JP2013164734A - Policy management device, policy management system, policy management method, and policy management program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a policy management device for efficiently registering and managing a large number of policies in a large-scale computer system.SOLUTION: The policy management device according to the invention comprises: group storage means for grouping apparatuses that construct a computer system and storing group management data that shows groups to which respective apparatuses belong; policy storage means for storing relationships between events occurring on the respective apparatuses and actions performed by the respective apparatuses in the events as a policy for each of the groups; and policy selection means for, when an event occurs on any of the apparatuses, identifying a group of the apparatus from occurrence event information issued by the apparatus by checking identification information of the apparatus with the group management data and selecting a policy whose event coincides with the occurrence event information from policies associated with the group so as to output the action included in the policy and the identification information of the apparatus.

Description

  The present invention relates to a policy management apparatus, a policy management system, a policy management method, and a policy management program for managing an operation policy of a computing system such as a data center.

  With the development of cloud computing, the scale of the data center that serves as the foundation is rapidly increasing. Since such a large-scale data center is composed of a large number of multi-vendor devices, the number of events to be managed as a whole system is very large, and the number of system operation policies to be managed is enormous. It becomes. Therefore, it will become more and more important in the future how to manage such an enormous system operation policy efficiently.

  As a technique for efficiently performing such policy management, Patent Document 1 discloses various scenarios by freely creating scenario data that realizes an optimal policy rule selection algorithm in accordance with the operation status of a network device. An apparatus that can flexibly cope with network operation has been disclosed.

  Further, Patent Document 2 applies policy evaluation and execution without setting the application so that application of the policy can be realized without impairing performance related to application quality, policy evaluation, and action execution. A system for doing this is published.

JP2005-165847 JP2010-237935

  In the techniques described in Patent Document 1 and Patent Document 2 described above, a technique for efficiently managing an enormous number of policies by reducing the number of policies that a system administrator should actually manage is presented. Not. Therefore, the system operation manager has to manage an enormous number of policies, and there is a problem that a problem in system operation due to omission of policy registration may occur.

  An object of the present invention is to provide a policy management apparatus, a policy management system, a policy management method, and a policy management program that solve these problems.

  A policy management apparatus according to an embodiment of the present invention divides one or more devices constituting a computer system into one or more groups, and stores group management data indicating which group each device belongs to A policy storage means for storing in group units as a policy the association between the means, the name of the event that occurs in the device, and the action that the device executes when the event occurs, and any of the devices When an event occurs, the device receives an event message that identifies the event that has occurred and the device identification information, and matches the device identification information with the group management data. The group to which the event belongs is specified, and the event message is specified from the policy related to the group. The select the policy that contains the name provided, the program that corresponds to the action to be included in the policy, and a policy selection means for outputting the identification information of the device, the.

  According to an embodiment of the present invention, a policy management method divides one or more devices constituting a computer system into one or more groups, and stores group management data indicating which group each device belongs to in a storage area. The association between the name of the event that occurs in the device and the action that the device executes when the event occurs is stored as a policy in the storage unit in the group unit, and the event occurs in any of the devices When it occurs, it receives an event message issued by the device that identifies the event that has occurred and device specific information, and the device specific information belongs to the group management data to which the device belongs. The policy that includes the name of the event that identifies the group and that identifies the event message from the policy for the group. Select a program corresponding to the action to be included in the policy, and outputs the specific information of the device.

  A policy management program according to an embodiment of the present invention divides one or more devices constituting a computer system into one or more groups, and stores group management data indicating which group each device belongs to The policy storage process for storing in group units as a policy the association between the process, the name of the event that occurs in the device, and the action that the device executes when the event occurs, and any of the devices When an event occurs, the device receives an event message that identifies the event that has occurred and the device identification information, and matches the device identification information with the group management data. The group to which the event belongs is identified, and the event message is identified from the policies related to the group. Select the policy that contains the name of that event, the program corresponding to the action to be included in the policy, and to execute a policy selection process for outputting the specific information of the device, to the computer.

  The present invention realizes efficient management of a huge number of policies in a large-scale computer system.

