多重系構成形態を意識し、仮想計算機の制御情報の出力の可否を管理するので、仮想計算機は多重系構成形態を意識しない多重構成制御が可能となる。 According to the present invention, system switching between virtual machines is not performed by a virtual machine as in the prior art, but by a multi-system control unit (for example, a multi-system output control infrastructure program) provided on a host OS of a physical computer. Since the control information is output and the system switching process is performed from the virtual machine, the overhead of the system switching process can be reduced. In addition, it is possible to control the output of control information while preventing loss of control information when a failure occurs.
In addition, since the multi-system output control infrastructure program is aware of the multi-system configuration form and manages whether or not the control information of the virtual machine is output, the virtual machine can perform multi-configuration control without being aware of the multi-system configuration form.
一実施例における仮想化多重系制御の計算機システムの全体構成図。1 is an overall configuration diagram of a computer system for virtual multiplex system control in one embodiment. FIG. 実施例1におけるVM状態管理テーブルの構成を示す図。FIG. 3 is a diagram illustrating a configuration of a VM state management table in the first embodiment. 実施例1における制御情報管理テーブルの構成を示す図。FIG. 3 is a diagram illustrating a configuration of a control information management table in the first embodiment. 実施例1における計算機ノード間通信のパケットのフォーマット構成を示す図。FIG. 3 is a diagram showing a format configuration of a packet for communication between computer nodes in the first embodiment. 実施例1における仮想通信I/Fの概要を示す図。FIG. 3 is a diagram illustrating an outline of a virtual communication I / F according to the first embodiment. 実施例1における仮想化多重系システムの全体処理のフローチャート図。1 is a flowchart of overall processing of a virtualized multiplex system according to Embodiment 1. FIG. 実施例1における入力情報管理プログラムの処理フローチャート図。FIG. 6 is a process flowchart of the input information management program according to the first embodiment. 実施例1における出力情報管理プログラムの処理フローチャート図。FIG. 6 is a process flowchart of an output information management program according to the first embodiment. 実施例1における従系情報管理プログラムの処理フローチャート図。FIG. 6 is a process flowchart of a subordinate information management program according to the first embodiment. 実施例1における制御情報の検証・追記処理S904のフローチャート図。FIG. 6 is a flowchart of control information verification / addition processing S904 in the first embodiment. 実施例1における主従切替処理S905のフローチャート図。The flowchart figure of the master-slave switching process S905 in Example 1. FIG. 実施例1におけるVM-HOST生死監視プログラムの処理フローチャート図。FIG. 6 is a process flowchart of the VM-HOST life and death monitoring program according to the first embodiment. 実施例1におけるHOST-HOST生死監視プログラムの処理フローチャート図。The processing flowchart figure of the HOST-HOST life-and-death monitoring program in Example 1. FIG. 実施例1におけるVM状態更新通信フォーマット図。FIG. 3 is a VM state update communication format diagram according to the first embodiment. 実施例1におけるVM状態更新プログラムの処理フローチャート図。FIG. 10 is a process flowchart of a VM state update program according to the first embodiment. 実施例2における仮想化環境多重制御の計算機システムの全体構成図。FIG. 6 is an overall configuration diagram of a virtual environment multiple control computer system according to a second embodiment. 実施例2における入力情報同期管理テーブルの全体構成図。FIG. 10 is an overall configuration diagram of an input information synchronization management table in Embodiment 2. 実施例2における入力同期用計算機ノード間通信フォーマットの構成図。The block diagram of the communication format between computer nodes for input synchronization in Example 2. FIG. 実施例2における入力情報管理プログラムの処理フローチャート図。FIG. 10 is a process flowchart of an input information management program according to the second embodiment. 実施例2における入力同期管理プログラムの処理フローチャート図。FIG. 10 is a process flowchart diagram of an input synchronization management program according to the second embodiment. 本発明と従来技術の仮想化多重系構成制御の概略比較を示す図。The figure which shows the schematic comparison of the virtual multiplex system structure control of this invention and a prior art.
 以下、本発明の一実施の形態を、図面を用いて説明する。 Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
 図1は本発明の一実施例による仮想化多重系構成制御のための計算機システムの全体構成図を示す。この計算機システムは、仮想化多重系システム1に、外部ネットワーク802を介して端末9を接続して構成される。仮想化多重系システム1は、複数の計算機ノード100(図示の例では計算機ノード100-A及び100-B)と、これら計算機ノードを接続する内部ネットワーク801より構成される。計算機ノード100-Aと計算機ノード100-B(これらを総じて100と表す)は同じ構成を成す。なお、計算機ノード100-Bの構成内容の詳細な図示は省略されている。 FIG. 1 shows an overall configuration diagram of a computer system for virtual multiplex system configuration control according to an embodiment of the present invention. This computer system is configured by connecting a terminal 9 to the virtualization multiplex system 1 via an external network 802. The virtual multiplex system 1 includes a plurality of computer nodes 100 (computer nodes 100-A and 100-B in the illustrated example) and an internal network 801 that connects these computer nodes. The computer node 100-A and the computer node 100-B (which are collectively expressed as 100) have the same configuration. Detailed illustration of the configuration contents of the computer node 100-B is omitted.
 計算機ノード100は物理計算機として、メモリ101、プロセッサ102、記憶装置103、外部通信インタフェース(I/F)104、ノード間通信I/F105を有する。メモリ101内には、ホストオペレーティングシステム(OS)400と、多重系出力制御プログラム300と、ホストOS400上に構築される1または複数の仮想計算機(VM)200-A~200-C(これらを総じて200と表す)が保持される。ホストOS400内には、仮想化プログラム401とデバイス制御プログラム402が保持される。 The computer node 100 includes a memory 101, a processor 102, a storage device 103, an external communication interface (I / F) 104, and an inter-node communication I / F 105 as physical computers. The memory 101 includes a host operating system (OS) 400, a multi-system output control program 300, and one or a plurality of virtual machines (VM) 200-A to 200-C constructed on the host OS 400 (collectively, 200). In the host OS 400, a virtualization program 401 and a device control program 402 are held.
 計算機ノード100-Aの各VM200は、アプリケーション(AP)211、ゲストOS212、多重系出力制御プログラム300と通信を行う仮想通信I/F213を有する。計算機ノード100-Bの各VM201も同様の構成である。
VM200は、固有のプログラムやオペレーティングシステムが動作することが可能な、仮想化プログラム401により作成された仮想的な実行環境である。複数のVM200が存在する場合に、異なるVM200内で動作するプログラムやオペレーティングシステムは同じでも良いし、異なっていても良い。また、異なるVM200内で動作するプログラムやオペレーティングシステムが互いに直接影響を与え合うことはない。各VM200は仮想化多重系システム1内で一意の識別子を持つ。例えば、図1のVM200-Aは「VM1」、VM200-Bは「VM2」の識別子を有する。
AP211は端末9からの要求を処理する。ゲストOS212は、VM200環境内でAP211を制御し、仮想通信IF213へAP211の処理結果を送信する。仮想通信IF213は、AP211の処理結果をゲストOS212から受け取り多重系出力制御基盤プログラム300へ出力する。 Each VM 200 of the computer node 100-A has a virtual communication I / F 213 that communicates with the application (AP) 211, the guest OS 212, and the multi-system output control program 300. Each VM 201 of the computer node 100-B has the same configuration.
The VM 200 is a virtual execution environment created by the virtualization program 401 in which a unique program or operating system can operate. When there are a plurality of VMs 200, programs and operating systems that operate in different VMs 200 may be the same or different. In addition, programs and operating systems operating in different VMs 200 do not directly affect each other. Each VM 200 has a unique identifier within the virtualized multiplexing system 1. For example, the VM 200-A in FIG. 1 has an identifier “VM1”, and the VM 200-B has an identifier “VM2”.
The AP 211 processes the request from the terminal 9. The guest OS 212 controls the AP 211 within the VM 200 environment and transmits the processing result of the AP 211 to the virtual communication IF 213. The virtual communication IF 213 receives the processing result of the AP 211 from the guest OS 212 and outputs it to the multi-system output control infrastructure program 300.
 本実施例では、計算機ノード100-A内のVM200と、計算機ノード100-B内のVM201とが多重系を構成する。例えば、VM200-AとVM201-Aとが多重構成を成し、VM200-BとVM201-Bとが多重構成を成すが如きである。この場合、いずれのVMが主系でいずれが従系かはVM状態管理テーブルの管理による。これについては、図2以降を参照して後述する。 In this embodiment, the VM 200 in the computer node 100-A and the VM 201 in the computer node 100-B constitute a multiplex system. For example, the VM 200-A and the VM 201-A form a multiplex configuration, and the VM 200-B and the VM 201-B form a multiplex configuration. In this case, which VM is the primary system and which is the secondary system depends on the management of the VM state management table. This will be described later with reference to FIG.
 端末9と計算機ノード100は外部ネットワーク802を介して接続される。また仮想化多重系システム1内の計算機ノード100-A、計算機ノード100-Bは内部ネットワーク801を介して接続される。計算機ノード100では、外部ネットワーク802は外部通信I/F104に接続し、内部ネットワーク801はノード間通信I/F105に接続する。 The terminal 9 and the computer node 100 are connected via an external network 802. Further, the computer node 100-A and the computer node 100-B in the virtual multisystem 1 are connected via an internal network 801. In the computer node 100, the external network 802 is connected to the external communication I / F 104, and the internal network 801 is connected to the inter-node communication I / F 105.
 端末9は、外部ネットワーク802を介して仮想化多重系システム1に要求を送信し、仮想化多重系システム1は要求を処理した結果を端末9に返信する。端末9から送信される要求は、計算機ノード100-Aと計算機ノード100-Bで受信され、両方の計算機ノード内の、多重系を構成するVMで同じ処理が行われる。処理の結果、一方の計算機ノード(例えば主系ノード100-A)のVM200(例えばVM200-A)から正しい処理データを端末9へ返信する。 The terminal 9 transmits a request to the virtual multiplex system 1 via the external network 802, and the virtual multiplex system 1 returns a result of processing the request to the terminal 9. The request transmitted from the terminal 9 is received by the computer node 100-A and the computer node 100-B, and the same processing is performed in the VMs constituting the multiplex system in both computer nodes. As a result of the processing, correct processing data is returned to the terminal 9 from the VM 200 (eg, VM 200-A) of one computer node (eg, the primary node 100-A).
