JP4712279B2 - Method and apparatus for controlling extensible computing system - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention generally relates to data processing. The present invention particularly relates to a method and apparatus for controlling a computing grid.
[0002]
[Problems to be solved by the invention]
Today's websites and other computer system builders have many interesting system planning problems. These issues include capacity planning, site availability and site safety. Achieving these goals requires finding and hiring trained personnel who can design and operate sites that may be potentially large and complex. For many organizations, designing, building, and operating large sites is often not the main business, so finding and hiring such people has proved difficult.
[0003]
One approach is to employ a third-party company website that is co-located with other company websites. Such outsourcing facilities are now available from companies such as Exodus, AboveNet, and GlobalCenter. These facilities provide physical space, redundant networks, and power generation facilities shared by many customers.
[0004]
Adopting an outsourced website greatly reduces the burden of establishing and maintaining a website, but does not remove all the problems associated with maintaining a website from a company. Companies have to do a lot of work on their computing infrastructure during the construction, operation and expansion of their facilities. Enterprise information technology managers employed at such facilities are responsible for the manual selection, installation, configuration and maintenance of the computing devices at the facility. Administrators must address difficult issues such as resource planning and handling peak capacity. In particular, an administrator needs to predict resource demand and required resources from an outsourced company to deal with demand. Many managers ensure sufficient capacity by requesting substantially more resources than they need as a mitigation against unexpected peak demand. Unfortunately, this increases the amount of unused capacity and increases the company's overhead to adopt a website.
[0005]
Even if an outsourced company provides a complete computing facility that includes servers, software, and power facilities, the same manual and error-prone management procedures are required as the company grows. It is not easy. In addition, problems remain with capacity planning for unexpected peak demand. In this case, the outsourced company may maintain a significant amount of unused capacity.
[0006]
In addition, the requirements for websites managed by outsourced companies are often different. For example, a company needs the ability to operate and control its website independently. Other companies require a certain type or level of security that separates their website from all other sites co-located with outsourced companies. As another example, some companies require a secure connection to a corporate intranet located somewhere.
[0007]
Furthermore, the various websites differ in internal topology. A site simply consists of a series of web servers that are load balanced by a web load balancer. Suitable load balancers include Cisco Systems, Inc. Local Director, F5Labs BigIP, and Aleton Web Director. Other sites may be multi-layered, which allows web server queues to handle hypertext protocol (HTTP) requests, but the majority of application logic is implemented in a separate application server. It may be necessary to reconnect these application servers to the database server layer.
[0008]
Some of these different structural scenarios are shown in FIGS. 1A, 1B, and 1C. FIG. 1A is a block diagram of a simple website consisting of a single computing element or machine 100 that includes a CPU 102 and a disk 104. Machine 100 is connected to a worldwide packet switched data network 106 known as the Internet, or other network. Machine 100 may be housed in a co-location service of the type described above.
[0009]
FIG. 1B is a block diagram of a one-tier web server farm 110 that includes multiple web servers WSA, WSB, WSC. Each web server is connected to a load balancer 112 connected to the Internet 106. The load balancer divides traffic between servers to maintain a balanced processing load on each server. The load balancer 112 may also include or be connected to a firewall to protect the web server from unauthorized traffic.
[0010]
FIG. 1C shows a three-tier server farm 120 that includes tiers such as web servers W1, W2, tiers such as application servers A1, A2, and tiers such as database servers D1, D2. A web server is provided to handle HTTP requests. The application server executes most of the application logic. The database server executes database management system (DBMS) software.
[0011]
As the topology of the types of websites that need to be configured has diversified and the requirements of the corresponding company are changing, the only way to configure a large website is to physically customize each site It is thought that. Many organizations work on the same issues individually and customize each website from scratch. This is inefficient and results in a lot of identical work in different companies.
[0012]
Another problem with conventional methods is resource and capacity planning. Websites receive very different levels of traffic on different days or at different times of the day. At peak traffic times, website hardware or software may not be able to respond to requests within a reasonable amount of time due to overload. At other times, the website hardware or software has excessive capacity and is not fully utilized. With traditional methods, finding a balance in having enough hardware and software to handle peak traffic without incurring undue cost or excess capacity is a difficult problem. Many websites are unable to find the right balance and are chronically suffering from under or over capacity.
[0013]
Another problem is a failure caused by human error. The major potential disaster that exists in the current method of using manually configured server farms is that the server farm malfunctions due to human error when configuring a new server in a live server, which can lead to website users The service may be lost.
[0014]
Based on the above, there is a clear need in the art for an improved method and apparatus that provides a computing system that can be readily and readily expanded on demand without the need for custom configurations.
[0015]
There is also a need for a computing system that supports the generation of multiple separate processing nodes that can each be expanded or reduced as needed to account for changes in traffic throughput.
[0016]
There is a further need for a method and apparatus for controlling such an extensible computing system and its configuration separation processing node. Other needs will become apparent from the disclosure provided herein.
[0017]
DISCLOSURE OF THE INVENTION
According to one aspect of the present invention, the above needs, as well as other needs that will become apparent from the following description, are based on a large computing structure ("computing grid") and are highly scalable. Achieved by a method and apparatus for controlling and managing a highly accessible and secure data processing site. The computing grid is physically configured and then logically divided for various organizations as required. The computing grid includes a large number of computing elements connected to one or more VLAN switches and one or more storage area network (SAN) switches. The plurality of storage devices are connected to the SAN switch and may be selectively connected to one or more computing elements via appropriate switching logic and commands. One port of the VLAN switch is connected to an external network such as the Internet. Monitoring mechanisms, layers, machines or processes are connected to VLAN switches and SAN switches.
[0018]
Initially, all storage devices and computing elements are assigned to the idle pool. Under program control, the monitoring mechanism dynamically configures the VLAN switch and SAN switch ports to connect to one or more computing elements and storage devices. As a result, such elements and devices are logically removed from the idle pool and become part of one or more virtual server farms (VSFs) or instant data centers (IDCs). Each VSF computing element is directed to or associated with a storage device that includes a boot image that can be used by the computing element to perform bootstrap operations and generation execution.
[0019]
According to one aspect of the present invention, the monitoring layer is a control plane consisting of a control mechanism hierarchy including one or more master control process mechanisms communicatively connected to one or more slave control process mechanisms. One or more master control process mechanisms allocate and deallocate slave control process mechanisms based on the loading of the slave control process mechanisms. One or more master control process mechanisms support the slave control process mechanism to establish an IDC by selecting a subset of processing and storage resources. One or more master control process mechanisms perform periodic screening of slave control process mechanisms. The slave control mechanism that does not respond or terminates abnormally is restarted. Another slave control mechanism is initiated to replace the slave control mechanism that cannot be resumed. The slave control mechanism periodically checks the master control mechanism. If the master-slave control process mechanism is abnormally terminated, the slave control process mechanism is selected to become a new master control process mechanism, which replaces the master control process mechanism that has been terminated.
[0020]
By physically configuring the computing grid once and assuredly and dynamically assigning parts of the computing grid to various organizations as required, the scale benefits that were difficult when customizing each site can be obtained .
[0021]
The present invention is illustrated by way of example and not limitation in the accompanying drawings, in which identical reference numbers indicate similar elements.
[0022]
[Embodiments of the Invention]
In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the present invention.
[0023]
Virtual server farm (VSF)
According to one embodiment, a large-scale computing structure (“computing grid”) is provided. The computing grid may be physically configured once and then logically partitioned on demand. A portion of the computing grid is assigned to each of a plurality of companies or organizations. The logic part of each organization's computing grid is called a virtual server farm (VSF). Each organization maintains its own operational control of the VSF. Each VSF can dynamically change the number of CPUs, storage capacity and disk, and network bandwidth based on real-time demands given to server farms or other factors. VSFs are all logically generated from the same physical computing grid, but each VSF is protected from the VSFs of all other organizations. A VSF can reversely connect to an intranet by using a personal leased line or a virtual private network (VPN) without exposing the intranet to other organizations' VSF.
[0024]
An organization can perform full (eg superuser or root) administrative access to computers and observe all traffic on the local area network (LAN) to which these computers are connected, but assigned to it Only the parts of the computing grid, ie the data and computing elements in the VSF, can be accessed. According to one embodiment, this is possible by using a dynamic firewall scheme where the safety limits of the VSF are dynamically expanded and contracted. Each VSF can be used to employ organizational content and applications that can be accessed over the Internet, intranet or extranet.
[0025]
The configuration and control of the computing element and its associated networking and storage elements are performed by a monitoring mechanism that is not directly accessible by any of the computing elements in the computing grid. For convenience, in this document the monitoring mechanism is commonly referred to as the control plane and may consist of one or more processors or a network of processors. The monitoring mechanism may be composed of a supervisor, a controller, and the like. Other methods can be used as described herein.
[0026]
The control plane is implemented on a completely independent set of computing elements assigned for monitoring purposes, such as one or more servers interconnected within the network or by other means. The control plane performs control operations on the computing, networking and storage elements of the computing grid via the grid's networking and storage element special control ports or interfaces. The control plane provides a physical interface to the switching elements of the system, monitors the load of computing elements in the system, and provides operational management functions using a graphical user interface or other suitable user interface.
[0027]
The computer used to implement the control plane is logically invisible to computers in the computer grid (and certain VSFs), and is never attacked or destroyed through elements in the computer grid or from external computers It will never be done. Only the control plane has a physical connection to the control port of the device in the computer grid, which controls membership in a particular VSF. Since devices in computing can only be configured through these special control ports, computing elements in the computing grid cannot change their safety limits or gain access to unauthorized storage or computing devices. Can not.