It is a block diagram which shows the structure of the 1st Embodiment of this invention. It is a flowchart which shows policy registration operation | movement of the policy registration part 104 in 1st Embodiment of this invention. 3 is a flowchart showing a program output operation of a policy selection unit 106 according to the first embodiment of the present invention. It is an example of the group management data 30 which the group memory | storage part 100 in 1st Embodiment of this invention memorize | stores. It is an example of the action management data 40 memorize | stored in the action memory | storage part 101 in 1st Embodiment of this invention. It is an example of the event management data 50 which the event memory | storage part 102 in 1st Embodiment of this invention memorize | stores. It is an example of the policy management data 60 which the policy memory | storage part 103 in 1st Embodiment of this invention memorize | stores. It is an example of the policy registration screen 70 of the console 12 in 1st Embodiment of this invention. It is an example of the occurrence event information 80 output from the apparatus which generate | occur | produced the event in 1st Embodiment of this invention. It is a block diagram which shows the structure of 2nd Embodiment of this invention. It is an example of the policy management data 90 memorize | stored in the policy memory | storage part 203 in 2nd Embodiment of this invention.

  A first embodiment of the present invention will be described in detail with reference to the drawings.

  FIG. 1 shows a system management server 1, AP servers 2-1 to 2-5, DB servers 3-1 to 3-2, storages 4-1 to 4-2, and NW devices 5-1 to 5-4. Shows the configuration of a computer system including

  The system management server 1 is a server that manages the operation of the entire computer system, and includes a policy management apparatus 10 and a system configuration management unit 11. The system configuration management unit 11 performs configuration change control of servers and storage, and configuration management of devices connected to the system.

  The AP servers 2-1 to 2-5 are application servers, and the DB servers 3-1 to 3-2 are database servers, which may be normal servers or virtual servers. These servers are managed by the system configuration management unit 11 using the device names VM001 to VM007, respectively.

  The storages ST001 to ST002 are storage devices that store data of the AP servers 2-1 to 2-5 and the DB servers 3-1 to 3-2. These storage apparatuses are managed by the system configuration management unit 11 using the device names ST001 to ST002, respectively.

  The NW devices 5-1 to 5-4 are network devices that manage networks connecting the devices in the system, and the system configuration management unit 11 manages them with device names NW001 to NW004, respectively.

  The policy management apparatus 10 includes a group storage unit 100, an action storage unit 101, an event storage unit 102, a policy storage unit 103, a policy registration unit 104, an occurrence event monitoring unit 105, and a policy selection unit 106. doing.

  The group storage unit 100 divides the devices in this system into groups based on the similarity of the software, hardware configuration, or function of the operation system, etc., and group management data 30 that is information on which group each device belongs to. Is stored. An example of the group management data 30 in the group storage unit 100 is shown in FIG. Each record of the management data includes a group name and a target device name of a device belonging to the group. Devices belonging to the same group have the same message and command system output when an event occurs. For example, those having similar hardware configurations or installed software, or belonging to the same category in a three-layer system composed of a Web server, an application server, and a database server. In the case of this example, for example, the server VM001 and the server VM002 belonging to the AP TIER1 group are servers having the same hardware configuration, and the installed operating system and application software are also the same.

  The action storage unit 101 stores commands and programs executed by devices in each group as actions. An example of the action management data 40 stored in the action storage unit 101 is shown in FIG. Each record of the management data includes a group name, an action name, and a program. In the management data example of FIG. 5, two actions of “OS reboot” and “scale out” are managed for each group. Regarding the action of “OS reboot”, the programs of AP TIER1 and AP TIER2 are the same command “reboot”, but the program of DB TIER1 is another command “init”. This is because the operating systems of the devices belonging to AP TIER1 and AP TIER2 are the same, whereas the operating systems of the devices belonging to DB TIER1 are operating systems different from the devices of AP TIER1 and AP TIER2, and the command system This is because they are different. Further, regarding the action of “scale out”, AP TIER1, AP TIER2, and DB TIER1 are composed of two commands, but the contents of the programs are different from each other. This is because the application executed by each device differs between groups. Note that the action management data 40 shown in FIG. 5 is an example of a partial record of data to be managed by the system of this embodiment, and each group of AP TIER1, AP TIER2, DB TIER1, ST TIER1, and NW TIER1 There are a number of records that are surprisingly surprising.

