JP2016115238A - Operation manipulation aggregation system, aggregation method and aggregation program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an operation manipulation aggregation system which allows operation of a system even without a specific technical knowledge.SOLUTION: An operation manipulation aggregation system comprises a master server 13 which controls access to a plurality of management target servers 15, a storage device 14 which stores a manipulation trace of a command issued to the management target server 15 and a log of a command execution result, an administrator terminal 11 which accepts input of a system administrator who manages access permission for a manipulation operator who manipulates/operates the management target server 15 to the master server 13, and person-in-charge-of-operation terminals 12a-12n which accept a command to the management target servers 15. Access from the administrator terminal 11 and the person-in-charge-of-operation terminal 12n to the management target server 15 is performed through the master server 13 and access to the management target server 15 is controlled based on access authority information set by the administrator terminal 11.SELECTED DRAWING: Figure 1

Description

  The present invention consolidates daily computer system operation operations to reduce the burden on the operator, prevents erroneous input, further reduces operator personnel, and eliminates specialized knowledge. About.

  With the opening of large-scale general-purpose machines to servers, the number of servers to be managed increases, which complicates operations, requires technical knowledge for each OS installed in the server, and is necessary for management and operation in computer system operations. Skills are becoming more difficult every year. Computer systems have a wide range of applications, and for example, even computer systems in one company tend to become very large. In other words, a system is configured by a very large number of servers, and each server tends to increase in volume and complexity. In order to efficiently operate (maintenance / management) such a computer system, various management systems and management methods have been proposed. There exists patent document 1 as an example of the prior art regarding a management system.

  In patent document 1, in application development, program source management between multiple servers that effectively prevents program source version conflicts and source destruction and also distributes traffic load during repository search in large-scale application development. A system is disclosed. The program management system that centrally manages the program source in the application development includes a specific server including a repository master that is a directory for storing the latest program source, another server including a directory mirror that is a directory mirroring the master repository, This is a system that includes a developer terminal that is only authorized to retrieve program sources for directory mirrors of other servers, and an administrator terminal that is authorized to update the master repository of a specific server.

Japanese Patent Publication No. 2005-78157

  In the prior art, the number of servers to be managed is increased, the operation is complicated, and technical knowledge is required for each server OS, and the skills necessary for management and operation in the operation of the computer system are becoming more difficult each year. For this reason, system failures occur due to issuance of abnormal commands by inexperienced system operators, and unusable situations occur due to system down, resulting in a decrease in operational efficiency. In addition, the worst situation of loss of data stored in the managed server may occur.

  Accordingly, an object of the present invention is to provide an operation and operation aggregation system that can operate the system without specific technical knowledge.

  In order to solve the above-described problem, in the operation and operation aggregation system of the present invention, a management master server that controls access to a plurality of managed servers, an operation trail of commands issued to the managed servers, and command execution results A storage device for storing logs, an administrator terminal that receives input from the system administrator who manages the access authority to the management operator who operates and operates the managed server to the management master server, and commands to the managed server It has a terminal for the person in charge of operation, and the management server is accessed from the administrator terminal or the terminal for operation person through the management master server, and managed based on the access authority information set by the terminal for administrator. Control access to the target server.

  In the present invention, one operator operates a plurality of servers in a centralized manner and manages so that operations exceeding a given authority cannot be performed, thereby reducing the number of operation operators and technical knowledge of the operation operators. Can be made unnecessary, and unauthorized operations can be prevented, thereby improving the efficiency of server operation. Problems, configurations, and effects other than those described above will be clarified by the following description of embodiments.

FIG. 1 is a block diagram showing the overall configuration of the operation operation aggregation system of the present invention. FIG. 2 is a block diagram showing an internal configuration of the server device / terminal device. FIG. 3 is a diagram illustrating a configuration example of the operation log management table. FIG. 4 is a flowchart showing the processing contents of the operation execution preparation. FIG. 5 is a flowchart showing the processing contents of the operation execution. FIG. 6 is a flowchart showing the processing content of the operation execution result confirmation. FIG. 7 is a diagram illustrating a configuration example of the execution command registration screen. FIG. 8 is a diagram illustrating a configuration example of a command execution result confirmation screen. FIG. 9 is a diagram illustrating a configuration example of the system worker information management table. FIG. 10 is a diagram illustrating a configuration example of the operable device determination table. FIG. 11 is a diagram illustrating a configuration example of the operable command determination table. FIG. 12 is a flowchart illustrating processing for automatically selecting a management target server.