[0028]
Thus, VSF enables organizations to work with computing facilities that appear to be composed of private server farms, or computing grids, that are dynamically created from a large shared computing infrastructure. The control plane connected with the computing architecture described herein provides a private server farm whose privacy and integrity are protected by access control mechanisms implemented in the hardware of the computing grid.
[0029]
The control plane controls the internal topology of each VSF. The control plane takes the basic interconnection of the computers, network switches and storage network switches described herein and can be used to create various server farm configurations. These include, but are not limited to, a single-tier web server farm pre-processed by a load balancer, and a multi-tier configuration, where the web server communicates with the application server and the application server communicates with the database server. Communicate. Various load balancing, multiple layers, and firewall configurations are possible.
[0030]
Computing grid
The computing grid exists in a single location and can be distributed over a wide area. Initially, this document describes a computer grid in a single building-sized network composed only of local area technology. Next, this document describes a case where a computer grid is distributed over a wide area network (WAN).
[0031]
FIG. 2 is a block diagram illustrating one configuration of an expandable computing system 200 that includes a local computing grid 208. In this document, “expandable” generally means that the system is flexible and scalable, and has the ability to provide reduced or increased computational power to specific companies or users on demand. To do. The local computing grid 208 includes a number of computing elements CPU1, CPU2,. . . It consists of CPUn. In an embodiment, there are 10,000 or more computing elements. Since these computing elements do not contain or store state information for each element over time, they may be configured without permanent or non-volatile storage such as a local disk. Instead, all long-term state information is stored in a plurality of disks, disks 1 connected to the computing element via a storage area network (SAN) that includes one or more SAN switches 202, separately from the computing element. , Disk 2,. . . Saved on disk n. Examples of suitable SAN switches are sold by Brocade and Excel.
[0032]
All computing elements are interconnected via one or more VLAN switches 204 that are divided into virtual LANs (VLANs). The VLAN switch 204 is connected to the Internet 106. In general, a computing element includes one or two network interfaces connected to a VLAN switch. For convenience, in FIG. 2, all nodes have two network interfaces, but there are nodes with fewer or more network interfaces. Many manufacturers now provide switches that support VLAN functionality. For example, suitable VLAN switches are available from Cisco Systems, Inc and Xtreme Networks. Similarly, there are many products available to configure SANs, including Fiber Channel switches, SCSI to Fiber Channel bridging equipment, and network attached storage (NAS) equipment.
[0033]
The control plane 206 is connected to the SAN switch 202, CPU1, CPU2,. . . The CPUn and the VLAN switch 204 are connected to each other.
[0034]
Each VSF consists of a set of VLANs, a set of computing elements attached to the VLAN, and a subset of storage devices available on the SAN connected to the set of computing elements. A subset of storage available on the SAN is called a SAN zone, which is protected by SAN hardware from being accessed by computing elements that are part of other SAN zones. Preferably, VLANs that provide non- malleable port identifiers are used to prevent one customer or end user from accessing other customers or end users' VSF resources.
[0035]
FIG. 3 is a block diagram of a typical virtual server farm featuring a SAN zone. A plurality of web servers WS1, WS2 and the like are connected to a load balancer (LB) / firewall 302 by a first VLAN (VLAN1). The second VLAN (VLAN 2) connects the Internet 106 to the load balancer (LB) / firewall 302. Each web server can be selected from CPU1, CPU2, etc. using a mechanism described later. The web server is connected to the SAN zone 304, which is connected to one or more storage devices 306a, 306b.
[0036]
At some point, computing elements in the computing grid, such as CPU 1 of FIG. 2, for example, are only connected to a SAN zone associated with a collection of VLANs and a single VSF. Typically, VSF is not shared between different organizations. A subset of storage on a SAN that belongs to a single SAN zone, and a collection of associated VLANs, and computing elements on these VLANs define the VSF.
[0037]
By controlling VLAN membership and SAN zone membership, the control plane logically partitions the computing grid into multiple VSFs. A member of one VSF cannot access the computing or storage resources of another VSF. Such access restriction is executed by a VLAN switch and a port level access control mechanism (for example, zoning) of SAN hardware such as an edge device such as a fiber channel switch or SCSI-to-fiber channel bridging hardware. Since the computing elements that form part of the computing grid are not physically connected to the control ports or interfaces of the VSAN switch and SAN switch, it is not possible to control VLAN or SAN zone membership. Accordingly, the computing elements of the computing grid cannot access computing elements that are not located in the VSF that contains them.
[0038]
Only the computing elements that execute the control plane are physically connected to the control ports or interfaces of the equipment in the grid. The computing grid devices (computers, SAN switches, and VLAN switches) are only configured by these control ports or interfaces. This provides a simple but very stable means of dynamically dividing the computing grid into a number of VSFs.
[0039]
Each computing element in the VSF is interchangeable with other computing elements. The number of computing elements, VLANs and SAN zones associated with a given VSF changes over time under control of the control plane.
[0040]
In one embodiment, the computing grid includes an idle pool of spare multiple computing elements. Computing elements from the idle pool may be assigned to a particular VSF for reasons such as increasing CPU, the amount of memory available to that VSF, or dealing with a failure of a particular computing element in the VSF. When the computing element is configured as a web server, the idle pool functions as a large “shock absorber” for changing or “bursty” web traffic loads and associated peak processing loads.
[0041]
Since the idle pool is shared among many different organizations, a single organization does not have to pay for the entire idle pool, thus providing a scale advantage. Different organizations can get computing elements from the idle pool at different times of the day as needed, so each VSF can grow when needed and shrink when traffic settles to normal. It becomes possible. If many different organizations continue to peak at the same time, which can exhaust the capacity of the idle pool, the idle pool can be increased by adding more CPUs and storage elements to it. (Scalability). The capacity of the idle pool is designed to greatly reduce the probability that, under normal conditions, another computing element cannot be obtained from the idle pool when a particular VSF is needed.
[0042]
4A, 4B, 4C, and 4D are block diagrams that illustrate the sequential steps as computing elements are moved in and out of the idle pool. Referring first to FIG. 4A, assume that the control plane logically connects the elements of the computing grid to the first and second VSFs labeled VSF1 and VSF2. The idle pool 400 consists of a plurality of CPUs 402, one of which is labeled CPUX. In FIG. 4B, VSF1 required another computing element. Accordingly, the control plane moves the CPUX from the idle pool 400 to the VSF 1 as indicated by a path 404.
[0043]
In FIG. 4C, VSF1 no longer needs CPUX, so the control plane returns CPUX from VSF1 to idle pool 400. In FIG. 4D, VSF2 required another computing element. Therefore, the control plane moves CPUX from the idle pool 400 to VSF2. Thus, as time passes and traffic conditions change, a single computing element belongs to the idle pool (FIG. 4), is assigned to a particular VSF (FIG. 4B), and is returned to the idle pool (FIG. 4C). ) And belong to another VSF (FIG. 4D).
[0044]
At each of these stages, the control plane configures the LAN and SAN switches associated with that computing element that become part of the VLANs and SAN zones associated with a particular VSF (or idle pool). According to one embodiment, between each transition, the computing element is powered down or restarted. When the computing element is powered on again, the computing element sees a different part of the SAN storage zone. In particular, the computing element sees the portion of the storage zone on the SAN that contains a bootable image of an operating system (eg, Linux, NT, Solaris, etc.). The storage zone also includes data portions specific to each organization (eg, files associated with web servers, database partitions, etc.). Since the computing element is also part of another VLAN that is part of another VSF VLAN set, it can access the CPU, SAN storage, and NAS equipment associated with the destination VSF VLAN.
[0045]
In the preferred embodiment, the storage zone includes a plurality of predefined logical detail designs associated with the roles envisioned by the computing element. Initially, none of the computing elements are assigned to a specific role or task, such as a web server, application server, database server, or the like. The role of a computing element is derived from any of a plurality of pre-defined stored detail designs, each such detail design defining a boot image of the computing element associated with that role. The detailed design is stored in a file, database table, or other storage format that associates the boot image location with the role.
[0046]
Therefore, the movement of CPUX in FIGS. 4A, 4B, 4C, and 4D is logical, not physical, and is performed by reconfiguring VLAN switches and SAN zones under control of the control plane. Also, each computing element in the computing grid is initially substitutable and assumes a specific processing role only after being connected to a virtual server farm and loading software from a boot image. None of the computing elements are assigned a specific role or task, such as a web server, application server, database server, or the like. The role of a computing element can be derived from any of a plurality of pre-defined stored detail designs, each of which is associated with a role and defines a boot image of the computer element associated with the role To do.
[0047]
Since long-term state information is not stored on a specific computing element (such as a local disk), nodes can easily move between different VSFs and run completely different OS and application software. This makes it easier to replace computing elements in the event of planned or unplanned downtime.
[0048]
Certain computing elements can perform different roles when moving in and out of various VSFs. For example, a computing element can act as a web server in one VSF and move to another VSF to become a database server, web load balancer, firewall, and so on. In addition, different operating systems such as Linux, NT, and Solaris can be started and executed continuously in different VSFs. Thus, each computing element in the computing grid can be substituted and has no fixed role assigned to it. Thus, the entire spare capacity of the computing grid can be used to provide any services that any VSF requires. As a result, the number of backup servers that can provide the same service for each server that executes a specific service becomes thousands, so the availability and reliability of the service provided by a single VSF is extremely high. To be high.
[0049]
In addition, the high reserve capacity of the computing grid provides dynamic load balancing characteristics and high processor availability. This capability is possible with a unique combination of diskless computing elements that are interconnected via VLANs, connected to configurable zones of the storage device via SAN, and all controlled in real time by the control plane. Each computing element can operate in the role of any required server in the VSF and can be connected to any logical partition of any disk in the SAN. If the grid requires more computing power or disk space, computing elements or disk storage is manually added to the idle pool, which will provide VSF services to more organizations over time And decrease. No manual intervention is required to increase the number of CPUs, network and disk capacity, and storage available to VSF. All of these resources are allocated by the control plane from the CPU, network and disk resources available in the idle pool whenever requested.
