The present application claims the benefit of PCT international application number PCT/JP2005/007769 filed on Apr. 25, 2005, the subject matter of which is hereby incorporated herein by reference.
1. Field of the Invention
The present invention relates to a network design processing device and method, and program therefor for supporting the network design/construction of computer systems. Particularly, the present invention relates to a technique for automatically detecting a setting error in a network in the network diagram of a designed computer system and for automatically detecting a non-redundant device.
2. Description of the Related Art
Conventionally, when computer systems are designed or constructed, the designers have created a network diagram and performed a network setting for each device using the created network diagram. Specifically, the designers have decided information for setting each device by reviewing the created network diagram based on an empirical approach, written out the information into a data table by hand, and then performed a setting for each device according to the information. The designers have repeated these tasks for each device one by one. This has imposed a great burden on the designers and caused problems with a large number of setting errors.
On the contrary, there are techniques for supporting designers in designing or constructing computer systems. Such techniques include a network configuration and design support system described in Patent Document 1.
This network configuration and design support system of Patent Document 1 is provided a network device graphics information file, in which pictures are stored that indicate the appearance or symbol of network component devices. The designers can create a network configuration diagram by selecting a desired picture from a graphics menu of the pictures on a display screen. This enables the designers to facilitate their tasks, such as the creation of network device configuration diagrams or the selection of hardware or software associated with the network construction.
The network configuration and design support system of Patent Document 1 also has means for validating a combination of attributes that are defined for each device, based on the attribute definition information for each device. The network configuration and design support system further comprises means for validating a connection relationship between devices, a communication relationship between software used by each device, and a reference relationship between data.
(Patent Document 1: Japanese Laid-Open H06-187396)
At the time of network design for the computer system, it is necessary, needless to say, to set correct addresses for all devices, but also to consider other configuration restrictions. This imposes a significant burden on the operators.
Additionally, it is possible to provide communications between devices when the devices are physically connected to each other via a network. However, it is also necessary to consider such restrictions for the device setting when there are some combinations of devices being desired to provide communications and others not, depending on the operational policies.
Further, displaying all communication settings on a single network diagram at a time makes the network diagram significantly complicated. This may result in a problem that a designer forgets to configure a communication setting or configures incorrectly in a communication setting.
On the other hand, as a countermeasure against abnormal conditions during the operation of the computer system, it is desirable to clarify a device at a network design stage, which affects other devices when a failure occurs.
The network configuration and design support system, disclosed in the above-mentioned Patent Document 1, has no function for preventing the oversight of communication settings or incorrect communication settings, or for detecting a critical point (CP) that causes a severe communication failure.
Particularly, in communications between devices, there is service session necessary for actual task execution during the operation of the system and maintenance session necessary for the system maintenance, which is different for respective communication purposes. Therefore, it is desirable to be able to provide setting, displaying, and checking of each session separately. However, the conventional technique could not handle the service session and the maintenance session as distinguished from each other in a network diagram. Thus, it could not also provide a display, which differentiates the two types of communications such that one part displays only the communication of the service session, and another displays only the communication of the maintenance session in the network diagram that is displayed on a display device.
It is an object of the present invention to solve the above problems and prevent the oversight of communication settings or incorrect communication settings at the time of network design for the computer system with greater ease than in the conventional technique.
It is another object of the present invention to differentiate, in a network diagram created with computer, the service session and the maintenance session to enable a separate setting, displaying, and checking of these sessions.
It is still another object of the present invention to provide a technique for detecting a device which may cause a severe communication failure due to the occurrence of failures at the time of network design for the computer system.
To solve the above problems, the present invention provides a network design processing device for automatically extracting network design information from a network diagram inputted through a computer screen. The network design processing device comprises: a network diagram creation processing unit for inputting service communication setting information for service execution in a network system to be designed and maintenance communication setting information for maintenance management of the network system distinctly and displaying each line connecting a starting point and an ending point of communications on the network diagram in different display modes for the service communications and for the maintenance communications; and a design diagram data storage unit for storing the design diagram data expressing the network diagram, the design diagram data including the service communication setting information and the maintenance communication setting information inputted by the network diagram creation processing unit. The present invention enables the easy and clear communication setting in a network design because the service communications and the maintenance communications are distinctly input and displayed on the network diagram.
Preferably, the present invention may comprise a selective communication display control unit for instructing to display the communication setting information for the communication in which a specific network device, such as a server, designated at the network diagram is the starting point or the ending point. When a selective communication display is instructed for a specific network device, the present invention displays the setting information for the communication having the designated specific network device as the starting point or the ending point is displayed on the network diagram, while the present invention hides the setting information for the other communications. The present invention enables only necessary communications to be displayed on the network diagram, thereby achieving the clearer network design.