  Hereinafter, embodiments will be described with reference to the drawings. In the following description, various types of information may be described using an expression such as “management table”, but the various types of information may be expressed using a data structure other than a table. Further, the “management table” can be referred to as “management information” to indicate that it does not depend on the data structure.

  Further, the process may be described with “program” as the subject. The program is executed by a processor, for example, an MP (Micro Processor) or a CPU (Central Processing Unit), and performs a predetermined process. Note that the subject of processing may be a processor because the storage resource (for example, a memory) and a communication interface device (for example, a communication port) are appropriately used. The processor may have dedicated hardware in addition to the CPU. The computer program may be installed on each computer from a program source. The program source may be provided by, for example, a program distribution server or a storage medium.

  Each element, for example, the controller can be identified by a number or the like, but other types of identification information such as a name may be used as long as the information can be identified. In the drawings and description of the present embodiment, the same reference numerals are given to the same parts. However, the present invention is not limited to the present embodiment, and any application examples that meet the idea of the present invention can be applied. Included in the scope. Further, unless specifically limited, each component may be plural or singular.

<Overall configuration of operation and operation aggregation system>
FIG. 1 is a block diagram showing the overall configuration of the operation operation aggregation system of the present invention. The operation and operation aggregation system 1 includes a system manager terminal device (hereinafter referred to as management terminal) 11, an operator staff terminal (hereinafter referred to as operation terminal) 12 (reference numerals 12 a to 12 n), and a master server device (hereinafter referred to as master server) 13. , A storage device 14, and a managed server device group (hereinafter, managed server or simply server) 15.

  The management terminal 11 is a terminal for setting access authority to the management target server 15 by the operation terminal 12 for the master server 13. The operation terminal 12 is a terminal for accessing the management target server 15 via the master server 13. The master server 13 is a server that receives access authority information from a system administrator and manages information such as setting of access authority for each operator, operation history and execution results for the management target server 15, and the like.

  The storage device 14 is a device that stores a trail of operations to the management target server 15 and a log of execution commands. The management target server 15 is a server used by a user (for example, an employee in a company, a user of a service provider company, etc.) to perform mail transmission / reception, storage of various data, data processing, and the like. As shown in the figure, the managed server 15 includes 100 servers 1 (reference numeral 151) equipped with an OS (Operating System) 1; 200 servers 2 equipped with OS 2 (reference numeral 152); and the server 3 equipped with OS 3 A plurality of 300 servers (reference numeral 153) with different OSs are provided, and operation management is performed by an operator.

<Internal configuration of device>
FIG. 2 is a block diagram showing an internal configuration of the server device / terminal device. The terminal 11/12, the master server 13, the storage device 14, and the server 15 include components of a CPU 21, a memory 22, a storage unit 23, an input unit 24, an output unit 25, a display unit 26, and a communication unit 27.

  The CPU 21 is a processor that controls the entire apparatus. The memory 22 is a device that temporarily stores various programs and various data (tables) described later. The storage unit 23 is a device that permanently stores various programs and various data to be described later, and is, for example, an HDD or an SSD. The input unit 24 is a device that accepts input, and is, for example, a keyboard.

  The output unit 25 is a device that outputs information and data, and is, for example, a speaker or a printer. The display unit 26 is a device that displays information and data, and is, for example, a liquid crystal display. The communication unit 27 is a device that connects another server or another device via a network (not shown). The above components are connected to each other via an internal bus. It should be noted that any component of the input unit 34, the output unit 35, and the display unit 36 may not be included in each device.

<Operation log management table>
FIG. 3 is a diagram illustrating a configuration example of the operation log management table. The operation log management table 30 is a table for managing contents operated by the management target server 15. The operation log management table 30 includes an item number 301, an item name 302, and an operation content 303.