[0050]
Certain VSFs are not manually reconfigured. Only the computing elements of the idle pool are manually reconfigured into the computing grid. As a result, large potential obstacles that currently exist in manually configured server farms are eliminated. There is almost no possibility that the server farm will malfunction due to human error when configuring a new server in a live server farm, resulting in the loss of service to users of that website.
[0051]
The control plane also copies data stored on storage devices attached to the SAN so that failure of a particular storage element does not cause loss of service to any part of the system. High utilization because any computing element can be attached to any storage partition by removing long-term storage from the computing device by using a SAN and providing redundant storage and computing elements The possibility is obtained.
[0052]
Detailed examples of establishing a virtual server farm, adding processors to it, and removing processors from it
FIG. 5 is a block diagram of a computing grid and control plane mechanism according to an embodiment. With reference to FIG. 5, the following describes the detailed process that can be used to create a VSF, add nodes to it, and then remove nodes from it.
[0053]
FIG. 5 shows a computing element 502 that includes computers AG connected to a VLAN capable switch 504. The VLAN switch 504 is connected to the Internet 106, and the VLAN switch has ports V1, V2, and the like. The computers A to G are further connected to a SAN switch 506, which is connected to a plurality of storage devices or disks D1 to D5. The SAN switch 506 has ports S1, S2, and the like. The control plane mechanism 508 is communicatively connected to the SAN switch 506 and the VLAN switch 504 through a control path and a data path. The control plane can send control commands to these devices via the control port.
[0054]
For convenience, the number of computing elements in FIG. 5 is reduced. In practice, a large number of computers, for example thousands or more, and the same number of storage devices form a computing grid. In such a large structure, a number of SAN switches are interconnected to form a mesh, and VLAN switches are interconnected to form a VLAN mesh. However, for the sake of clarity, FIG. 5 shows a single SAN switch and a single VLAN switch.
[0055]
First, all the computers A to G are assigned to the idle pool until the control plane receives a VSF creation request. All ports of the VLAN switch are assigned to a specific VLAN labeled VLANI (for idle zones). Assume that the control plane is required to configure VSF and includes one load balancer / firewall and two web servers connected to storage on the SAN. Requests to the control plane are received via a management interface or other computing element.
[0056]
In response, the control plane assigns or assigns CPUA as a load balancer / firewall and assigns CPUB and CPUC as web servers. CPUA is logically located in SAN zone 1 and is directed to a bootable partition on the disk containing dedicated load balancer / firewall software. The term “directed” is used for convenience and means that the CPUA is provided with sufficient information for any means to obtain or locate the appropriate software that needs to be run. By arranging the CPUA in the SAN zone 1, the CPUA can obtain resources from a disk controlled by the SAN in the SAN zone.
[0057]
The load balancer is configured by a control plane in order to know about CPUB and CPUC as two web servers to be load balanced. The firewall configuration protects CPUB and CPUC from unauthorized access from the Internet 106. CPUB and CPUC are directed to disk partitions on the SAN that contain boot OS images for specific operating systems (eg, Solaris, Linux, NT, etc.) and web server application software (eg, Apache). The VLAN switch is configured to arrange ports v1 and v2 in VLAN1 and to arrange ports v3, v4, v5, v6 and v7 in VLAN2. The control plane constitutes a SAN switch 506 and the fiber channel switch ports s1, s2, s3 and s8 are arranged in the SAN zone 1.
[0058]
Here we describe how the CPU is directed to a particular disk drive and what this means for booting and shared access to disk data.
[0059]
FIG. 6 is a block diagram illustrating the results of logical connections of computing elements collectively referred to as VSF1. The disk drive DD1 is selected from the storage devices D1, D2, etc. When the logical structure shown in FIG. 6 is obtained, an activation command is given to CPUs A, B, and C. Accordingly, CPUA becomes a dedicated load balancer / firewall computing element, and CPUB and CPUC become web servers.
[0060]
Now suppose that due to policy-based rules, the control plane has determined that another web server is required in VSF1. This occurs, for example, due to increasing demands on the web server, and it is possible to add at least three web servers to the VSF 1 according to customer plans. Or because the organization that owns or operates the VSF wants another server and adds it through a management mechanism such as a privileged web page that can add more servers to the VSF.
[0061]
In response, the control plane decides to add CPUD to VSF1. Therefore, the control plane adds CPUD to VLAN2 by adding ports v8 and v9 to VLAN2. Further, the SAN port s4 of the CPUD is added to the SAN zone 1. The CPUD is directed to the bootable portion of the SAN storage device that is booted and executed as a web server. CPUD also has read-only access to shared data on the SAN, which includes web page content, executable server scripts, and so on. In this way, web requests directed to the server farm can be handled so that CPUB and CPUC respond to the requests. The control plane configures the load balancer (CPUA) to include CPUD as part of the load balanced server set.
[0062]
CPUD was then started and the size of VSF increased to 3 web servers and 1 load balancer. FIG. 7 shows the resulting logical connectivity.
[0063]
Assume that the control plane receives a request to create another VSF named VSF2 that requires two web servers and one load balancer. The control plane assigns CPUE to be a load balancer / firewall and assigns CPUF and CPUG to be web servers. CPUE is configured to learn about CPUF and CPUG as two computing elements that are load balanced again.
[0064]
In order to implement this configuration, the control plane configures VLAN switch 504 so that VLAN 1 includes ports v10 and v11 (that is, connected to the Internet 106) and VLAN 3 includes ports v12, v13, v14, and v15. . Similarly, the SAN switch 506 is configured so that the SAN zone 2 includes the SAN ports s6, s7, and s9. This SAN zone includes storage devices that contain the software necessary to run CPUE as a load balancer and CPUF and CPUG as a web server that uses the shared read-only disk portion contained in SAN zone disk D2. .
[0065]
FIG. 8 is a block diagram of the resulting logical connectivity. Two VSFs (VSF1, VSF2) share the same physical VLAN switch and SAN switch, but the two VSFs are logically divided. CPU
Users accessing B, C, D or companies that own or operate VSF1 can only access the CPU and storage of VSF1. Such users cannot access the VSF2 CPU or storage. This is not possible due to the combination of a separate VLAN on the only shared segment (VLAN 1) and two firewalls, and the different SAN zones in which the two VSFs are configured.
[0066]
Further, the control plane shall determine that VSF1 can be returned to the two web servers. This is because the temporary increase in the load of VSF1 has been reduced or other management actions have been taken. In response, the control plane shuts down CPUD with a special command that includes powering off the CPU. When the CPU shuts down, the control plane removes ports v8 and v9 from VLAN 2 or from SAN zone 1 with SAN port s4. Port s4 is arranged in the idle SAN zone. The idle SAN zone is, for example, designated as SAN zone I (for idle) or zone 0.
[0067]
Thereafter, the control plane decides to add another node to VSF2. This is because the web server load in VSF2 temporarily increases or for other reasons. Therefore, the control plane decides to place CPUD in VSF 2 as indicated by dashed path 802. Therefore, the VLAN switch is configured so that the ports v8 and v9 are included in the VLAN 3 and the SAN port s4 is included in the SAN zone 2. The CPUD is directed to the storage portion of the disk device 2 that contains the OS and web server software boot images required for the VSF 2 server. CPUD is allowed read-only access to file system data shared by other web servers of VSF2. CPUD is powered on again and runs as a load balanced web server in VSF2 and does not access data in SAN zone 1 or CPUs attached to VLAN2. In particular, CPUD cannot access the elements of VSF1 even at the early time when it was part of VSF1.
[0068]
In addition, in this configuration, the safety limits enforced by CPUE were dynamically expanded to include CPUD. Accordingly, embodiments provide a dynamic firewall that automatically adjusts to properly protect computing elements that are added or removed from the VSF.
[0069]
For purposes of illustration, the example has described port-based SAN zoning. Other types of SAN zoning can also be used. For example, LUN zone SAN zoning may be used to create a SAN zone based on logical quantities in the disk array. A suitable example product for LUN level SAN zoning is Volume Logics Product from EMC Corporation.
[0070]
Disk unit on SAN
There are several ways to direct the CPU to a specific device on the SAN for the purpose of accessing the disk storage that has information about where to find the boot, or other disk storage that needs to be shared, boot program and data.
[0071]
In one method, a SCSI to Fiber Channel bridging device attached to the computing element and a local disk SCSI interface are provided. By determining the path from that SCSI port to the appropriate device in the Fiber Channel SAN, the computer can access storage devices on the Fiber Channel SAN to access locally attached SCSI devices. Therefore, software such as start-up software simply boots off the disk device on the SAN so as to boot off locally attached SCSI devices.
[0072]
Another method is to boot the ROM and OS software that has the node's Fiber Channel interface and associated device drivers and enables the Fiber Channel interface as a boot device.
[0073]
Other methods are SCSI or IDE device controllers, but have an interface card (eg, PCI bus or S bus) that communicates on the SAN to access the disk. Operating systems such as Solaris provide a complete diskless boot feature that can be used in this way.
[0074]
There are usually two types of SAN disk devices associated with a node. One type does not share logically with other computing elements, but constitutes what is usually a root partition for each node, including a bootable OS image, local configuration files, and the like. This is equivalent to a root file system on a Unix (registered trademark) system.
[0075]
The second type of disk is a shared storage with other nodes. The type of sharing depends on the OS software running on the CPU and the needs of the nodes accessing the shared storage. If the OS provides a cluster file system that allows read / write access to the shared disk partition between multiple nodes, the shared disk is implemented as such a cluster file system. Similarly, the system may use database software such as an Oracle parallel server that allows execution of multiple nodes in the cluster to provide simultaneous read / write access to the shared disk. In such a case, the shared disk is already designed in the basic OS and application software.
