JP5302711B2 - Client terminal, network connection control method, terminal management processor, program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To facilitate network connection setting according to a plurality of utilization purposes at one terminal. <P>SOLUTION: This client terminal includes an executing section for executing processing of a plurality of executing objects, a terminal managing section, a network interface section, and an input/output section. The terminal managing section includes at least a terminal management recording section, an executing object managing section, and a network connection managing section. The executing object managing section includes a context acquiring means and a policy acquiring means, and manages the policy related to an executing object to using mode, a context, and connection. The network connection managing section includes a connection destination list preparing means and a connecting means, and manages the connection between the executing object and the network. <P>COPYRIGHT: (C)2010,JPO&amp;INPIT

Description

  The present invention relates to a client terminal that has a plurality of usage modes that execute different processes depending on the purpose of use, and that can be used by switching between the usage modes, and in particular, an appropriate network connection setting according to the purpose of use of each usage mode. The present invention relates to an easily performed client terminal, network connection control method, terminal management processor, and program.

  With the spread of mobile broadband in recent years, it has become possible to access the network from anywhere at high speed. The frequency of taking personal computers (hereinafter referred to as “PCs”) and portable terminals and accessing the network from outside is increasing. In this way, information leakage has become a major problem as it becomes possible to access a network regardless of location by a take-out terminal. For example, there are many cases in which confidential company information such as customer personal information is leaked by file sharing software for personal use. Similarly, when a terminal storing confidential information is lost or stolen, there is a risk of information leakage. In addition, companies are forced to publish the existence of risks of information leakage, so damage to corporate activities is significant. For this reason, regarding leakage due to file sharing software, personal terminals and business terminals have been clearly distinguished, and operations such as not performing business on personal terminals and not using business terminals for private purposes have been made. However, the user must manage a plurality of terminals, and must carry a plurality of terminals, which is inconvenient, causing the above-described operation not to be thoroughly implemented. Also, with respect to the loss or theft of the terminal, there has been an operation in which confidential information is taken out and not always stored in the terminal but always accessed via the network. For this purpose, it is necessary to use a dedicated terminal such as a thin client or to install and set up software having an equivalent function. Even for business use, there are security and operational policies required for processing with low confidentiality such as when investigating based on public information on the Internet and processing with high confidentiality such as browsing customer information. There are also examples in which terminals are operated separately. In this way, the operation of dividing terminals for different usage purposes is generally performed, but it is also a fact that this increases the labor of management and decreases the convenience for the user. In addition, the operation policy cannot be thoroughly implemented, which causes a problem.

  On the other hand, with recent advances in virtualization technology, it has become common to implement a plurality of computer environments virtually on a single hardware (Non-Patent Document 1). That is, a plurality of virtual machines according to various processing purposes can be put in one take-out terminal and used properly. When operating a plurality of virtual machines by virtualization, network connection settings are required for each virtual machine. In particular, the take-out terminal has multiple network access means such as 3G cellular communication, wireless LAN, Ethernet (registered trademark), etc., so select the appropriate network access means according to the purpose of use of each virtual machine, and select the appropriate network. It is necessary to set parameters. For example, in the case of processing that handles confidential information, it is necessary to select a highly reliable network access means and perform settings such as communication path encryption.

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Lan Pratt, and Andrew Warfield, “Xen and the Art of Virtualization”, Proceedings of SOSP, pp.164-177, 2003.

  In the prior art, when a plurality of virtual machines are operated by virtualization, a mechanism is provided to virtually provide each virtual machine with the function of the network interface physically prepared as hardware by the virtualization software. . For this reason, a network interface can be shared by a plurality of virtual machines, but the settings in the virtualization software are common and are not properly used depending on the purpose of use of each virtual machine.