  For example, the item name 302 whose item number 301 is “1” is “managed server name”, and the operation content 303 stores information of “name of the server that performed the operation”. The item name 302 with the item number 301 “4” is “operation client”, and the operation content 303 stores information of “name of the client that registered the operation information”. Further, the item name 302 whose item number 301 is “12” is “operation execution result (status)”, and the operation content 303 stores information of “result of the operation performed (normal end / abnormal end)”.

  The master server 13 generates an operation log management table 30 for each operation and stores it in a storage unit inside the apparatus.

A first embodiment of the present invention will be described with reference to FIGS.
<Operation execution preparation process>
FIG. 4 is a flowchart showing the processing contents of the operation execution preparation.

  In S410, the access right information of each operator (whether access right to the master server 13, presence / absence of access right to the managed server, server type having access right, command to permit execution, etc.) is registered in the master server 13. Therefore, the management terminal 11 receives input of registration information from the system administrator. The management terminal 11 transmits the received registration information to the master server 13. When the master server 13 receives the registration information from the management terminal 11, the master server 13 stores the registration information in the storage unit 23 inside the apparatus.

  In S420, in order to register the operation information of each OS in the master server 13, the management terminal 11 stores the operation information (for example, remote operation user ID and password, OS user ID and password) registered by the system administrator. Accept input. The management terminal 11 transmits the received operation information to the master server 13. When the master server 13 receives the operation information from the management terminal 11, the master server 13 stores the operation information in the storage unit 23 inside the apparatus.

  In S430, in order to register the management target server 15 in the master server 13, the management terminal 11 receives input of server information of the management target server 15 from the system administrator. The management terminal 11 transmits the received server information to the master server 13. When the master server 13 receives the server information from the management terminal 11, the master server 13 stores the server information in the storage unit 23 inside the apparatus.

  With the above processing, the preparation for executing the operation on the management target server 15 by the operator is completed. As described above, by linking the remote operation user ID and password, which are the operation information registered by the master server 13, and the OS user ID and password, the user management man-hours for the system administrator can be reduced. it can.

<Operation execution processing>
FIG. 5 is a flowchart showing the processing contents of the operation execution. Although the processing subject is described as the master server 13, the CPU 21 of the master server 13 may be used.

  In S510, the operator inputs login information (authentication ID, password, etc.) to the operation terminal 12 in order to connect the operation terminal 12 operated by the operator to the master server 13, and the operation terminal 12 inputs the login information. Accept. The login information received at the operation terminal 12 is transmitted to the master server 13.

  In S515, the master server 13 that has received the login information from the operation terminal 12 performs access control. That is, the master server 13 determines whether or not the received login information has an access right to the master server 13 based on the access right information set in S410. When there is no access right (branch to “no access right”), the master server 13 transmits “no access right” to the operation terminal, and returns the process to S510. If there is an access right (branch to “with access right”), the master server 13 executes S520.

  In S520, the operator uses the operation terminal 12 to select one or more servers to be operated from the management target server. The operation terminal 12 receives the selected server information (server type, etc.) and transmits it to the master server 13.

  In S525, the master server 13 performs access control. That is, the master server 13 determines whether or not there is an access right to the selected server. The master server 13 specifies the type of server that can be operated by the operator based on the received login information based on the operation information set in S420. That is, the master server 13 determines whether the selected server is included in the specified server type.

  If not included, the master server 13 determines that the operator does not have the access right to the selected server, transmits “no access right” to the operation terminal 12, and returns the process to S520. If included, the master server 13 determines that the operator has the right to access the selected server. Then, the master server 13 executes S530.

In S530, the operator selects one or more pieces of operation information (commands, etc.) on the operation terminal 12. The operation terminal 12 receives the selected operation information and transmits it to the master server 13. Note that, for example, the master server 13 can accept the settings shown below from the administrator.
(1) Setting prohibited commands: Commands such as “delete” that are not normally used are prohibited as standard.
(2) Setting of permission / non-permission of argument: The use of the argument is prohibited and only routine processing is permitted. It also sets certain restrictions and checks for allowed arguments.
(3) Categorization of instructions: Category classification is set according to usage, influence, etc., such as control system and reference system.
(4) Setting of instruction execution authority: Access control of executable user ID is set for each instruction.
(5) Automatic execution by specifying the date and time: Set automatic execution by specifying the date and time that enables unattended execution at night, Saturday and Sunday.