[0076]
In the case of an operating system in which such shared access is impossible, the shared disk can be implemented as a read-only device because the OS and related applications cannot manage disk devices shared with other nodes. For many web applications, read-only access to web-related files is sufficient. For example, in the case of a Unix (registered trademark) system, a specific file system may be implemented as read-only.
[0077]
Multi-switch computing grid
The configuration described above with respect to FIG. 5 is to interconnect multiple VLAN switches to form a large switched VLAN structure and to interconnect multiple SAN switches to form a large switched SAN mesh. Can be extended to multiple computing and storage nodes. In this case, the computing grid has the architecture shown generally in FIG. 5, except that the SAN / VLAN switched mesh includes a very large number of ports of CPUs and storage devices. A number of computing elements that implement the control plane can be physically connected to the control port of the VLAN / SAN switch, as described below. It is known in the art to interconnect multiple VLAN switches to create complex multi-premises data networks. See, for example, “Designing High-Performance Campus Intranets with Multilayer Switching” by G. Haviland, information available from Cisco Systems, Inc., and Brocade.
[0078]
SAN architecture
The description assumes that the SAN consists of Fiber Channel switches and disk equipment, and potentially Fiber Channel edge equipment such as SCSI to Fiber Channel bridges. However, the SAN may be configured using switches using other technologies, such as Gigabit Ethernet switches, or other physical layer protocols. In particular, attempts have been made to build SANs over IP networks by running the SCSI protocol over IP. The method and architecture described above can be adapted to these other SAN construction methods. When constructing a SAN by running a protocol such as SCSI over IP in a VLAN capable layer 2 environment, SAN zones are created by mapping them to different VLANs.
[0079]
Further, a network attached storage (NAS) operating on a LAN technology such as high speed Ethernet (registered trademark) or gigabit Ethernet (registered trademark) may be used. This option uses different VLANs instead of SAN zones to enhance integrity and logical partitioning of the computing grid. Such NAS devices typically support network file systems such as Sun's NSF protocol and Microsoft's SMB, allowing many nodes to share the same storage.
[0080]
Control plane implementation
As described herein, the control plane may be implemented as one or more processing resources connected to SAN and VLAN switch control and data ports. Various control plane implementations can be performed, and the invention is not limited to any particular control plane implementation. Various aspects of control plane implementation are described in detail in the following sections 1) Control plane architecture, 2) Master segment manager selection, 3) Management functions, 4) Policy and maintenance considerations.
[0081]
1. Control plane architecture
According to one embodiment, the control plane is implemented as a control process hierarchy. The control process hierarchy typically includes one or more master segment manager mechanisms that are communicatively connected to and control one or more slave segment manager mechanisms. One or more slave segment manager mechanisms control one or more farm managers. One or more farm managers manage one or more VSFs. The master and slave segment manager mechanisms may be implemented in hardware circuitry, computer software, or any combination.
[0082]
FIG. 9 is a block diagram 900 illustrating a logical relationship between a control plane 902 and a computing grid 904 according to one embodiment. The control plane 902 controls and manages the computing, networking and storage elements included in the computing grid 904 via networking and storage element special control ports or interfaces in the computing grid 904. The computing grid 904 includes a number of VSFs 906 or logical resource groups generated by the above-described embodiments.
[0083]
According to one embodiment, control plane 902 includes a master segment manager 908, one or more slave segment managers 910, and one or more farm managers 912. Master segment manager 908, slave segment manager 910, and farm manager 912 may be co-located on a particular computing platform or distributed over multiple computing platforms. For convenience, only a single master segment manager 908 is shown and described, but multiple master segment managers 908 may be used.
[0084]
The master segment manager 908 is communicatively connected to the slave segment manager 910 and controls and manages it. Each slave segment manager 910 is connected to and manages one or more farm managers 912. According to one embodiment, each farm manager 912 is co-located on the same computing platform as the corresponding slave segment manager 910 that is communicatively connected. The farm manager 912 establishes, configures and maintains the VSF 906 on the computing grid 904. According to one embodiment, each farm manager 912 is assigned a single VSF 906 to manage, but the farm manager 912 is also assigned multiple VSFs 906. Each of the farm managers 912 communicates only via each slave segment manager 910, not directly. The slave segment manager 910 monitors the status of its assigned farm manager 912. The slave segment manager 910 restarts the assigned firmware manager 912 that has stopped functioning or abnormally terminated.
[0085]
Master segment manager 908 monitors the loading of VSF 906 to determine the amount of resources allocated to each VSF 906. The master segment manager 908 instructs the slave segment manager 910 to allocate and deallocate VSF resources via the farm manager 912 as needed. Various load balancing algorithms may be implemented depending on the requirements of a particular application, and the present invention is not limited to a particular load balancing method.
[0086]
The master segment manager 908 monitors the loading information of the computing platform on which the slave segment manager 910 and the farm manager 912 are running to determine whether the computing grid 904 is properly serviced. Master segment manager 908 allocates and deallocates slave segment manager 910 and directs slave segment manager 910 to allocate and deallocate farm manager 912 to properly manage computing grid 904 as needed. . According to one embodiment, the master segment manager 908 also assigns a VSF to the farm manager 912 and to the slave segment manager 910 to balance the load between the farm manager 912 and the slave segment manager 910 as needed. The allocation of the farm manager 912 is managed. According to one embodiment, the slave segment manager 910 actively communicates with the master segment manager 908 to make a change request to the computing grid 904 and to request another slave segment manager 910 and / or a farm manager 912. If the processing platform running one or more slave segment managers 910 and one or more farm managers 912 ceases to function, the master segment manager 908 moves from the suspended computing platform farm manager 912 to the other. Reassign VSF 906 to the farm manager 912. In this case, the master segment manager 908 can also instruct the slave segment manager 910 to start another farm manager 912 to reassign the VSF 906. By actively managing the large number of computing resources allocated to the VSF 906, the large number of active farm managers 912, and the slave segment manager 910, overall power consumption can be controlled. For example, to save power, the master segment manager 908 may shut down computing platforms that do not have an active slave segment manager 910 or farm manager 912. Power saving is important at the large computing grid 904 and control plane 902.
[0087]
According to one embodiment, the master segment manager 908 manages the slave segment manager 910 using a registry. The registry includes information about the current slave segment manager 910, such as its status, assigned farm manager 912, and assigned VSF 906. As slave segment manager 910 is allocated and deallocated, the registry is updated to reflect changes in slave segment manager 910. For example, when a new slave segment manager 910 is instantiated by the master segment manager 908 and one or more assigned VSFs 906, the registry is updated to update the new slave segment manager 910 and its assigned farm manager 912 and VSF 906. The generation of is reflected. The master segment manager 908 can then periodically check the registry to determine how to assign the VSF 906 to the slave segment manager 910.
[0088]
According to one embodiment, the registry includes information about the master segment manager 908 that the master segment manager 910 can access. For example, the registry may include data identifying one or more active master segment managers 908 so that when a new slave segment manager 910 is created, the new slave segment manager 910 checks the registry and The identification of one or more master segment managers 908 can be verified.
[0089]
The registry may be implemented in various ways, and the invention is not limited to a particular implementation. For example, the registry may be a data file stored in the database 914 in the control plane 902. The registry may not be stored outside the control plane 902. For example, the registry may be stored on a storage device of the computing grid 904. In this example, the storage device is dedicated to the control plane 902 and is not assigned to the VSF 906.
[0090]
2. Election of master segment manager
In general, the master segment manager is elected when the control plane is established or after an existing master segment manager fails. There is generally a single master segment manager for a particular control plane, but it may be advantageous to elect more than one master segment manager to manage slave segment managers in the control plane simultaneously.
[0091]
According to one embodiment, the slave segment manager in the control plane elects the master segment manager for that control plane. In the simple case where there is no master segment manager and there is only a single slave segment manager, the slave segment manager becomes the master segment manager and assigns another slave segment manager as needed. If there are two or more slave segment managers, two or more slave processes elect new master segment managers by voting, for example quorum.
[0092]
Because the slave segment manager in the control plane is not necessarily permanent, a specific slave segment manager may be selected to participate in the vote. For example, according to one embodiment, the register includes a time stamp for each slave segment manager that is periodically updated by each slave segment manager. The slave segment manager with the most recently updated timestamp determined according to the specified selection criteria is still considered to be running and is selected to elect a new master segment manager. For example, a specified number of newest slave segment managers may be selected for voting.
[0093]
According to one embodiment, an elected sequence number is assigned to all active slave segment managers and a new master segment manager is determined based on the elected sequence number of the active slave segment manager. For example, the lowest or highest elected sequence number may be used to select a particular slave segment manager as the next (or first) master segment manager.
[0094]
When the master segment manager is established, the slave segment manager of the same control plane as the master segment manager periodically checks the master segment manager by contacting (pinging) the current master segment manager, and the master segment manager Determine if the manager is still active. If it is determined that the current master segment manager is not active, a new master segment manager is elected.
[0095]
FIG. 10 shows a state diagram 1000 for selecting a master segment manager according to an embodiment. In state 1002, which is the main loop of the slave segment manager, the slave segment manager waits for the ping timer to expire. When the ping timer expires, the state 1004 is entered. In state 1004, the slave segment manager pings the master segment manager. Further, in state 1004, the slave segment manager's timestamp (TS) is updated. If the master segment manager responds to the ping, the master segment manager is still active and returns to state 1002. If there is no response from the master segment manager after a specific time, state 1006 is entered.