Preferably, the present invention may have a unit for instructing to display the setting information for a specific communication designating the types of communication or communication protocol. When a selective communication display is instructed for a specific communication or protocol type, the present invention displays the setting information for the communication for the designated communication or protocol type on the network diagram, while the present invention hides the setting information for the other communications. The present invention enables an easy check of setting information related to the communications depending on the types of communication or communication protocol.
Preferably, the present invention may place the setting information for the input communication on a different layer of a plurality of layers forming the network diagram in accordance with the types of communication, communication protocol of the service communications, the maintenance communications, or the combination of the types of communication and communication protocol, and, for the display of the setting information for communications on the network diagram, select a specific layer or a group of layers to display on the network diagram. The present invention enables a prompt and easy display of setting information for communications on the network diagram.
Preferably, the present invention may store the design diagram data obtained from the network diagram in a design information database, detect a network device is detected that does not correspond to the starting point or the ending point of the communications, and displays such information on the network diagram that indicates the network device. The present invention may eliminate the oversight of communication settings.
Preferably, the present invention may analyze the service communication setting information that is stored in the design information database, search a server communicates which has communication from outside of a network system to be designed, further search another server which is chained and has communications with the server, then detect a remaining-server that deviates from such a communication-chain. Then, the present invention display information is displayed on the network diagram that indicates the server having no interaction with the outside world. Such a server is likely to be incorrect that has only closed communications within the system without any interaction with the outside world. The present invention enables an easy detection of such setting errors in communications.
Preferably, when the server deviating from the communication-chain is a device corresponding to the starting point of the maintenance communications, the present invention does not treat the device as a target for displaying the information that indicates no interaction with the outside world. That is because, for example, a maintenance monitoring server may not have any relationship with communications with the outside world.
Preferably, the present invention may analyze the maintenance communication setting information that is stored in the design diagram database. Then, the present invention may detect communications that have no path between the starting point and the ending point of the maintenance communications, or a device that does not correspond to the starting point or the ending point of the maintenance communications, and display information on the detection result on the network diagram. The present invention enables the designer to ascertain a device to which the maintenance communications may not be provided and eliminate the oversight of setting, thereby improving reliability of the network system.
Preferably, the present invention may cause a pseudo-failure for each device one by one based on the information for each device stored in the design information database, perform a path search to determine whether the service communications are established from the starting point to the ending point based on the service communication setting information with reference to the connection information for said each device, perform a failure simulation that detects the existence of any impossible service communications, and display the device with the pseudo-failure is displayed on the network diagram with a mark of critical point (CP) being added, when the impossible service communications are detected. The present invention enables the system designer to understand which machine could be a critical point and to add redundancy to the machine as needed, thereby improving its fault tolerance. In this case, the analysis for detecting and displaying a critical point with the failure simulation is performed only on the service communications, and not on the maintenance communications. That is because all devices could be a critical point when the maintenance sessions are subject to the failure simulation, since each maintenance session is normally accessed by the redundant devices independently.
According to the present invention, the service session and the maintenance session are described and displayed distinctly on the network diagram. Therefore, any input error in the setting information for their communications would be eliminated and the communication-related network design may be performed in an easier and clearer way.
Referring now to the accompanying drawings, embodiments of the present invention is described below.
A network design processing device 1 includes a network diagram creation processing unit 10, a selective communication display control unit 11, a design diagram data storage unit 12, a design diagram data analysis unit 13, a design information DB 14, a basic information check unit 15, a communication setting information check unit 16, a design information modification unit 17, a check result output unit 18, a failure simulation unit 19, and a CP information output unit 20. These are realized by a computer system of hardware and software, including a CPU, memory and so on. An input/output device 2 is connected to the network design processing device 1.
The design diagram data analysis unit 13 includes a basic information extraction unit 21 and a communication setting information extraction unit 22. The communication setting information check unit 16 comprises a service communication setting check unit 23, a maintenance communication setting check unit 24, and a path search unit 25. The network design processing device 1 also includes a filter setting information creation unit 26 which creates filter setting information for routers and so on with reference to the design information DB 14.
The network diagram creation processing unit 10 has a processing function of graphics processing software, such as CAD. The network diagram designer creates a network diagram by operating the network diagram creation processing unit 10 via the input/output device 2.
The selective communication display control unit 11 controls the network diagram creation processing unit 10 in such a way that only the communications instructed by the input/output device 2 would be selected and displayed on the network diagram on the screen of the input/output device 2.
The design diagram data storage unit 12 stores design diagram data including information of the network diagram that is created by the network diagram creation processing unit 10. The design diagram data includes graphics information and attributes information for each graphic element (hereafter referred to as an “object”) which comprises the network diagram, and its data format is similar to that of being used in common CAD systems.