 計算機ノード100の記憶装置103には、ホストOS400、多重系出力制御プログラム(プログラムと各種テーブル情報を含む)300、VM200を構成するAP211、ゲストOS212、仮想通信I/F213が格納される。プロセッサ102は記憶装置103からホストOS400、多重系出力制御プログラム300、VM200の構成物をメモリ101に展開して実行し、さらに外部通信I/F104やノード間通信I/F105からの割込みを処理する。外部通信I/F104は外部ネットワーク802を通じて端末9とのデータの送受信を行う。ノード間通信I/F105は内部ネットワーク801を通じて他の計算機ノード100との間でデータの送受信を行う。 The storage device 103 of the computer node 100 stores a host OS 400, a multiplex system output control program (including programs and various table information) 300, an AP 211 that configures the VM 200, a guest OS 212, and a virtual communication I / F 213. The processor 102 expands and executes the configuration of the host OS 400, the multiplex system output control program 300, and the VM 200 from the storage device 103 to the memory 101, and further processes an interrupt from the external communication I / F 104 or the inter-node communication I / F 105. . The external communication I / F 104 transmits / receives data to / from the terminal 9 through the external network 802. The inter-node communication I / F 105 transmits / receives data to / from another computer node 100 through the internal network 801.
 仮想化プログラム401はVM200を作成、管理するためのプログラムであり、デバイス制御プログラム402は外部通信I/F104、ノード間通信I/F105や記憶装置103等のデバイスにアクセスするためのプログラムである。ホストOS400は仮想化プログラム401やデバイス制御プログラム402を用いて、多重系出力プログラム300やVM200の実行を制御し、外部通信I/F104、ノード間通信I/F105や記憶装置103へのアクセス制御を行う。 The virtualization program 401 is a program for creating and managing the VM 200, and the device control program 402 is a program for accessing devices such as the external communication I / F 104, the inter-node communication I / F 105, and the storage device 103. The host OS 400 uses the virtualization program 401 and the device control program 402 to control the execution of the multi-system output program 300 and the VM 200, and controls access to the external communication I / F 104, the inter-node communication I / F 105, and the storage device 103. Do.
 多重系出力制御基盤プログラム300は、他の計算機ノード100-B内で動作する多重系出力制御基盤プログラム300´との間で制御情報を交換することにより仮想化多重系システム1内のVM200とVM201との間の主従関係を判断し、制御情報の出力可否を制御する。この機能を実現するために、多重系出力制御基盤プログラム300は、VM状態管理テーブル301、制御情報管理テーブル302、入力情報管理プログラム303、出力情報管理プログラム304、従系情報管理プログラム305、HOST-HOST生死監視プログラム306、VM-HOST生死監視プログラム307、VM状態更新プログラム308から構成される。なお、多重系出力制御基盤プログラム300が持つ管理テーブル301,302、及び各種プログラム303~308の実行処理については、図2~図15を参照して後述する。 The multi-system output control infrastructure program 300 exchanges control information with the multi-system output control infrastructure program 300 ′ operating in the other computer node 100 -B, so that the VM 200 and the VM 201 in the virtual multi-system 1 are exchanged. The master-slave relationship between the control information and the control information is controlled. In order to realize this function, the multi-system output control infrastructure program 300 includes a VM state management table 301, a control information management table 302, an input information management program 303, an output information management program 304, a subordinate information management program 305, a HOST- It consists of a HOST life / death monitoring program 306, a VM-HOST life / death monitoring program 307, and a VM status update program 308. The execution processes of the management tables 301 and 302 and the various programs 303 to 308 included in the multiplex system output control infrastructure program 300 will be described later with reference to FIGS.
 主系の仮想計算機を持つ計算機ノード100-A内で動作する多重系出力制御基盤プログラム300は、VM200の状態を判断して、VM状態管理テーブル301及び制御情報管理テーブル302の内容を更新する。また、VM-HOST生死監視及びHOST-HOSTの生死監視により障害を検知した場合は、他の計算機ノード100-B内で動作する多重系出力制御基盤プログラム300´へVMの主従関係の切り替え指示を送信して、VMの主従関係の切り替え処理及びVMの生死状態の更新を行う。従系の仮想計算機を持つ計算機ノード100-B内で動作する多重系出力制御基盤プログラム300´は、制御情報管理テーブル302´を更新し、多重系出力制御基盤プログラム300´からの主/従切り替えの指示の受け取り、VM状態管理テーブル301´の書き換えを行う。 The multi-system output control infrastructure program 300 operating in the computer node 100-A having the primary virtual computer determines the state of the VM 200 and updates the contents of the VM state management table 301 and the control information management table 302. In addition, when a failure is detected by the VM-HOST life / death monitoring and the HOST-HOST life / death monitoring, an instruction to switch the master / slave relationship of the VM is sent to the multi-system output control infrastructure program 300 ′ operating in the other computer node 100-B. This is performed to switch the VM master-slave relationship and update the VM life / death state. The multi-system output control base program 300 ′ operating in the computer node 100-B having the subordinate virtual computer updates the control information management table 302 ′, and switches between the main / slave from the multi-system output control base program 300 ′. And the VM state management table 301 ′ is rewritten.
 ここで、本発明の理解をし易くするために、本発明と従来技術の仮想化多重系構成制御の相違について、図21を参照して説明する。
(A)は従来技術による仮想化多重系構成制御を示す。従来技術において、VM1及びVM3上で多重系の主従関係の管理及びVMの生死監視を行っている。端末への情報の出力制御は、VM上の例えばミドルウェアで行っている。図示の例では、ホストOS400側のVM1側が主系、ホストOS400´側のVM3側が従系である。従系のホストOS400´側のVM3は、定期的にヘルスチェック要求(REQ)を主系のVM1へ送信し、VM1からはヘルスチェック応答(ACK)を受信することで、生死の監視を行っている。もし、時間T0に主系のVM1に障害が発生したら、VM1の処理を停止させて、一方、VM3は自らを従系から主系に切り替える。同様に、VM1は自らを主系から従系に切り替える。
この従来技術によれば、VM1及びVM3がVMの生死監視及び出力制御を行っているので、T11,T12、及びT21,T22,T2の時間を要し、更にVM間の系の切り替え処理のためにオーバヘッドが生じる。そのため、主系のVM1で処理した結果(出力情報)を端末に出力する時間が遅れ、更に系の切り替えに伴って出力情報が失われるおそれが生じる。 Here, in order to facilitate understanding of the present invention, a difference between the virtual multiplex system configuration control of the present invention and the prior art will be described with reference to FIG.
(A) shows virtual multiplex system configuration control according to the prior art. In the prior art, management of a master-slave relationship of multiple systems and monitoring of VM life and death are performed on VM1 and VM3. Output control of information to the terminal is performed by, for example, middleware on the VM. In the illustrated example, the VM1 side on the host OS 400 side is the primary system, and the VM3 side on the host OS 400 ′ side is the secondary system. The VM3 on the secondary host OS 400 ′ side periodically sends a health check request (REQ) to the primary VM1 and receives a health check response (ACK) from the VM1 to monitor life and death. Yes. If a failure occurs in the primary VM 1 at time T0, the VM 1 processing is stopped, while the VM 3 switches itself from the secondary to the primary. Similarly, VM1 switches itself from the main system to the subordinate system.
According to this prior art, VM1 and VM3 perform VM life / death monitoring and output control, and therefore T11, T12, T21, T22, and T2 are required. Overhead. For this reason, the time for outputting the result (output information) processed by the main VM 1 to the terminal is delayed, and the output information may be lost when the system is switched.
 (B)は本発明による仮想化多重系構成制御を示す。本発明においては、ホストOS400、400´の多重系出力制御基盤プログラムの制御によって多重系の主従管理を行うと共に、ホストOSの制御の下、端末への出力制御を行う。ホストOS400、400´多重系出力制御基盤プログラムは自らに形成されたVM1、VM3の生死を継続的に監視しておき、更にホストOS間でヘルスチェックのやり取りを行う。この場合、もし時間T0に主系のVM1に障害が発生したら、ホストOS400の多重系出力制御基盤プログラムはVM1の処理を停止させ、自らを主系から従系に切り替える。一方、従系のホストOS400´の多重系出力制御基盤プログラムは自らを従系から主系に切り替える。これによれば、全ての処理がホストOS間で行われるため、オーバヘッドが低減でき、VMは多重構成制御に関与する必要がないので、ホストOSは容易にVMの多重系構成を組むことができる。
この仮想化多重系構成制御を行うために、多重系出力制御基盤プログラム300における各種のプログラム及びテーブルが有効に機能する。以下、詳細に説明する。 (B) shows virtual multiplex system configuration control according to the present invention. In the present invention, multi-system master / slave management is performed under the control of the multi-system output control infrastructure program of the host OS 400, 400 ′, and output control to the terminal is performed under the control of the host OS. The host OS 400, 400 ′ multi-system output control infrastructure program continuously monitors the life and death of the VM 1 and VM 3 formed in the host OS 400, and further exchanges health checks between the host OSs. In this case, if a failure occurs in the primary VM 1 at time T 0, the multi-system output control infrastructure program of the host OS 400 stops the processing of the VM 1 and switches itself from the primary system to the secondary system. On the other hand, the multiplex system output control infrastructure program of the slave host OS 400 ′ switches itself from the slave system to the master system. According to this, since all the processing is performed between the host OSs, the overhead can be reduced, and the VM does not need to be involved in the multiple configuration control. Therefore, the host OS can easily form a multiplexed system configuration of VMs. .
In order to perform this virtual multiplex system configuration control, various programs and tables in the multiplex system output control infrastructure program 300 function effectively. Details will be described below.
 図2は、VM状態管理テーブル301の構成を示す。
VM状態管理テーブル301は、計算機ノード100-A及び100-B内に作成されている全てのVMの生死の状態及び主従関係に関する状態情報を管理する。多重系出力制御基盤プログラム300´内にも同様のVM状態管理テーブルが保持される(図示略)。
VM状態管理テーブルは、計算機ノードごとに異なる状態情報を保持する。即ち計算機ノード100-AのVM状態管理テーブル301はVM100-A、100-B等、複数のVMの状態情報を保持する。一方、計算機ノード100-BのVM状態管理テーブルはVM201-A、201-B等の状態情報を保持する。 FIG. 2 shows the configuration of the VM state management table 301.
The VM state management table 301 manages state information regarding life / death states and master-slave relationships of all VMs created in the computer nodes 100-A and 100-B. A similar VM state management table is also held in the multi-system output control infrastructure program 300 '(not shown).
The VM state management table holds different state information for each computer node. In other words, the VM state management table 301 of the computer node 100-A holds the state information of a plurality of VMs such as the VMs 100-A and 100-B. On the other hand, the VM state management table of the computer node 100-B holds state information of the VMs 201-A, 201-B and the like.