  On the other hand, in the OS on each virtual machine, network settings can be made for a virtual network interface. In this case, however, all virtual machines must be set individually. Even if the purpose of use of the two virtual machines is the same, the same setting must be made for each of the two virtual machines. In this method, when the virtual machine is deleted, the set network settings are also deleted. For this reason, every time a new virtual machine is introduced, settings corresponding to the purpose of use are required. Furthermore, it is very difficult to perform desired network settings determined in advance according to the purpose of use for each virtual machine. For example, when using a virtual machine for business use and private use, different network settings may be required due to security (high security for business use, normal security for private use, etc.) ). However, this setting change becomes very complicated. In addition, if the setting is changed incorrectly or neglected, there is a possibility of leaking important information. Also, assuming use in a company, it is desirable that this network connection control setting is not left to individual terminal users, but can be managed collectively by a policy or the like. Accordingly, it is necessary to be able to collectively manage network connection control for each virtual machine to be used so that the network connection to be used is automatically applied based on a predetermined policy according to the purpose of use. However, as described above, the prior art has no means for collectively managing network connection control of a plurality of virtual machines. For this reason, there is a problem that network connection setting according to the purpose of use, that is, selection of network access means and setting of necessary network parameters cannot be easily performed.

  An object of the present invention is to solve the above problems. That is, it is intended to easily perform network connection settings corresponding to a plurality of usage purposes in one terminal.

  The virtual client terminal of the present invention is a client terminal that executes an execution target such as a plurality of virtual machines, and includes an execution unit that executes processing of a plurality of execution targets, a terminal management unit that manages network connection, a network, A network interface unit having a function of connecting and an input / output unit for exchanging information with the user are provided. The terminal management unit includes at least a terminal management recording unit, an execution target management unit, and a network connection management unit. The terminal management recording unit includes connection destination management information in which connection destination information is recorded, use mode management information that associates a use mode ID (use mode identification information) with a context ID (context identification information), a context, and a network connection. Context management information for associating the policy with respect to the policy is recorded. The execution target management unit includes a context acquisition unit and a policy acquisition unit, and manages a policy related to the execution target, context, and network connection for the usage mode. The network connection management unit includes a connection destination list creation unit and a connection unit, and manages the connection between the execution target and the network. The context acquisition means acquires the context identification information corresponding to the currently used usage mode using the usage mode management information. The policy acquisition unit acquires a policy relating to network connection using the context management information based on the context identification information. The connection destination list creating means creates a connectable connection destination list using the connection destination management information. The connection means selects a connection destination conforming to the policy from the connection destination list, and connects to the network via the network interface unit.

  The virtual client terminal of the present invention includes a terminal management unit. The terminal management unit records a connection destination management table, a usage mode management table, and a context management table. Then, the terminal management unit creates a connection destination list that can be connected using those management tables, acquires context identification information corresponding to the use mode, acquires a policy related to the connection, and connects to a destination that conforms to the policy. Select from the connection list and connect to the network. Since the virtual client terminal of the present invention has such a configuration, network connection can be collectively managed by the terminal management unit, and network connection settings corresponding to a plurality of usage purposes (usage modes) can be easily performed.

1 is a diagram illustrating a configuration example of a virtual client system including a virtual client terminal according to a first embodiment. FIG. 3 is a diagram illustrating a functional configuration example of a virtual client terminal according to the first embodiment. FIG. 3 is a diagram illustrating a processing flow example of a virtual client terminal according to the first embodiment. The conceptual diagram showing the relationship between a terminal, an execution object, and an execution environment. The figure which shows the example of a connection destination management table. The figure which shows the example of an access media management table. The figure which shows the example of a use mode management table. The figure which shows the example of a context management table. The figure which shows the example of a path | route management table.

  Hereinafter, embodiments of the present invention will be described in detail. In addition, the same number is attached | subjected to the structure part which has the same function, and duplication description is abbreviate | omitted.

