U.S. patent application number 10/924975 was filed with the patent office on 2005-02-03 for network management system having a network including virtual networks.
Invention is credited to Kurosaki, Yoshiyuki, Miyake, Shigeru, Miyazaki, Satoshi, Morisada, Tomohiro, Tezuka, Satoru.
Application Number | 20050025071 10/924975 |
Document ID | / |
Family ID | 15472591 |
Filed Date | 2005-02-03 |
United States Patent
Application |
20050025071 |
Kind Code |
A1 |
Miyake, Shigeru ; et
al. |
February 3, 2005 |
Network management system having a network including virtual
networks
Abstract
A network management system for managing a computer network in
which media switching type infrastructures and media sharing type
infrastructures are combined coexistently includes a database
destined for network management in which correspondences
established among information concerning physical interconnections
of individual equipment on the network, information concerning
logical network configuration such as that of virtual network, and
information concerning the users who make use of the network are
stored, identifying means for identification of the individual
equipment on the network and physical addresses intrinsic to
network ports, respectively, and retrieval means for searching
information of the physical addresses of the network ports with
queries for the logical addresses.
Inventors: |
Miyake, Shigeru; (Tokyo,
JP) ; Morisada, Tomohiro; (Matsuyama-shi, JP)
; Tezuka, Satoru; (Yokohama-shi, JP) ; Miyazaki,
Satoshi; (Yamato-shi, JP) ; Kurosaki, Yoshiyuki;
(Fujisawa-shi, JP) |
Correspondence
Address: |
ANTONELLI, TERRY, STOUT & KRAUS, LLP
1300 NORTH SEVENTEENTH STREET
SUITE 1800
ARLINGTON
VA
22209-9889
US
|
Family ID: |
15472591 |
Appl. No.: |
10/924975 |
Filed: |
August 25, 2004 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
10924975 |
Aug 25, 2004 |
|
|
|
09323251 |
Jun 1, 1999 |
|
|
|
6789090 |
|
|
|
|
Current U.S.
Class: |
370/254 ;
709/223 |
Current CPC
Class: |
H04L 41/024 20130101;
H04L 41/046 20130101; Y10S 707/99945 20130101; Y10S 707/959
20130101; H04L 41/0213 20130101; H04L 41/0253 20130101 |
Class at
Publication: |
370/254 ;
709/223 |
International
Class: |
H04L 012/28 |
Foreign Application Data
Date |
Code |
Application Number |
May 29, 1998 |
JP |
10-149322 |
Claims
What is claimed is:
1. A network management system for managing a plurality of virtual
networks, comprising: a network management database in which
correspondences are established among information concerning
physical interconnections of individual equipment on a physical
network layer, information concerning logical network configuration
of a plurality of mutually different schemes of a virtual network
layer and information concerning a directory layer regarding users
who make use of the network; and a component searching machines or
equipment for which setup status therefore is to be altered in
response to a user's request to alter any of objects on said
physical network layer, objects on said virtual network layer and
objects on said directory layer to generate a setup sequence of
equipment setup information so as to execute said setup sequence,
updating said network management database.
2. A network management system according to claim 1, wherein when
said objects on said directory layer are altered through said
user's request, objects on said virtual network layer corresponding
to said objects on said directory layer are altered to objects on a
virtual network layer having a different scheme among said
plurality of mutually different schemes.
3. A network management system according to claim 1, wherein when
said objects on said physical layers are altered through said
user's request, objects on said virtual network layer corresponding
to said objects on said directory layer are altered to objects on a
virtual network layer having a different scheme among said
plurality of mutually different schemes.
4. A network management system according to claim 1, wherein said
equipment setup information is a Management Information Value.
5. A network management system according to claim 1, wherein a
command for altering said equipment setup information is issued to
said machines or equipment for which said setup status therefore is
to be altered, and wherein alteration of said equipment setup
information is made in response to said command.
6. A network management method for managing a plurality of virtual
networks, comprising the steps of: preparing a network management
database in which correspondences are established among information
concerning physical interconnections of individual equipment on a
physical network layer, information concerning logical network
configuration of a plurality of mutually different schemes of a
virtual network layer and information concerning a directory layer
regarding users who make use of the network; and searching machines
or equipment for which setup status therefore is to be altered in
response to a user's request to alter any of objects on said
physical network layer, objects on said virtual network layer and
objects on said directory layer to generate a setup sequence of
equipment setup information so as to execute said setup sequence,
updating said network management database.
7. A network management method according to claim 6, wherein when
said objects on said directory layer are altered through said
user's request, objects on said virtual network layer corresponding
to said objects on said directory layer are altered to objects on a
virtual network layer having a different scheme among said
plurality of mutually different schemes.