  In S535, the master server 13 performs access control. That is, the master server 13 determines whether or not there is an access right to execute the selected command based on the information set in S430. If there is no access right (branch to “no access right”), the master server 13 transmits “no access right” to the operation terminal, and returns the process to S530. If there is an access right (branch to “with access right”), the master server 13 executes S540.

  In S540, the master server 13 executes a command or the like in the operation information. A specific command registration acceptance operation will be described with reference to the registration screen of FIG.

  As described above, in this process, the operator who can access the management target server, the server type that can be operated, and the commands that can be executed can be determined and managed for each operator. Therefore, the operational efficiency of the server system can be improved. In addition, it is possible to prevent the server operation from being stopped due to careless operation.

<Operation execution result confirmation process>
FIG. 6 is a flowchart showing the processing content of the operation execution result confirmation.

  In S610, the operator inputs login information (authentication ID, password, etc.) to the operation terminal 12 in order to connect to the master server 13 from the operation terminal 12, and the operation terminal 12 accepts input of login information. The login information received at the operation terminal 12 is transmitted to the master server 13.

  In S615, the master server 13 that has received the login information from the operation terminal 12 performs access control. That is, the master server 13 determines whether or not the received login information has an access right to the master server 13 based on the information set in S610. If there is no access right (branch to “no access right”), the master server 13 transmits “no access right” to the operation terminal, and returns the process to S610. If there is an access right (branch to “with access right”), the master server 13 executes S620.

  In S620, the operator inputs necessary command information (command name, command type, etc.) to the operation terminal 12 in order to search the execution result of the command executed by himself or the command set to execute by specifying time. Then, the operation terminal 12 receives the input execution command information. Then, the operation terminal 12 transmits the received execution command information to the master server 13.

  In S625, the master server 13 performs access control. That is, the master server 13 determines whether or not there is a server access right for searching for the selected execution command. The master server 13 specifies the type of server that can be operated by the operator and the accessible execution command result based on the information set in S420 and S430. If it is a command execution result that can be executed and accessed by an accessible server, the master server 13 determines that the operator has the access right and transmits the execution result to the operation terminal 12.

  If the command to be referred is a command executed on a server that is not permitted to access or a command that is not permitted to be referenced, the master server 13 determines that the operator has no access right, and determines that “no access right” and “operation right” 12 and the process returns to S620.

  In S <b> 630, the CPU 21 of the operation terminal 12 displays the command execution result transmitted from the master server 13 on the display unit 26. Then, the master server 13 ends the process. The specific execution result display will be described later with reference to the display screen example of FIG. The master server 13 collectively acquires trails and logs such as operation results and command execution results from a plurality of servers in the managed server 15. Moreover, the convenience of handling as a work trail can be improved by collecting the trails as a result of simultaneous execution of commands in one file.

  As described above, the access control can be simplified by controlling the command execution authority and unifying the operation history and the results. Further, since the execution authority can be set for each command, for example, access control according to the job system / department / job type in the company organization becomes possible. Furthermore, the internal control can be strengthened by centrally managing the operation history and the execution result of which user ID is executed when, where, what, and the result. In addition, since the managed server 15 can be controlled simply by accessing the master server 13, which is the management server, direct login to each server can be greatly reduced, and the number of operations for changing the user ID can be reduced. Therefore, the operation management man-hours and operation costs can be reduced.

  The operation history and results can be centrally managed by the processes shown in FIGS. In addition, a command execution trail and log can be confirmed on a command execution result confirmation screen described later. In addition, the convenience of the user can be improved by providing the commands related to the status confirmation (process status, disk capacity, memory usage) of the management target server as standard. Furthermore, it is possible to easily execute scripts registered in the management target server in advance.

<Execution command registration screen>
FIG. 7 is a diagram illustrating a configuration example of the execution command registration screen. The execution command registration screen 70 includes a tag 701 for selecting operation contents, an execution command registration view 702, and a command execution view 703 as shown in FIG.

  An operation content selection tag 701 is used to select content to be operated, and includes, for example, an execution tag, a management tag, a preparation tag, and a configuration tag.