[0096]
In state 1006, a list of active slave segment managers is obtained and state 1008 is entered. In state 1008, other slave segment managers also check to see if they have received a response from the master segment manager. Instead of sending a message to the slave segment manager to make this confirmation, this information is obtained from the database. If the slave segment manager does not agree that the master segment manager is not active, i.e. if one or more slave segment managers receive a timely response from the master segment manager, it is assumed that the current master segment manager is still active. Return to state 1002. If a certain number of slave segment managers do not receive a timely response from the current master segment manager, it is assumed that the current master segment manager is “dead”, ie, not active, and proceeds to state 1010.
[0097]
In state 1010, the slave segment manager that started the process retrieves the current selection number from the selection table and the next selection number from the database. Next, the slave segment manager updates the selection table and writes an entry designating the next selection number and a unique address in the master selection table. Next, the slave segment manager proceeds to state 1012 where the sequence number with the lowest selected number is read. In state 1014, it is ascertained whether a particular slave segment manager has the lowest sequence number. If not, return to state 1002. If so, proceed to state 1016 where the particular slave segment manager becomes the master segment manager. Next, proceeding to state 1018, the selection number is incremented.
[0098]
As described above, the slave segment manager generally assigns a new VSF in response to a service of the assigned VSF and a command from the master segment manager. The slave segment manager also checks the master segment manager and, if necessary, selects a new master segment manager.
[0099]
FIG. 11 is a state diagram 1100 illustrating various states of a slave segment manager according to an embodiment. Processing begins at slave segment manager start state 1102. From state 1102, the process proceeds to state 1104 in response to a request to confirm the current state of the master segment manager. In state 1104, the slave segment manager sends a ping to the current master segment manager to determine if the current master segment manager is still active. If the timely response is from the current master segment manager, proceed to state 1106. In state 1106, a message is broadcast to the other slave segment managers to inform that the master segment manager has responded to the ping. From state 1106, return to start state 1102.
[0100]
If there is no timely master response in state 1104, proceed to state 1108. In state 1108, a message is broadcast to the other slave segment managers to inform them that the master segment manager has not responded to the ping. Next, the process returns to the start state 1102. Incidentally, if a sufficient number of slave segment managers do not receive a response from the current master segment manager, a new master segment manager is elected as described above.
[0101]
If a request to resume VSF is received from the master segment manager from state 1102, the process proceeds to state 1110. In state 1110, VSF resumes and returns to start state 1102.
[0102]
As described above, the master segment manager generally ensures that the VSF of the computing grid controlled by the master segment manager is appropriately serviced by one or more slave segment managers. For this purpose, the master segment manager periodically checks all slave segment managers in the same control plane as the master segment manager. According to one embodiment, the master segment manager 908 periodically requests status information from the slave segment manager 910. The information includes, for example, which VSF 906 is being serviced by the slave segment manager 910. If a particular slave segment manager 910 does not respond within a particular time, the master segment manager 908 attempts to resume the particular slave segment manager 910. If a particular slave segment manager 910 cannot be resumed, the master segment manager 908 reassigns the farm manager 912 from the failed slave segment manager 910 to another slave segment manager 910. The master segment manager 908 can then instantiate one or more other slave segment managers 910 to perform process loading rebalancing. According to one embodiment, master segment manager 908 monitors the state of the computing platform executing slave segment manager 910. If there is an abnormality in the computing platform, the master segment manager 908 assigns the VSF assigned to the farm manager 912 on the abnormal computing platform to another computing platform.
[0103]
FIG. 12 is a state diagram 1200 of the master segment manager. Processing begins at a master segment manager start state 1202. From state 1202, the process proceeds to state 1204 when the master segment manager 908 performs or requests periodic inspection of the slave segment manager 910 on the control surface 902. From state 1204, if all slave segment managers 910 respond as expected, the process returns to state 1202. This occurs when all slave segment managers 910 provide master segment manager 908 with specific information indicating that all slave segment managers 910 are operating normally. If one or more slave segment managers 910 do not respond, or if one or more slave segment managers 910 respond that indicate that something is wrong, proceed to state 1206.
[0104]
In state 1206, master segment manager 908 attempts to resume slave segment manager 910 that has failed. This can be done in several ways. For example, the master segment manager 908 can send a resume message to the slave segment manager 910 that is not responding or has failed. From state 1206, if all slave segment managers 910 respond as expected, i.e. resumed without problems, state 1202 is returned. For example, when the failed slave segment manager 910 resumes without any problem, the slave segment manager 910 sends a resume confirmation message to the master segment manager 908. From state 1206, if one or more slave segment managers could not be resumed, proceed to state 1208. This occurs when the master segment manager 908 does not receive a resume confirmation message from a particular slave segment manager 910.
[0105]
In state 1208, master segment manager 908 determines the current loading of the machine executing slave segment manager 910. To obtain loading information for slave segment manager 908, master segment manager 908 polls slave segment manager 910 directly or obtains loading information from another location, such as database 914, for example. The present invention is not limited to a particular method for the master segment manager 908 to obtain loading information for the slave segment manager 910.
[0106]
Next, proceeding to state 1210, the VSF 906 assigned to the slave segment manager 910 having an abnormality is reassigned to another slave segment manager 910. The slave segment manager 910 to which the VSF 906 is assigned informs the master segment manager 908 when the reassignment is complete. For example, the slave segment manager 910 can send a reassignment confirmation message to the master segment manager 908 to indicate that the reassignment of the VSF 906 has been successfully completed. It remains in state 1210 until all VSF 906 reassignments associated with the failed slave segment manager 910 have been confirmed. If confirmed, the process returns to the state 1202.
[0107]
Instead of reassigning the VSF 906 associated with the failed slave segment manager 910 to other active slave segment managers 910, the master segment manager 908 assigns another slave segment manager 910 and assigns these VSFs 906 to the new slave segment manager 910. May be assigned. The choice of whether to reassign VSF 906 to an existing slave segment manager 910 or a new slave segment manager 910 is at least partly related to the latency associated with the assignment of the new slave segment manager 910 and to the existing slave segment manager 910. Depending on the latency associated with the reassignment of VSF 906. Either method can be used depending on the requirements of a particular application, and the present invention is not limited to any method.
[0108]
3. Management function
According to one embodiment, control plane 902 is communicatively connected to a global grid manager. The control surface 902 provides the global grid manager with billing, faults, capacity, loading, and other computing grid information. FIG. 13 is a block diagram illustrating the use of a global grid manager according to an embodiment.
[0109]
In FIG. 13, the computing grid 1300 is partitioned into logical portions called grid segments 1302. Each grid segment 1302 includes a control plane 902 that controls and manages the data plane 904. In this example, each data plane 904 is identical to the computing grid 904 of FIG. 9, but to illustrate the use of multiple control planes 902 and data planes 904, ie, global grid managers that manage grid segments 1302, “ It is called the “data plane”.
[0110]
Each grid segment is communicatively connected to a global grid manager 1304. The global grid manager 1304, control plane 902, and computing grid 904 may be co-located on a single computing platform or distributed over multiple computing platforms, and the present invention is not limited to a particular implementation. There is no limit.
[0111]
The global grid manager 1304 performs centralized management and service of a plurality of grid segments 1302. The global grid manager 1304 can collect billing, loading, and other information from the control plane 902 that is used in various management tasks. For example, the service provided by the computing grid 904 is charged using the charging information.
[0112]
4). Policy and maintenance considerations
As described above, the slave segment manager in the control plane must be able to communicate with the associated VSF in the computing grid. Similarly, a VSF in a computing grid must be able to communicate with its associated slave segment manager. In addition, VSFs in a computing grid must not be able to communicate with each other to prevent one VSF from altering the structure of another VSF in some way. Explain the various ways to implement these policies.
[0113]
FIG. 14 is a block diagram 1400 of an architecture for connecting a control plane to a computing grid according to an embodiment. The VLAN switch (VLAN SW1 to VLAN SWn) collectively identified by reference number 1402 and the control (“CTL”) port of the SAN switch (SAN SW1 to SAN SWn) collectively identified by reference number 1404 are Ethernet (registered) Trademark) subnet 1406. The Ethernet subnet 1406 is connected to a plurality of computing elements (CPU1, CPU2 to CPUn) collectively identified by reference numeral 1408. Accordingly, only the computing elements of the control plane 1408 are communicatively connected to the control ports (CTL) of the VLAN switch 1402 and the SAN switch 1404. This structure prevents computing elements in the VSF (not shown) from changing the membership of VLANs and SAN zones associated with itself or other VSFs. This method is also applicable when the control port is a serial or parallel port. In this case, the port is connected to the computing element of the control plane 1408.
[0114]
FIG. 15 is a block diagram 1500 illustrating a structure for connecting control plane computing elements (CP CPU1, CP CPU2 to CP CPUn) 1502 to data ports according to an embodiment. In this configuration, the control plane computing element 502 periodically sends packets to the control plane agent 1504 that operates for the control plane computing element 1502. The control plane agent 1504 periodically polls the computing element 502 for real-time data and sends the data to the control plane computing element 1502. Each segment manager in the control plane 1502 is communicatively connected to a control plane (CP) LAN 1506. The CP LAN 1506 is communicatively connected to the special port V17 of the VLAN switch 504 via the CP firewall 1508. This structure provides a reliable and extensible means for the control plane computing element 1502 to collect real-time information from the computing element 502.
[0115]
FIG. 16 is a block diagram 1600 of an architecture for connecting a control plane to a computing grid according to an embodiment. The control plane 1602 includes control plane computing elements CP CPU1 and CP CPU2 to CP CPUn. Each control plane computing element CP CPU1, CP CPU2 to CP CPUn in the control plane 1602 is communicatively connected to ports S1, S2 to Sn of a plurality of SAN switches forming the SAN mesh 1604 as a whole.