8. A network management method according to claim 6, wherein when
said objects on said physical layers are altered through said
user's request, objects on said virtual network layer corresponding
to said objects on said directory layer are altered to objects on a
virtual network layer having a different scheme among said
plurality of mutually different schemes.
9. A network management method according to claim 6, wherein said
equipment setup information is a Management Information Value.
10. A network management method according to claim 6, wherein a
command for altering said equipment setup information is issued to
said machines or equipment for which said setup status therefore is
to be altered, and wherein alteration of said equipment setup
information is made in response to said command.
11. A network management program for managing a plurality of
virtual networks implemented by a computer on a memory thereof,
comprising computer codes for: preparing a network management
database in which correspondences are established among information
concerning physical interconnections of individual equipment on a
physical network layer, information concerning logical network
configuration of a plurality of mutually different schemes of a
virtual network layer and information concerning a directory layer
regarding users who make use of the network; and searching machines
or equipment for which setup status therefore is to be altered in
response to a user's request to alter any of objects on said
physical network layer, objects on said virtual network layer and
objects on said directory layer to generate a setup sequence of
equipment setup information so as to execute said setup sequence,
updating said network management database.
12. A network management method according to claim 11, wherein when
said objects on said directory layer are altered through said
user's request, objects on said virtual network layer corresponding
to said objects on said directory layer are altered to objects on a
virtual network layer having a different scheme among said
plurality of mutually different schemes.
13. A network management method according to claim 11, wherein when
said objects on physical layer are altered through said user's
request, objects on said virtual netwok layer corresponding to said
objects on said directory layer are altered to objects on a virtual
network layer having a different scheme among said plurality of
mutually different schemes.
14. A network management method according to claim 11, wherein said
equipment setup information is a Management Information Value.
15. A network management method according to claim 11, wherein a
command for altering said equipment setup information is issued to
said machines or equipment for which said setup status therefore is
to be altered, and wherein alteration of said equipment setup
information is made in response to said command.
Description
BACKGROUND OF THE INVENTION
[0001] The present invention relates to a network management
technique suited advantageously for employment in a network in
which media sharing type infrastructures and media switch type
infrastructures coexist mixedly.
[0002] Heretofore, a router apparatus and a bridge apparatus have
been widely used as the means for controlling communication
traffics by dividing a network into a plurality of segments.
Further, a high-speed/wide-band switch apparatus of ATM type
(Asynchronous Transfer Mode) has also been developed and used for
practical applications. As is stated in a draft of "IEEE 802.1q
Standards" published by the Institute of Electrical and Electronics
Engineers (IEEE) and disclosed in Japanese Unexamined Patent
Application Publication No. 130421/1997 (JP-A-9-130421) as well, it
is known to implement virtual networks, i.e., logical network
segments for every network port under the control of the switch
apparatus. However, there exist a plurality of standards for such
virtual network systems or schemes which differ from one to another
enterprise or from one to another industrial colleague.
[0003] On the other hand, as a scheme or system for managing
machines or equipment on a network, SNMP (Simple Network Management
Protocol) prescribed in "Request for Comment 1907 (RFC 1907)
published by the Internet Engineering Task Force (IETF) is adopted.
With this protocol, setup statuses of the individual machines or
equipment can be surveyed and/or altered on an
equipment-by-equipment basis.
[0004] Furthermore, as a method of managing information of the
users who are making use of network and computers connected to the
network by using a database, the directory services stipulated by
"X.500" is adopted as the international standards.
[0005] The conventional systems or schemes mentioned above,
however, suffer problems such as enumerated below.
[0006] 1) In the conventional systems known heretofore, it is
certainly possible to implement the logical network segments as the
virtual networks by setting previously the network for relaying or
repeating packets at the switch apparatus to thereby set up the
physical interconnection status of machines or equipment and the
logical interconnection status implemented by the virtual networks
independent of each other. In that case, however, much difficulty
is encountered in referencing or surveying the network
configuration as a whole over a wide range and altering or
modifying the same.
[0007] More particularly, because no consideration is paid to the
structure of a database destined for consolidative management for
the setup status and supervision of the whole virtual network
realized by a plurality of equipment, it is extremely difficult in
referencing or supervising and altering or modifying the setup
status of the virtual network configuration and the network address
structure over a plurality of machines or equipment.
[0008] 2) Furthermore, with regard to the packaging of the virtual
network, there have been proposed a plurality of different schemes.