  The execution command registration view 702 is a view for registering execution of a command having a predetermined content at a predetermined date and time on a predetermined server. As an example of the configuration, the execution command registration view 702 includes a status (confirmed / unconfirmed), a setting (update) date and time, an operator information column such as an executor, a control column for determining whether execution is registered, and a command execution target. Server information field, an execution information field such as a scheduled command execution date and a requester, and a command information field such as a command classification / name / executor.

  The command execution view 703 is a view for executing a command and has almost the same configuration as the execution command registration view 702, except that the control column is changed from "execution registration" to "execution".

  On the execution command registration screen 70 shown in FIG. 7, a preset command (command) can be executed with a visual and simple operation. In addition, it is possible to set detailed control of access to commands and servers. As a result, since the command type and contents can be visually grasped, technical knowledge such as a command is not required, and the command can be easily executed. In addition, automatic execution by specifying the date and time is also possible. That is, according to the present embodiment, the system can be operated without being an engineer. Furthermore, execution prohibition in the specified time zone / date (setting so that the instruction cannot be executed in the specified time zone / date) can also be set for each managed server 15 unit, and server stoppage due to inadvertent operation can be prevented. .

<Command execution result confirmation screen>
FIG. 8 is a diagram illustrating a configuration example of a command execution result confirmation screen. The command execution result confirmation screen 80 includes a command information view 801, a command execution result (summary) view 802, and a command execution result (detailed / individual) view 803.

  The command information view 801 displays the command category, the execution time, the command name, and the request number that are the contents of the executed command.

  The command execution result (outline) view 802 displays the server name, status, command execution start / end time, and command category contents.

  The command execution result (detailed / individual) view 803 displays details of the command execution result for each server. For example, the operator is in the command execution result (detailed / individual) view 803, the server name is “ABC”, the execution result is “normal end (process state acquisition)”, the execution command is “process transition”, and the execution time is 2013. / 12/10 20:00:12 to 2013/12/10 20:00:13 can be determined.

  On the command execution result confirmation screen shown in FIG. 8, the information of the executed instruction and the execution result can be recognized visually and with a simple operation. It is also possible to set command execution result instructions and access control to the server in detail.

  As described above, in the operation and operation aggregation system 1, operation mistakes can be reduced by simply executing various instructions for the server by visual operation from a browser. In addition, since the status of a plurality of servers can be checked in real time from one terminal, it is possible to quickly grasp and respond to the situation in the event of a failure. In addition, it is possible to easily recognize visually a trail or log which is a record stored in time series for the system administrator to track the contents and processes of the information system. Therefore, it is possible to prove that the reliability, safety, efficiency, effectiveness, etc. of the information system are ensured.

  Next, a second embodiment of the present invention will be described with reference to FIGS.

<System worker information management table>
FIG. 9 is a diagram illustrating a configuration example of the system worker information management table. The system worker information management table 90 is a table for managing qualifications, practical experience, education, and the like of system workers engaged in the operation of the operation / operation aggregation system 1. The system worker information management table 90 has items 901 and contents 902.

  The item 901 has columns of authentication ID, name, qualification, practical experience, and education. The content 902 is an entry for storing information for the item 901. For example, information “HIGH12006” is stored in the content 902 for the item 901 “authentication ID”. Similarly, in the contents 902 for the item 901 “qualification”, information “OS2 system worker”, “basic information engineer”, and “advanced information engineer” is stored. The item 901 “work experience” and “education” is the same as “name” and “qualification”.

<Operable device determination table>
FIG. 10 is a diagram illustrating a configuration example of the operable device determination table. The operable device determination table 100 is a table for determining the type and number of devices that can be operated based on the qualification / work experience / education of the system worker. The operable device determination table 100 has an operation device type / operated number column 1001 and a qualification / work experience / education column 1002.

  The operation device type / operation number column 1001 includes columns for the type and the number of server OSs. For example, when the server OS is “server OS1”, three columns of “100”, “200”, and “300” are provided. When the server OS is “server OS2” and “server OS3”, the server OS has the same column as “server OS1”.

  The qualification / practical experience / education column 1002 is a column for determining the type of equipment that can be operated and the number of operations according to the status of qualification acquisition, the number of years of practical experience, and the history of attending education. That is, the operator described in the qualification / work experience / education column 1002 corresponding to the part marked with a circle can operate a predetermined number of servers in the operation device type / operation number column 1001. For example, the master server 13 determines from the operable device determination table 100 that an operator having the qualification “OS2 system engagement qualified person” can operate 100 to 300 server OSs 2. it can.

