There are increasing cases of introducing an autonomous handling management system into a distributed resource computer system. An autonomous handling management system automates complex management operations for a plurality of computer resources connected via a network. This autonomous handling management system monitors system monitor control targets, and automatically executes a handling procedure (hereinafter referred to as workflows) suitable for a system environment, based on preset handling rules (hereinafter referred to as policies). Patent Publication JP-2004-227359A1 describes a method of automatically continuing handling adapted to changes of a system environment in handling a storage system. Patent Publication JP-1998-329800A1 describes a method for achieving autonomous control of a spacecraft.
Conventional autonomous handling management systems described in Patent Publications as described above effectively function for intra-company system management or control of a spacecraft system. However, these autonomous handling management systems assume, as a requirement, a situation which allows acquirement of all necessary information when preparing policies, or no disagreement between workflows called by policies and equipped workflows which actually execute controls. Unless the requirement is satisfied, there is a case that a policy control is performed in a situation different from the intended situation or a workflow executes a control different from the intended control.
For example, consideration will now be taken into a situation that an intra-company system in a data center or a large enterprise is used, partially shared by a plurality of administrators and/or service handlers. Each administrator and handler requires autonomous management of the system so as to match business purposes and security requirements, based on their own handling management policies. In this situation, an administrator cannot always know all information about what controls are made by other administrators and what resources are allocated to other administrators. Workflows started by policies are not always matched with controls of the policies due to human errors and changes in system environments.
Therefore, there is a possibility that the requirements as described above are not satisfied in case of handling and managing of one system by a plurality of independent policy controls or in case of defining policies for a virtualized control targets. In these cases, a writer of a policy needs a mechanism for grasping mismatching between the policy control and the resulting effect thereof, in order to prevent such mismatching. Existing autonomous handling management systems have a purpose of automatically continuing handlings without human intermediation. Consequently, there is no mechanism for detecting mismatching between policy controls and resulting effects thereof and for notifying writers of the policies of detected mismatching, to enable mangers and the like to correct equipped policies or workflows.
A first problem in conventional autonomous handling management systems is that a system handled and managed by a plurality of autonomous control functions has no measure to cope with a case that an autonomous control function is caused, by another autonomous control function, to generate a control sequence not intended by writers of policies. This is because the reasons of occurring of the unintended control sequence cannot be analyzed in an environment in which control information of other autonomous controls cannot be grasped.
A second problem is as follows. Conventional systems perform autonomous controls using policies on the basis of virtualized or abstracted information or definitions of workflows. Such systems are not implemented with such a way to cope with a case that restrictions between information items which are omitted during virtualization or abstraction process of information incur a control result which is not intended by writers of policies. This is because the reason why an unintended control result incurred cannot be analyzed in an environment in which all information cannot be grasped due to virtualization or abstraction of information.
A third problem is that conventional systems are not implemented with a mechanism for checking an occurring problem and notifying writers of policies of the problem if an error is included in control scripts for individual resources which execute workflows or a control different from a control intended by writers of polices is loaded. This is because a policy writer writes a policy based on external specifications of a control script at the time when the policy is just being written. Consequently, the reasons why an unintended control result incurred cannot be analyzed if the operation environment of the control script varies or if there incurred mismatching between the external specifications and actual equipment.