This application is based upon and claims the benefit of priority of the prior Japanese Patent Application No. 2009-243649, filed on Oct. 22, 2009, the entire contents of which are incorporated herein by reference.
Embodiments herein relate to a monitoring apparatus, a monitoring method, and a monitoring program able to monitor conditions in monitored applications running on a monitored apparatus.
Recently, networks such as the Internet are being utilized to provide a variety of IT services. Such IT services are realized by applications running on a plurality of servers connected to the network.
Users use the IT system by connecting to a business application 24 on the primary node 21 from a client 1. In addition, communication programs that use IT services may also use the IT system by connecting to the business application 24 on the primary node 21. When a failure occurs in the primary node 21, the IT system in
Users use the IT system by connecting to a business application 35 on a virtual server 33. In addition, communication programs that use IT services may also use the IT system by connecting to a business application 35 on a virtual server 33.
The host server 30 includes hardware, with an OS 31 running on the hardware, and a virtualization program 32 running on the OS 31. By means of the virtualization program 32 running on the host server 30, a plurality of virtual servers 33 are made to operate, with an OS 34 running on each of the plurality of virtual servers 33, and a business application 35 running on each OS 34. For example, in the IT system illustrated in
An IT system that provides IT services may also include combinations of the respective IT systems illustrated in
Thus, for the providers or users of IT services for business purposes, it is important to monitor IT systems to ensure that IT services are providing value as expected. In other words, it is important to monitor IT systems to ensure that systems built to provide a projected value are operating according to projections.
A business application that provides IT services may also be the combined result of individual programs (or processes). Herein, business applications to be monitored are assumed to belong to the following three types.
Besides the above, the business application may also be a base application 43 that actually provides the IT services, such as an application server, a Web server, or a database server.
In the past, the following two methods existed for monitoring business applications for IT services.
Herein, the monitoring software 53 on the monitoring server 51 is referred to as the manager, while the monitoring software 54 on the monitored servers 52 is referred to as the agent. The monitoring software 53 and 54 detect/monitor the processes and instances that constitute the business application 55.
Meanwhile,
In addition, applications running on a plurality of servers in the related art have also monitored faults such as response delays (see, for example, Japanese Unexamined Patent Application Publication No. 2006-65619).
In the related art, problems such as the following exist in the above methods for monitoring business applications for IT services.
In the method illustrated in
Given the cluster system 20 in
Furthermore, if monitoring software 54 is implemented on the monitored servers 52, and if the processes and instances that constitute the business application 55 are detected/monitored by running the monitoring software 54 according to the method in
Meanwhile, in the method illustrated in
Additionally, the above methods for monitoring business applications for IT services monitor IT service business applications by periodically checking the existence of pre-defined processes. For this reason, it is necessary for the system administrator to define in advance the processes that constitute the business applications for IT services.
If the system administrator has a detailed understanding of the IT services configuration, then the processes that constitute the business applications for IT services can be defined manually. Also, even if business applications are statically assigned to servers according to system conditions, the system administrator should have an understanding of such assignments, and be able to manually define the processes that constitute the business applications.
However, in the cases of the IT systems illustrated in
Thus, as described above, such methods for monitoring business applications for IT services cannot be used to easily monitor business applications for IT services.
According to an aspect of the invention, a monitoring apparatus configured to monitor applications running on one or more monitored apparatuses; the monitoring apparatus includes: an enquiry packet generator and transmitter that generates multiple types of enquiry packets, and successively transmits the multiple types of enquiry packets to respective communication ports on the one or more monitored servers; an enquiry packet response receiver that receives enquiry packet responses, which are transmitted in response to the multiple types of enquiry packets from communication ports on the one or more monitored apparatuses; and an application analyzer that analyzes the content of the enquiry packet responses transmitted in response to the multiple types of enquiry packets, and analyzes applications running on the one or more monitored servers as applications to be monitored.
The object and advantages of the invention will be realized and attained by means of the elements and combinations particularly pointed out in the claims.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, as claimed.
It is desirable to provide a monitoring apparatus, a monitoring method, and a monitoring program able to easily monitor conditions in monitored applications running on a monitored apparatus, and without implementing monitoring programs on the monitored apparatus.