 VM状態管理テーブル301において、VM識別子311は計算機ノード100-A内でVM200を一意に識別する情報を格納する。ホスト計算機ノード識別子312はVM200が作成されている計算機ノード100-Aの識別情報を格納する。主従状態フラグ313はVM200の主従を識別する情報を格納する。対象のVM200を主系VMとする場合は「M」を格納し、対象のVM200を従系VMとする場合は「S」を格納する。
対のVM識別子314は、VM識別子311のVMの主従関係における相手(即ち計算機ノード100-Bにおける)のVM201を一意に特定する識別子を格納する。対のホスト計算機ノード識別子315には、対のVM識別子314が作成されている計算機ノード100-Bの識別情報を格納する。対のVM生死状態フラグ316には、対のVMの生死状態の情報を格納する。「1」は生、「0」は死を示している。 In the VM state management table 301, the VM identifier 311 stores information for uniquely identifying the VM 200 within the computer node 100-A. The host computer node identifier 312 stores identification information of the computer node 100-A in which the VM 200 is created. The master / slave state flag 313 stores information for identifying the master / slave of the VM 200. When the target VM 200 is the primary VM, “M” is stored, and when the target VM 200 is the secondary VM, “S” is stored.
The paired VM identifier 314 stores an identifier that uniquely identifies the VM 201 of the partner (ie, in the computer node 100-B) in the VM master-slave relationship of the VM identifier 311. The paired host computer node identifier 315 stores the identification information of the computer node 100-B in which the paired VM identifier 314 is created. The paired VM life / death state flag 316 stores information on the life / death state of the paired VM. “1” indicates life and “0” indicates death.
 図3は、制御情報管理テーブル302の構成を示す。
制御情報管理テーブル302は、VMに入力及び出力される制御情報を管理するものであり、VM200-A、200-B等ごとに用意される。例えば、計算機ノード100-AにVM200が2つある場合は、制御情報管理テーブル302は2つ用意される。同様にして、計算機ノード100-BにもVMごとにこの管理テーブルが用意される。 FIG. 3 shows the configuration of the control information management table 302.
The control information management table 302 manages control information input to and output from the VM, and is prepared for each VM 200-A, 200-B, and the like. For example, when the computer node 100-A has two VMs 200, two control information management tables 302 are prepared. Similarly, this management table is prepared for each VM in the computer node 100-B.
 制御情報管理テーブル302において、VM識別子321は、計算機ノード100内でVMを識別するための情報を格納する。シーケンス番号322は、制御情報を識別する情報を格納する。入力情報323は、端末9から受信した入力情報を格納する。周期時間324は、VMの周期タスクに必要な時間を格納する。出力情報325は、VM200から出力された制御情報を格納する。出力時間326は、VM200が制御情報を出力した時刻(日時分)を格納する。 In the control information management table 302, the VM identifier 321 stores information for identifying the VM in the computer node 100. The sequence number 322 stores information for identifying control information. The input information 323 stores input information received from the terminal 9. The period time 324 stores the time required for the VM periodic task. The output information 325 stores control information output from the VM 200. The output time 326 stores the time (date and time) when the VM 200 outputs the control information.
 この制御情報管理テーブルにより、各VMから出力される制御情報の欠落を防ぎ、また、主従関係にあるVM間の計算結果(出力制御情報)のずれを補正するために用いることができる。即ち、VM1とVM3は主従関係にあり、両者を管理する制御情報管理テーブルには、同じ入力情報が入力するので、基本的に両者で管理される制御情報は同じになる。しかし、障害や割り込み等のよって、周期時間が乱れて、入力情報に対応する出力情報が予測した時間内に出力されないことがある。この場合、お互いの制御情報管理テーブルを監視して、出力情報の出力の有無及びその出力時間をチェックすることで、各VMから出力される制御情報の欠落を確認し、また、主従関係にあるVM間の計算結果のずれを確認することができる。 This control information management table can be used to prevent loss of control information output from each VM and to correct a deviation in calculation results (output control information) between VMs in a master-slave relationship. That is, VM1 and VM3 are in a master-slave relationship, and the same input information is input to the control information management table for managing both, so basically the control information managed by both is the same. However, the cycle time may be disturbed due to a failure or an interrupt, and the output information corresponding to the input information may not be output within the predicted time. In this case, by monitoring the control information management tables of each other and checking whether or not output information is output and its output time, it is confirmed that control information output from each VM is missing, and there is a master-slave relationship. Differences in calculation results between VMs can be confirmed.
 図4は、計算機ノード間通信用のパケットのフォーマット構成を示す。
計算機ノード間通信のパケット40のフォーマットは、異なる計算機ノード100-Aと100-Bの多重系出力制御基盤プログラム300と300´の間で送受信される通信データのフォーマットであり、主系の計算結果の送信や、主従の切り替えの用途に用いられる。
計算機ノード識別子401は送信先の計算機ノード100を特定する識別子を格納し、VM識別子402は送信先のVMを特定する識別子を格納する。シーケンス番号403、出力情報404は、制御情報管理テーブル302のシーケンス番号321とその最新の行にある出力情報をそれぞれに格納する。
出力情報404は空の場合もある。何故なら、出力情報404があれば、その送信は主系の出力情報の送信のための通信であり、出力情報404がなければ主従の切り替えのための通信だと判断するためである。 FIG. 4 shows a format structure of a packet for communication between computer nodes.
The format of the packet 40 for communication between computer nodes is a format of communication data transmitted / received between the multiple system output control infrastructure programs 300 and 300 ′ of the different computer nodes 100-A and 100-B. Is used for the transmission of the master and the switching of the master-slave.
The computer node identifier 401 stores an identifier that identifies the destination computer node 100, and the VM identifier 402 stores an identifier that identifies the destination VM. The sequence number 403 and the output information 404 respectively store the sequence number 321 of the control information management table 302 and the output information in the latest row.
The output information 404 may be empty. This is because if the output information 404 is present, the transmission is a communication for transmission of the main system output information, and if there is no output information 404, it is determined that the communication is a communication for switching between the master and the slave.
 図14は、VM状態更新通信用のパケットのフォーマット構成を示す。
VM状態更新通信パケット70は、異なる計算機ノード100-A、100-Bの多重系出力制御基盤プログラムの間で送受信される通信データであり、VM状態管理テーブル301の対のVM生死状態フラグを更新するために用いられる。
計算機ノード識別子701は送信先の計算機ノード100を特定する識別子を格納し、VM識別子702は送信先のVMを特定する識別子を格納する。生死状態703は、更新したいVMの状態を格納する。VMが生きている場合は「1」、死んでいる場合は「0」を格納する。 FIG. 14 shows a format structure of a packet for VM state update communication.
The VM state update communication packet 70 is communication data transmitted / received between the multiplex system output control infrastructure programs of different computer nodes 100-A and 100-B, and updates the paired VM life / death state flag in the VM state management table 301. Used to do.
The computer node identifier 701 stores an identifier that identifies the destination computer node 100, and the VM identifier 702 stores an identifier that identifies the destination VM. The life / death state 703 stores the state of the VM to be updated. When the VM is alive, “1” is stored, and when the VM is dead, “0” is stored.
 図5は、仮想通信I/F213の処理の概要を示す。
仮想通信I/F213は、多重系出力制御基盤プログラム300とVMの間を接続するインタフェースである。制御情報管理テーブル302に格納された入力情報322を受け取る。受け取られた入力情報は、VM200上のアプリケーション211で処理され、その処理結果として制御情報500を生成する。仮想通信I/F213は、制御情報500を受け取って多重系出力制御基盤プログラム300へ出力する。その制御情報500は、制御情報管理テーブル302の出力情報325に格納される。なお、他のVMの仮想通知ンI/Fも同様の動作を行う。 FIG. 5 shows an outline of processing of the virtual communication I / F 213.
The virtual communication I / F 213 is an interface that connects between the multiplex output control infrastructure program 300 and the VM. The input information 322 stored in the control information management table 302 is received. The received input information is processed by the application 211 on the VM 200, and the control information 500 is generated as a result of the processing. The virtual communication I / F 213 receives the control information 500 and outputs it to the multi-system output control infrastructure program 300. The control information 500 is stored in the output information 325 of the control information management table 302. Note that the virtual notification interface of other VMs performs the same operation.
 図6は、仮想化多重系システム1の全体処理のフローチャートを示す。
仮想化多重系システム1の全体処理は、多重系出力制御基盤プログラム300の起動処理及び、入力情報管理プログラム303、出力情報管理プログラム304、従系情報管理プログラム305、VM-HOST生死監視プログラム306、HOST-HOST生死監視プログラム307の各プログラムの実行により行われる。
ホストOS400及びプロセッサ102は、記憶装置103に当初格納されている、多重系出力制御基盤プログラム300及びVM200をロードして計算機ノード100のメモリ101内に展開して、多重系制御基盤プログラム300の処理を開始する。 FIG. 6 shows a flowchart of the overall processing of the virtual multiplex system 1.
The overall processing of the virtualized multisystem 1 includes the start processing of the multisystem output control infrastructure program 300, the input information management program 303, the output information management program 304, the subordinate information management program 305, the VM-HOST life / death monitoring program 306, This is performed by executing each program of the HOST-HOST life / death monitoring program 307.
The host OS 400 and the processor 102 load the multi-system output control infrastructure program 300 and the VM 200 initially stored in the storage device 103, expand them in the memory 101 of the computer node 100, and process the multi-system control infrastructure program 300. To start.
 多重系出力制御基盤プログラム300は処理が開始されると、記憶装置103に格納された、VM状態管理テーブル301と制御情報管理テーブル302をメモリ101内に読込み(S601)、各VM200を起動する(S602)。多重系出力制御基盤プログラム300は、各VM200を起動した後、各プログラム303~307を立ち上げる(S603)。
以下、各プログラムの処理動作について説明する。 When the processing is started, the multi-system output control infrastructure program 300 reads the VM state management table 301 and the control information management table 302 stored in the storage device 103 into the memory 101 (S601), and activates each VM 200 ( S602). The multiplex system output control infrastructure program 300 activates each VM 200 and then activates each program 303 to 307 (S603).
The processing operation of each program will be described below.
 図7は、入力情報管理プログラム303の処理フローチャートを示す。
多重系出力制御基盤プログラム300は処理が開始されると、各VM200を立ち上げて入力情報管理プログラム303を立ち上げる。入力情報管理プログラム303は処理を開始すると、端末9から入力情報を受信するまで待機している(S701)。そして入力情報を取得すると(S702)、制御情報管理テーブル302のシーケンス番号322に新たなシーケンス番号を追加して(S703)、追加した当該シーケンス番号の行に、端末9から出力された入力情報を入力情報323に格納する(S704)。 FIG. 7 shows a processing flowchart of the input information management program 303.