By way of example, for the asynchronous transfer mode or ATM, LAN
emulation (hereinafter also referred to as the LANE) standardized
by the standardization association "ATM Forum" is packaged, i.e.,
adopted actually. Furthermore, concerning the Ethernet switch
apparatus, there exist various packaging schemes such as "VLAN
Scheme" (IEEE802.1q) currently under discussion for the
standardization by the International Standardization Association
"IEEE" in addition to those which have been expanded or extended
individually by diverse vendors.
[0009] Now, let's suppose a network environment in which a
plurality of virtual networks of different package types such as
mentioned above are combined coexistently. In such environment, it
is certainly possible to connect mutually the virtual networks
through the medium of the router apparatus. However, the method of
referencing or supervising and altering the setup status of the
virtual networks differs from one to another virtual network in
dependence on the package types as adopted, involving necessity of
performing the setup and other operations separately for each of
the virtual networks. More specifically, when there arises the
necessity of altering or changing the member equipment of the
virtual network segments, it is required to alter the setup
statuses thereof at the server apparatuses which are in charge of
managing the associated virtual network segments, respectively, or
the switch apparatuses or both of them.
[0010] In other words, when a plurality of virtual networks of
different types are combined coexistently, an extreme difficulty
will be encountered in managing the network as a whole while
referencing or altering the setup statuses of the virtual networks
in a consolidated manner at one location or station.
[0011] 3) Besides, when configuration of the logical network
segment implemented by the virtual network and that of the physical
network are grasped in terms of a logical network configuration as
viewed from the standpoint a higher-rank protocol, then the
management of the virtual network configuration has to be performed
separately from the management of the logical network layers with
the internet protocol or IP. In such network system, it is
impossible to grasp intuitively the physical equipment
interconnections as well as relations with and among the logical
network configurations. Consequently, when occurrence of obstacle
or failure in the network system is detected, extreme difficulty
will be involved in determining discriminatively the location where
the failure or disturbance is taking place.
[0012] As will now be appreciated from the foregoing, with the
conventional techniques, it is very difficult to realize a means
which allows a person in charge of managing or supervising the
network system to grasp intuitively the configuration or structure
of the network system as a whole by establishing or grasping
simultaneously correspondences among the logical network segment
structures implemented as the virtual networks, the physical
network configuration realized by physically wiring the equipment,
and the logical network configuration as viewed from the standpoint
of higher-rank protocols of variety.
SUMMARY OF THE INVENTION
[0013] In the light of the state of the art described above, it is
an object of the present invention to provide a network management
technique which is capable of managing easily a network system
which includes a plurality of virtual networks realized in
accordance with different schemes.
[0014] Another object of the present invention is to provide a
network management system implemented by adopting the network
management technique mentioned above.
[0015] Yet another object of the present invention is to provide
individual apparatuses required for constituting the
above-mentioned system.
[0016] Furthermore, it is an object of the present invention to
provide programs for realizing the individual apparatuses.
[0017] In view of the above and other objects which will become
apparent as the description proceeds, the present invention is
directed to a network management system for managing a computer
network in which a media switching type infrastructure and a media
sharing type infrastructure are combined coexistently.
[0018] In the network management system mentioned above, it is
taught according to a general aspect of the present invention that
a database for network management is provided, in which
correspondences are established among information concerning
physical connections of equipment on the network, information
concerning logical network configuration such as that of virtual
network and information concerning users who make use of the
network.
[0019] With the arrangement of the network management system
mentioned above, management of the network including a plurality of
virtual networks realized in accordance with respective schemes can
be facilitated because the setup status of the virtual networks can
be referenced, surveyed or altered easily in a consolidated manner
owing to the provision of the service-destined database which is
capable of storing the information concerning the physical
interconnections of network equipment, the information concerning
the logical virtual network configuration and the user
information.
[0020] In a preferred mode for realizing the network management
system according to the general aspect of the present invention
described above, there may be provided a display unit which is
capable of displaying the information concerning the physical
network, the information concerning the logical network and the
user information in the form of tree-structure type directory
data.
[0021] In another mode for realizing the network management system
according to the general aspect of the invention, it is preferred
to provide a display means which is capable of disposing the
physical network information, the logical network information and
the user information on different planes, respectively, for
displaying the information on all the planes three-dimensionally
within a single frame.
[0022] In a further mode for realizing the network management
system according to the general aspect of the invention, it is
preferred to provide an identification means for identifying
discriminatively the entities of individual equipment on the
network as well as interconnection relations thereof by using
physical addresses allocated inherently to network ports,
respectively.
[0023] By virtue of the arrangements described above, it is
possible to search (or retrieve) and alter the information
concerning the interconnection relations among the physical network
equipment, the information concerning the logical virtual network
configuration and the user information in a consolidated manner by
using as keys the physical addresses allocated to the physical
network equipment, respectively.