  FIG. 1 illustrates a configuration example of a virtual client system including the virtual client terminal according to the first embodiment. The virtual client system includes a virtual client terminal 100, an in-house server 200, an Internet site 300, an in-house LAN (Ethernet (registered trademark)) 10, an in-house LAN (WiFi) 20, a public network (cellular wireless) 30, and a public network. (Ethernet (registered trademark)) 40, a public network (WiFi) 50, a corporate network 60, and the Internet 70 are connected. The virtual client terminal 100 accesses the in-house server 200 connected to the corporate network 60 or the Internet site 300 connected to the Internet 70 by selecting or combining the available access networks 10 to 50 according to the situation. To do.

  FIG. 2 shows a functional configuration example of the virtual client terminal according to the first embodiment. The virtual client terminal 100 is a terminal (apparatus) capable of executing a plurality of execution targets such as a virtual machine image, and includes an execution unit 110 that executes a plurality of execution target processes, a terminal management unit 120 that manages network connection, A network interface unit 190 having a function of connecting to a network, an input / output unit 140 for exchanging information with a user, and an execution target recording unit 130 for accumulating program code to be executed and data accessed from the execution target With. Specifically, the network interface unit 190 includes a plurality of interfaces such as a cellular wireless network interface, an Ethernet (registered trademark) interface, and a WiFi network interface. Specifically, the input / output unit 140 is a display, a keyboard, a mouse, or the like.

  An execution target is something that brings some utility when executed, and an execution environment represents an element necessary for execution of the execution target. For example, when an application program is considered as an execution target, a runtime library, an OS, terminal hardware, and an input / output device are execution environments. Alternatively, if the application program, runtime library, and OS are considered as execution targets, terminal hardware and input / output devices are the execution environment. As described above, the relationship between the execution target and the execution environment is relative. In the following description, the latter example is assumed. In other words, the state of the OS including the application is the execution target, and the hardware or virtual machine that operates the OS is the execution environment. However, as described above, the present invention is not limited to this example.

  The terminal management unit 120 includes a terminal management recording unit 129, an execution target management unit 121, a network connection management unit 123, and a control unit 125. In addition, a user interface unit 122 that exchanges information with the terminal user via the input / output unit 140 may be provided. The terminal management recording unit 129 associates a connection destination management table that represents connection destination management information, which is connection destination information, in a table format, a use mode ID (use mode identification information), and a context ID (context identification information). A usage mode management table in which usage mode information is expressed in a table format and a context management table in which context management information for associating a context and a connection policy are expressed in a tabular format are recorded. The context is information representing the use and purpose of execution, and a specific example will be described later. The usage mode represents a specific execution target executed under a specific context. The usage mode ID is a number that specifies the usage mode, and the context ID is a number that specifies the context. The terminal management recording unit 129 may also record a route management table (route management information) in which the use mode and the connection destination information are associated with each other. Further, the usage mode management table may also include user interface information corresponding to the usage mode (screen display characteristics determined for each usage mode so that the usage mode can be easily identified by the user). Note that the connection destination management information, the use mode management information, the context management information, and the path management information may be recorded by a method other than the table format as long as the information to be managed is recorded so as to correspond.

  The execution target management unit 121 includes a context acquisition unit 1211 and a policy acquisition unit 1212, and manages policies related to execution targets, contexts, and connections corresponding to usage modes. The network connection management unit 123 includes a connection destination list creation unit 1231 and a connection unit 1232 and manages the connection between the execution target and the network. When the terminal management recording unit 129 also records the route management table, the network connection management unit 123 also includes route management means 1233 that records (updates) the route management table in the terminal management recording unit 129. When the usage mode management table also includes user interface information, the execution target management unit 121 also includes user interface information acquisition means 1213. The control unit 125 controls the terminal management unit 120 as a whole.