[0116]
The SAN mesh 1604 includes SAN ports So and Sp that are communicatively connected to a storage device 1606 that includes data that is private to the control plane 1602. The storage device 1606 is shown in FIG. 16 as a disk for convenience. The storage device 1606 may be implemented with any type of storage medium, and the present invention is not limited to a particular type of storage medium with the storage device 1606. Storage device 1606 is logically located in control plane private storage zone 1608. The control plane private storage zone 1608 maintains log files that implement the control plane 1602, statistical data, and current control plane configuration information. Since the SAN ports So, Sp are the only part of the control plane private storage zone and are not located in other SAN zones, only computing elements in the control plane 1602 can access the storage device 1606. In addition, S1, S2 to Sn, So, and Sp exist in the control plane SAN zone that is only communicatively connected to the computing elements in the control plane 1602. These ports are not accessible by computing elements (not shown) in the VSF.
[0117]
According to one embodiment, if a particular computing element CP CPU1, CP CPU2-CP CPUn needs to access a storage device or part thereof, it is part of a particular VSF and a particular computing element Is placed in the SAN zone of a particular VSF. For example, assume that computing element CP CPU 2 needs to access VSFi disk 1610. In this case, the port s2 associated with the control plane CP CPU2 is arranged in the VSFi SAN zone including the port Si. Once computing element CP CPU2 accesses VSFi disk 1610 on port Si, computing element CP CPU2 is removed from the VSFi SAN zone.
[0118]
Similarly, it is assumed that the computing element CP CPU 1 needs to access the VSFj disk 1612. In this case, the computing element CP CPU1 is located in the SAN zone associated with VSFj. As a result, port S1 is placed in the SAN zone associated with VSFj having the zone that includes port Sj. Once computing element CP CPU1 accesses VSFj disk 1612 connected to port Sj, computing element CP CPU1 is removed from the SAN zone associated with VSFj. This method provides the integrity of the control plane computing element and control plane storage zone 1608 by accurately controlling access to resources using precise SAN zone control.
[0119]
As described above, a single control plane computing element can manage multiple VSFs. Thus, a single control plane computing element must be able to define itself in multiple VSFs simultaneously, while implementing a firewall between VSFs according to policy rules established for each control plane. Policy rules may be stored in each control plane database 914 (FIG. 9) or may be enforced by the central segment manager 1302 (FIG. 13).
[0120]
According to one embodiment, VLAN tags based on (physical switch) ports cannot be spoofed, so VLAN tagging and IP addresses are tightly coupled to prevent VSF spoof attacks. An IP packet sent on a VLAN interface must have the same VLAN tag and IP address as the logical interface on which the packet arrives. This prevents an IP spoofing attack where an unauthorized server in a VSF spoofs the source IP address in another VSF, potentially alters the logical structure of another VSF, or destroys the integrity of the computing grid functionality. This method of preventing VLAN tagging requires physical access to the computing grid that can be prevented using a highly secure (Class A) data center.
[0121]
Various network frame tagging formats may be used to tag data packets, and the present invention is not limited to a particular tagging format. According to one embodiment, IEE802.1q VLAN tags are used, although other formats are suitable. In this example, a VLAN / IP address consistency check is performed in the subsystem of the IP stack where 802.1q tag information exists to control access. In this example, the computing element is configured with a VLAN enabled network interface card (NIC) so that the computing element is communicatively connected to multiple VLANs simultaneously.
[0122]
FIG. 17 is a block diagram 1700 of a configuration for firmly coupling a VLAN tag and an IP address according to an embodiment. Computing elements 1702 and 1704 are communicatively connected to ports v1 and v2 of VLAN switch 1706 via NICs 1708 and 1710, respectively. VLAN switch 1706 is also communicatively connected to access switches 1712 and 1714. Ports v1 and v2 are configured in a tag format. According to one embodiment, IEEE 802.1q VLAN tag information is provided by VLAN switch 1706.
[0123]
Wide area computing grid
The VSF described above is distributed over the WAN in various ways.
[0124]
In one method, the wide area backbone may be based on asynchronous transfer mode (ATM) switching. In this case, each local area VLAN is extended over a wide area using an emulated LAN (ELAN) that is part of the ATM LAN emulation (LANE) standard. Thus, a single VSF extends across several wide area links such as ATM / SONET / OC-12 links. The ELAN becomes part of the VLAN that extends across the ATM WAN.
[0125]
Another way is to extend VSF across the WAN using a VPN system. In this embodiment, the fundamental characteristics of the network become inappropriate, and VPNs are used to interconnect two or more VSFs across the WAN to create a single distributed VSF.
[0126]
Data mirroring techniques can be used to logically copy data in a distributed VSF. Alternatively, the SAN is bridged over the WAN using one of several SAN to WAN bridging technologies such as SAN to ATM bridging or SAN to Gigabit Ethernet bridging. Since IP works without problems on such a network, a SAN configured on the IP network will naturally expand on the WAN.
[0127]
FIG. 18 is a block diagram of a plurality of VSFs extended over a WAN connection. The San Jose Center, New York Center, and London Center are connected by a WAN connection. Each WAN connection consists of an ATM, ELAN or VPN connection as described above. Each center is composed of at least one VSF and at least one idle pool. For example, the San Jose Center has VSF1A and idle pool A. In this configuration, the computing resources of each idle pool in the center are available for assignment or designation to VSFs in other centers. When such an assignment or designation is made, the VSF expands over the WAN.
[0128]
Examples of using VSF
The VSF architecture described in the above example may be used in the context of a web server system. Therefore, the above example has been described with respect to a web server, an application server, and a database server configured from a CPU in a specific VSF. However, the VSF architecture may be used in many other computing situations to provide other types of services, and the present invention is not limited to web server systems.
[0129]
-Distributed VSF as part of a content distribution network
In one embodiment, VSF uses a wide area VSF to provide a content distribution network (CDN). The CDN is a network of caching servers that perform distributed caching of data. A network of caching servers can be implemented using, for example, TrafficServer (TS) software sold by Inktomi Corporation, San Mateo, California. TS is a cluster-aware system and the system will expand as more CPUs are added to the collection of caching traffic server computing elements. Therefore, it is very suitable for the system where the addition of CPU is an expansion mechanism.
[0130]
In this configuration, the system can dynamically add more CPUs to the portion of the VSF that runs caching software such as TS, which can increase the cache capacity near where bursty web traffic occurs. Is possible. As a result, the CDN is configured to dynamically expand in CPU and I / O bandwidth in a legal manner.
[0131]
-VSF for hosted intranet applications
There is increasing interest in providing intranet applications such as enterprise resource planning (ERP), ORM and CRM software as hosted and managed services. Technologies such as Citrix WinFrame and Citrix MetaFrame enable companies to provide Microsoft Windows applications as services on small and lightweight clients such as Windows CE devices or web browsers. VSF can host such applications in an extensible manner.
[0132]
For example, SAP R / 3 ERP software sold by SAP Aktiengesellschaft, Germany, allows companies to load balance using multiple applications and data servers. In the case of VSF, enterprises dynamically add more application servers (eg, SAP dialog servers) to the VSF to extend the VSF based on real-time requirements or other factors.
[0133]
Similarly, by adding more Citrix servers with Citrix Metaframe, it is possible to extend Windows (registered trademark) application users on server farms that execute hosted Windows (registered trademark) applications. In this case, the Citrix MetaFrame VSF dynamically adds more Citrix servers to the VSF in order to accommodate users of Windows (registered trademark) applications hosted by more Metaframes. It will be apparent that many other applications are hosted as in the example described above.
[0134]
-Customer interaction with VSF
Because VSFs are generated on demand, VSF customers or organizations that “own” the VSF can interact with the system in various ways to customize the VSF. For example, since a VSF is created and modified immediately via the control plane, VSF customers may be granted privileged access to create and modify the VSF itself. Privileged access is provided using password authentication provided by web pages and secure applications, token card authentication, Kerberos exchange, or other suitable secure element.
[0135]
In one embodiment, the set of web pages is served by a computing element or a separate server. Web pages allow customers to count the number of layers, the number of computing elements in a particular layer, the hardware and software platform used for each element, what kind of web server, application server, or database server software these A custom VSF can be generated, such as by specifying whether to pre-configure on a computing element. Thus, the customer has a virtual supply console.
[0136]
After a customer or user enters such supply information, the control plane analyzes and evaluates the order and queues it for execution. The order can be reviewed by a human administrator to confirm that it is appropriate. An enterprise credit check can be performed to confirm that you have the appropriate credit to pay for the requested service. When the supply order is approved, the control plane configures the VSF to match the order and returns a password to the customer giving root access to one or more computing elements in the VSF. The customer can then upload a master copy of the application and run it in VSF.
[0137]
If the company that employs the computing grid is a for-profit company, payment information such as a credit card, PO number, electronic check, or other payment method can also be received from the web page.
[0138]
In another embodiment, the web page allows the customer to select one of several VSF service plans based on real-time load, such as automatic scaling of the VSF between the minimum and maximum number of elements. can do. Customers can have control values that allow changes to parameters such as the minimum number of computing elements in a particular tier, such as a web server, or the time period that must have VSF minimum server capacity. The parameter may be linked to billing software that automatically adjusts the bill draft rate of the customer and generates a billing log file entry.
[0139]
The privileged access mechanism allows customers to obtain reports and monitor real-time information about usage, load, hits per second or number of transactions, and adjust VSF characteristics based on real-time information. The above features provide advantages over conventional manual methods for server farm construction. In the conventional method, the user cannot add the server by various methods and automatically change the characteristics of the server farm without going through the troublesome manual procedure for configuring the server farm.
[0140]
-Billing model for VSF
Given the dynamic nature of VSF, companies that employ computing grids and VSF use VSF's billing model based on actual use of VSF's computing and storage elements to help VSF-owned customers. You can charge a service fee. The VSF architecture and method disclosed herein allows for an “instant payment” charging model because certain VSF resources are not statically specified. Therefore, a specific customer whose usage load of the server farm is extremely variable is not charged a fee related to a certain peak server capacity, and is charged a fee that reflects the running average of usage, instantaneous use, etc. Can be saved.