[0024] In conjunction with the preferred mode for carrying out the
invention described just above, it is preferred to provide a search
or retrieve means which is capable of searching or retrieving the
information of the physical addresses inherent to the network
ports, respectively, in response to queries about the logical
addresses.
[0025] The above and other objects, features and attendant
advantages of the present invention will more easily be understood
by reading the following description of the preferred embodiments
thereof taken, only by way of example, in conjunction with the
accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0026] In the course of the description which follows, reference is
made to the drawings, in which:
[0027] FIG. 1 is a view for illustrating in general an arrangement
of a network management system according to an embodiment of the
present invention;
[0028] FIG. 2 is a block diagram showing schematically and
generally a structure of a computer serving as a management console
which can be employed in the network management system according to
the invention;
[0029] FIG. 3 is a block diagram showing schematically and
generally a structure of a computer serving as a supervising
manager which can be employed in the network management system
according to the invention;
[0030] FIG. 4 is a block diagram showing schematically and
generally a structure of a computer serving as a management
platform which can be employed in the network management system
according to the invention;
[0031] FIG. 5 is a view for illustrating communication channels
formed or established among individual program modules in the
network management system according to the invention;
[0032] FIG. 6 is a block diagram illustrating a structure of a
management console program which can be employed in the management
console computer according to the invention;
[0033] FIG. 7 is a block diagram illustrating a structure of a
supervising manager program which can be employed in the
supervising manager computer according to the invention;
[0034] FIG. 8 is a block diagram illustrating a structure of a
management platform program which can be employed in the management
platform computer according to the invention;
[0035] FIG. 9 is a flow chart for illustrating a flow of
processings involved in collecting information concerning network
equipment up to display thereof in the network management system
according to the invention;
[0036] FIG. 10 is a conceptual view for illustrating storing or
packaging of network setup information in an object-oriented
database in the network management system according to the
invention;
[0037] FIG. 11 is a view for illustrating a data structure adopted
for handling object data on a plurality of network structure views
which are handled by the network management system according to the
invention;
[0038] FIG. 12 is a view for illustrating a structure of an address
management table employed in an environment for carrying out
dynamic address allocation in the network management system
according to the invention;
[0039] FIG. 13 is a view for illustrating a method or procedure for
handling in a consolidated manner the network setup information in
the network management system according to the invention;
[0040] FIG. 14 is a view for illustrating an example of display
generated on a screen of a display device of the management console
computer in the system according to the invention;
[0041] FIG. 15 is a view showing a plurality of network
configuration or structure views displayed stereoscopically and
hierarchically and illustrating mutual relations among the
directory structure views;
[0042] FIG. 16 is a flow chart for illustrating processings
involved in setting the information concerning the network
equipment in response to a command for altering the network
configuration or structure up to the display of updated network
structure information in the network management system according to
the invention;
[0043] FIG. 17 is a flow chart for illustrating a flow of
processings for retrieving MAC addresses inherent to network cards
mounted on individual equipment by making use of dynamic-structure
alteration susceptibility of the virtual network in the network
management system according to the invention; and
[0044] FIG. 18 is a view for illustrating an example of a table for
management of objects on the network, which table is employed in
the network management system according to the invention.
DETAILED DESCRIPTION OF THE EMBODIMENTS
[0045] The present invention will be described in detail in
conjunction with what is presently considered as preferred or
typical embodiments thereof by reference to the drawings.
[0046] Now, a network management system according to an exemplary
embodiment of the present invention will be described by reference
to FIGS. 1 to 18.
[0047] At first, referring to FIG. 1, description will be directed
to a system configuration in general of the network management
system according to the instant embodiment of the invention.
[0048] Connected to a network 20 are a computer 21 serving as a
management console (hereinafter referred to as the management
console computer), a computer 22 serving as a supervising manager.
(hereinafter referred to as the supervising manager computer), a
server computer 23 serving as a management platform (hereinafter
referred to as the management platform computer) for providing
equipment managing environment such as typified by SNMP (Simple
Network Management Protocol), a computer 24 for directory services
(hereinafter referred to as the directory server computer) and
management-subjected equipment 25 which is subject to
management.
[0049] As management console programs 210 which run on the
management console computer 21, there can be mentioned such program
modules as a display processing module 211, an input/output control
module 212, a web browser module 213 and a communication control
processing module 214. The display processing module 211 serves for
realizing the function of displaying network implementation
statuses to a network manager. The input/output control module 212
serves for realizing the function of allowing the network manager
to input commands. The web browser module 213 serves for providing
a standard environment for the management console. The
communication control processing module 214 serves for the function
for enabling dynamic information exchange between the management
console computer 21 and the supervising manager computer 22.