When the processing is started, the multiplex system output control infrastructure program 300 starts up each VM 200 and starts up the input information management program 303. When starting the processing, the input information management program 303 stands by until input information is received from the terminal 9 (S701). When the input information is acquired (S702), a new sequence number is added to the sequence number 322 of the control information management table 302 (S703), and the input information output from the terminal 9 is added to the added row of the sequence number. It is stored in the input information 323 (S704).
 図8は、出力情報管理プログラム304の処理フローチャートである。
多重系出力制御基盤プログラム300は処理が開始されると、各VM200を立ち上げて出力情報管理プログラム304を立ち上げる。出力情報管理プログラム304は処理を開始すると、各VMの周期処理時間を取得して、制御情報管理テーブル302の周期時間324に格納する(S800)。ただし、端末9からの入力情報に周期時間が格納されていた場合は、周期時間324の取得した周期時間を上書きすることで、周期時間を外部の入力からも決めることができる。 FIG. 8 is a processing flowchart of the output information management program 304.
When the processing is started, the multiplex system output control infrastructure program 300 starts up each VM 200 and starts up the output information management program 304. When starting the process, the output information management program 304 acquires the period processing time of each VM and stores it in the period time 324 of the control information management table 302 (S800). However, when the cycle time is stored in the input information from the terminal 9, the cycle time can be determined from an external input by overwriting the acquired cycle time of the cycle time 324.
 制御情報管理テーブル302を検索して、入力情報323は存在するが出力情報325が未だ無いものについてその入力情報323をシーケンス順に選択して、各VM200へマルチキャストで転送する(S801)。入力情報を転送した後は、周期時間324だけ待機して次の入力情報を同様にしてVM200へ転送する。これによりホストOSは各VMの同期をとることができる。つまり主従系それぞれの出力情報の差は最大で1つに抑えることができる。 The control information management table 302 is searched, and the input information 323 is selected in sequence order for the input information 323 that exists but the output information 325 does not exist, and is transferred to each VM 200 by multicast (S801). After the input information is transferred, the next input information is similarly transferred to the VM 200 after waiting for the cycle time 324. As a result, the host OS can synchronize the VMs. That is, the difference in output information between the master and slave systems can be suppressed to one at maximum.
 その後、周期時間内にあるVM200からの出力情報を受信した場合(S802の結果が「有」)、VM状態管理テーブル301の主従フラグ313を参照して、出力したVM200の主従の状態を判定する(S803)。
S803の結果が主系の場合、VMから受信した出力情報を制御情報管理テーブル302の出力情報325に書き込み(S804)、出力情報を受信した時間を出力時間326に書き込む(S805)。 Thereafter, when output information from the VM 200 within the cycle time is received (the result of S802 is “Yes”), the master / slave state of the output VM 200 is determined with reference to the master / slave flag 313 of the VM state management table 301. (S803).
When the result of S803 is the primary system, the output information received from the VM is written to the output information 325 of the control information management table 302 (S804), and the time when the output information is received is written to the output time 326 (S805).
 その後、主系の計算結果を出力するためにパケット40を生成する(S806)。パケット40の生成は、パケットの各フィールドに識別子や情報を格納することで行われる。即ち、図4に示すように、パケット40の計算機ノード識別子401にはVM状態管理テーブル301にある対のホスト計算機ノード識別子315を格納し、VM識別子402には対のVM識別子314を格納する。また、シーケンス番号403には追記した制御情報管理テーブル302のシーケンス番号322を、出力情報404には出力情報325を格納する(S806)。パケット40の生成が完了すると、そのパケットを他の多重系出力制御基盤プログラム300´へ送信する(S807)。その後、追記した出力情報325を外部通信I/F104へ出力する(S808)。 Thereafter, a packet 40 is generated in order to output the calculation result of the main system (S806). The packet 40 is generated by storing an identifier and information in each field of the packet. That is, as shown in FIG. 4, the paired host computer node identifier 315 in the VM state management table 301 is stored in the computer node identifier 401 of the packet 40, and the paired VM identifier 314 is stored in the VM identifier 402. Further, the sequence number 322 of the added control information management table 302 is stored in the sequence number 403, and the output information 325 is stored in the output information 404 (S806). When the generation of the packet 40 is completed, the packet is transmitted to another multiplex system output control infrastructure program 300 ′ (S807). Thereafter, the added output information 325 is output to the external communication I / F 104 (S808).
 上記S803の結果が従系の場合、主系から受信したデータと整合性を取るために、制御情報管理テーブル302の出力情報325に既に出力情報が書き込まれているか調べる(S810)。その結果、出力情報325に書き込まれている場合(S810の結果が「有」)、出力情報325とVMから受信した出力情報を比較する(S811)。比較の結果、一致した場合(S811の結果が「一致」)、特に何もしない。一方、比較の結果一致しない場合(S811の結果が「不一致」)、VMの整合性がとれていないためフェイルセイフ処理を実行する(S812)。フェイルセイフ処理は、VMを停止してもいいし、リセットして再び主従の関係に参加して処理するようにしてもよい。 If the result of S803 is a subordinate system, in order to maintain consistency with the data received from the main system, it is checked whether output information has already been written in the output information 325 of the control information management table 302 (S810). As a result, when it is written in the output information 325 (the result of S810 is “Yes”), the output information 325 is compared with the output information received from the VM (S811). If they match as a result of the comparison (the result of S811 is “match”), nothing is done. On the other hand, if they do not match as a result of the comparison (the result of S811 is “mismatch”), the VM is not consistent, and fail-safe processing is executed (S812). In the fail-safe process, the VM may be stopped, or may be reset and participate in the master-slave relationship again.
 上記S810の確認の結果、出力情報325に書き込まれていない場合(S810の結果が「無」)、制御情報管理テーブル302の出力情報325にVMからの出力情報を書き込み(S813)、出力情報を受信した時間を出力時間325に書き込む(S814)。この状態は従系の計算処理が主系より速い場合に起こる。
上記S802の処理の結果、VM200からの出力情報を周期時間内に受信できなかった場合(S802の結果が「無」)、系切替用パケットの生成処理(S1205(図12))へ処理を移す。
ただし、処理S806、S807、S810,S811,S812は主従系の整合性を取るために必要であり、主従系の整合性を必要としなければこれらの処理は無くてもよい。 As a result of the confirmation in S810, if the output information 325 is not written (the result of S810 is “No”), the output information from the VM is written in the output information 325 of the control information management table 302 (S813), and the output information is The received time is written in the output time 325 (S814). This situation occurs when the slave computation is faster than the master.
If the output information from the VM 200 cannot be received within the period time as a result of the process of S802 (the result of S802 is “No”), the process proceeds to the system switching packet generation process (S1205 (FIG. 12)). .
However, the processes S806, S807, S810, S811, and S812 are necessary for achieving master-slave consistency, and these processes may be omitted if master-slave consistency is not required.
 図9は、従系情報管理プログラム305の処理フローチャートである。
多重系出力制御基盤プログラム300は処理が開始されると、各VM200を立ち上げて従系情報管理プログラム305を立ち上げる。従系情報管理プログラム305は、多重系出力制御基盤プログラム300´から送信されたパケット40を受信すると(S901)、そのパケットから出力情報404を取得する(S902)。そして、出力情報404にデータが格納されているかを判断する(S903)。判断の結果、出力情報404にデータが格納されている場合(S903の結果が「有」)は、主系で計算した結果の制御情報を受信したので、従系の計算結果の検証・追記処理を行う(S904)(この処理は図10参照して詳述する)。一方、受信したパケットの出力情報404にデータが格納されていない場合(S903の結果が「無」)は、主系で障害が発生したため送信されたパケットであり、主従の切り替え処理を行う(S905)。(この処理は図11参照して詳述する)
なお、主従の整合性を取る必要がなければ、S903は必ず「無」になるので、処理S904は必要ではない。 FIG. 9 is a process flowchart of the subordinate information management program 305.
When the processing is started, the multi-system output control infrastructure program 300 starts up each VM 200 and starts up the sub system information management program 305. When the secondary information management program 305 receives the packet 40 transmitted from the multi-system output control infrastructure program 300 ′ (S 901), the secondary information management program 305 acquires the output information 404 from the packet (S 902). Then, it is determined whether data is stored in the output information 404 (S903). As a result of the determination, when data is stored in the output information 404 (the result of S903 is “Yes”), the control information of the result calculated in the main system has been received. (S904) (This process will be described in detail with reference to FIG. 10). On the other hand, when no data is stored in the output information 404 of the received packet (the result of S903 is “No”), the packet is transmitted because a failure has occurred in the master system, and the master-slave switching process is performed (S905). ). (This process will be described in detail with reference to FIG. 11).
Note that if there is no need to maintain master-slave consistency, S903 is always “None”, so the process S904 is not necessary.
 図10は、制御情報の検証・追記処理S904の詳細を示すフローチャートである。
受信したパケット40に格納されているシーケンス番号402を取得し(S1001)、その番号と同じシーケンス番号を制御情報管理テーブル302から検索して、その行に出力情報325が格納されているか調べる。確認の結果、制御情報管理テーブル302に出力情報325が存在する場合(S1002の結果「有」)は、従系の計算が主系よりも進んでいることになる。その場合主系の制御情報が正しいと仮定しているため、出力情報325と受信した出力情報404を比較して一致した場合(S1003の結果が「一致」)、それ以上何も処理しないで終了する(S1004)。一方、比較結果が不一致の場合(S1003の結果が「不一致」)、従系の出力結果の整合性が取れていないため、リトライ処理等のフェイルセイフ処理S1005を行う。 FIG. 10 is a flowchart showing details of the control information verification / addition processing S904.
The sequence number 402 stored in the received packet 40 is acquired (S1001), the same sequence number as that number is searched from the control information management table 302, and it is checked whether the output information 325 is stored in that row. As a result of the confirmation, when the output information 325 exists in the control information management table 302 (result of “Yes” in S1002), the slave calculation is more advanced than the master system. In this case, since it is assumed that the main system control information is correct, the output information 325 and the received output information 404 are compared and matched (the result of S1003 is “match”), and the process ends without further processing. (S1004). On the other hand, if the comparison result does not match (the result of S1003 is “mismatch”), the consistency of the output result of the slave is not satisfied, and therefore fail-safe processing S1005 such as retry processing is performed.