  The event storage unit 102 stores, as an event, a message output from the device when an event occurs in the device of each group. An example of event management data 50 stored in the event storage unit 102 is shown in FIG. Each record of this management data includes a group name, an event name, a type, a level, and an event message. In the management data example of FIG. 6, four events of “AP failure”, “network failure”, “deadlock”, and “CPU high load” are managed for each group. In the case of an “AP failure” event, the AP TIER1 and AP TIER2 devices output an “Application error occurred” event message, and the DB TIER1 device whose operating system is different from that of the AP TIER1 and AP TIER2 is “Application failure occurred”. "Is output. Since “AP failure” is an error on the operating system, “OS” is stored as the type, and “error” is stored as the level. In addition, since the event of “CPU high load” is a warning on hardware, “HW” is stored as the type and “warning” is stored as the level. The event management data 50 shown in FIG. 6 is an example of a partial record of data to be managed by the system of this embodiment, and each group of AP TIER1, AP TIER2, DB TIER1, ST TIER1, and NW TIER1 There are a number of records that are surprisingly surprising.

  The policy storage unit 103 stores, as a policy, an association between an event that occurs in each device and an action that the device executes when the event occurs. An example of the policy management data 60 stored in the policy storage unit 103 is shown in FIG. Each record of the management data includes a group name, an action name, and an event name. In the case of this example, for example, when any one of an AP failure, a network failure, and a deadlock occurs in a device belonging to AP TIER1, system operation management for performing an OS reboot is performed. The policy management data 60 shown in FIG. 7 is an example of a partial record of data to be managed by the system of this embodiment, and each group of AP TIER1, AP TIER2, DB TIER1, ST TIER1, and NW TIER1 There are a number of records that are surprisingly surprising.

  The policy registration unit 104 registers the policy regarding each group in the policy storage unit 103. An example of the policy registration screen 70 of the console 12 when the system administrator registers a policy is shown in FIG. The policy registration screen 70 includes a policy registration target group selection window, an action selection window, an event selection window, and a registration button. Details of the policy registration operation flow of the policy registration unit 104 will be described later.

  The generated event monitoring unit 105 monitors information flowing in the network for information on generated events output by devices in the system, and sends the acquired generated event information 80 to the policy selecting unit 106. An example of the occurrence event information 80 is shown in FIG. The occurrence event information 80 includes identification information of the transmission source device of the information and an event message. In the case of the example of FIG. 9, an AP failure has occurred in the AP server 2-5 whose device name is VM005, and the AP server 2-5 has output an event message “Application error occurred”.

  The policy selection unit 106 compares the occurrence event information 80 received from the occurrence event monitoring unit 105 with the management data of the group storage unit 100, the action storage unit 101, the event storage unit 102, and the policy storage unit 103. Specific information of the transmission source device and a program which is an action to be executed by the event transmission source device. The output program may be executed by the system management server 1 or may be executed as it is by the event transmission source device. Alternatively, the program output by the policy selection unit 106 on the screen of the console 12 may be displayed, and the system administrator may instruct execution of the program from the console 12. When, where, and how each program is executed depends on the nature of the program. Details of the program output operation flow of the policy selection unit 106 will be described later.

  Next, the policy registration operation of the policy registration unit 104 of this embodiment will be described in detail with reference to the flowchart of FIG.

  The policy registration unit 104 acquires group list information from the group management data 30 in the group storage unit 100 and displays it on the policy registration screen 70 of the console 12 (S101). The system administrator selects a group for policy registration from the displayed group list (S102). The policy registration unit 104 acquires action list information and event list information corresponding to the group selected by the system administrator from the action management data 40 in the action storage unit 101 and the event management data 50 in the event storage unit 102, respectively. It is displayed on the policy registration screen 70 of the console 12 (S103). The system administrator selects one action for policy registration from the action list (S104). The system administrator selects one or more events associated with the selected action (S105). The policy registration unit 104 associates the action input by the system administrator with the event, and registers it as a policy in the policy management data 60 in the policy storage unit 103 (S106).