Incidentally, security function such as encrypted communication
facility may be incorporated in the communication control
processing module 214. Concerning the hardware structure of the
management console computer 21, description will be made later on
by reference to FIG. 2.
[0050] The display processing module 211, the input/output control
module 212 and the communication control processing module 214
running on the management console computer 21 can be down-loaded
from the supervising manager computer 22 as the program modules
designed to run on the web browser module 213 of the management
console computer 21 by making use of the function of the web
browser module 213. In that case, the module required to be loaded
in the management console computer 21 at the least may be only the
web browser module 213.
[0051] At this juncture, it should be mentioned that by preparing
the functions of the display processing module 211, etc., destined
to run on the management console computer 21 by using a language
which is not specific to any particular platform (i.e., language
common to or universal to the platforms) such as worldwide standard
language VRML (Virtual Reality Modeling Language), Java and the
like, the display processing module 211 and others can be so
implemented as to run on the web browser module 213 of given type
through combination with HTML (Hyper Text Markup Language) or the
like. Thus, the display processing module 211 and others can be so
prepared as to run on the computers of large variety so long as the
WWW (WorldWide Web) can be utilized. Furthermore, as the
communication control processing module 214 capable of running on
the management console computer 21, module conforming to other
publicly known standards such as FTP (File Transfer Protocol) can
be loaded or packaged.
[0052] As the supervising manager program 220 destined to run on
the supervising manager computer 22, there can be mentioned such
program modules as a communication control processing module 222, a
web server module 223, a database control module 224, a directory
service control module 225, an equipment control procedure
generating module 226, an equipment control communication
processing module 227 and an equipment discriminating or
identifying function module 228. Further provided is an equipment
setup information database (DB) 221 which is managed by the
supervising manager computer 22.
[0053] The communication control processing module 222 is so
designed as to allow dynamic information exchange with the
management console computer 21. The web server module 223 serves
for presenting static information display service to the management
console computer in cooperation with the web browser module 213.
The database control module 224 is designed for storing equipment
setup data required for management in the equipment setup
information database (DB) 221. The directory service control module
225 is so designed as to realize retrieval or search function for
equipment management data, network user information, etc., by
taking into account the structure of equipment and/or hierarchical
structure of enterprise organization. The equipment control
procedure generating module 226 serves for developing a setup
altering procedure for the network equipment to an equipment
setting sequence by making use of the equipment setup information
database 221. The equipment control communication processing module
227 serves to send the equipment setting sequence information to
the management platform computer 23. The equipment identifying
function module 228 is designed to identify discriminatively
network equipment. Incidentally, concerning the hardware structure
of the supervising manager computer 22, description will be made
later on by referring to FIG. 3.
[0054] As the management platform programs 230 which are destined
to run on the management platform computer 23, there are provided
an equipment control procedure execution module 231 and an SNMP
(Simple Network Management Protocol) manager module 232. The
equipment control procedure execution module 231 is so programmed
as to control the execution of the equipment setting sequence sent
from the supervising manager computer 22. On the other hand, the
SNMP manager module 232 sends the information for management to the
equipment to be set up (hereinafter referred to as the
setup-destined equipment) in accordance with the SNM protocol.
[0055] In this conjunction, it should be mentioned that in the case
where other equipment setup protocol than the SNMP is required, a
corresponding manager designed for sending equipment setup
information by using a relevant protocol may be disposed similarly
to the SNMP manager module 232 to thereby support the relevant
protocol. Incidentally, hardware structure of the management
platform computer 23 will be described later on by reference to
FIG. 4.
[0056] As the directory service programs 240 which run on the
directory server computer 24, there can be mentioned such server
program modules as typified by a directory server module 242 and a
communication control module 243. A directory database (DB) 241 is
managed by the directory server computer 24. The directory server
module 242 is in charge of controlling the directory database 241.
The communication control module 243 is designed to control the
communication with the supervising manager computer 22.
[0057] Furthermore, as a management-subjected equipment control
program 250 designed to run on the management-subjected equipment
25, there can be mentioned equipment control program modules such
as an equipment control module 251, a management information base
252 and an SNMP (Simple Network Management Protocol) agent module
253.
[0058] The equipment control module 251 is programmed to realize
the functions of the equipment itself. The management information
base 252 is standardized for realizing the network management
function through the medium of SNMP or the like. The SNMP agent
module 253 performs send/receive processings involved in
transferring information stored in the management information base
252 with the SNMP manager module 232.
[0059] Next, referring to FIG. 2, description will turn to the
structure of the management console computer 21.