  FIG. 3 shows a processing flow example of the terminal management unit. First, the usage mode is determined by some user operation via the input / output unit 140 (S1221). The connection destination list creating unit 1231 creates a connectable connection destination list using the connection destination management table (S1231). More specifically, a list of available connection destinations among the connection destinations in the connection destination management table is created. If a connection destination that is not in the list is available, an entry is created based on the obtainable information and added to the list. The context acquisition unit 1211 acquires context identification information (context ID) corresponding to the usage mode used by the terminal user using the usage mode management table (S1211). The policy acquisition unit 1212 acquires a policy representing conditions and priorities related to the connection destination by referring to the context management table using the acquired context ID (S1212). The connection unit 1232 selects a connection destination conforming to the policy from the connection destination list according to the priority order, and connects to the network via the network interface unit 190 (S1232). If network connection fails, one low priority network connection may be attempted.

  When the terminal management recording unit 129 also records the route management table, in step S1232, the connection unit 1232 connects the connection when the selected connection destination matches in the route management table. Share and connect to the network if it does not exist. Then, the route management unit 1233 records (updates the record) the route management table in which the use mode and the connection destination information are associated with each other in the terminal management recording unit 129 (S1233).

  If the usage mode management table also includes user interface information, the user interface information acquisition unit 1213 acquires user interface information corresponding to the usage mode from the usage mode management table (S1213). Then, the user interface unit 122 sets a user interface in the input / output unit 140 according to the acquired user interface information (S1222). More specifically, the screen display information corresponding to the usage mode is referred to by referring to the usage mode management table and displayed on the display of the input / output unit 140.

  FIG. 4 is a conceptual diagram showing the relationship between the terminal, the execution target, and the execution environment. FIG. 4A is a conceptual diagram of a terminal that does not use virtualization. The terminal 900 includes a pair of an execution target 9001 and an execution environment 9002. FIG. 4B is an example of a conceptual diagram of a virtual client terminal using virtualization. The virtual client terminal 100 includes three pairs of execution targets and execution environments, and virtually operates as three terminals (virtual machines 101, 102, 103). The execution targets 1011, 1021, and 1031 are executed by the execution unit 110 of the virtual client terminal 100. Execution environments 1012, 1022, and 1032 that provide virtual hardware for the execution targets 1011, 1021, and 1031 are virtualized by the terminal management unit 120, the execution target recording unit 130, the input / output unit 140, and the network interface unit 190. Is realized. The virtual client terminal 100 is characterized by including a terminal management unit 120. Then, the network management is collectively managed by the terminal management unit 120, and the network connection setting according to a plurality of usage purposes (usage modes) is performed, so that the network connection setting can be easily performed.

  The virtual client terminal of the present invention includes the terminal management unit 120 as described above. The terminal management unit 120 records at least a connection destination management table and a use mode management table context management table. Then, the terminal management unit 120 creates a connection destination list that can be connected using those management tables, acquires context identification information corresponding to the use mode, acquires a policy regarding the connection, and connects to the policy Select a destination from the connection list and connect to the network. Since the virtual client terminal of the present invention has such a configuration, network management can be collectively managed by the terminal management unit 120, and network connection settings corresponding to a plurality of usage purposes (usage modes) can be easily performed.

Specific Example of Management Table The connection destination management table, usage mode management table, context management table, and path management table will be described in detail below with specific examples.
FIG. 5 shows an example of the connection destination management table. The connection destination management table is composed of a plurality of rows, and each row represents one connection destination. Each row representing a connection destination includes at least a connection destination address for uniquely identifying the connection destination, an access medium ID representing an access medium to be used, and attribute information of the connection destination. In the connection destination management table of FIG. 5, there are three connection destinations corresponding to E (P2 to P4). Generally, considering the location of the terminal user holding the terminal, any one of them is It will be available. Information other than these may also be included. For example, a connection destination ID for specifying a connection destination, a connection destination address, an access media ID, flat-rate availability, communication speed, security level, power consumption level, and authentication accompanying connection Information such as a method and a network parameter setting method may be included. Thus, if information such as a charge, a communication speed, and a security level is included, it is useful for setting a connection destination to be used preferentially when a plurality of connection destinations are available. Specifically, in step S1231, the connection destination list creation unit 1231 determines the priority order of connection destinations based on the order of high security level, high communication speed, low power consumption, low communication charge, or the like. Create a destination list that contains it. In step S1232, the connection unit 1232 may select a connection destination in consideration of the priority order. Alternatively, the priority order may be determined by designation by the user.