The following embodiments will be described with reference to the accompanying drawings. Embodiments are described by taking a monitoring server as one example of a monitoring apparatus.
(System Configuration)
The monitoring server 100 includes monitoring software 101 (i.e., a manager). The monitoring software 101 is given as one example of a monitoring program. In addition, the monitoring software 101 includes an enquiry packet generator/transmitter 102, an enquiry packet response receiver 103, an enquiry packet response database 104, an application analyzer (i.e., an operating application detector) 105, and an application structure (i.e., connection relationships) analyzer 106. The application structure analyzer 106 is a built-in function of the monitoring software 101.
The enquiry packet generator/transmitter 102 generates an enquiry packet, to be described below, and then transmits the enquiry packet to the servers A to E. The enquiry packet response receiver 103 receives responses to the enquiry packets from the servers A to E (i.e., enquiry packet responses). The enquiry packet response receiver 103 records the received enquiry packet responses in a monitored application table in the enquiry packet response database 104. The enquiry packet response database 104 also stores snapshots, to be described later.
By utilizing the enquiry packet response database 104, the application analyzer 105 analyzes applications running on the servers A to E, the manner of this analysis will be described later. When a user specifies a server for application structure analysis, the application structure analyzer 106 utilizes the enquiry packet response database 104 to analyze the structure of applications running on the specified server, and displays the analysis results on a monitoring screen 110.
(Hardware Configuration of Monitoring Server 100)
The monitoring server 100 is implemented as a result of executing a monitoring program in accordance with an embodiment on a computer system like that illustrated in
The monitoring server 100 illustrated in
The input apparatus 61 may include devices such as a keyboard and mouse. The input apparatus 61 is used to input various signals. The output apparatus 62 may include devices such as a display. The output apparatus 62 is used to display various windows, data, and other information. The interface apparatus 67 may include devices such as a modem and LAN card. The interface apparatus 67 is used to connect to a network.
In accordance with an embodiment, a monitoring program is at least one part of various programs that control the monitoring server 100. The monitoring program may be provided by distribution on a recording medium 68, or by operations such as downloading from a network, for example.
A recording medium 68 used to store the monitoring program may be one of various types of recording media, including: a recording medium that optically, electrically, or magnetically records information, such as a CD-ROM, flexible disk, or magneto-optical disc; or semiconductor memory that electrically records information, such as ROM or flash memory.
When a recording medium 68 storing the monitoring program is placed into the drive 63, the monitoring program is installed from the recording medium 68 onto the auxiliary storage apparatus 64 via the drive 63. A monitoring program that has been downloaded from a network is installed onto the auxiliary storage apparatus 64 via the interface apparatus 67.
In addition to storing an installed monitoring program, the auxiliary storage apparatus 64 also stores the necessary files, data, and other information. The primary storage apparatus 65 reads and stores the monitoring program from the auxiliary storage apparatus 64. Subsequently, the computational processor 66 follows the monitoring program stored in the primary storage apparatus 65, and thereby implements the various processing blocks of the monitoring software 101 illustrated in
The monitoring of business applications by the monitoring software 101 includes the following two phases: a monitored application table generation phase, and an application operation monitoring phase. The monitored application table generation phase and the application operation monitoring phase will be described as follows.
(Overview of Monitored Application Table Generation Phase)
Proceeding to operation S2, the enquiry packet response receiver 103 receives enquiry packet responses from respective communication ports on the servers A to E (i.e., the monitored servers). An enquiry packet response may contain a normal response or an abnormal response (such as no message, no response, or an error). The enquiry packet response receiver 103 automatically generates a monitored application table from the received enquiry packet responses, and records the monitored application table in the enquiry packet response database 104.
Proceeding to operation S3, the application analyzer 105 determines whether or not applications running on the servers A to E can be identified from the enquiry packet responses. A description of how applications are identified from enquiry packet responses will be given later. If there are respective communication ports on the servers A to E for which applications cannot be identified from enquiry packet responses, then the application analyzer 105 requests the enquiry packet generator/transmitter 102 to transmit the next enquiry packet to respective communication ports on the servers A to E.