[0060] The management console computer 21 is realized in a
structure similar to that of the conventional computer and is
comprised of a main unit 31, a portable-type disk drive 32 such as
a floppy disk drive or the like, a stationary disk storage 33, an
input device 35 such as a keyboard and/or a mouse, and an output
device 36 such as a display device. The main unit 31 in turn is
comprised of a disk controller 311, a main storage 312, a central
processing unit (or central arithmetic unit) 313, a communication
input/output interface controller 314, a keyboard/mouse controller
315 and a video board controller 316.
[0061] The management console computer 21 responds to the
input/output from/to the network 20 to thereby fetch the management
console program 210 including the program modules 211, 212, 213 and
214 for the management console to store them in the main storage
312. When the stationary disk drive 33 is provided, it is utilized
for the input/output of temporarily saved information 331 such as
cache data, etc. In this conjunction, it should be mentioned that
the management console program 210, the program modules 211, 212
and 214 except for the web browser module 213 can be delivered from
the network 20, and thus the stationary disk storage 33 illustrated
as being provided for the management console computer 21 is not
always the indispensable component for the network management
system according to the present invention.
[0062] Next, referring to FIG. 3, description will be made of the
structure or configuration of the supervising manager computer
22.
[0063] The supervising manager computer 22 is also realized in a
structure similar to that of the conventional computer and
comprised of a main unit 41, a portable-type disk drive 42 such as
a floppy disk drive, a fixed or stationary disk drive 43, an input
device 45 such as a keyboard and/or a mouse, and an output device
46 such as a display device. The stationary disk drive 43 stores
therein the equipment setup information database 221, a temporarily
saved information 431 such as cached data and a program file 432.
The main unit 41 in turn is comprised of a disk controller 411, a
main storage 412, a central processing unit (central arithmetic
unit) 413, a communication input/output interface controller 414, a
keyboard/mouse controller 415 and a video-board controller 416.
[0064] In the supervising manager computer 22, a group of the
program modules for the supervising manager computer and a group of
the program modules for the management console computer are held in
the stationary disk drive 43 in the form of program files 432. The
group of the program modules for the supervising manager computer
22 are executed on the main storage 412 of the supervising manager
computer 22. In response to an activation request issued from the
management console computer 21, the supervising manager computer 22
sends a group of the program modules 21 for the management console
computer to the latter through the medium of the communication
input/output interface controller 414. Further, send/receive
requests issued on a real time basis are processed in response to
user's operation or manipulation for the supervising manager
computer 22.
[0065] Further, the supervising manager computer 22 performs
communication with the management platform computer 23 for
acquisition and supply of the network equipment setup information.
This communication is also performed through the medium of the
communication input/output interface controller 414 by way of the
network 20 similarly to the communication with the management
console computer 21. Incidentally, the supervising manager computer
22 and the management platform computer 23 need not always be
provided independently. The functions of these computers 22 and 23
may be realized by using one and the same computer hardware. In
that case, the data transfer mentioned above can be realized
through a data bus provided internally of the computer mentioned
just above without need for intervention of the network.
[0066] Next, referring to FIG. 4, description will be made of the
structure of the management platform computer 23.
[0067] The management platform computer 23 is also realized in a
structure of the conventional computer and comprised of a main unit
51, a portable-type disk drive 52 such as a floppy disk drive, a
fixed or stationary disk drive 53, an input device 55 such as a
keyboard and/or a mouse, and an output device 56 such as a display
device. The stationary disk drive 53 stores therein a temporarily
saved information 531 such as cached data and a program file 532.
On the other hand, the main unit 51 is comprised of a disk
controller 511, a main storage 512, a central processing unit 513,
a communication input/output interface controller 514, a
keyboard/mouse controller 515 and a video-board controller 516.
[0068] Now, referring to FIG. 5, description will be made of
communication channels formed for the communications performed
among the individual program modules of the management console
program 210, the supervising manager program 220, the management
platform program 230, the directory service program 240 and the
management-subjected equipment control program 250 illustrated in
FIG. 1.
[0069] The communication channel established or secured between the
management console program 210 and the supervising manager program
220 includes a communication channel secured between the web server
module 223 and the web browser module 213 for transmission of
programs, and a communication channel established between the
communication control processing modules 214 and 222 in response to
a data send/receive request issued on a real time basis upon
activation of the program. As the protocol for these
communications, a conventional communication protocol such as "HTTP
(Hyper Text Transfer Protocol)" or "Socket" can be used.
[0070] Further secured or established between the supervising
manager program 220 and the directory service program 240, more
specifically, between the directory service control module 225 and
the communication control module 243 is a communication channel for
enabling search and update processing for the directory database
241. In that case, as the communication protocol to this end, there
may be employed a standard protocol such as DAP (Directory Access
Protocol) or LDAP (Lightweight Directory Access Protocol).