The design diagram data analysis unit 13 analyzes the design diagram data of the network diagram stored in the design diagram data storage unit 12 to extract design information. The extracted design information is stored in the design information DB 14. The basic information extraction unit 21 extracts basic information, such as information for each device described in the network diagram or physical connection information between devices. The communication setting information extraction unit 22 extracts communication setting information for the communications between devices described in the network diagram.
The design information DB 14 stores design information, such as the basic information extracted by the design diagram data analysis unit 13 or the communication setting information.
The basic information check unit 15 checks for any setting error in the basic information stored in the design information DB 14. As used herein, the term “basic information” refers to the information for each device set in the network diagram or the information for each connection cable which physically connects each device.
The communication setting information check unit 16 checks for any setting error in the communication setting information stored in the design information DB 14. As used herein, the term “communication setting information” refers to the information which defines communication sessions for the service communication setting or the maintenance communication setting which is set in the network diagram.
The service communication setting check unit 23 extracts the setting information for the service communications from the communication setting information stored in the design information DB 14 and checks for any setting error therein. The maintenance communication setting check unit 24 extracts the setting information for the maintenance communications from the communication setting information stored in the design information DB 14 and checks for any setting error therein. The path search unit 25 performs a path search for the designated communication setting.
The design information modification unit 17 automatically modifies any setting error in the design information DB 14 when that setting error could be automatically modified.
The check result output unit 18, for example, outputs the check result of the basic information from the basic information check unit 15 or the check result of the communication setting information from the communication setting information check unit 16.
The failure simulation unit 19 checks if the service communications can be provided which is set with the service communication setting, with a pseudo-failure being caused for each device in the network diagram one by one, and extracts a device which could be of non-redundant configuration (namely, a device which is a critical point (hereafter referred to as a “CP”)). The term “CP” refers to a point where a significant task trouble would occur when the device in question fails.
The CP information output unit 20 writes the information on the device which is a CP extracted by the failure simulation unit 19 to the design information DB 14 and outputs the information to the screen of the input/output device 2 via the network diagram creation processing unit 10.
The filter setting information creation unit 26 creates filter setting information to be set for each device based on the design information DB 14.
The embodiment of the present invention will now be described in detail below with reference to
The components of each device to be used in the network are listed in a window 52 of the device stencil. The components to be used in setting communications are listed in a window 53 of the communication setting stencil. The designer selects a component of the device to be placed in the network diagram from the window 52 of the device stencil, and places each component of the selected device in the network diagram by drag and drop operation. This network diagram creation method based on the CAD application is as used in the conventional methods.
The present invention can place each device being placed and connected to each other on the network diagram, and also can describe and set the service session and the maintenance session on the network diagram, while differentiating the two types of sessions.
The attributes information for each device and communications may be defined in advance for each component of the device stencil and the communication stencil. The defined information may be kept as component attributes information in an attributes file (not shown) which is managed by the network diagram creation processing unit 10. In the window 54 of the property setting, with respect to an attributes item which has been defined in advance for that attributes file, attributes information which is read from the attributes file is embedded in that attributes item as a default value. Therefore, the designer needs only to input attributes information specific to the individual devices or communications from the window 54 of the property setting, for example, minimal attributes information such as the host name or address information of the server.
In the network diagram illustrated in
A dns server 107, a web server 111 and a db server 123 are service-type servers for providing a service to an external customer. An admin server 117 is a maintenance-type server for performing the maintenance management such as for checking or making setting changes for each device which constitutes the network system. An admin server 117 needs to be set in a way that, in particular, external ingress communications would not be permitted.
The FireWall 103, dns server 107, web server 111, admin server 117 and db server 123 are each equipped with two network interface cards 104, 105, 108, 109, 112, 113, 118, 119, 124 and 125, respectively. Herein below, the network interface cards are referred to as “NICs”.
The NICs 105, 109, 113 and 118 are each connected to a Hub 115 in the Global-net via connection cables 106, 110, 114 and 116, respectively. The NICs 119 and 124 are each connected to a Hub 121 in the Private-net via connection cables 120 and 122, respectively.
The IP address of the Global-net is “164.77.53.0/27”. The lower five bits in IP addresses of NICs 105, 109, 113 and 118, which are connected to the Global-net, are each “0.1”, “0.15”, “0.15”, “0.5”, respectively.