  Note that the connection destination address is specifically a MAC address of a specific server such as a DHCP server or a network access server on the connection destination network. The values in the fields of flat-rate allowance, communication speed, security, and power consumption may be set based on the access media information shown in FIG. Further, at this time, correction may be performed based on actual measurement values or environment setting values. The fields of the authentication method and the network parameter setting method are for storing a method for connecting to a specific connection destination. When the connection destination is specified by the connection destination address and the value of the authentication method or the network parameter setting method is set in the entry of the connection destination, this value is used. If there is no entry, the method that succeeded at the time of connection is stored in the newly created entry.

  The access media management table categorizes various access media. In addition to information depending on access media such as maximum communication speed, security level, and power consumption, VPN connection or flat rate It contains information necessary for selecting access media, such as whether or not a flat-rate is available. Here, the fixed amount refers to a medium that does not require an additional fee for use, for example, if a fixed fee is paid monthly. Pay-as-you-go fee structure is not fixed. In this way, if information determined by selecting access media is collected in the access media management table, creation and updating of the connection destination management table is facilitated.

  FIG. 7 shows an example of the usage mode management table. As described above, the usage mode represents a specific execution target executed under a specific context, and the usage mode management table associates at least the usage mode ID and the context ID. For example, when the usage mode ID is M3, the context ID is C2. Further, as described above, user interface information may also be associated. The usage mode management table includes a plurality of rows each representing one usage mode. Each row includes a context ID representing a context, screen display information representing screen display characteristics (user interface information), and a specific execution target. This is information in which a usage mode ID indicating a usage mode is added to a set of virtual machine images to be expressed. Here, each usage mode corresponds to an execution target that can be identified by the user. For example, even if the context is the same, if the execution target is different, the user is recognized as another usage mode. The screen display information is information that the execution target management unit 121 presents to the user by controlling the user interface unit 122 and the input / output unit 140 (for example, a display), and cannot be controlled from each execution target executed on the execution unit 110. It is like that. For this reason, the usage mode in which it operates can not be falsified by each execution target.

  FIG. 8 shows an example of the context management table. The context management table associates a context with a connection policy. For example, when the context ID is C3, the connection destination selection policy is “E, EP”. In step S1232, the connection unit 1232 selects a connection destination that matches this policy from the connection destination list. For example, if there is {P1, P3, P8} in the connection destination list, P3 is selected. Note that the context represents the use and purpose of execution. For example, “C1 (important business)” is a business purpose and uses important data, “C2 (normal business)” is a normal business usage such as sending and receiving mail, and “C3 (net survey)” is on the Internet. “C6 (Guest)”, which is used for searching the site and conducting survey work, “C4 (Payment)” for online shopping for personal purposes, “C5 (Private)” for browsing online content for personal purposes, etc. Represents a purpose of temporarily providing a terminal function to a third party. Each context has attributes such as processing purpose, importance, and necessity of authentication, and a security level required from the importance and necessity of authentication is defined. In addition, there is a requirement for selecting the network to be connected. Based on the above context attributes, execution environment settings are defined in advance. For example, the connection selection policy represents what priority the access medium is selected in the network connection management unit 123 when a plurality of access media are available. The filter setting represents what kind of filter the network connection management unit 123 performs on a packet transmitted and received from the terminal. For example, in the context of “C1 (important business)”, the connection destination selection policy is set to apply a filter that permits connection of only access media with a high security level and passes only a specified service as a filter setting.