[0071] Furthermore, for allowing the supervising manager program
220 to acquire information from the network equipment and execute
setup operation, another communication channel is established
between the supervising manager program 220 and the management
platform program 230, more specifically, between the equipment
control procedure generating module 226 and the equipment control
procedure execution module 231. As the communication protocol to
this end, there can be employed a transfer protocol such as "ftb"
and a data exchange protocol such as a data stream processing
communication protocol. Besides, in the case where the management
platform program 230 and the supervising manager program 220 are
designed to run on the same computer hardware, an inter-process
communication mechanism such as a pipe can be employed
alternatively as the communication channel.
[0072] Additionally, communication channels are secured between the
SNMP manager module 232 of the management platform program 230 and
individual SNMP agents 253 of management-subjected equipment
control programs 250a, 250b, . . . , and 250n, respectively.
[0073] Next, referring to FIG. 6, description will be made in
detail of a structure of the management console program 210.
Parenthetically, in this figure, reference numerals same or
components as those used in FIG. 1 designate, respectively, like
parts as those shown in FIG. 1.
[0074] The management console program 210 is constituted by the
display processing module 211, the input/output control module 212,
the web browser module 213 and the communication control processing
module 214, as shown in FIG. 1. The management console program 210
can be functionally classified globally into three types of
application modules in dependence on the contents to be displayed
on the output device 36 (FIG. 2) which serves as a user interface
for the management console computer 21. They are a menu module
2101, a two-dimensional tree view module 2102 and a
three-dimensional tree view module 2103.
[0075] As the component modules for realizing the display
processing module 211, there can be mentioned a menu control
processing module 2111 which is implemented with a web-destined
script language such as HTML (Hyper Text Markup Language), Java
Script or the like, a two-dimensional tree control processing
module 2112 implemented with a web-destined program language and a
three-dimensional view control processing module 2113 implemented
with a script language for the three-dimensional display such as
VRML (Virtual Reality Modeling Language) or the like.
[0076] As the component modules for realizing the input/output
control module 212, there can be mentioned an input control module
2121 for controlling inputs from the menu as displayed, a
two-dimensional database control module 2122 for requesting the
supervising manager for input/output of data for the
two-dimensional display, a two-dimensional/three-dimensional
communication processing module 2123 for performing communication
control for inter-locking operations of the two-dimensional display
and the three-dimensional display, a three-dimensional database
control module 2124 for requesting the supervisory manager for
input/output of data for the three-dimensional display, and an
action library module 2125 for altering contents of the
three-dimensional display in accordance with the commands inputted
by the user.
[0077] As the constituent modules required for the web browser
module 213, there can be mentioned a virtual machine module 2131
for executing a web-destined program on the web browser and a VRML
(Virtual Reality Modeling Language) plug-in module 2132 designed
for executing actual display processing by processing the script
language for the three-dimensional display.
[0078] Furthermore, as the constituent modules for realizing the
communication control processing module 214, there can be mentioned
an equipment setting module 2141 for enabling to manipulate
directly the function of the management platform from the menu, a
two-dimensional database (DB) access module 2142 for actually
transferring to the supervisory manager a request issued by the
two-dimensional database control module 2122 to thereby acquire the
result thereof, and a three-dimensional database access module 2143
for actually transferring to the supervisory manager a request
issued by the three-dimensional database control module 2124 to
thereby acquire the result thereof.
[0079] Next, referring to FIG. 7, description will be made in
detail of a structure of the supervising manager program 220. In
the figure, like reference numerals as those used in FIG. 1 denote
components like as or equivalent to those shown in FIG. 1.
[0080] The supervising manager program 220 is constituted by such
program modules as the communication control processing module 222,
the web server module 223, the database control module 224, the
directory service control module 225, the equipment control
procedure generating module 226, the equipment control
communication processing module 227 and the equipment identifying
function module 228, as described hereinbefore by reference to FIG.
1. The equipment control procedure generating module 226 in turn is
comprised of an equipment control module 226a and an equipment
setting module 226b for relaying or repeating to the management
platform the information which is required for directly
manipulating the management platform computer 23 from the
management console computer 21.
[0081] As the constituent or component modules for implementing the
equipment communication control processing module 222, there are
provided for performing communication processing with the display
processing module 211 of the management console computer 21 a
two-dimensional database interface module 2221 for receiving
commands inputted from the two-dimensional database access module
2142 shown in FIG. 6, a three-dimensional database interface module
2222 for receiving commands inputted from the three-dimensional
database access module 2143, a data conversion module 2223 for
converting various types of information supplied from the equipment
setup information database 221 and the directory service program
240 into a format suited for data interfacing with the management
console program 210, and a database access control module 2224 for
performing a processing of distributing the various database access
requests to the pertinent database control modules for the
equipment setup information database 221, the directory database
241 and the like.