The IP address of the Private-net is “192.168.100.0/24”. The lower eight bits in IP addresses of NICs 119 and 124, which are connected to the Private-net, are each “0.5”, “0.10”, respectively. The information for these IP addresses is set in the window 54 of the property setting as described in
Further, the designer describes the necessary communication settings for operating the network system by operating the network diagram creation processing unit 10 via the input/output device 2. The communication setting described in the network diagram is stored in the design diagram data storage unit 12 as the design diagram data. The necessary communication settings for the network system which are described by the designer on the network diagram enables the network design processing device 1 to check for any setting error in the network diagram and to automatically modify setting errors.
In the embodiment of the present invention, the two types of communication settings, namely, the service communication setting and the maintenance communication setting may be described distinctly on the network diagram. In the network diagram of
In the network diagram of
Additionally, also described in the network diagram of
Although only one line of service communication settings and three lines of maintenance communication settings are described in the network diagram illustrated in
Thus, the network design processing device 1 is provided a function which enables selection with a simple operation and display of only specific communication settings of these communication settings.
The default value is “DISPLAY ALL COMMUNICATIONS”, which displays all of the defined communication settings on the network diagram. When “DISPLAY SERVICE COMMUNICATIONS” is selected, then only the service communication settings are selectively displayed on the screen. When “DISPLAY MAINTENANCE COMMUNICATIONS” is selected, then only the maintenance communication settings are selectively displayed on the screen. When “DISPLAY SERVER DESIGNATION” is selected, then on the screen displayed are only the communication settings which have the server selected as the starting point or the ending point by clicking a left button on a mouse. In “DISPLAY SERVER DESIGNATION”, it is also possible to select only the starting point or the ending point, or both of the starting point and the ending point. When “DISPLAY PROTOCOL DESIGNATION” is selected, then a protocol designation selection screen is displayed and only the communication settings are selectively displayed on the screen which use the protocol selected from that screen. In this case, although a specific server may be designated with “DISPLAY SERVER DESIGNATION”, a specific network device may also be designated instead of servers.
A plurality of these menu items may be selected at a time. When more than one item is selected at a time, the appropriate communication settings would be selected in AND condition and displayed on the screen. For example, when “DISPLAY SERVICE COMMUNICATIONS” and “DISPLAY PROTOCOL DESIGNATION” are selected, and when TCP is selected as the protocol, then only those of the service communication settings, which use TCP protocol, would be selectively displayed on the screen.
In the example in
Since a significant amount of communications are involved in providing actual services, when all of the communication settings are displayed on the network diagram at once, a large number of design mistakes could occur due to the oversight and so on. Therefore, displaying only the communications related to the device selected as stated above, only the incoming communications to the selected device, or only the outgoing communications from the selected device enables clearer sight of the network diagram and reduction of setting errors made by the designer.
In order to achieve such selective display of communication settings in a prompt and simple way, the network diagram creation processing unit 10 includes a layer designation/display function and a function for automatically generating layers and automatically placing objects on the layers.
For a specific description, fixed layers are prepared for each communication protocol and for each communication type as needed, which layers are registered to the appropriate communication protocol and communication type layers when inserting the communication settings into the diagram. Further, one or two dynamic layers are prepared.
Upon receipt of the instruction to display some of the communication settings, the network diagram creation processing unit 10 uses the above-mentioned layers for providing display as follows.
A) When the condition does not include inputting/outputting to a specific server, then the network diagram creation processing unit 10 displays a plurality of fixed layers which meet the instructed condition in “OR” condition.
B) When the condition includes inputting/outputting to a specific server, then, firstly, the network diagram creation processing unit 10 selects a communication setting, which meets the condition, from those having that server as the starting point/the ending point, and registers the communication setting to the non-displayed dynamic layer. Secondly, the network diagram creation processing unit 10 displays the processed dynamic layer with all of the currently displayed layers hidden.
The reason for preparing the fixed layers is that it could lead to the delay of operation to check all of the communication settings in the network diagram at each display time. On the other hand, the reason for preparing the dynamic layers is that it could result in the increase in number of layers used with a large number of servers to display the communication settings focusing on a specific server using the fixed layers. Additionally, provided that a communication setting is displayed focusing on a specific server, the operation delay would not occur even if the appropriate communication settings were checked in each case. Since the number of servers to be focused would be relatively small.
Part (A) of
For example, when the communication protocols have three types of TCP, UDP and ICMP, and the communication types have two types of the service communications and the maintenance communications, six fixed layers (2*3=6) are prepared. At this moment, for example, when the communication setting 126 of
Part (B) of
In the step S12, when the request from the designer for the selective communication display is determined to be “DISPLAY SERVER DESIGNATION”, the designation of the server by the designer is input in step S14. The registration for all of the communication settings in the dynamic layer is canceled in step S15. The communication settings for the designation server are registered to the dynamic layer in step S16. The dynamic layer is displayed on the network diagram in step S17, and the process terminates.