  FIG. 9 shows an example of the route management table. The route management table represents the network connection state of the execution environment associated with each usage mode. The route management table includes a plurality of rows, and each row represents a setting for one usage mode. Each row includes information on a use mode ID for designating a use mode, a set of connection destination ID and network parameters, and packet transfer settings. The connection destination ID represents the connection destination ID in the connection destination management table described above. The network parameter is an IP network setting performed for a network interface used for connecting to a connection destination, and includes an IP version, an IP address, a subnet mask, and the like. Further, additional information such as a DNS server address may be stored together. The packet transfer setting stores routing information including a default route, NAT setting information, and the like. In the case of multihome connection as in the example of the use mode M4, setting information such as a source address selection policy is stored together.

  For example, when a network connection is made in usage mode A and a network connection is made in another usage mode B at the same time, if the context of each usage mode is the same, the network setting is made with reference to the route management table. Can be shared. Even if the contexts are not the same, if the connection destination lists are the same, the network settings can be shared in the same manner. When network connection is performed in a plurality of usage modes, overall optimization may be performed with reference to the route management table.

  The timing for deleting the information in the route management table may be when the terminal is shut down or when the execution target corresponding to the context is terminated. Alternatively, the user may select information to be deleted at an arbitrary time and execute the deletion.

Processor, Program, Medium In the above description, the virtual client terminal 100 including the terminal management unit 120 has been described. The terminal management unit 120 may form a virtual client terminal by forming only it with one processor and incorporating it into the terminal. In this case, the terminal management unit 120 described above serves as a terminal management processor.

  Further, when the virtual client terminal or the terminal management apparatus is realized by a computer, the processing contents of functions that each component should have are described by a program. The processing functions are realized on the computer by executing the program on the computer.

  The program describing the processing contents can be recorded on a computer-readable recording medium. As the computer-readable recording medium, any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.

  The program is distributed by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.

  A computer that executes such a program first stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. When executing the process, the computer reads a program stored in its own recording medium and executes a process according to the read program. Note that the program in this embodiment includes information that is used for processing by an electronic computer and that conforms to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).

  In this embodiment, the present apparatus is configured by executing a predetermined program on a computer. However, at least a part of these processing contents may be realized by hardware.

  The present invention can be used for a virtual client terminal that has a plurality of usage modes for executing different processes according to the purpose of use and switches between the usage modes.

DESCRIPTION OF SYMBOLS 100 Virtual client terminal 110 Execution part 120 Terminal management part 121 Execution object management part 122 User interface part 123 Network connection management part 125 Control part 129 Terminal management recording part 130 Execution object recording part 140 Input / output part 190 Network interface part 1211 Context acquisition means 1212 Policy acquisition means 1213 User interface information acquisition means 1231 Connection destination list creation means 1232 Connection means 1233 Route management means

Claims (10)