 上記S1002の処理において、受信したパケット40に格納されているシーケンス番号402に出力情報325が存在しない場合(S1002の結果「無」)は、主系の計算が従系よりも進んでいることになる。その場合は、受信した出力情報404を出力情報325に格納して(S1006)、処理を終了する(S1007)。
なお、従系の整合性を取る必要がなければ、制御情報の検証、追記処理S904は必要ではない。 In the process of S1002, when the output information 325 does not exist in the sequence number 402 stored in the received packet 40 (result of S1002 is “No”), the calculation of the main system is more advanced than the subordinate system. Become. In that case, the received output information 404 is stored in the output information 325 (S1006), and the process is terminated (S1007).
If it is not necessary to maintain the consistency of the subordinate system, the control information verification / addition processing S904 is not necessary.
 図11は、主従切替処理S905の詳細を示すフローチャートである。
この処理は、主系で障害が起きたため、主系と従系を切り替え、従系の計算結果の出力を行う処理である。
受信したパケット40からシーケンス番号403(nとする)を取得する(S1101)。そして、制御情報管理テーブル302を検索して、受信したシーケンス番号403と同じシーケンス番号322の行に出力情報325が格納されているかを確認する(S1102)。その結果、同じシーケンス番号322の行に出力情報325が格納されている場合(S1102の結果が「有」)、その格納されている制御情報を外部通信I/F104に送信する(S1103)。
従系の制御情報管理テーブルに先に計算して格納した出力情報がない場合(S1102の結果が「無」)。VM状態管理テーブルの主従更新フラグを「M」に更新して(S1107)、処理を終了する(S1108)。 FIG. 11 is a flowchart showing details of the master-slave switching process S905.
This process is a process for switching the primary system and the secondary system and outputting the calculation result of the secondary system because a failure has occurred in the primary system.
A sequence number 403 (assumed to be n) is acquired from the received packet 40 (S1101). Then, the control information management table 302 is searched to check whether the output information 325 is stored in the row having the same sequence number 322 as the received sequence number 403 (S1102). As a result, when the output information 325 is stored in the row of the same sequence number 322 (the result of S1102 is “Yes”), the stored control information is transmitted to the external communication I / F 104 (S1103).
When there is no output information previously calculated and stored in the secondary control information management table (the result of S1102 is “none”). The master-slave update flag in the VM state management table is updated to “M” (S1107), and the process ends (S1108).
 図12は、VM-HOST生死監視プログラムの処理フローチャートである。
多重系出力制御基盤プログラム300は処理を開始すると、各VM200を立ち上げてVM-HOST生死監視プログラム306を立ち上げる。VM生死監視用のパケットを各VM200に送信して(S1201)、生死監視時間内に「生死監視」に対して応答が有るかを確認する(S1202)。ここで、VM生死監視用のパケットは、宛先のVM識別子と生死確認のための指令コードを有する。確認の結果、生死監視時間内に「生死監視」に関する応答があった場合(S1202の結果が「有」)、特に何もせず、生死監視を続ける。 FIG. 12 is a process flowchart of the VM-HOST life and death monitoring program.
When the multi-system output control infrastructure program 300 starts processing, each VM 200 is started and the VM-HOST life / death monitoring program 306 is started. The VM life / death monitoring packet is transmitted to each VM 200 (S1201), and it is confirmed whether there is a response to the “life monitoring” within the life / death monitoring time (S1202). Here, the VM life / death monitoring packet has a destination VM identifier and a command code for confirmation of life / death. As a result of the confirmation, if there is a response related to “life / death monitoring” within the life / death monitoring time (the result of S1202 is “Yes”), nothing is done and life / death monitoring is continued.
 一方、生死監視時間内に「生死監視」に関する応答がない場合(S1202の結果が「無」)、VM状態管理テーブル301の主従フラグ313を参照して、応答しないVM200の主従の状態を判定する。応答しないVM200が主系の場合(S1203の結果が「主」)、対のVMの生死状態を調べるために、VM状態管理テーブル301の対のVM生死状態フラグ316を参照する(S1204)。対のVMが死んでいた場合(S1204の結果が「死」)、主系及び従系のVM両方に障害が起きたと判断して、フェイルセイフ処理を行う(S1209)。 On the other hand, when there is no response regarding “life monitoring” within the life / death monitoring time (the result of S1202 is “no”), the master / slave flag 313 of the VM state management table 301 is referred to and the state of the master / slave of the VM 200 not responding is determined. . When the VM 200 that does not respond is the main system (the result of S1203 is “main”), the pair's VM life / death state flag 316 of the VM state management table 301 is referred to in order to examine the life / death state of the pair of VMs (S1204). If the paired VM is dead (the result of S1204 is “dead”), it is determined that a failure has occurred in both the primary and secondary VMs, and a fail-safe process is performed (S1209).
 一方、VM状態管理テーブル301の対のVM生死状態フラグ316を参照の結果、対のVMが生きている場合(S1204の結果が「生」)、系切替用のパケット40を生成する(S1205)。ここで、系切替用のパケット40は、VM状態管理テーブルにある対のホスト計算機ノード識別子315を計算機ノード識別子401に格納し、対のVM識別子314をVM識別子402に格納し、最新の制御情報管理テーブルのシーケンス番号322をシーケンス番号403に格納する。生成された系切替用パケット40は他の計算機ノード100-Bの多重系出力制御基盤プログラム300´へ送信される(S1206)。
その後、VM状態管理テーブル301の主従フラグ313を「S」に更新し(S1207)、フェイルセイイフ処理S1208を実行する。 On the other hand, as a result of referring to the paired VM life / death state flag 316 in the VM state management table 301, if the paired VM is alive (result of S1204 is “live”), the system switching packet 40 is generated (S1205). . Here, the system switching packet 40 stores the paired host computer node identifier 315 in the VM state management table in the computer node identifier 401, stores the paired VM identifier 314 in the VM identifier 402, and stores the latest control information. The sequence number 322 of the management table is stored in the sequence number 403. The generated system switching packet 40 is transmitted to the multiplex system output control infrastructure program 300 'of the other computer node 100-B (S1206).
Thereafter, the master-slave flag 313 of the VM state management table 301 is updated to “S” (S1207), and the fail-safe process S1208 is executed.
 上記S1203において応答しないVM200が従系の場合(S1203の結果が「従」)、VM状態更新パケット70(図14)を生成する(S1210)。対となるVMのVM状態管理テーブル300の対のVM生死状態フラグ316を更新するため、VM状態管理テーブル300から通知先の対のホスト計算機ノード識別子315と対のVM識別子314を取得し、VM状態更新パケット70の対応する箇所に格納する。その後、VM状態更新パケット70は、他の計算機ノード100-Bの多重系出力制御基盤プログラム300´送信され(S1211)、フェイルセイイフ処理を実行する(S1212)。 When the VM 200 that does not respond in S1203 is a slave (the result of S1203 is “slave”), a VM state update packet 70 (FIG. 14) is generated (S1210). In order to update the pair VM live / dead state flag 316 of the VM state management table 300 of the paired VM, the host computer node identifier 315 of the notification destination pair and the VM identifier 314 of the pair are acquired from the VM state management table 300, and the VM Store in the corresponding location of the status update packet 70. Thereafter, the VM state update packet 70 is transmitted to the multi-system output control infrastructure program 300 ′ of the other computer node 100-B (S1211), and the fail-safe process is executed (S1212).
 図13は、HOST-HOST生死監視プログラムの処理フローチャートである。
多重系出力制御基盤プログラム300は処理を開始すると、各VMを立ち上げHOST-HOST生死監視プログラム306を立ち上げる。そして、生死監視用のパケットを他の計算機ノード100-Bの多重系出力制御基盤プログラム300´へ送信する(S1301)。ここで、VM生死監視用のパケットは、ホスト計算機ノード識別子と、宛先のVM識別子と、生死確認のための指令コードを有する。生死監視時間内に「生死監視」に対する応答を受信した場合(S1302の結果が「有」)、特に何もせず、生死監視を続ける。一方、生死監視時間内に「生死監視」に対する応答を受信しない場合(S1302の結果が「無」)、VM状態管理テーブル301の主従フラグ313を全て「M」に更新する(S1303)。その後、他の計算機ノード100-Bの多重系出力制御基盤プログラム300´はフェイルセイフ処理を実行する。 FIG. 13 is a process flowchart of the HOST-HOST life and death monitoring program.
When the multi-system output control infrastructure program 300 starts processing, each VM is started up and the HOST-HOST life / death monitoring program 306 is started up. Then, the packet for life and death monitoring is transmitted to the multiplex system output control infrastructure program 300 ′ of the other computer node 100-B (S1301). Here, the VM life / death monitoring packet has a host computer node identifier, a destination VM identifier, and a command code for confirmation of life / death. If a response to “life / death monitoring” is received within the life / death monitoring time (the result of S1302 is “Yes”), nothing is done and life / death monitoring is continued. On the other hand, if a response to “life / death monitoring” is not received within the life / death monitoring time (the result of S1302 is “none”), all the master-slave flags 313 of the VM state management table 301 are updated to “M” (S1303). Thereafter, the multi-system output control infrastructure program 300 ′ of the other computer node 100-B executes fail-safe processing.
 図15は、VM状態更新プログラムのフローチャートである。
多重系出力制御基盤プログラム300は処理を開始すると、各VM200を立ち上げてVM状態更新プログラム308を立ち上げる。他の計算機ノード100-Bの多重系出力制御基盤プログラム300´からVM状態更新パケットを受信すると(S1501)、VM状態更新パケットから生死状態703を取得する(S1502)。そして、VM状態管理テーブル301のVM生死状態フラグ316を生死状態703に更新する(S1503)。
なお、以上の処理動作は、他の計算機ノード100-Bの多重系出力制御基盤プログラム300´が有する同種のプログラムも同様に実行される。 FIG. 15 is a flowchart of the VM state update program.
When the multi-system output control infrastructure program 300 starts processing, the VM 200 is started up and the VM state update program 308 is started up. When a VM state update packet is received from the multiplex system output control infrastructure program 300 'of another computer node 100-B (S1501), a life / death state 703 is acquired from the VM state update packet (S1502). Then, the VM life / death state flag 316 of the VM state management table 301 is updated to the life / death state 703 (S1503).
It should be noted that the above processing operation is executed in the same manner for the same type of program that the multi-system output control infrastructure program 300 'of the other computer node 100-B has.
 実施例1は、外部の端末9からの情報が外部通信I/F104、104´を介して、主系及び従系の両方の計算機ノードに入力される例であった。これに対して、実施例2は外部の端末9からの入力情報は主系の計算機ノード100-Aのみに入力され、主系の計算機ノード100-Aから従系の計算機ノード100-Bへ入力情報の同期を行う例である。
なお、入力情報の同期以外の処理は、実施例1と同様であるので、その説明を省略する。また、図16以降で、実施例1における図面の同じ部分には同じ符号を付してある。 The first embodiment is an example in which information from the external terminal 9 is input to both the primary and secondary computer nodes via the external communication I / Fs 104 and 104 ′. On the other hand, in the second embodiment, the input information from the external terminal 9 is input only to the primary computer node 100-A, and is input from the primary computer node 100-A to the secondary computer node 100-B. This is an example of synchronizing information.