For example, as illustrated in
When the design diagram data analysis unit 13 receives the request for checking the network diagram and extracting the design information from the designer in step S20, the design diagram data analysis unit 13 analyzes the design diagram data of the network diagram which is saved in the design diagram data storage unit 12, and extracts the design information necessary for the network management. The extracted design information is stored in the design information DB 14 in a predetermined format, which manages the information for each network device including the configuration information and the connection information in step S21.
The design information check is performed in three steps as described below, namely, the basic information check for the configuration of the individual devices, the service communication setting information check for the service communication settings, and the maintenance communication setting information check for the maintenance communication settings.
The basic information check unit 15 performs the basic information check process on the design information stored in the design information DB 14 in step S22, and checks for any setting error in the basic information in step S23. The basic information check performed by the basic information check unit 15 is a common technique which has been conventionally employed in the network design support system, for example, for checking the configuration and connection of the devices. In this technique, for example, those situations are detected as “SETTING ERROR EXISTS” where a device exists which is not connected to the network, or the same IP addresses are assigned to a plurality of devices. When a setting error exists in the basic information, it is determined whether the setting error can be modified automatically in step S24. When the setting error can be modified automatically, the design information modification unit 17 performs the automatic modification process on the setting error in step S25, and the process returns to the basic information check process of the step S22. The automatic modification is performed in such a way that when the same IP addresses are assigned to a plurality of devices, one of the IP addresses is automatically changed to a non-assigned IP address. The result of the automatic modification is acknowledged by the designer and then written to the design information DB 14. When the automatic modification is impossible, then the error information output processing is performed in step S26, and the process terminates.
In step S23, when no setting error exists in the basic information, the communication setting information check unit 16 performs the service communication setting information check process on the design information which is stored in the design information DB 14 in step S27, and checks for any setting error in the service communication setting information in step S28. When a setting error exists in the service communication setting information, the error information indicating the setting error is stored in step S29.
The communication setting information check unit 16 further performs the maintenance communication setting information check process on the design information which is stored in the design information DB 14 in step S30, and checks for any setting error in the maintenance communication setting information in step S31. When a setting error exists in the maintenance communication setting information, the error information indicating the setting error is stored in step S32.
The communication setting information check unit 16 determines whether the error information exists which indicates the setting error in the service communication setting information or the maintenance communication setting information in step S33. When the error information exists, the communication setting information check unit 16 performs the error information output process in step S26, and the process terminates.
When no setting error exists in all of the basic information, the service communication setting information, and the maintenance communication setting information, then the failure simulation unit 19 performs the CP extraction process based on the failure simulation for extracting a critical point in step S34. The CP information output unit 20 performs the CP information output process for outputting the critical point information which is obtained from the CP extraction process in step S35, and the process terminates.
In step S21 described above, the device table 56 of
The object IDs in the device table 56, the communication information table 57, and the session table 58 represent identifiers for uniquely identifying each device or communications placed in the network diagram. These object IDs in each table correspond to the object IDs illustrated in
Each name in the device table 56 represents a name which is given to that device. Any name may be set as long as the name can be recognized by the designer or operator of the network system. Each type represents information for the type of that device. Each address represents an IP address which is set for that device.
Each child object ID and each parent object ID represent each object ID for a device which has a parent-child relationship with the device in question. For example, a dns server 107 with an object ID “7” contains a NIC 108 with an object ID “8” and a NIC 109 with an object ID “9”. Therefore, “8” and “9” are set as the child object ID of the dns server 107 with the object ID “7”. On the other hand, “7” is set as the parent object ID of the NIC 108 with the object ID “8” and the NIC 109 with the object ID “9”.
These kinds of information are mainly extracted from the attributes information which is set as a property for each device, or obtained by analyzing the hierarchical structure of a group (for example, grouped objects as server itself+NIC+NIC) of components (for example, a server itself, a NIC and so on) which represent each device.
When an error exists for the device setting, such error information is inserted in the status information. Additionally, the status information is used in the CP extraction process by the failure simulation unit 19. When a pseudo-failure is caused for a device, the failure simulation unit 19 sets the pseudo-failure status for the status information of the device.
The object IDs in the communication information table 57 of
When an error exists for the connection cable setting, such error information is inserted in the status information. Additionally, the status information is used in the CP extraction process by the failure simulation unit 19. When a pseudo-failure is caused for a connection cable, the failure simulation unit 19 sets the pseudo-failure status for the status information of the connection cable.
