1. Field of the Invention
The present invention relates to a multi-tenant information processing system, a management server, and a configuration management method. More particularly, the present invention relates to a multi-tenant information processing system that aggregates plural business systems (so-called tenants) into a single system, a management server, and a configuration management method in which at the time of initial construction (new configuration) of a tenant, design items set for a network device used by the tenant are automatically calculated so as not to be duplicated among the tenants to ensure independence set between the tenants and the devices.
2. Related Art
In recent years, the application of cloud computing (cloud) to a data center (DC) has been developed and activated. In general clouds, a DC provider virtualizes and constructs plural company IT systems or plural business systems within a company on an information processing system including a server, a storage, and a network. Because the cloud is based on a virtualization technique, the cloud is excellent in scalability as compared with a physical system. On the other hand, because the plural company IT systems are integrated into a single information processing system, the plural IT systems are mixed together, and complicated. The IT systems virtualized or business systems virtualized for respective clients, which are integrated into, for example, the cloud are called “tenants”.
In order to prevent the sophisticated configuration of the system, in an example of the cloud provided at present, virtualized server resources or virtualized storage resources can be customized, but the network configurations are fixed, in the IT system configuration provided to the clients. Therefore, it is limited to apply the cloud to the company IT systems.
On the other hand, a cloud that can configure flexible network connection is also provided. In the cloud of this type, virtualized network resources are managed so that independence among the tenants can be ensured by the aid of a ledger at the time of initially constructing the tenants. In recent years, the virtualized server resources and the virtualized storage resources are pooled, but the virtualized network resources are not pooled. A manager uses an operation process that after determines Nos. (for example, VLAN Nos. or IP addresses) for identifying a virtual network, performs setting. This requires consideration of various devices and types thereof in virtualizing the network resources, which causes the use of a single resource management method to be disabled.
The initial configuration of the tenants in a related art multi-tenant information processing system suffers from the following matters to be solved.
A first matter to be solved resides in that it is difficult to specify design items depending on the tenants in various network devices configuring the multi-tenant information processing system. For example, in the design of a switch of a layer 3 in the multi-tenant information processing system, in order to ensure the independence among the tenants, virtual network identifiers (for example, virtual routing and forwarding (VRF) identifiers) of the layer 3, and virtual network identifiers (for example, virtual LAN (VLAN) identifiers) of a layer 2 are determined for each of the tenants (depending on the tenants). However, the other design items necessary for setting the layer 3 switch, for example, a netmask value is frequently managed as a value not depending on the tenant. Also, among the setting items of a firewall, for examples, identifiers of virtual routers, identifiers of sub-interfaces, VLAN identifiers, server identifiers, and policy identifiers are determined for each of the tenants. On the contrary, the other design items, for example, the netmask value is managed as a value not depending on the tenant. Further, among the design items determined for each of the tenants, there are items required to calculate a design value for each of the tenants, and items referring to the design value calculated once. In this way, in the initial construction of the tenants in the related art multi-tenant information processing system, it is difficult to specify the design items depending on the tenants for each design item of a device.
A second matter to be solved resides in that when the tenant is initially configured, because the tenants can have various network configurations, it is difficult to specify the device constituting the tenant. For example, there are a case in which one tenant configures a three-tiered Web system by the aid of the firewall and the switch of the layer 3, and a case in which another tenant connects only a calculation server by the layer 3 switch. Also, there is a case in which another tenant configures a business system connected to a network-attached storage. Thus, in the related art multi-tenant information processing system, because a device group to be used is different depending on the tenants, it is difficult to specify the device group constituting the tenants.
A third matter to be solved resides in that, even if the device can be specified, and the design items depending on the tenants can be specified, a method of determining the design values of the design items is obscure. For example, in the initial construction of the tenants, when a VLAN of the switch is designed, it is difficult to specify what number should be used as the VLAN identifier for the tenant, more specifically, what number should be used as a VLAN ID. Also, in designing the firewall, when the virtual router is used, it is difficult to specify what should be used as the virtual router identifier. Those values need to be determined to ensure the independence among the tenants.
In order to solve the above matters, in the above-mentioned multi-tenant information processing system, there is a task that the design items depending on the tenants are specified in the devices constituting the tenants, and the design values for the specified design items are promptly calculated without overlapping with another tenant, at the time of initially constructing the tenants.
The following related arts are disclosed.
JP-A-2004-272908 discloses, for example, a method of integrating phases of design, development, and management of the system (Related art 1). The data center is required to host plural applications, but a distributed application frequently has complicated networking requirements, resulting in a high possibility that a work of constructing topology of a physical network so as to comply with the application requirements needs a time-consuming process. Also, this process is liable to incur a human error. In order to solve this matter, Related art 1 discloses a method in which a system is designed by using a system definition model, and the system is developed on one or plural computing devices by using the system definition model.
JP-A-2004-40374 discloses a virtual network designing device, a sub-network designing device, and a virtual network designing method (Related art 2). In Related art 2, in order to accurately complete the design and maintenance of the virtual network in a short time, information on the physical network and the virtual network is display in parallel. As a result, because whether IP addresses are overlapped among the users, or not, can be confirmed on a GUI, design costs can be reduced.
“Implementation and Evaluation of Network Management System EasyLayering for reducing Management Costs under server virtualizing environments”, Institute of Electronics, Information and Communication Engineers, Technical Report, NS, Network System 109(273), pp. 71-76, November 2009, discloses a technique in which, for example, physical and logical connection configurations of the server and the network device are managed to facilitate a VLAN setting operation (Related art 3). At the time of increasing the number of virtual servers in the tenants, when an identifier of the VLAN to which the virtual server is connected is entered, the connection configuration of plural switches associated with the input VLAN identifier is retrieved, and an associated switch group is specified to automatically conduct the VLAN setting of the plural switches.
In the above-mentioned Related art 1, at the time of initially constructing the tenants, the device group configured by the tenants can be specified by using the system definition model. However, the matter to be solved by the present invention cannot be solved from the following new points. For example, it is difficult to specify whether the items to be set for the devices depend on each tenant, or not, after the devices configuring each tenant have been specified. Also, it is difficult to calculate the design values set for the respective set items.
In Related art 2, in order to accurately complete the design and maintenance of the virtual network in a short time, the information on the physical network and the virtual network is display at the same time. However, the matter to be solved by the present invention cannot be solved from the following viewpoints. For example, it is difficult to specify whether the items set for the devices configuring each tenant depend on the tenant, or not. Also, it is difficult to specify the devices configuring each tenant. Further, it is difficult to calculate the design values set for the respective design items after the devices configuring each tenant and the design items have been specified.
In Related art 3, when the devices configuring each tenant are a router and a switch, a configuration device for which the design value of the VLAN should be set is specified on the basis of the design value of the VLAN which has been determined by the manager, and the VLAN for that device can be automatically set. However, the matter to be solved by the present invention cannot be solved from the following viewpoints. For example, it is difficult to specify the devices constituting the tenant. Also, it is difficult to specify the design items depending on each tenant among the design items set for the specific device. Further, it is difficult to calculate the design values of the respective design items set for the device.