<Operation command determination table>
FIG. 11 is a diagram illustrating a configuration example of the operable command determination table. The operable command determination table 110 is a table for determining an operable command based on the qualification / work experience / education of the system worker. The operable command determination table 110 has an operable command column 1101 and a qualification / work experience / education column 1102.

  The operable command column 1101 includes reset, power OFF, reboot (restart), cache memory flash (deletion of memory contents), memory condensation (data placement optimization), media repair (medium data reproduction), and system operation status information. The commands include acquisition, load distribution (CPU processing, memory access, etc.), and power saving (decrease in CPU operating frequency, HDD spindle motor stop, etc.).

  The qualification / practical experience / education column 1102 is a column for determining the type of command that can be operated according to the qualification acquisition status, the number of years of practical experience, and the educational attendance history. That is, the operator described in the qualification / work experience / education column 1002 corresponding to the part marked with a circle has the authority to execute the command described in the operable command column 1101. For example, an operator with OS3 system engagement qualification can execute all commands. Conversely, an operator who has three years of practical experience in OS3 server management work can execute only commands that have little influence when an erroneous operation occurs in a server system called system operation status information acquisition.

<Processing / Operation>
FIG. 12 is a flowchart illustrating processing for automatically selecting a management target server. In this description, the subject of processing is the CPU 21 of the master server 13, but the entire master server 13 may be used.

  In step S <b> 1201, the CPU 21 acquires operator information from the system worker information management table 90.

  In S1202, the CPU 21 extracts qualification information from the operator information acquired in S1201.

  In S1203, the CPU 21 extracts practical experience information from the operator information acquired in S1201.

  In S1204, the CPU 21 extracts education information from the operator information acquired in S1201.

  In S1205, the CPU 21 compares the qualification information extracted in S1202, the practical experience information extracted in S1203, and the education information extracted in S1204 with the operable device determination table 100, and identifies the devices and the number that can be operated.

  In step S1206, the CPU 21 determines whether the person in charge of the operation can operate the OS3 server. If it is possible (Yes), the CPU 21 executes S1207, and if it is impossible (No), it executes S1208.

  In step S <b> 1207, the CPU 21 calculates the number of OS3 server operable units using the operable device determination table 100.

  In step S1208, the CPU 21 determines whether the person in charge of the operation can operate the OS2 server. If it is possible (Yes), the CPU 21 executes S1209, and if it is impossible (No), it executes S1210.

  In step S <b> 1209, the CPU 21 calculates the OS2 server operable number using the operable device determination table 100.

  In step S1210, the CPU 21 determines whether or not the person in charge of the operation can operate the OS1 server. If it is possible (Yes), the CPU 21 executes S1211, and if it is impossible (No), it executes S1212.

  In step S <b> 1211, the CPU 21 calculates the OS1 server operable number using the operable device determination table 100.

  In S1212, the CPU 21 determines the type of server in charge of operation and the number of servers. If it is determined that the server cannot be operated, the CPU 21 notifies the management terminal 11 that the server cannot be operated by the operator.

  In S <b> 1213, the CPU 21 determines an operable command by comparing it with the operable command determination table 110 from the extracted qualification information / work experience information / education information. If it is determined which command execution or execution command result reference is impossible, the CPU 21 notifies the management terminal 11 that the operator cannot execute the command or reference the command execution result.

  In step S1214, the CPU 21 controls access to the server operated by the operator and a command to be executed, and starts collecting operation trail / log information.

  As described above, since the devices that can be operated and the number of devices that can be operated can be automatically determined based on the experience values (qualifications, practical experience, education) of the operator, the number of man-hours for system operation can be reduced.

  As described in the first and second embodiments described above, in the present invention, a single operator manages a plurality of servers in a centralized manner and does not allow an operation exceeding a given authority. By doing so, it is possible to reduce the number of operation operators and to eliminate the need for specialized technical knowledge of the operation operators, to further prevent unauthorized operations, and to improve the efficiency of server operation in each company.

  In addition, this invention is not limited to an above-described Example, Various modifications are included. The above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described. Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment. Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor.