The object IDs in the session table 58 of
Each protocol represent a protocol which is used in the communications. When a plurality of protocols is set for a single communication, a plurality of record is generated on the session table 58. For example, since the two types of protocols, namely, TCP and ICMP are set in the communication setting 127, the communication setting 128 and the communication setting 129, with respect to each communication setting with the object IDs “27”, “28” and “29”, two records of each setting are generated in the session table 58 of
The starting point ID and the ending point ID represent the object IDs for the devices which are corresponding to the starting points or the ending points of their communications. For example, since the communication setting 126 with an object ID “26” corresponds to the NIC 113 which has the web server 111 as the starting point and to the NIC 124 which has the db server 123 as the ending point, an object ID “13” of the NIC 113 is set as the starting point ID, and an object ID “24” of the NIC 124 is set as the ending point ID.
Other information includes, for example, more specific settings for the protocol used in the communications. For example, when the protocol is TCP, then, the source port number and the destination port number and so on will be set. When an error exists for the communication setting, such error information is inserted in the status information.
As can be seen from the device table 56 of
This address modification may be performed by the designer through the property setting of the NIC 113 from the network diagram. If possible, setting errors may be automatically modified by the design information modification unit 17. For example, since the range of IP addresses which can be easily set may be known from the network address of the network to which the device is connected, for example, the setting error due to the address overlapping as described above may also be automatically modified by the design information modification unit 17. When the automatic modification is possible, the process may proceed to the next process without prompting the designer a setting error modification. This enables reduction of person-hours for the design by the designer.
First, the service communication setting check unit 23 stores service communications in which an external device is the starting point of the service, in a matrix “EXTERNAL” in step S40. The service communication setting check unit 23 determines whether the matrix “EXTERNAL” is empty in step S41. When the matrix “EXTERNAL” is empty, an error object of “NO EXTERNAL COMMUNICATION” is inserted into all servers in step S42.
Then, the service communication setting check unit 23 selects one server from the device table 56 in step S43, and determines whether the selected server has the starting point or the ending point of the service communications in step S44. When the selected server has the starting point or the ending point of the service communications, the communications in which the selected server is set as the starting point is stored in a matrix “INTERNAL” in step S45.
When the server selected in step S44 does not have the starting point or the ending point of the service communications, then the service communication setting check unit 23 determines whether the selected server has the starting point of the maintenance communications in step S46. When the selected server does not have the starting point of the maintenance communications, an error object of “NO COMMUNICATION” is inserted into the selected server in step S47.
The service communication setting check unit 23 determines whether a non-selected server exists in the device table 56 in step S48. When a non-selected server exists, the process returns to the process of step S43. Thereafter, the processes of steps S43 through S48 are repeated until there does not exist a non-selected server in the device table 56.
When there does not exist a non-selected server in the device table 56, the service communication setting check unit 23 selects one communication from the matrix “EXTERNAL” in step S49. The path search unit 25 performs a path search process with respect to the selected communications in step S50, and the service communication setting check unit 23 determines whether a path is detected in step S51. The path search unit 25 is to perform a process to detect the presence of a communication route capable of the selected communication, and the detail of the process will be described below.
When a path is detected, the communications in which a server at the ending point of the selected communication is set as the starting point is moved from the matrix “INTERNAL” to the matrix “EXTERNAL” in step S52. When the pass is not detected, an error object of “COMMUNICATION IMPOSSIBLE” is inserted into the selected communication in step S53.
A determination is made as to whether the matrix “EXTERNAL” is empty in step S54. When the matrix “EXTERNAL” is not empty, the process returns to the process of the step S49. Thereafter, the processes of steps S49 through S54 are repeated until the matrix “EXTERNAL” becomes empty.
When the matrix “EXTERNAL” becomes empty, then the service communication setting check unit 23 determines whether the matrix “INTERNAL” is empty in step S55. When the matrix “INTERNAL” is not empty, the service communication setting check unit 23 selects one communication from the matrix “INTERNAL” in step S56. An error object of “NO EXTERNAL COMMUNICATION” is inserted into the servers which are corresponding to the starting point and the ending point of the selected communication, respectively in step S57.
Additionally, the path search unit 25 performs the path search process with respect to the selected communication in step S58, and the service communication setting check unit 23 determines whether a path is detected in step S59. When a path is not detected, the service communication setting check unit 23 inserts an error object of “COMMUNICATION IMPOSSIBLE” into the selected communication in step S60.
The process of steps S55 through S60 are repeated until the matrix “INTERNAL” becomes empty, and the process terminates when the matrix becomes empty.