Since processing other than the synchronization of input information is the same as that in the first embodiment, the description thereof is omitted. In FIG. 16 and subsequent figures, the same reference numerals are given to the same parts of the drawings in the first embodiment.
 図16は、仮想化環境多重制御の計算機システムの全体構成を示す。
図1に示す計算機システムに比べて異なる点は、入力情報同期管理テーブル161と入力同期管理プログラム162が追加されたことである。この入力情報同期管理テーブル161は、主系及び従系を構成する計算機ノードの多重系出力制御基盤プログラムに存在する。 FIG. 16 shows the overall configuration of a virtual environment multiplex control computer system.
The difference from the computer system shown in FIG. 1 is that an input information synchronization management table 161 and an input synchronization management program 162 are added. This input information synchronization management table 161 exists in the multi-system output control infrastructure program of the computer nodes constituting the primary system and the secondary system.
 図17に示すように、入力情報同期管理テーブル161において、VM識別子1711は、計算機ノード100内でVMを識別するための識別子を格納する。シーケンス番号1712には、同期する入力情報を識別する。入力情報1713には、VM状態管理テーブル301からVM識別子が「M」の場合、端末9から受信した入力情報を格納する。「S」の場合は、入力情報管理プログラム303の実行(図19参照)によって送信される、主系のVMを制御する計算機ノード(例えば計算機ノード100-A)からの入力情報を格納する。同期送信状態1714は、主系のVMを制御する計算機ノードの場合は、従系へ送信した後に送信済みを表す「1」を格納する。従系のVMを制御する計算機ノードの場合は、主系からの受信をもって「1」を格納する。同期受信状態1715は、主系のVMを制御する計算機ノードの場合は、従系からの受信をもって、受信済みを表す「1」を格納する。 17, in the input information synchronization management table 161, the VM identifier 1711 stores an identifier for identifying the VM in the computer node 100. The sequence number 1712 identifies input information to be synchronized. The input information 1713 stores the input information received from the terminal 9 when the VM identifier is “M” from the VM state management table 301. In the case of “S”, the input information from the computer node (for example, computer node 100-A) that controls the main VM transmitted by executing the input information management program 303 (see FIG. 19) is stored. In the case of a computer node that controls the primary VM, the synchronous transmission state 1714 stores “1” indicating transmission completion after transmission to the slave. In the case of a computer node that controls a subordinate VM, “1” is stored upon reception from the main system. In the case of a computer node that controls the primary VM, the synchronous reception state 1715 stores “1” indicating that it has been received upon reception from the secondary.
 従系のVMを制御する計算機ノードの場合は、入力同期管理プログラム162によって処理されるが、主系への送信をもって「1」を格納する。同期送信状態1714と同期受信状態1715で、主系と従系の入力情報同期管理テーブル161の状態を一致させる。そのため、主系異常時でも従系が別途処理を要せずに入力情報同期管理テーブル161の状態を引き継ぐことができる。 In the case of a computer node that controls a subordinate VM, processing is performed by the input synchronization management program 162, but “1” is stored by transmission to the main system. In the synchronous transmission state 1714 and the synchronous reception state 1715, the states of the primary and secondary input information synchronization management tables 161 are matched. Therefore, even when the main system is abnormal, the sub system can take over the state of the input information synchronization management table 161 without requiring a separate process.
 図18は、入力同期用計算機ノード間通信用のパケット180のフォーマット構成を示す。
このパケット180は、主系と従系間の入力同期させるために計算機ノード間で通信される。送信元計算機ノード識別子1811は送信元の計算機ノード識別子を格納し、送信元VM識別子1812は送信元のVM識別子を格納する。計算機ノード識別子1813は受信元の計算機ノード識別子を格納し、VM識別子1814は受信元のVM識別子を格納する。シーケンス番号1815と入力情報1816について、主系では外部の端末9からの情報を格納する。一方、従系では主系から受信した情報をコピーして格納する。 FIG. 18 shows a format configuration of a packet 180 for communication between computer nodes for input synchronization.
This packet 180 is communicated between computer nodes in order to synchronize input between the master and slave systems. The transmission source computer node identifier 1811 stores the transmission source computer node identifier, and the transmission source VM identifier 1812 stores the transmission source VM identifier. The computer node identifier 1813 stores a reception source computer node identifier, and the VM identifier 1814 stores a reception source VM identifier. As for the sequence number 1815 and the input information 1816, information from the external terminal 9 is stored in the main system. On the other hand, in the slave system, information received from the master system is copied and stored.
 次に、図19を参照して、入力情報管理プログラム303の処理について説明する。
多重系出力制御基盤プログラム300は処理が開始されると、各VMを立ち上げて入力情報管理プログラム303を立ち上げる。入力情報管理プログラム303は、端末9から入力情報を受信するまで待機する(S1901)。端末9からの入力情報を取得した場合(S1902)、入力情報を処理するVMが主系か従系かを確認する(S1903)。 Next, processing of the input information management program 303 will be described with reference to FIG.
When the processing is started, the multiplex system output control infrastructure program 300 starts up each VM and starts up the input information management program 303. The input information management program 303 stands by until input information is received from the terminal 9 (S1901). When the input information from the terminal 9 is acquired (S1902), it is confirmed whether the VM that processes the input information is the primary system or the secondary system (S1903).
 確認の結果、従系の場合、端末9からの入力情報を受信するまで待機する(S1901)。一方、主系の場合は、入力情報同期管理テーブル161のシーケンス番号1612に新たなシーケンス番号を追加する(S1911)。その後、追加したシーケンス番号の行に、端末9から出力された入力情報を入力情報同期管理テーブル161の入力情報1713に格納する(S1912)。そして、従系のVMを制御する計算機ノードへ送信するため、入力同期用計算機ノード間通信用パケット180を作成する(S1913)。従系のVMを制御する計算機ノードへパケット180を送信する(S1914)。そして同期送信状態1614に「1」を格納し、送信済み状態とする(S1915)。 As a result of the confirmation, in the case of the slave, it waits until it receives the input information from the terminal 9 (S1901). On the other hand, in the case of the main system, a new sequence number is added to the sequence number 1612 of the input information synchronization management table 161 (S1911). Thereafter, the input information output from the terminal 9 is stored in the input information 1713 of the input information synchronization management table 161 in the added sequence number row (S1912). Then, in order to transmit to the computer node that controls the subordinate VM, the communication packet 180 for communication between computer nodes for input synchronization is created (S1913). The packet 180 is transmitted to the computer node that controls the subordinate VM (S1914). Then, “1” is stored in the synchronous transmission state 1614, and the transmission is completed (S1915).
 その後、従系のVMを制御する計算機ノードからパケット180を受信すると(S1916)、入力情報同期管理テーブル161の同期受信状態1615に「1」を格納し、受信済み状態とする(S1917)。更にシーケンス番号1612を制御情報管理テーブル302のシーケンス番号322に格納し(S1918)、入力情報1613を同じく入力情報323に格納する(S1919)。これで、入力情報の管理処理を完了する。 Thereafter, when the packet 180 is received from the computer node that controls the subordinate VM (S1916), "1" is stored in the synchronous reception state 1615 of the input information synchronization management table 161, and the reception state is set (S1917). Further, the sequence number 1612 is stored in the sequence number 322 of the control information management table 302 (S1918), and the input information 1613 is also stored in the input information 323 (S1919). This completes the input information management process.
 次に、図20を参照して、入力同期管理プログラム162の処理について説明する。
多重系出力制御基盤プログラム300は処理が開始されると、各VMを立ち上げて入力同期管理プログラム162を立ち上げる。入力同期管理プログラム162は、他計算機ノード100-B(の多重系出力制御基盤プログラム)から入力同期用計算機ノード間通信用のパケット180を受信するまで待機する(S2011)。他計算機ノード100-Bから入力情報を取得すると(S2012)、VM識別子1714が主系か確認する(S2013)。確認の結果主系の場合、他計算機ノードからの入力同期用計算機ノード間通信用のパケット180を受信するまで待機する(S2011)。 Next, processing of the input synchronization management program 162 will be described with reference to FIG.
When the processing is started, the multiplex system output control infrastructure program 300 starts up each VM and starts up the input synchronization management program 162. The input synchronization management program 162 stands by until it receives the packet 180 for communication between input synchronization computer nodes from the other computer node 100-B (its multiple system output control infrastructure program) (S2011). When the input information is acquired from the other computer node 100-B (S2012), it is confirmed whether the VM identifier 1714 is the primary system (S2013). In the case of the main system as a result of the confirmation, it waits until it receives a packet 180 for communication between computer nodes for input synchronization from another computer node (S2011).
 一方、確認の結果従系の場合は、パケット180のシーケンス番号1815を入力情報同期管理テーブル161のシーケンス番号1712に格納する(S2031)。その後、追加したシーケンス番号の行に、パケット180の入力情報1816を入力情報1713に格納する(S2032)。同期送信状態1714には「1」を格納し、送信元VM識別子1712のVMを制御する計算機ノードから送信してきたことを示す。受信完了したことを送信元の計算機ノードへ知らせるためにパケット180を送り返す(S2035)。送り返したことを示すため、入力情報同期管理テーブル161の同期受信状態1715に「1」を格納する。格納したシーケンス番号1712を制御情報管理テーブル302のシーケンス番号322に格納する(S2037)。入力情報1613を制御情報管理テーブル302の入力情報323に格納する(S2038)。以上で、入力同期管理の処理を完了する。 On the other hand, in the case of the slave as a result of the confirmation, the sequence number 1815 of the packet 180 is stored in the sequence number 1712 of the input information synchronization management table 161 (S2031). Thereafter, the input information 1816 of the packet 180 is stored in the input information 1713 in the row of the added sequence number (S2032). “1” is stored in the synchronous transmission state 1714, indicating that transmission has been made from the computer node that controls the VM of the transmission source VM identifier 1712. The packet 180 is sent back to notify the transmission source computer node that the reception has been completed (S2035). In order to indicate that the data has been sent back, “1” is stored in the synchronous reception state 1715 of the input information synchronization management table 161. The stored sequence number 1712 is stored in the sequence number 322 of the control information management table 302 (S2037). The input information 1613 is stored in the input information 323 of the control information management table 302 (S2038). This completes the input synchronization management process.