Returning to operation S1, the enquiry packet generator/transmitter 102 generates the next enquiry packet, and then transmits the next enquiry packet to the respective communication ports on the servers A to E for which applications could not be identified. The processing in operations S1 to S3 are repeated until applications can be identified from the received enquiry packet responses.
Once applications can be identified from all received enquiry packet responses, the process proceeds to operation S4. In operation S4, the application analyzer 105 determines that identical or similar applications are running when the enquiry packet responses are the same, and manages such applications as a group by associating the applications with the one or more servers that replied with those enquiry packet responses.
(Overview of Application Operation Monitoring Phase)
Proceeding to operation S12, the enquiry packet response receiver 103 receives enquiry packet responses from communication ports on the servers A to E. The enquiry packet response receiver 103 records the received enquiry packet responses in the enquiry packet response database 104. The application analyzer 105 then checks whether or not particular applications are present on the servers A to E according to the enquiry packet responses recorded in the enquiry packet response database 104. A description of how the presence of particular applications is checked from enquiry packet responses will be given later. The application analyzer 105 then records a snapshot of the applications running on the servers A to E at that time. The snapshot is recorded in the form of a running application table.
Proceeding to operation S13, the application analyzer 105 compares enquiry packet responses received by the enquiry packet response receiver 103 to the previously acquired snapshot, and determines whether or not any changes exist in the enquiry packet responses. If there are changes in the enquiry packet responses, then the application analyzer 105 proceeds to operation S15.
If there are no changes in the enquiry packet responses, then the application analyzer 105 proceeds to operation S14, and subsequently determines whether or not there are any discrepancies within the server groups associated with each application. If there are discrepancies within the server groups associated with each application, then the application analyzer 105 proceeds to operation S15. If there are no discrepancies within the server groups associated with each application, then the application analyzer 105 returns to operation S11.
In operation S15, the application analyzer 105 detects operational irregularities in the applications. The application analyzer 105 reports any application irregularities to the IT services administrator by means of a message or screen output on the monitoring screen 110. The IT services administrator is then able to determine a course of action from the message or screen output results, and then take action according to the particular irregularity.
(Detailed Description of Monitored Application Table Generation Phase)
In operation S21, the enquiry packet generator/
transmitter 102 generates an enquiry packet (i.e., a first enquiry packet) for a lower-layer (i.e., Transport Layer) network protocol, as illustrated in
The enquiry packet generator/transmitter 102 then comprehensively transmits the generated enquiry packet to communication ports on the monitored servers. Proceeding to operation S22, the enquiry packet response receiver 103 receives an enquiry packet response like that illustrated in
The enquiry packet response illustrated in
The enquiry packet response receiver 103 determines that the monitored server is connectable to the port from which the normal enquiry packet response was received, and adds the port number of the connectable port to the monitored application table. For each port, the enquiry packet response receiver 103 records the content of the received TCP protocol enquiry packet response as being either “CONNECT” or “NO MESSAGE” in the monitored application table.
The processing in operation S23 and thereafter in
The enquiry packet generator/transmitter 102 determines the first through fifth enquiry packet network protocols in the following order: TCP, Telnet, HTTP, FTP, MySQL. This is the order of network protocols from left to right in the “Enquiry packet response” field of the monitored application table, which will be described below.
The enquiry packet generator/transmitter 102 generates a second enquiry packet having a data portion read from the table illustrated in
transmitter 102 transmits the generated second and third enquiry packets to the port numbers in the monitored application table. Proceeding to operation S24, the enquiry packet response receiver 103 then receives enquiry packet responses like those illustrated in
Thus, the information stored in the table illustrated in
The enquiry packet response receiver 103 stores the received enquiry packet responses in the monitored application table, and in association with the particular port numbers on the monitored servers.
The processing in operation S25 is conducted because some applications might not respond at all to an irrelevant packet. For example, when an enquiry packet response is received for only one of the second and third enquiry packets, the application analyzer 105 is able to determine that the application type corresponds to that of the second or third enquiry packet (i.e., the application type corresponds to the type of enquiry packet to which the application responded).