A client terminal that executes a plurality of execution targets,
An execution unit for executing a plurality of execution target processes;
A terminal manager that manages network connections;
A network interface unit having a function of connecting to a network;
An input / output unit for exchanging information with users,
Context is information that indicates the usage and purpose of execution.
A usage mode represents a specific execution target that is executed under a specific context.
The terminal management unit
Connection destination management information in which connection destination information is recorded, usage mode management information that associates usage mode identification information with context identification information that identifies a context, and context management information that associates context identification information with a policy regarding network connection. A terminal management recording unit that records
An execution target management unit for managing a policy relating to an execution target, context, and network connection for the usage mode;
A network connection management unit for managing the connection between the execution target and the network,
The execution target management unit
Context acquisition means for acquiring context identification information corresponding to the usage mode being executed using the usage mode management information;
Policy acquisition means for acquiring a policy relating to network connection using the context management information, and
The network connection management unit
A connection destination list creating means for creating a connection destination list that can be connected using the connection destination management information;
A client terminal comprising: a connection unit that selects a connection destination that conforms to the policy from the connection destination list and connects to a network via the network interface unit. The client terminal according to claim 1,
The network connection management unit
For each connection with the network, there is also path management means for recording path management information in which the use mode and connection destination information are associated with each other in the terminal management recording unit,
The connection means, when a connection that matches the selected connection destination exists in the route management information, shares the connection. The client terminal according to claim 1 or 2,
The usage mode management information includes user interface information corresponding to the usage mode,
The execution target management unit also includes user interface information acquisition means for acquiring user interface information corresponding to a usage mode being executed from the usage mode management information,
The terminal management unit also includes a user interface unit that sets a user interface corresponding to a use mode in the input / output unit based on the acquired user interface information. A network connection control method for a virtual client terminal that executes a plurality of execution targets,
An execution process for executing a plurality of execution target processes;
A terminal management process to manage network connections;
A network interface process having a function of connecting to a network;
An input / output process for exchanging information with users,
Context is information that indicates the usage and purpose of execution.
A usage mode represents a specific execution target that is executed under a specific context.
The terminal management process includes:
Connection destination management information in which connection destination information is recorded, usage mode management information that associates usage mode identification information with context identification information that identifies a context, and context management information that associates context identification information with a policy regarding network connection. And record
A connection list creation step of creating a connection list that can be connected using the connection management information;
A context acquisition step of acquiring context identification information corresponding to the usage mode being executed using the usage mode management information;
A policy acquisition step of acquiring a policy relating to network connection using the context management information; and a connection step of selecting a connection destination that matches the policy from the connection destination list and connecting to the network using the network interface process. And a network connection control method. The network connection control method according to claim 4, wherein
The terminal management process includes:
For each connection to the network, there is also a route management step for recording route management information in which the use mode and connection destination information are associated with each other.
In the network connection control method, in the connection step, when a connection that matches the selected connection destination exists in the route management information, the connection is shared. The network connection control method according to claim 4 or 5,
The usage mode management information includes user interface information corresponding to the usage mode,
The terminal management process includes:
A user interface information acquisition step for acquiring user interface information corresponding to the usage mode being executed from the usage mode management information;
A network connection control method comprising: a user interface step for providing a user interface corresponding to a use mode to the input / output process based on the acquired user interface information. A terminal management processor for incorporation in a client terminal comprising an execution unit for executing a plurality of execution target processes, a network interface unit having a function of connecting to a network, and an input / output unit for exchanging information with a user There,
Context is information that indicates the usage and purpose of execution.
A usage mode represents a specific execution target that is executed under a specific context.
Connection destination management information in which connection destination information is recorded, usage mode management information that associates usage mode identification information with context identification information that identifies a context, and context management information that associates context identification information with a policy regarding network connection. A terminal management recording unit that records
An execution target management unit for managing a policy relating to an execution target, context, and network connection for the usage mode;
A network connection management unit for managing the connection between the execution target and the network,
The execution target management unit
Context acquisition means for acquiring context identification information corresponding to the usage mode being executed using the usage mode management information;
Policy acquisition means for acquiring a policy relating to network connection using the context management information, and
The network connection management unit
A connection destination list creating means for creating a connection destination list that can be connected using the connection destination management information;
A terminal management processor, comprising: a connection unit that selects a connection destination that conforms to the policy from the connection destination list and connects to a network via the network interface unit. A terminal management processor according to claim 7,
The network connection management unit
For each connection with the network, there is also path management means for recording path management information in which the use mode and connection destination information are associated with each other in the terminal management recording unit,
The terminal management processor characterized in that the connection means shares the connection when a connection that matches the selected connection destination exists in the route management information. The terminal management processor according to claim 7 or 8, comprising:
The usage mode management information includes user interface information corresponding to the usage mode,
The execution target management unit also includes user interface information acquisition means for acquiring user interface information corresponding to a usage mode being executed from the usage mode management information,
The terminal management processor further includes a user interface unit that sets a user interface corresponding to a use mode in the input / output unit based on the acquired user interface information.   A program that causes a computer to operate as the client terminal according to any one of claims 1 to 3 or the terminal management processor according to any one of claims 7 to 9.

Images