1:仮想化多重系システム 801:内部ネットワーク 802:外部ネットワーク 9:端末 
100-A、100-B、100:計算機ノード 101:メモリ 102:プロセッサ 103:記憶装置 104:外部通信I/F 105:ノード間通信I/F 
200、201:仮想計算機(VM) 211:アプリケーション 212:ゲストOS 213:仮想通信I/F 
300:多重系出力制御基盤プログラム 301:VM状態管理テーブル 302:制御情報管理テーブル 303:入力情報管理プログラム 304:出力情報管理プログラム 305:従系情報管理プログラム 306:HOST-HOST生死監視プログラム 307:VM-HOST生死監視プログラム 308:VM状態更新プログラム 400:ホストOS 401:仮想化プログラム 402:デバイス制御プログラム。 1: Virtual multiple system 801: Internal network 802: External network 9: Terminal
100-A, 100-B, 100: Computer node 101: Memory 102: Processor 103: Storage device 104: External communication I / F 105: Inter-node communication I / F
200, 201: Virtual machine (VM) 211: Application 212: Guest OS 213: Virtual communication I / F
300: Multiple system output control infrastructure program 301: VM state management table 302: Control information management table 303: Input information management program 304: Output information management program 305: Subordinate information management program 306: HOST-HOST life / death monitoring program 307: VM -HOST Life / death monitoring program 308: VM state update program 400: Host OS 401: Virtualization program 402: Device control program

Claims (12)

  1. ホストOSおよび該ホストOS上に構築される1又は複数の仮想計算機を有する複数の物理計算機がインタフェースを介して接続され、該仮想計算機は共通に接続された外部装置から入出力することができる計算機システムにおける仮想化多重系構成制御方法であって、
    該複数の物理計算機の該OS上には、異なる該物理計算機に属する対となる仮想計算機間で主従関係を設定し、該主従関係を変更することができる多重系制御部を設置し、
    1の該多重系制御部は、他の該多重系制御部との間でパケットを転送して、主従関係にある相手の該物理計算機内の該仮想計算機の生死の状態を監視し、該監視の結果に従って、主従関係にある該仮想計算機の生死の状態を示す管理情報を更新し、かつ、該監視の結果に従って、他の該多重系制御部へパケットを送信して、該仮想計算機間の主従関係を変更するように指示し、
    1の該多重系制御部は、該外部装置から受け付ける該入力情報を、主従関係にある該仮想計算機へ転送し、かつ主従関係にある該仮想計算機で処理された結果である出力情報を取得して管理し、主系又は従系の該仮想計算機からの出力情報を該外部装置へ転送する
    ことを特徴とする仮想化多重系構成制御方法。     A plurality of physical computers having a host OS and one or a plurality of virtual computers constructed on the host OS are connected via an interface, and the virtual computers can input / output from a commonly connected external device. A virtual multiple system configuration control method in a system,
    On the OS of the plurality of physical computers, a multi-system controller that can set a master-slave relationship between paired virtual computers belonging to different physical computers and change the master-slave relationship is installed.
    The multi-system control unit of one transfers the packet to and from the other multi-system control unit, monitors the life / death state of the virtual machine in the physical computer of the partner in the master-slave relationship, and The management information indicating the life / death status of the virtual machines in the master-slave relationship is updated according to the result of the above, and the packet is transmitted to the other multi-system control unit according to the monitoring result. Instructing the master-detail relationship to change,
    The multi-system control unit 1 transfers the input information received from the external device to the virtual machine having a master-slave relationship, and obtains output information that is a result processed by the virtual computer having a master-slave relationship A virtual multiplex system configuration control method, wherein the output information from the primary or secondary virtual machine is transferred to the external device.
  2. 前記複数の多重系制御部は、対の関係にある該仮想計算機の主従関係と、該仮想計算機の生死状態に関する情報を管理するVM状態管理テーブルと、
    該外部装置から受け付ける入力情報、該入力情報に対応して主従関係にある該仮想計算機で処理された結果である出力情報を、該仮想計算機対応に管理する制御情報管理テーブルを有し、
    前記多重系制御部は、該入力情報を転送した該仮想計算機から得られた該出力情報を該制御情報管理テーブルに格納しておき、かつ
    該VM状態管理テーブルに格納された、主従関係にある該仮想計算機の該生死状態の情報を参照して、該該制御情報管理テーブルに格納された該出力情報を該外部装置へ転送することを決める、
    請求項1の仮想化多重系構成制御方法。     A plurality of multi-system control units, a VM state management table for managing information on the master-slave relationship of the virtual machines in a pair relationship and the life / death state of the virtual machines;
    Input information received from the external device, a control information management table for managing output information that is a result of processing in the virtual machine having a master-slave relationship corresponding to the input information, corresponding to the virtual machine,
    The multi-system control unit stores the output information obtained from the virtual machine that has transferred the input information in the control information management table, and has a master-slave relationship stored in the VM state management table. Deciding to transfer the output information stored in the control information management table to the external device with reference to the life / death information of the virtual machine;
    The virtual multiplex system configuration control method according to claim 1.
  3. 前記多重系制御部は、該仮想計算機に障害が発生した場合、該制御情報管理テーブルを参照して、障害時の処理結果から次の出力処理に必要な出力情報を制御する、
    請求項1又は2記載の仮想化多重系構成制御方法。     The multi-system control unit, when a failure occurs in the virtual machine, refers to the control information management table and controls output information necessary for the next output processing from the processing result at the time of the failure.
    The virtual multiplex system configuration control method according to claim 1 or 2.
  4. 主系の該仮想計算機に障害が発生した場合、該主系の該仮想計算機を管理している1の該多重系制御部は、従系の該仮想計算機を管理している他の該多重系制御部へパケットを転送して障害を通知し、1の該多重系制御部及び他の該多重系制御部は、対の該仮想計算機の主従関係の切り替えを行う、
    請求項1乃至3の何れかの項記載の仮想化多重系構成制御方法。     When a failure occurs in the primary virtual machine, the one multi-system control unit that manages the virtual machine in the main system, the other multi-system that manages the secondary virtual machine. The packet is transferred to the control unit to notify the failure, and the one multi-system control unit and the other multi-system control unit switch the master-slave relationship of the pair of virtual machines.
    The virtual multiplex system configuration control method according to any one of claims 1 to 3.
  5. 1の該多重系制御部は、障害が発生した該仮想計算機の状態を更新し、障害が発生した該仮想計算機の状態情報と障害時の最終出力情報を、他の該多重系制御部へ送信し、
    他の該多重系制御部は、該VM状態管理テーブルにおける該仮想計算機の状態情報を更新し、かつ該制御情報管理テーブルを参照して最終出力情報の次の出力処理に必要な入力情報を、障害が発生した該仮想計算機と主従関係にある該仮想計算機に転送し、更に主従関係を切り替える、
    請求項2乃至4のいずれかの項記載の仮想化多重系構成制御方法。     The multi-system control unit of 1 updates the state of the virtual machine in which the failure has occurred, and transmits the status information of the virtual machine in which the failure has occurred and the final output information at the time of the failure to the other multi-system control unit And
    The other multiplex system control unit updates the status information of the virtual machine in the VM status management table, and refers to the control information management table to input information necessary for the next output processing of the final output information, Transfer to the virtual machine in the master-slave relationship with the virtual machine in which the failure occurred, and further switch the master-slave relationship;
    The virtual multiplex system configuration control method according to any one of claims 2 to 4.
  6. 前記他の多重系制御部は、主従関係が切り替わった、該仮想計算機からの出力情報であって前記制御情報管理テーブルに格納された出力情報を該外部装置へ出力する、
    請求項5の仮想化多重系構成制御方法。     The other multiplex system control unit outputs the output information stored in the control information management table, which is output information from the virtual machine whose master-slave relationship has been switched, to the external device,
    The virtual multiplex system configuration control method according to claim 5.
  7. 前記多重系制御部は、予め定められた周期時間内にある仮想計算機からの出力情報を受信した場合、前記VM状態管理テーブルを参照して、出力した該仮想計算機の主従の状態を判定し、
    該判定の結果、主系の場合、該仮想計算機から得られた出力情報を該制御情報管理テーブルに格納し、その後、該制御情報管理テーブルに格納された該出力情報を該外部装置へ転送し、かつ他の該多重系制御部へ該出力情報を通知するためのパケットを生成して、他の該多重系制御部へ転送し、
    該判定の結果、従系の場合、従系の該仮想計算機から転送された出力情報が該制御情報管理テーブルに格納されているかを確認し、
    該確認の結果、格納された該出力情報と、該主系の該仮想計算機から得られた出力情報を比較して、該両者が不一致の場合、主従関係にある仮想計算機間の整合性が取れていないとみなして、フェイルセイフ処理を実行する、
    請求項2乃至6のいずれかの項記載の仮想化多重系構成制御方法。     The multi-system control unit, when receiving output information from a virtual machine within a predetermined cycle time, refers to the VM state management table, determines the master-slave state of the output virtual machine,
    As a result of the determination, in the case of the main system, the output information obtained from the virtual machine is stored in the control information management table, and then the output information stored in the control information management table is transferred to the external device. And generating a packet for notifying the output information to the other multiplex system control unit and transferring the packet to the other multiplex system control unit,
    As a result of the determination, in the case of a secondary system, check whether the output information transferred from the virtual machine of the secondary system is stored in the control information management table,
    As a result of the confirmation, the stored output information is compared with the output information obtained from the virtual computer of the main system. When the two do not match, consistency between the virtual computers in the master-slave relationship is obtained. Execute fail-safe processing on the assumption that
    The virtual multiplex system configuration control method according to any one of claims 2 to 6.