When an enquiry packet response is received for only one of the second and third enquiry packets, the application analyzer 105 proceeds to operation S26, and determines the application type to be that of either the second or third enquiry packet (whichever the application responded to).
Proceeding to operation S27, the application analyzer 105 then determines whether or not the application identified in operation S26 is the same as applications on other port numbers. If it is determined that the application identified in operation S26 is the same as applications on other port numbers, then the application analyzer 105 proceeds to operation S28. In operation S28, the application analyzer 105 groups the records for the applications identified as the same into a single application group, and then proceeds to operation S29. On the other hand, if it is determined that the application identified in operation S26 is not the same as applications on other port numbers, then the application analyzer 105 proceeds from operation S27 to operation S29.
In operation S29, the application analyzer 105 associates the application identified in operation S26 with the monitored server by adding the server name to that application's record in the monitored application table. The application analyzer 105 then returns to operation S23.
On the other hand, if there is any result in operation S25 other than receiving an enquiry packet response for only one of the second and third enquiry packets, the application analyzer 105 conducts the processing in operations S30 to S33.
Proceeding to operation S30, the application analyzer 105 requests the enquiry packet generator/transmitter 102 to transmit an FTP enquiry packet (i.e., a fourth enquiry packet).
The enquiry packet generator/transmitter 102 then generates a fourth enquiry packet having a data portion read from the table illustrated in
The enquiry packet response receiver 103 stores the received enquiry packet responses in the monitored application table, and in association with the particular port numbers on the monitored servers. Proceeding to operation S32, the application analyzer 105 refers to the monitored application table, and determines whether or not there exists a single enquiry packet response that is different from the other enquiry packet responses received with respect to the second and subsequent enquiry packets.
Since enquiry packet responses for errors are the same, the processing in operation S32 determines that the application type corresponds to that of the differing enquiry packet response when there exists an enquiry packet response that is different from the other enquiry packet responses. Thus, when a single differing enquiry packet response does exist, the application analyzer 105 proceeds to operation S33 and determines that the application type corresponds to that of the enquiry packet that received the single differing response. The process then proceeds to operation S27. If a single differing enquiry packet response does not exist, then the application analyzer 105 returns to operation S23.
By means of the monitored application table generation phase described above, the monitoring software 101 generates a monitored application table like that illustrated in
However, separate application IDs are assigned in the monitored application table in cases where the ports are identical, but the monitored servers that transmitted enquiry packet responses are different. For example, in the example illustrated in
For example, in the example illustrated in
The case of adding applications is also anticipated for the monitored application table illustrated in
Enquiry packet destination ports, enquiry packet content, and response times are automatically managed in a table format by the monitoring software 101. In addition, the monitoring software 101 manages information by assigning a unique application ID for each port, and also assigning separate application IDs in cases where the enquiry packet responses are different.
(Detailed Description of Application Operation Monitoring Phase)
Proceeding to operation S42, the enquiry packet response receiver 103 receives enquiry packet responses from communication ports on the monitored servers. The enquiry packet response receiver 103 records the received enquiry packet responses in the enquiry packet response database 104. The application analyzer 105 then checks for the presence of applications on the monitored servers according to the enquiry packet responses recorded in the enquiry packet response database 104, and generates a running application table for each monitored server contained in the management table structure illustrated in
The running application tables for each monitored server at that point in time are harvested (i.e., recorded) by the application analyzer 105 for each monitored server, as illustrated in
Proceeding to operation S43, the application analyzer 105 compares the enquiry packet responses received by the enquiry packet response receiver 103 to the snapshots previously harvested in operation S42, and determines whether or not the enquiry packet responses have changed.
For example, at time t1 in the example illustrated in
From the comparison results at time t1, the application analyzer 105 detects that the application with the application ID A002 has stopped, while also detecting that a new application with the application ID A005 has been activated.
From the comparison results at time t2, the application analyzer 105 detects that the application with the application ID A002 has been reactivated, while also detecting degraded performance in the application with the application ID A004. Herein, degraded performance in an application can be detected by comparing the response time of the enquiry packet response with respect to an enquiry packet.