The path search unit 25 retrieves an end-point object ID in the communication information table 57 by the starting point ID of the designated communications in step S70, and obtains the end-point object ID of a connection target. All of the end-point object IDs of the connection target, which are obtained from the retrieval, are stored in a matrix “SEARCH”, while giving a “stored” mark to the status information section of the appropriate object in the device table 56 in step S71. For example, since the communication setting 126 with an object ID “26” in the session table 58 of
A determination is made as to whether the matrix “SEARCH” is empty in step S72. When the matrix “SEARCH” is empty, a return code of “PATH NOT FOUND” is returned to the source node from which the search request was sent, and the process terminates.
When the matrix “SEARCH” is not empty in step S72, one ID is selected from the matrix “SEARCH” in step S73. A determination is made as to whether the selected ID is the ending point ID in step S74. When the selected ID is the ending point ID, a return code of “PATH FOUND” is returned to the source node from which the search request was sent, and the process terminates.
When the selected ID is not the ending point ID in step S74, a determination is made as to whether the ID is a Hub ID in the device table 56 in step S75. When the selected ID is the Hub ID, a determination is made as to whether the object has a “stored” mark in the device table 56 in step S76. When the object has a “stored” mark, the process returns to the process of step S72. When the object does not have a “stored” mark, an end-point object ID of the communication information table 57 is retrieved by the ID in step S77, and the end-point object ID of the connection target is obtained. All of the end-point object IDs of the connection target, which are obtained from the retrieval, are stored in the matrix “SEARCH” in step S78, and the process returns to the process of the step S72.
When the selected ID is not the Hub ID in the step S75, a determination is made as to whether a device corresponding to a parent of another device which has the Hub ID as its object ID is a Router in the device table 56 in step S79. When a device corresponding to a parent of another device which has the Hub ID as its object ID is a Router, all of the other child object IDs of the Router, which have not yet been given a “stored” mark, are obtained from the device table 56, and these IDs are stored in the matrix “SEARCH” in step S80. Then the process returns to the process of the step S72.
As illustrated in the network diagram of
Additionally, as illustrated in the network diagram of
Although there is no service communication set for the admin server 117, a setting error would not be detected at the service communication setting check process which indicates the absence of the service communication setting, since the admin server 117 would be determined to be a device for maintenance as the admin server 117 corresponds to the starting point of the maintenance communication setting. Such an effect is obtained by managing the service communication setting and the maintenance communication setting in a distinct manner.
When the device selected at the step S91 has the starting point or the ending point of the maintenance communications, then one maintenance communication in which the selected device selected as the starting point is selected in step S93. The path search unit 25 performs the path search process with respect to the selected communication in step S94, and the maintenance communication setting check unit 24 determines whether a path is detected in step S95. When the path is not detected, an error object of “COMMUNICATION IMPOSSIBLE” is inserted into the selected device in step S96.
A determination is made as to whether there exists any non-selected maintenance communication in which the selected device is set as the starting point in step S97. When any non-selected maintenance communication exists, the process returns to the process of the step S93. Thereafter, the processes of steps S93 through S97 are repeated until there does not exist a non-selected maintenance communication which has the selected device as the starting point.
When there does not exist non-selected maintenance communication in which the selected device is set as the starting point, a determination is made as to whether there exists a non-selected device in the device table 56 in step S98. When there is a non-selected device, the process returns to the process of the step S90. Thereafter, the processes of steps S90 through S98 are repeated until not being a non-selected device in the device table 56, and the process terminates when there is not a non-selected device in the device table 56.
As illustrated in the network diagram of
The operational monitoring for a computer system is fundamentally performed on all NICs for all devices which can be monitored. Therefore, when there is a device which provides no communications for the operational monitoring, then a setting error is detected at the maintenance communication setting check process.
First, in order to deal with the setting errors indicating that the communication is impossible between the web server 111 and the db server 123, a Router 131 is provided between the Global-net and the Private-net. A NIC 132 and a Hub 115 on the side of the Global-net are connected via a connection cable 130, while a NIC 133 and a Hub 121 on the side of the Private-net are connected via a connection cable 134. The lower five bits of the address for the NIC 132 on the side of the Global-net are set to “0.2”, while the lower eight bits of the address for the NIC 133 on the side of the Private-net are set to “0.2”. Due to the presence of the Router 131, the communications would be possible between a device on the side of the Global-net and another device on the side of the Private-net.
Then, in order to deal with the setting errors indicating the absence of the service communication setting for the dns server 107, a service communication setting 135 from the external Internet 101 to the dns server 107 is set on the network diagram.
Additionally, in order to deal with the setting errors indicating the absence of the maintenance communication setting for the FireWall 103, a maintenance communication setting 136 connected from the NIC 118 on the admin server 117 to the NIC 104 on the FireWall 103, and a maintenance communication setting 137 connected from the NIC 118 on the admin server 117 to the NIC 105 on the FireWall 103, are set on the network diagram.