[0141]
For example, a company operates using a billing model that prescribes a flat fee for a minimum number of computing elements, such as 10 servers, and a real-time load that requires 10 or more elements. The user is charged at an additional fee for additional servers based on how many additional servers are needed and the time they were needed. Such a unit of billing may reflect the resource being charged. For example, the charge may be expressed in units such as MIPS time, CPU time, and CPU 1000 seconds.
[0142]
-Customer visibility control plane API
In other ways, the capacity of the VSF may be controlled by giving the customer an application programming interface (API) that defines the control plane calls for resource changes. Therefore, the application program prepared by the customer can call or request using the API, and can request more servers, more storage, higher processing capacity, and the like. This method may be used when a customer knows about the computing grid environment and needs an application program to take advantage of the capabilities provided by the control plane.
[0143]
Neither part of the above architecture requires the customer to change its application for use with the computing grid. Existing applications operate in the same way that they operate on manually configured server farms. However, if a better understanding of the computing resources needed based on the real-time load monitoring capabilities provided by the control plane is available, applications can take advantage of the dynamism possible with the computing grid. APIs of the above nature that allow application farms to change the computing capacity of a server farm are not possible using existing manual methods for server farm construction.
[0144]
-Automatic update and versioning
Using the methods and mechanisms disclosed herein, the control plane can perform automatic updating and versioning of operating system software running on the VSF computing elements. Thus, end users or customers do not have to worry about updating the operating system with new patches, bug fixes, and the like. The control plane maintains its library when such software elements are received and can automatically distribute and install them on all affected VSF computing elements.
[0145]
Implementation mechanism
The computing elements and control plane may be implemented in several forms, and the invention is not limited to a particular form. In one embodiment, each computing element is a general purpose digital computer having the elements shown in FIG. 19, except for non-volatile storage 1910, and the control plane operates under the control of program instructions that implement the above process. 19 is a general-purpose digital computer of the type shown in FIG.
[0146]
FIG. 19 is a block diagram that illustrates a computer system 1900 upon which an embodiment of the invention may be implemented. Computer system 1900 includes a bus 1902 or other communication mechanism for communicating information, and a processor 1904 connected with bus 1902 for processing information. Computer system 1900 also includes main memory 1906 such as random access memory (RAM) or other dynamic storage device connected to bus 1902 for storing information and instructions executed by processor 1904. Main memory 1906 can also be used to store temporary numeric variables and other intermediate information during execution of instructions executed by processor 1904. Computer system 1900 further includes a read only memory (ROM) 1908 or other static storage device connected to bus 1902 for storing static information and instructions for processor 1904. A storage device 1910 such as a magnetic disk or optical disk is provided and connected to the bus 1902 for storing information and instructions.
[0147]
Computer system 1900 may be connected via bus 1902 to a display 1912, such as a cathode ray tube (CRT), for displaying information to a computer user. Input device 1914, including alphanumeric and other keys, is connected to bus 1902 for communicating information and command selections to processor 1904. Another type of user input device is a cursor control 1916 such as a mouse, trackball, cursor direction keys for communicating direction information and command selections to the processor 1904 and controlling cursor movement on the display 1912. . This input device generally has two degrees of freedom in two axes that allow the device to specify a position in the plane, ie, a first axis (eg, x) and a second axis (eg, y).
[0148]
The invention is related to the use of computer system 1900 for controlling an extensible computing system. According to one embodiment of the present invention, control of the extensible computing system is controlled by computer system 1900 in response to processor 1904 executing one or more sequences of one or more instructions contained in main memory 1906. Is done by. Such instructions are read into main memory 1906 from another computer readable medium, such as storage device 1910. By executing the sequence of instructions contained in the main memory 1906, the processor 1904 performs the process steps described above. One or more processors may be used in a multi-processing configuration to execute a sequence of instructions contained in main memory 1906. In another embodiment, the present invention may be implemented using hardwired circuitry instead of or in combination with software instructions. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
[0149]
The term “computer-readable medium” as used herein refers to any medium that participates in providing instructions to the processor 1904 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks such as storage device 1910. Volatile media includes dynamic memory, such as main memory 1906. The transmission medium includes a coaxial cable including wiring constituting the bus 1902, a copper wire, and an optical fiber. Transmission media can also take the form of acoustic or light waves, such as those generated during wireless and infrared data communications.
[0150]
Common formats of computer-readable media are, for example, floppy disks, flexible disks, hard disks, magnetic tapes, other magnetic media, CD-ROMs, other optical media, punches as described below. Includes cards, paper tape, other physical media with hole patterns, RAM, PROM, EPROM, FLASH-EPROM, other memory chips or cartridges, carrier waves, or other media that can be read by a computer.
[0151]
Various forms of computer readable media may be involved in causing the processor 1904 to send one or more sequences of one or more instructions to be executed. For example, the instructions are first sent to the remote computer's magnetic disk. The remote computer loads the instructions into its dynamic memory and sends the instructions over the telephone line using a modem. A modem remote to computer system 1900 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. The infrared detector connected to the bus 1902 receives the data carried by the infrared signal and outputs the data to the bus 1902. Bus 1902 sends data to main memory 1906, from which processor 1904 retrieves and executes instructions. The instructions received by main memory 1906 may be optionally stored on storage device 1910 either before or after execution of processor 1904.
[0152]
Computer system 1900 also includes a communication interface 1918 connected to bus 1902. The communication interface 1918 performs bidirectional data communication connected to the network link 1920 connected to the local network 1922. For example, the communication interface 1918 may be a digital integrated service network (ISDN) card or modem for making a data communication connection to a corresponding type of telephone line. In another example, communication interface 1918 may be a local area network (LAN) for making data communication connections to a compatible LAN. A wireless link can also be implemented. In such implementations, the communication interface 1918 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
[0153]
Network link 1920 typically provides data communication to other data devices via one or more networks. For example, the network link 1920 provides a connection via a local network 1922 to a host computer 1924 or data device operated by an Internet service provider (ISP) 1926. The ISP 1926 provides data communication services through a global packet data communication network 1928 that is now commonly referred to as the “Internet”. Local network 1922 and Internet 1928 both use electrical, electromagnetic or optical signals that carry digital data streams. Signals on various networks and network links 1920, and signals that send and receive digital data to and from computer system 1900 via communication interface 1918 are typical forms of carrier waves that carry information.
[0154]
Computer system 1900 can send messages and receive data, including program code, via the network, network link 1920 and communication interface 1918. In the Internet example, the server 1930 sends a request code for an application program via the Internet 1928, ISP 1926, local network 1922, and communication interface 1918. In accordance with the present invention, such downloaded applications define the control of the extensible computing system described herein.
[0155]
The received code may be stored on storage device 1910 or other non-volatile storage for execution by processor 1904 and / or later execution upon receipt. Thus, the computer system 1900 can obtain application code in the form of a carrier wave.
[0156]
The computing grid disclosed herein is conceptually compared to a public power network, sometimes referred to as a power grid. The power grid provides an extensible means for a large number of parties to obtain power services through a single large scale power infrastructure. Similarly, the computing grid disclosed herein provides computing services to multiple organizations by using a single large-scale computing infrastructure. Because the power grid is used, power consumers do not voluntarily manage their personal power facilities. For example, there is no reason for a utility consumer to operate a personal generator in their facility or shared facility and manage their capacity and increase on their own. Instead, the power grid can supply power to a large portion of the population over a wide area, thus providing significant scale benefits. Similarly, the computing grid disclosed herein can use a single large-scale computing infrastructure to provide computing services to the majority of the population.
[0157]
In the foregoing detailed description, the invention has been described with reference to specific embodiments. It will be apparent, however, that various modifications and changes can be made to the present invention without departing from the broad spirit and scope of the invention. Accordingly, the description and drawings are to be regarded in an illustrative rather than a restrictive sense.
[Brief description of the drawings]
FIG. 1A is a block diagram of a simple website that uses a single computing element topology.
FIG. 1B is a block diagram of a one-tier web server farm.
FIG. 1C is a block diagram of a three-tier web server farm.
FIG. 2 is a block diagram illustrating one configuration of an expandable computing system 200 that includes a local computing grid.
FIG. 3 is a block diagram of an exemplary virtual server farm that characterizes a SAN zone.
FIG. 4A is a block diagram illustrating sequential steps associated with adding a computing element and removing an element from a virtual server farm.
FIG. 4B is a block diagram illustrating successive steps associated with adding computing elements and removing elements from a virtual server farm.
FIG. 4C is a block diagram illustrating successive steps associated with adding computing elements and removing elements from a virtual server farm.
FIG. 4D is a block diagram illustrating sequential steps associated with adding computing elements and removing elements from a virtual server farm.
FIG. 5 is a block diagram of an embodiment of a virtual server farm system, a computing grid, and a monitoring mechanism.
FIG. 6 is a block diagram of a logical connection of a virtual server farm.
FIG. 7 is a block diagram of logical connection of a virtual server farm.
FIG. 8 is a block diagram of a logical connection of a virtual server farm.
FIG. 9 is a block diagram of a logical relationship between a control plane and a data plane.
FIG. 10 is a state diagram of a master control selection process.
FIG. 11 is a state diagram of a slave control process.
FIG. 12 is a state diagram of a master control process.
FIG. 13 is a block diagram of a central control processor and multiple control planes and computing grids.
FIG. 14 is a block diagram of an architecture that implements portions of a control plane and a computing grid.
FIG. 15 is a block diagram of a system having a computing grid protected by a firewall.
FIG. 16 is a block diagram of an architecture for connecting a control plane to a computing grid.