If the enquiry packet responses have changed, then the application analyzer 105 proceeds to operation S45. If the enquiry packet responses have not changed, then the application analyzer 105 proceeds to operation to S44, and subsequently determines whether or not there are any differences in the comparison results within the server groups associated with each application. The server groups associated with each application can be obtained from a server grouping table contained in the management table structure illustrated in
If differences in the comparison results do exist within the server groups associated with each application, the application analyzer 105 proceeds to operation S45. If differences in the comparison results do not exist within the server groups associated with each application, then the application analyzer 105 returns to operation S41.
In operation S45, the application analyzer 105 detects operational irregularities in the applications, such as terminated applications and degraded performance, for example. The application analyzer 105 then reports any application irregularities to the IT services administrator by means of a message or screen output on a monitoring screen 200, as illustrated in
The IT services administrator is then able to determine a course of action from the message or screen output results, and then take action according to the particular irregularity.
Thus, as described in the foregoing, a monitoring server 100 in accordance with an embodiment is configured to include: a means for automatically generating a monitored application table in the form of definition information for identifying business applications on monitored servers without introducing monitoring software onto the monitored servers; a means for using the monitored application table to detect whether or not applications are running on the monitored servers; and a means for ascertaining the operational status of applications by storing the applications that were running at the time of detection in a running application table, and then comparing periodic polling results to snapshots of the running application table stored earlier.
Consequently, by operating from the monitoring software 101, in accordance with the present embodiment, the monitoring server 100 is able to automatically generate a monitored application table for business applications that enable IT services, and is also able to easily monitor the IT services on monitored servers.
According to the monitoring server 100 in accordance with the present embodiment, the introduction of monitoring software on the monitored servers that run the business applications becomes unnecessary, and inconveniences such as server downtime for introducing such monitoring software may also be reduced or eliminated. Furthermore, according to the monitoring server 100 in accordance with the present embodiment, the operational status of business applications can be detected/monitored without introducing monitoring software on the monitored servers.
In addition, according to the monitoring server 100 in accordance with the present embodiment, remotely operating the monitored servers becomes unnecessary, thus reducing or eliminating any preparatory work needed by such remote operations, such as the configuration of access accounts and the modification of firewall settings. According to the monitoring server 100 in accordance with the present embodiment, since it is not necessary to remotely operate the monitored servers, the security risk of remote operation by a third party can be avoided.
Also, according to the monitoring server 100 in accordance with the present embodiment, the detection of business applications is conducted automatically, and thus it becomes unnecessary to define in advance the business applications to be searched for. According to the monitoring server 100 in accordance with the present embodiment, identical business applications (including applications that use different ports) are managed by grouping together the monitored servers where the particular business applications are installed. In so doing, checks can be made for differences among the grouped monitored servers and business applications, making it possible to more quickly discover the signs of operational irregularities in the monitored servers and the business applications.
According to the monitoring server 100 in accordance with the present embodiment, the response time from business applications is monitored (i.e., previous and current response times may be compared, or the current response time may be compared to an average of earlier response times). In so doing, the performance status of the business applications can be checked.
In addition to the above, in accordance with the present embodiment, the monitoring server 100 also does not need to expend system resources (such as CPU, memory, disk, and I/O resources) towards the monitoring software and remote commands of the related art.
Thus, according to the foregoing embodiment, it becomes possible to indirectly monitor applications remotely from an IT services monitoring system, without introducing monitoring software into the systems running the applications that implement the IT services.
Methods, apparatuses, systems, computer programs, recording media, data structures, and other technologies resulting from the application of the component elements and expressions in an embodiment disclosed herein, or arbitrary combinations thereof, are also valid modes of the disclosed embodiment.
All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the principles of the invention and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions, nor does the organization of such examples in the specification relate to a showing of the superiority and inferiority of the invention. Although the embodiment(s) of the present invention(s) has(have) been described in detail, it should be understood that the various changes, substitutions, and alterations could be made hereto without departing from the spirit and scope of the invention.
Number | Date | Country | Kind |
---|---|---|---|
2009-243649 | Oct 2009 | JP | national |