  Next, the program output operation of the policy selection unit 106 of this embodiment will be described in detail with reference to the flowchart of FIG.

  The generated event monitoring unit 105 acquires the generated event information 80 from a device that has generated an event on the system, and outputs it to the policy selecting unit 106 (S201). The policy selecting unit 106 specifies the group name of the device that has generated the event by comparing the transmission source specifying information in the generated event information 80 with the group management data 30 in the group storage unit 100 (S202). The policy selection unit 106 specifies the name of the event that occurred by comparing the specified group name and the event message in the event information 80 with the event management data 50 in the event storage unit 102 (S203). The policy selection unit 106 specifies the action name by comparing the specified group name and the specified event name with the policy management data 60 in the policy storage unit 103 (S204). The policy selection unit 106 specifies the program by comparing the specified group name and the specified action name with the action management data 40 in the action storage unit 101 (S205). The policy selection unit 106 outputs the specified program and the transmission source identification information of the occurrence event information 80 (S206).

  This embodiment has the effect of reducing the number of system operation policies managed by a computer system administrator and simplifying policy management work. This is because, as a first reason, the policy management apparatus 10 does not manage the registration of policies in units obtained by grouping these devices based on similarity in configuration or function, rather than in units of devices in the computer system. It is because it performs. This reduces the number of policies managed by the system administrator. The second reason is that the policy management apparatus 10 does not use a large number of events to be managed as a reference, but performs policy registration based on a smaller number of actions than events. When the system administrator performs policy registration for each action, the number of policy registration operations is reduced.

In this way, by simplifying the policy management work of the system administrator, it is possible to avoid policy setting mistakes and omissions and prevent problems in system operation.
<Second Embodiment>
Next, a second embodiment of the present invention will be described in detail with reference to the drawings.

  FIG. 10 is a block diagram showing the configuration of the policy management apparatus 20 of this embodiment.

  The policy management apparatus 20 includes a group storage unit 200, a policy storage unit 203, and a policy selection unit 206.

  Similar to the group storage unit 100 in the first embodiment, the group storage unit 200 divides the devices constituting the system into groups, and stores group management data 30 indicating which group each device belongs to. The group management data 30 is the same as in the first embodiment.

  The policy management data 90 stored in the policy storage unit 203 of this embodiment includes an event message output by a device in which an event has occurred in the system as an event name, and the name of a program corresponding to the action as an action name. And includes the event and the action as a policy. An example of policy management data 90 in the policy storage unit 203 is shown in FIG. Each record of the policy management data 90 includes a group name, an action name, and an event name. In the case of this example, for example, when a device that belongs to AP TIER1 generates an AP failure and outputs an "Application error ocurred" event message, or a network failure occurs and outputs a "Network error occurred" event message, Or, when a deadlock occurs and an event message “Deadlock occurred” is output, this indicates that system operation management for performing an OS reboot is performed. Note that the policy management data 90 shown in FIG. 11 is an example of a partial record of data to be managed by the system of this embodiment, and each group of AP TIER1, AP TIER2, DB TIER1, ST TIER1, and NW TIER1 There are a number of records that are surprisingly surprising.

  The policy selection unit 206 receives the occurrence event information 80 output by the device in the system, compares the transmission source identification information in the occurrence event information 80 with the group management data 30 in the group storage unit 200, and the group to which the device belongs. Specify the name. Then, the policy including the event name specified by the event message in the generated event information 80 is selected from the policies related to the group in the policy management data 90 in the policy storage unit 203, and the action name and the device included in the policy are selected. The sender identification information is output.

  This embodiment has a simple configuration compared to the first embodiment, and, similar to the first embodiment, reduces the number of operation policies of the system managed by the computer system administrator, and performs policy management work. Has the effect of simplifying. This is because the policy management apparatus 20 having a simple configuration compared to the policy management apparatus 10 in the first embodiment is not the unit of each device in the computer system, but the configuration or functional similarity of these devices. This is because the policy is managed in units grouped based on the above. This reduces the number of policies managed by the system administrator.