Further, in association with the placement of the Router 131, a maintenance communication setting 138 connected from the NIC 118 on the admin server 117 to the NIC 132 on the Router 131 and a maintenance communication setting 139 connected from the NIC 119 on the admin server 117 to the NIC 133 on the Router 131, are also set on the network diagram.
As illustrated in the network diagram of
Similarly, since there is no service communication setting for the db server 123 from the outside world, an error object, which indicates the absence of the service communication setting for the db server 123 from the outside world, is inserted on the network diagram. The service communications from the web server 111 is set for the db server 123. However, since there is no service communication setting for the web server 111 from the outside world, there is even no indirect service communication setting.
Generally, the service task is achieved by performing some process in response to the request from the outside world. In the embodiment of the present invention, the outside world in this service task refers to the Internet 101. Since any device at which no communications arrives from the outside world is considered to provide no contribution to the service task, a setting error will likely exist in the device. Therefore, by checking the connectivity of each device with the external communication at the time of the service communication setting check, an indication is made for the server to which the external communication has not arrived, which is then alerted to the designer. This enables the designer to find a setting error indicating the presence of devices which provides no contribution to the service task.
As described above, the detection of setting errors by checking the basic information check, the service communication setting check, and the maintenance communication setting check enables the modification of the network diagram as initially designed in
The filter setting information 59 of
By converting the format of the generic filter setting information 59 which is created by the filter setting information creation unit 26 using conversion program depending on the vendors of the devices, a filter setting file can be obtained which is corresponding to the filtering program for the appropriate devices.
When the db server 123 is constructed or set according to the network diagram actually created, the filter setting of the db server 123 is completed by only positioning a filter setting file 60 as illustrated in
The failure simulation unit 19 selects one device from the device table 56 in step S100. In order to virtually make the selected device in a fault state, the status information of the selected device is set to “FAILED” in the device table 56 in step S101.
In this state, the path search process is performed for each service communication setting in step S102, and a determination is made as to whether there exists a service communication setting of “PATH NOT FOUND” in step S103. Although the path search process is performed in the operational logic as described in
A determination is made as to whether there exists a non-selected device in the device table 56 in step S105. When there exists a non-selected device, the process returns to the process of step S100. Thereafter, the processes of steps S100 through S105 are repeated until there does not exist a non-selected device in the device table 56.
Additionally, the maintenance communications generally needs to be set for each device independently, regardless of the redundant configuration. Therefore, it is not necessary to detect a critical point for the maintenance communications and the maintenance communications are ignored at the time of fault simulation.
The dns server 107, the web server 111 and the db server 123 still remain in the CP state, since they are not in the redundant configuration. However, since it is clearly illustrated on the network diagram that these devices could be “the device imposing significant effects due to their faults”, the network diagram as illustrated in
Since the Routers 131 and 147 are both in the redundant configuration, a virtual address (VirtualAddress) is set for these Routers for recognizing two Routers as a whole, in addition to the actual addresses held by their NICs. In the example of
For the Routing setting for the web server 111 under these conditions, the address of the Router is automatically recognized as the virtual address of “164.77.53.4”, and a routing or filtering rule with such a setting is output as a network setting file. This is also the case with the network setting files of the db server 123.
The network design processing device 1 illustrated in
The above-mentioned processes at each step may be realized by a computer and software program, and such program may be stored in computer readable recording medium or provided through the network.
According to the present invention, in the network design, in particular, a support device for constructing a high-quality network system which eliminates setting errors or the setting oversight for the service communications and the maintenance communications and so on is realized.
Number | Name | Date | Kind |
---|---|---|---|
5841981 | Kondo | Nov 1998 | A |
6225999 | Jain et al. | May 2001 | B1 |
6363421 | Barker et al. | Mar 2002 | B2 |
6850253 | Bazerman et al. | Feb 2005 | B1 |
6857014 | Paterson et al. | Feb 2005 | B1 |
7076400 | Dulberg et al. | Jul 2006 | B2 |
7139819 | Luo et al. | Nov 2006 | B1 |
7289436 | Schaller et al. | Oct 2007 | B2 |
7315985 | Gauvin et al. | Jan 2008 | B1 |
7334222 | Keller | Feb 2008 | B2 |
20030112958 | Beaudoin et al. | Jun 2003 | A1 |
Number | Date | Country |
---|---|---|
5-204721 | Aug 1993 | JP |
6-187396 | Jul 1994 | JP |
2002-368743 | Dec 2002 | JP |
2003-101537 | Apr 2003 | JP |
2004-40374 | Feb 2004 | JP |
Number | Date | Country | |
---|---|---|---|
20080091387 A1 | Apr 2008 | US |