  Information such as programs, tables, and files for realizing each function may be stored in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD. Further, the control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.

11: Terminal for manager 12: Terminal for operator 13: Master server 14: Storage device 15: Managed server 21: CPU
22: Memory 23: Storage unit 24: Input unit 25: Output unit 26: Display unit 27: Communication unit 30: Operation log management table 70: Execution command registration screen 80: Command execution result confirmation screen 90: System worker information management table 100: Operable device determination table 110: Operable command determination table

Claims (15)

An operation and operation aggregation system,
A management master server that controls access to multiple managed servers;
A storage device for storing an operation trail of a command issued to the managed server and a log of a command execution result;
An administrator terminal that receives input from a system administrator who manages access authority to an operation operator who operates and operates the management target server to the management master server;
A terminal for an operator in charge of receiving a command to the managed server,
Access to the management target server from the manager terminal or the operation staff terminal is performed via the management master server, and to the management target server based on access authority information set by the manager terminal. An operation and operation aggregation system characterized by controlling access. The operation operation aggregation system according to claim 1, wherein an access authority to the management target server is set for each operation operator. The operation operation aggregation system according to claim 1, wherein an access authority for each operation command to the management target server is set with access authority information set by the administrator terminal. The operation operation aggregation system according to claim 1, wherein the type or number of the managed servers that can be accessed is determined based on the experience value of the operation operator stored in the storage device. 5. The operation operation aggregation system according to claim 4, wherein the experience value includes at least one of qualification information, work experience information, and system operation education attendance information possessed by the operation operator. system. An operation operation aggregation system aggregation method,
The operation operation aggregation system is:
A management master server that controls access to multiple managed servers;
A storage device for storing an operation trail of a command issued to the managed server and a log of a command execution result;
An administrator terminal that receives input from a system administrator who manages access authority to an operation operator who operates and operates the management target server to the management master server;
A terminal for an operator in charge of receiving a command to the managed server,
Access to the management target server from the manager terminal or the operation staff terminal is performed via the management master server, and to the management target server based on access authority information set by the manager terminal. A method for consolidating operation operations, characterized by controlling access to an operation. 7. The operation operation aggregation system aggregation method according to claim 6, wherein an access authority to the managed server is set for each operation operator. 7. The operation operation aggregation system according to claim 6, wherein the access authority for each operation command to the managed server is set by the access authority information set by the administrator terminal. Aggregation method of the aggregation system. The operation operation aggregation system according to claim 6, wherein the type or number of the managed servers that can be accessed is determined based on the experience value of the operation operator stored in the storage device. Aggregation method of the aggregation system. The operation operation aggregation system aggregation method according to claim 9, wherein the experience value includes at least one of qualification information, practical experience information, and system operation education attendance information possessed by the operation operator. An aggregation method for the operation aggregation system. An operation operation aggregation system aggregation program,
The operation operation aggregation system is:
A management master server that controls access to multiple managed servers;
A storage device for storing an operation trail of a command issued to the managed server and a log of a command execution result;
An administrator terminal that receives input from a system administrator who manages access authority to an operation operator who operates and operates the management target server to the management master server;
A terminal for an operator in charge of receiving a command to the managed server,
The aggregation program operating on the management master server is:
Access to the management target server from the manager terminal or the operation staff terminal via the management master server,
And a function of controlling access to the management target server based on access authority information set by the administrator terminal. 12. The operation operation aggregation system aggregation program according to claim 11, wherein the operation operation aggregation system has a function of setting an access authority to the managed server for each operation operator.
An operation operation aggregation system aggregation program characterized by the above. 12. The aggregation program of the operation operation aggregation system according to claim 11, wherein the access authority information set by the administrator terminal has a function of setting an access authority for each operation command to the management target server. An aggregation program for the operation and operation aggregation system. 12. The operation operation integration system integration program according to claim 11, wherein the management operation server has a function of determining the type or number of the managed servers that can be accessed based on the experience value of the operation operator stored in the storage device. An aggregation program for the operation and operation aggregation system. 15. The operation operation integration system integration program according to claim 14, wherein the experience value includes at least one of qualification information, practical experience information, and system operation education attendance information possessed by the operation operator. An operation operation integration system integration program.

Images