  8. 該外部装置からの入力情報は、主系の該仮想計算機が存在する該物理計算機の該多重系制御部へ入力されるように制御され、かつ
    前記主系及び従系の該仮想計算機が存在する該物理計算機にある、前記多重系制御部は、取得した入力情報と、主系と従系の仮想計算機がある前記多重系制御部間で転送される同期用のパケットの送受信状態を示す情報を、主従関係にある該仮想計算機に対応して管理する入力情報同期管理テーブルを有し、
    1の該多重系制御部は、他の該多重系制御部から転送され受信した該同期用パケットを基に、該パケットの転送元の該仮想計算機が主系か従系かを確認し、
    該確認の結果、主系の場合、他の該多重系制御部から転送される該同期用のパケットの受信を待ち、
    該確認の結果、従系の場合、該入力情報同期管理テーブルに取得した入力情報を格納し、かつ同期送信状態である情報を該入力情報同期管理テーブルに格納し、受信が完了したことを示す同期用のパケットを、送信元となる他の該多重系制御部へ転送する、
    請求項2乃至7のいずれかの項記載の仮想化多重系構成制御方法。     Input information from the external device is controlled so as to be input to the multiple system control unit of the physical computer in which the primary virtual computer exists, and the primary and secondary virtual computers exist. The multiplex system control unit in the physical computer includes the acquired input information and information indicating a transmission / reception state of a synchronization packet transferred between the multiplex system control unit having a master and a slave virtual computer. An input information synchronization management table for managing the virtual machines in a master-slave relationship,
    The multiplex system control unit of 1 confirms whether the virtual computer that is the transfer source of the packet is a primary system or a slave system based on the synchronization packet transferred and received from the other multiplex system control unit,
    As a result of the confirmation, in the case of the main system, waiting for the reception of the synchronization packet transferred from the other multi-system control unit,
    As a result of the confirmation, in the case of the slave, the acquired input information is stored in the input information synchronization management table, and the information in the synchronous transmission state is stored in the input information synchronization management table, indicating that the reception is completed. Transfer the synchronization packet to the other multiplex system control unit as the transmission source.
    The virtual multiplex system configuration control method according to any one of claims 2 to 7.
  9.  ホストOSおよび該ホストOS上に構築される1又は複数の仮想計算機を有する複数の物理計算機がインタフェースを介して接続され、かつ異なる物理計算機に属する仮想計算機に主従関係が設定され、該仮想計算機は共通に接続された外部装置から入出力することができる計算機システムであって、
    該複数の物理計算機の該ホストOS上にそれぞれ、異なる該物理計算機に属する対となる仮想計算機間で主従関係を設定し、該主従関係を変更することができる多重系制御部を設け、該多重系制御部はパケットを伝送してお互いに管理情報及び制御情報を連絡することができ、かつ
    該多重系制御部は、
    該仮想計算機対応に該仮想計算機の主従関係と、該仮想計算機の生死に関する情報を管理する第1管理手段と、
    該外部装置から受け付ける入力情報、該入力情報に対応して主従関係にある該仮想計算機で処理された結果であって該外部装置へ出力する出力情報を管理する第2管理手段と、
    他の該多重系制御部との間でパケットを転送して、主従関係にある相手の該物理計算機内の該仮想計算機の生死の状態を監視し、該監視の結果に従って、主従関係にある該仮想計算機の生死の状態を示す該第1管理手段の内容を更新し、かつ、該監視の結果に従って、他の該多重系制御部へパケットを送信して、該仮想計算機間の主従関係を変更するように制御する第1制御手段と、
    該外部装置から受け付ける該入力情報を、主従関係にある該仮想計算機へ転送し、かつ主従関係にある該仮想計算機で処理された結果である出力情報を取得して該第2管理手段に保管して管理し、主系又は従系の該仮想計算機からの出力情報を該外部装置へ転送するように制御する第2制御手段と
    を有することを特徴とする計算機システム。     A plurality of physical computers having a host OS and one or a plurality of virtual computers constructed on the host OS are connected via an interface, and a master-slave relationship is set for virtual computers belonging to different physical computers. A computer system capable of inputting and outputting from a commonly connected external device,
    Provided on the host OS of the plurality of physical computers is a multiplex system control unit capable of setting a master-slave relationship between paired virtual computers belonging to different physical computers and changing the master-slave relationship. The system control unit can transmit a packet to communicate management information and control information with each other, and the multiplex system control unit
    First management means for managing the master-slave relationship of the virtual machine and information on the life and death of the virtual machine in correspondence with the virtual machine;
    Input information received from the external device, second management means for managing output information output to the external device as a result of processing in the virtual machine having a master-slave relationship corresponding to the input information;
    The packet is transferred to and from the other multi-system control unit to monitor the life / death status of the virtual machine in the physical computer of the partner in the master-slave relationship, and the master-slave relationship in accordance with the monitoring result Update the contents of the first management means indicating the life or death status of the virtual machines, and change the master-slave relationship between the virtual machines by sending packets to the other multi-system controller according to the monitoring results. First control means for controlling so as to
    The input information received from the external device is transferred to the virtual machine in a master-slave relationship, and output information that is a result processed by the virtual computer in a master-slave relationship is acquired and stored in the second management unit And a second control means for controlling the output information from the primary or secondary virtual machine to be transferred to the external device.
  10. 前記第2管理手段は、仮想計算機毎に、該外部装置から入力される入力情報と、該入力情報に対応した、仮想計算機の処理結果である出力情報を管理する制御情報管理テーブルであり、
    前記第2制御手段は、該仮想計算機に障害が発生した場合、該制御情報管理テーブルを参照して、障害時の処理結果から次の出力処理に必要な出力情報を制御する、請求項9の計算機システム。     The second management means is a control information management table for managing, for each virtual computer, input information input from the external device and output information corresponding to the input information, which is a processing result of the virtual computer,
    The second control means, when a failure occurs in the virtual machine, refers to the control information management table and controls output information necessary for the next output processing from a processing result at the time of the failure. Computer system.
  11. 前記第2制御手段は、主従系関係の各仮想計算機の入力に対する全体処理時間と主系従系の該仮想計算機間の同期に必要な時間を考慮し、前記制御情報管理テーブルから仮想計算機へ入力情報を伝達する処理周期を生成することにより、障害時に欠落する出力情報を防ぐ、請求項9又は10の計算機システム。 The second control means inputs from the control information management table to the virtual machine in consideration of the overall processing time for the input of each virtual machine in the master-slave relationship and the time required for synchronization between the virtual machines in the master-slave system The computer system according to claim 9 or 10, wherein output information that is lost at the time of failure is prevented by generating a processing cycle for transmitting information.
  12. 主系の該仮想計算機に障害が発生した場合、該主系の該仮想計算機を管理している該多重系制御部における前記第1制御手段は、従系の該仮想計算機を管理している他の該多重系制御部へパケットを転送して障害を通知し、対の該仮想計算機の主従関係の切り替えを行うように制御する、請求項9乃至11のいずれかの項記載の計算機システム。 When a failure occurs in the primary virtual machine, the first control means in the multi-system control unit managing the virtual machine in the primary system manages the virtual machine in the secondary system. The computer system according to any one of claims 9 to 11, which performs control so as to transfer a packet to the multiplex system control unit, to notify a failure, and to switch the master-slave relationship of the paired virtual machines.
PCT/JP2011/078218 2011-12-06 2011-12-06 Virtualization multi-system configuration control method and computer system WO2013084305A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/078218 WO2013084305A1 (en) 2011-12-06 2011-12-06 Virtualization multi-system configuration control method and computer system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/078218 WO2013084305A1 (en) 2011-12-06 2011-12-06 Virtualization multi-system configuration control method and computer system

Publications (1)

Publication Number Publication Date
WO2013084305A1 true WO2013084305A1 (en) 2013-06-13

Family

ID=48573710

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/078218 WO2013084305A1 (en) 2011-12-06 2011-12-06 Virtualization multi-system configuration control method and computer system

Country Status (1)

Country Link
WO (1) WO2013084305A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111885014A (en) * 2020-07-06 2020-11-03 河南信大网御科技有限公司 Mimic bracket device with master-slave switching function, mimic defense method and architecture
CN112380070A (en) * 2020-12-04 2021-02-19 海光信息技术股份有限公司 Virtual machine fault-tolerant system and fault-tolerant method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007148839A (en) * 2005-11-29 2007-06-14 Hitachi Ltd Failure recovery method
JP2008165637A (en) * 2006-12-28 2008-07-17 Hitachi Ltd System switching method in server virturalizing environment and computer system
JP2009259206A (en) * 2008-03-27 2009-11-05 Nippon Telegraph & Telephone West Corp Access distribution system, server device, common management device, access distribution device, access distribution method, and computer program
JP2009301162A (en) * 2008-06-11 2009-12-24 Hitachi Ltd Computer system, device sharing method, and device sharing program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007148839A (en) * 2005-11-29 2007-06-14 Hitachi Ltd Failure recovery method
JP2008165637A (en) * 2006-12-28 2008-07-17 Hitachi Ltd System switching method in server virturalizing environment and computer system
JP2009259206A (en) * 2008-03-27 2009-11-05 Nippon Telegraph & Telephone West Corp Access distribution system, server device, common management device, access distribution device, access distribution method, and computer program
JP2009301162A (en) * 2008-06-11 2009-12-24 Hitachi Ltd Computer system, device sharing method, and device sharing program

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111885014A (en) * 2020-07-06 2020-11-03 河南信大网御科技有限公司 Mimic bracket device with master-slave switching function, mimic defense method and architecture
CN111885014B (en) * 2020-07-06 2022-04-26 河南信大网御科技有限公司 Mimic bracket device with master-slave switching function, mimic defense method and architecture
CN112380070A (en) * 2020-12-04 2021-02-19 海光信息技术股份有限公司 Virtual machine fault-tolerant system and fault-tolerant method thereof

Similar Documents

Publication Publication Date Title
JP5733318B2 (en) Computer system
Botelho et al. On the design of practical fault-tolerant SDN controllers
CN108259175B (en) Distributed password service method and system
US9398094B2 (en) Data transfer device
JP2007304845A (en) Virtual computer system and software update method
CN110019484B (en) Database system, implementation method, management device, data interface device and medium
US20130061086A1 (en) Fault-tolerant system, server, and fault-tolerating method
WO2013084305A1 (en) Virtualization multi-system configuration control method and computer system
CN111488395A (en) Double-node high-availability distributed storage system
JP2014016953A (en) Unshared type database system, synchronizing device, database server, its synchronizing method, and synchronizing program
JP2004038785A (en) Integrated simulation system and program
JP2005251055A (en) Highly reliable system, redundancy configuration control method, and program
JP4645435B2 (en) Information processing apparatus, communication load distribution method, and communication load distribution program
Osrael et al. Axis2-based replication middleware forweb services
JP6555353B2 (en) Cluster system, information processing apparatus, cluster system synchronization method, and program
JP5716460B2 (en) Cluster system and control method thereof
JP2009075710A (en) Redundant system
JP5503512B2 (en) Computer system and control method in case of failure
CN108270831B (en) Arbiter cluster implementation method and device
JP2016009216A (en) Redundant system and redundancy method
JP2016051256A (en) Database system and method for proxying data request signal
KR20240061995A (en) METHOD AND APPARATUS FOR Service Weightage based High availability control method in container based micro service over multiple clusters
WO2014141459A1 (en) Information processing system, and method for managing operation of information processing system
WO2012042607A1 (en) Distributed computing system
KR20230174137A (en) Method and apparatus for data synchronization in container-based multi cluster environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11876938

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11876938

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP