METHOD AND APPARATUS FOR SETTING A SECURE COMMUNICATION PATH BETWEEN VIRTUAL MACHINES
First Claim
1. A computer readable recording medium storing instructions for allowing a computer system to execute a procedure setting a secure communication path between virtual machines each arranged within a server included in a set of servers in a network, the procedure comprising:
- providing business software that is operated by executing one or more task programs each provided for a virtual machine;
providing each of the set of servers with, as a virtual machine, a guest operating system controlled by a host operating system thereof, the guest operating system executing a task program that handles a part of process to be operated by the business software, the host operating system controlling a secure communication between the guest operating system and another server included in the set of servers;
classifying the one or more task programs into task classes according to a type of a function to be realized thereby;
providing task connection information including information on whether a communication path is needed or not between each pair of task classes, and encryption information including information on whether an encryption of transmission data is needed or not between each pair of task classes between which a communication path is needed;
selecting, from among the set of servers, a first server different from servers in which the one or more task program are executed;
providing the selected first server with a first task program belonging to a first task class for handling a part of process to be operated by the business software;
starting up a first guest operating system provided for the first server, so as to make the first task program ready to be executed;
selecting, from among the set of servers, a second server with which the first task program is to communicate, on the basis of the task connection information;
determining whether an encryption of transmission data is needed or not between the first task program and the selected second server, on the basis of the encryption information;
setting encryption setting information to both a first host operating system provided for the first server and a second host operating system provided for the second server when it is determined that an encryption of transmission data is needed between the first task program and the selected second server; and
setting a secure communication path between the first guest operating system and a second guest operating system provided for the second server by setting virtual network connection information to both the first and second host operating systems, so as to operate the business software by executing the first task program as well as the one or more task programs.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure communication path is set between virtual machines each arranged within one of a set of servers in a network. There is provided business software operated by executing one or more task programs each provided for a virtual machine, and each server is provided with, as a virtual machine, a guest operating system controlled by a host operating system. The one or more task programs are classified into task classes according to a type of a function to be realized, and there is provided task connection information indicating whether a communication path is needed or not between each pair of task classes. Then, a secure communication path between a pair of guest operating systems is set by setting virtual network connection information to a pair of host operating systems corresponding to the pair of guest operating systems, on the basis of the task connection information.
-
Citations
12 Claims
-
1. A computer readable recording medium storing instructions for allowing a computer system to execute a procedure setting a secure communication path between virtual machines each arranged within a server included in a set of servers in a network, the procedure comprising:
-
providing business software that is operated by executing one or more task programs each provided for a virtual machine; providing each of the set of servers with, as a virtual machine, a guest operating system controlled by a host operating system thereof, the guest operating system executing a task program that handles a part of process to be operated by the business software, the host operating system controlling a secure communication between the guest operating system and another server included in the set of servers; classifying the one or more task programs into task classes according to a type of a function to be realized thereby; providing task connection information including information on whether a communication path is needed or not between each pair of task classes, and encryption information including information on whether an encryption of transmission data is needed or not between each pair of task classes between which a communication path is needed; selecting, from among the set of servers, a first server different from servers in which the one or more task program are executed; providing the selected first server with a first task program belonging to a first task class for handling a part of process to be operated by the business software; starting up a first guest operating system provided for the first server, so as to make the first task program ready to be executed; selecting, from among the set of servers, a second server with which the first task program is to communicate, on the basis of the task connection information; determining whether an encryption of transmission data is needed or not between the first task program and the selected second server, on the basis of the encryption information; setting encryption setting information to both a first host operating system provided for the first server and a second host operating system provided for the second server when it is determined that an encryption of transmission data is needed between the first task program and the selected second server; and setting a secure communication path between the first guest operating system and a second guest operating system provided for the second server by setting virtual network connection information to both the first and second host operating systems, so as to operate the business software by executing the first task program as well as the one or more task programs. - View Dependent Claims (2, 3, 4)
-
-
5. A method for setting a secure communication path between virtual machines each arranged within a server included in a set of servers in a network, the method comprising:
-
providing business software that is operated by executing one or more task programs each provided for a virtual machine; providing each of the set of servers with, as a virtual machine, a guest operating system controlled by a host operating system thereof, the guest operating system executing a task program that handles a part of process to be operated by the business software, the host operating system controlling a secure communication between the guest operating system and another server included in the set of servers; classifying the one or more task programs into task classes according to a type of a function to be realized thereby; providing task connection information including information on whether a communication path is needed or not between each pair of task classes, and encryption information including information on whether an encryption of transmission data is needed or not between each pair of task classes between which a communication path is needed; selecting, from among the set of servers, a first server different from servers in which the one or more task program are executed; providing the selected first server with a first task program belonging to a first task class for handling a part of process to be operated by the business software; starting up a first guest operating system provided for the first server, so as to make the first task program ready to be executed; selecting, from among the servers in which the one or more task program are executed, a second server with which the first task program is to communicate, on the basis of the task connection information; determining whether an encryption of transmission data is needed or not between the first task program and the selected second server, on the basis of the encryption information; setting encryption setting information to both a first host operating system provided for the first server and a second host operating system provided for the second server when it is determined that an encryption of transmission data is needed between the first task program and the selected second server; and setting a secure communication path between the first guest operating system and a second guest operating system provided for the second server by setting virtual network connection information to both the first and second host operating systems, so as to operate the business software by executing the first task program as well as the one or more task programs. - View Dependent Claims (6, 7, 8)
-
-
9. An apparatus for setting a secure communication path between virtual machines each arranged within a server included in a set of servers in a network, wherein there is provided business software that is operated by executing one or more task programs each provided for a virtual machine, and each of the set of servers is provided with, as a virtual machine, a guest operating system controlled by a host operating system thereof, the guest operating system executing a task program that handles a part of process to be operated by the business software, the host operating system controlling a secure communication between the guest operating system and another server included in the set of servers, the one or more task programs being classified into task classes according to a type of a function to be realized thereby, the apparatus comprising:
-
a connection plan table including task connection information and encryption information, the task information including information on whether a communication path is needed or not between each pair of task classes, the encryption information including information on whether an encryption of transmission data is needed or not between each pair of task classes between which a communication path is needed; a startup instruction accepting module for selecting, from among the set of servers, a first server different from servers in which the one or more task program are executed, wherein the selected first server is provided with a first task program belonging to a first task class for handling a part of process to be operated by the business software; a guest OS startup module for starting up a first guest operating system provided for the selected first server, so as to make the first task program ready to be executed; a connection plan determining module for selecting, from among the servers in which the one or more task program are executed, a second server with which the first task program is to communicate, on the basis of the task connection information, and determining whether an encryption of transmission data is needed or not between the first task program and the selected second server, on the basis of the encryption information; a connection setting module for setting encryption setting information to both a first host operating system provided for the first server and a second host operating system provided for the second server when it is determined that an encryption of transmission data is needed between the first task program and the selected second server, wherein a secure communication path between the first guest operating system and a second guest operating system provided for the second server is set by setting virtual network connection information to both the first and second host operating systems, so as to operate the business software by executing the first task program as well as the one or more task programs. - View Dependent Claims (10, 11, 12)
-
Specification