  While the present invention has been described with reference to the embodiments, the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

DESCRIPTION OF SYMBOLS 1 System management server 10 Policy management apparatus 100 Group memory | storage part 101 Action memory | storage part 102 Event memory | storage part 103 Policy memory | storage part 104 Policy registration part 105 Occurrence event monitoring part 106 Policy selection part 11 System configuration management part 12 Console 2-1 thru | or 2- 5 AP Server 3-1 to 3-2 DB Server 4-1 to 4-2 Storage 5-1 to 5-4 NW Device 20 Policy Management Device 30 Group Management Data 40 Action Management Data 50 Event Management Data 60 Policy Management Data 70 Policy registration screen 80 Event information 90 Policy management data 200 Group storage unit 203 Policy storage unit 206 Policy selection unit

Claims (9)

Group storage means for storing one or more devices constituting the computer system into one or more groups and storing group management data indicating which group each of the devices belongs to;
Policy storage means for storing, as a policy, an association between the name of an event occurring in the device and an action executed by the device when the event occurs;
When an event occurs in any of the devices, the device receives the event message that identifies the event that has occurred and the specific information of the device and issues the specific information of the device to the group management data The group to which the device belongs is identified with respect to the policy, the policy including the name of the event identified by the event message is selected from the policies related to the group, and the action included in the policy is selected. Policy selection means for outputting the corresponding program and specific information of the device,
Policy management device comprising Action storage means for storing a list of the actions executed by the devices belonging to the group in units of groups;
Event storage means for storing a list of the events that occur in the devices belonging to the group in units of the group;
Select one group from the group, select one action from the list of actions related to the group, and select a plurality of events to be associated with the action from the list of events related to the group Policy registration means for storing the association between the selected plurality of events and the action in the policy storage means;
The policy management apparatus according to claim 1, further comprising: The policy management apparatus according to claim 1, wherein the device is divided into the groups based on similarity of software and hardware configurations of the device. The policy management apparatus according to claim 3, wherein the device is divided into the groups based on similarity in function of the devices.   5. A policy management system including the policy management device according to claim 1 and all the devices that are managed by the policy management device. One or more devices constituting the computer system are divided into one or more groups, and group management data indicating which group each device belongs to is stored in a storage area;
The association between the name of the event occurring in the device and the action executed by the device when the event occurs is stored as a policy in the storage unit in the group unit,
When an event occurs in any of the devices, the device receives the event message that identifies the event that has occurred and the specific information of the device and issues the specific information of the device to the group management data The group to which the device belongs is identified with respect to the policy, the policy including the name of the event identified by the event message is selected from the policies related to the group, and the action included in the policy is selected. Output the corresponding program and device specific information,
Policy management method A list of the actions executed by the devices belonging to the group is stored in a storage area in units of the group,
A list of events that occur in the devices belonging to the group is stored in a storage area in units of the group,
Select one group from the group, select one action from the list of actions related to the group, and select a plurality of events to be associated with the action from the list of events related to the group The policy management method according to claim 6, wherein an association between the selected plurality of events and the action is stored in a storage area. Group storage processing for storing one or more devices constituting the computer system into one or more groups and storing group management data indicating which group each of the devices belongs to;
A policy storage process for storing, as a policy, an association between the name of an event occurring in the device and an action executed by the device when the event occurs;
When an event occurs in any of the devices, the device receives the event message that identifies the event that has occurred and the specific information of the device and issues the specific information of the device to the group management data The group to which the device belongs is identified with respect to the policy, the policy including the name of the event identified by the event message is selected from the policies related to the group, and the action included in the policy is selected. Policy selection processing for outputting the corresponding program and the specific information of the device,
A policy management program that causes a computer to execute. An action storage process for storing a list of the actions executed by the devices belonging to the group in units of groups;
An event storage process for storing a list of the events that occur in the devices belonging to the group in units of the group;
Select one group from the group, select one action from the list of actions related to the group, and select a plurality of events to be associated with the action from the list of events related to the group A policy registration process for storing an association between the selected plurality of events and the action in the policy storage unit;
9. The policy management program according to claim 8, which causes a computer to execute.

Images