FIG. 17 is a block diagram of an arrangement for tightly coupling VLAN tags and IP addresses.
FIG. 18 is a block diagram of a plurality of VSFs extended over a WAN connection.
FIG. 19 is a block diagram of a computer system in which an embodiment is implemented.

Claims (29)

A master control mechanism;
Communicatively connected to the master control mechanism and in response to one or more commands from the master control mechanism,
Selecting a first subset of processing resources from a set of processing resources;
Selecting a first subset of storage resources from the set of storage resources and communicatively connecting the first subset of processing resources to the first subset of storage resources;
Comprising one or more slave control mechanisms configured to establish a first logical resource group that includes a first subset of processing resources and a first subset of storage resources;
One or more slave control mechanisms
Determine the state of the master control mechanism and if the master control mechanism terminates abnormally or is no longer functioning properly,
A control device configured to select a new master control mechanism from one or more slave control mechanisms.   A master control process in which the master control mechanism is executed on one or more processors, and one or more slave processes in which one or more slave control mechanisms are executed on one or more processors. The control device according to claim 1.   The control device according to claim 1, wherein the master control mechanism is one or more master processors, and the one or more slave control mechanisms are one or more slave processors.   The master control mechanism is configured to receive one or more processing resources from the subset of processing resources and one or more processing resources from the subset of storage resources between one or more slave control mechanisms based on the loading of the slave control mechanism. The control apparatus according to claim 1, wherein the control apparatus is configured to dynamically reallocate control of storage resources.   The master control mechanism dynamically allocates one or more additional slave control mechanisms based on the loading of the slave control mechanism, and from one or more processing resource and storage resource subsets from the processing resource subset. The control device according to claim 1, wherein the control device is configured to assign control of one or more storage resources to one or more added slave control mechanisms. One or more master processing mechanisms from one or more subsets of processing resources that are already assigned to one or more specific slave control mechanisms from one or more slave control mechanisms based on the loading of the slave control mechanism Reassign control of one or more specific storage resources from a specific processing resource and a subset of storage resources to one or more other slave control mechanisms from one or more slave control mechanisms; The control device according to claim 1, wherein the control device is configured to dynamically deallocate one or more specific slave control mechanisms. Master control mechanism
Determine the state of one or more slave control mechanisms,
If one or more specific slave control mechanisms from one or more slave control mechanisms are not responding properly or are not functioning, try to restart one or more specific slave control mechanisms; and If one or more specific slave control mechanisms cannot be restarted,
Start one or more new slave control mechanisms and reassign control of processing and storage resources from one or more specific slave control mechanisms to one or more new slave control mechanisms The control device according to claim 1, which is configured as follows.   The controller of claim 1, wherein one or more instructions from the master control mechanism are generated based on expected processing and storage requirements of the first logical resource group. One or more slave control mechanisms are further responsive to one or more instructions from the master control mechanism,
Dynamically changing the number of processing resources in the first subset of processing resources;
Dynamically changing the number of storage resources of the first subset of storage resources;
Communication connection behavior between the first subset of processing resources and the first subset of storage resources to reflect changes in the number of processing resources of the first subset of processing resources and the number of storage resources of the first subset of storage resources The control device according to claim 1, wherein the control device is configured to make a mechanical change.   A change in the number of processing resources in the first subset of processing resources and the number of storage resources in the first subset of storage resources is determined by the master control mechanism based on the actual loading of the first subset of processing resources and the first subset of storage resources. 10. The control device according to claim 9, which is indicated. The one or more slave control mechanisms are further configured to establish a second logical resource group that includes a second subset of processing resources and a second subset of storage resources in response to one or more instructions from the master control mechanism. And the second logical resource group is
Selecting a second subset of processing resources from the set of processing resources;
The communication isolation from the first logical resource group by selecting a second subset of storage resources from the set of processing resources and communicatively connecting the second subset of processing resources to the second subset of storage resources. The control device described in 1. A first subset of processing resources is communicatively coupled to the first subset of storage resources by using one or more storage area network (SAN) switches;
A second subset of processing resources is communicatively connected to the second subset of storage resources by using one or more SAN switches;
The control device according to claim 11, wherein the second logical resource group is separated from the first logical resource group by using tagging and SAN zoning.   13. The control device according to claim 12, wherein SAN zoning is performed by using port level SAN zoning or LUN level SAN zoning. The master control mechanism is communicatively connected to the central control mechanism,
The master control mechanism is configured to provide loading information to the first logical resource group to the central control mechanism, and the master control mechanism is based on one or more central control commands received from the central control mechanism, The controller of claim 1, configured to generate one or more instructions to two or more slave control mechanisms. A computer-implemented method for transmitting one or more sequences of one or more instructions for managing processing resources, wherein one or more instructions are executed by one or more processors of the computer When two or more sequences are executed, one or more processors are
Starting the master control mechanism;
Communicatively connected to the master control mechanism and in response to one or more commands from the master control mechanism,
Selecting a first subset of processing resources from a set of processing resources;
Selecting a first subset of storage resources from the set of storage resources and communicatively connecting the first subset of processing resources to the first subset of storage resources;
Performing one or more slave control mechanisms configured to establish a first logical resource group that includes a first subset of processing resources and a first subset of storage resources; and
One or more slave control mechanisms
A processing resource that determines the state of the master control mechanism and selects a new master control mechanism from one or more slave control mechanisms when the master control mechanism terminates abnormally or is no longer functioning properly How to manage. Initiating a master control mechanism includes initiating a master control process executed on one or more processors, and initiating one or more slave control mechanisms comprises one or more 16. The method of claim 15, comprising initiating one or more slave processes executing on the processor. Starting the master control mechanism includes starting one or more master control processors, and starting one or more slave control mechanisms starts one or more slave processors. The method of claim 15 comprising:   The master control mechanism controls one or more storage resources from the subset of processing resources and one or more storage resources from the subset of storage resources based on the loading of the slave control mechanism. The method of claim 15, wherein the reallocation is dynamically between slave control mechanisms.   The master control mechanism dynamically allocates one or more additional slave control mechanisms based on the loading of the slave control mechanism, and from one or more processing resource and storage resource subsets from the processing resource subset. 16. The method of claim 15, wherein control of one or more storage resources is assigned to one or more added slave control mechanisms.   One or two from a subset of processing resources where the master control mechanism is already assigned to one or more specific slave control mechanisms from one or more slave control mechanisms, based on the loading of the slave control mechanism. Reassign control of one or more specific storage resources from a subset of these specific processing resources and storage resources to one or more other slave control mechanisms from one or more slave control mechanisms The method of claim 15. Master control mechanism
Determine the state of one or more slave control mechanisms,
Attempting to restart one or more specific slave control mechanisms if one or more specific slave control mechanisms from one or more slave control mechanisms are not responding or not functioning properly; And if one or more specific slave control mechanisms cannot be restarted, start one or more new control mechanisms, and one or more new slave control mechanisms from one or more new slave control mechanisms The method of claim 15, wherein the slave control mechanism reassigns control of processing resources and storage resources.   The method of claim 15, wherein one or more instructions from the master control mechanism are generated based on the predicted processing and storage requirements of the first logical resource group. One or more slave control mechanisms are further responsive to one or more instructions from the master control mechanism,
Dynamically changing the number of processing resources in the first subset of processing resources;
Dynamically changing the number of storage resources in the first subset of storage resources;
Communication connection between the first subset of processing resources and the first subset of storage resources to reflect a change in the number of processing resources in the first subset of processing resources and the number of storage resources in the first subset of storage resources The method according to claim 15, wherein the dynamic change is performed.   Changing the number of processing resources in the first subset of processing resources and the number of storage resources in the first subset of storage resources is based on the actual loading of the first subset of processing resources and the first subset of storage resources. 24. The method of claim 23, directed by a mechanism. One or more slave control mechanisms that establish a second logical resource group that includes a second subset of processing resources and a second subset of storage resources in response to one or more instructions from the master control mechanism; The second logical resource group is
Selecting a second subset of processing resources from the set of processing resources;
Claims decoupled from the first logical resource group by selection of a second subset of storage resources from the set of processing resources and communication connection of the second subset of processing resources to the second subset of storage resources. 15. The method according to 15. A first subset of processing resources is communicatively coupled to the first subset of storage resources by using one or more storage area network (SAN) switches;
A second subset of processing resources is communicatively connected to a second subset of storage resources by using one or more SAN switches, and a second logical resource group is tagged and SAN zoned to provide a first logical resource 26. The method of claim 25, wherein communication is separated from the group.   27. The method of claim 26, wherein SAN zoning is performed by using port level SAN zoning or LUN level SAN zoning. The master control mechanism is communicatively connected to the central control mechanism,
A master control mechanism is configured to provide loading information of the first logical resource group to the central control mechanism;
The master control mechanism is further configured to generate one or more instructions of the one or more slave control mechanisms based on the one or more central control instructions received from the central control mechanism. Item 16. The method according to Item 15. A computer-readable storage medium storing one or more sequences of one or more instructions for managing processing resources, and one or more instructions by one or more processors Or, when two or more sequences are executed, one or more processors
Starting the master control mechanism;
Configured to establish a first logical resource group that is communicatively coupled to the master control mechanism and that includes a first subset of processing resources and a first subset of storage resources in response to one or more instructions from the master control mechanism Initiating one or more slave control mechanisms being performed,
Selecting a first subset of processing resources from a set of processing resources;
Selecting a first subset of storage resources from the set of storage resources and communicatively connecting the first subset of processing resources to the first subset of storage resources;
One or more slave control mechanisms
A computer-read that determines the state of the master control mechanism and selects a new master control mechanism from one or more slave control mechanisms if the master control mechanism terminates abnormally or is no longer functioning properly Possible storage medium.

Images