[0082] As the component module for implementing the equipment setup
information database 221, there is required a database function
such as an SQL (Structured Query Language) server 2211 or the
like.
[0083] Similarly, for realizing the database control module 224,
there are required a database function such as a view information
control module 2241 stored as the data common to the
two-dimensional display and the three-dimensional display, an
attribute information control module 2242 for controlling the
detail attribute information of the management-subjected equipment,
and an SQL (Structured Query Language) server 2243 designed for
database control.
[0084] As the component modules for implementing the directory
service control module 225, there are required a directory service
control interface module 2251 such as LDAP (Lightweight Directory
Access Protocol), API (Application Program Interface) or the like
for issuing a request for data search/update or the like to the
directory service.
[0085] Further, as another component module for implementing the
equipment control procedure generating module 226, there is
required an SNMP command sequence generating module 2261 for
generating an equipment control sequence in the form of a string of
commands conforming to SNMP (Simple Network Management Protocol)
representative of the equipment control protocol, to thereby supply
the control sequence to the management platform computer 23.
Besides, there may be prepared a similar command sequence
generating module for realizing or packaging the function for
collecting information from the equipment having no SNMP interface
and/or for the setup thereof.
[0086] As the equipment control communication processing module
227, there may be mentioned a gateway function 2271 to the
management platform.
[0087] Next, referring to FIG. 8, description will be made in
detail of a structure of the management platform program 230. In
the figure, like reference numerals as those used in FIG. 1 denote
components like as or equivalent to those shown in FIG. 1.
[0088] The management platform program 230 includes the equipment
control procedure execution module 231 and the SNMP manager module
232, as can be seen in FIG. 1.
[0089] As the component modules for realizing the equipment control
procedure execution module 231, there are provided a socket 2311
for receiving communication from the supervising manager computer
22, a database application program interface 2312 for manipulating
a local database of the management platform computer 23, and an
SNMP application program interface 2313 for enabling manipulation
of the SNMP manager 232.
[0090] The SNMP manager 232 has be to equipped with an application
program interface function for using an application program
interface 2321 when the manager function is employed. Additionally,
as other components of the SNMP manager module 232, there are
provided a network equipment managing engine 2322, a device
managing engine 2323, a local database 2324 for networks object and
an SNMP demon 2325 for generating SNMP packets.
[0091] The management-subjected equipment control programs 250a,
250b, . . . and 250n are constituted by the equipment control
modules. 251a, 251b, . . . and 251n, the management information
bases 252a, 252b, . . . and 252n, and the SNMP agents 253a, 253b, .
. . and 253n, respectively.
[0092] Next, by referring to FIG. 9, description will be directed
to a flow of processings involved in starting or activating of the
network management system according to the instant embodiment of
the invention, collecting the information concerning the individual
network equipment and displaying the network configuration
information in the management console computer. In the figure, like
reference numerals as those used in FIG. 1 denote components like
as or equivalent to those shown in FIG. 1.
[0093] Referring to FIG. 9, in the network management system
according to the present invention, the web browser module 213 of
the management console program 210 is activated in a step S61.
[0094] In succession, the network management system is activated in
a step S62.
[0095] In response to the activate processing of the web browser
module 213 in the step S61 and the activate processing of the
network management system in the step S62, the activation
processings mentioned below are executed.
[0096] In a step S631, the management console program 210 executes
download processing of the menu page, while the supervising manager
program 220 executes upload processing in a step S641. Then, the
menu page is called through communication between the web server
223 of the supervising manager program 220 and the web browser 213
of the management console program 210.
[0097] Subsequently, in a step S642, the supervising manager
program 220 executes a processing for searching or retrieving the
setup information of the individual network equipment from the
equipment setup information database 221.
[0098] At that time, the supervising manager program 220 decides in
a step S643 whether or not the setup information of all the
equipment has been acquired while confirming the existence of the
equipment on the network. When it is decided that the setup
information of all the equipment on the network has been acquired,
the processing proceeds to a step S647.
[0099] By contrast, when it is decided that the setup information
of all the equipment has not been acquired yet, the supervising
manager program 220 generates a sequence for acquiring the
equipment setup information (MIB values (Management Information
Base values)) in a step S644.
[0100] In succession, the supervising manager program 220 requests
the management platform program 230 to execute the setup
information acquisition processing in a step S645.
[0101] The management platform program 230 issues the SNMP command
to the management-subjected equipment control programs 250,
respectively, in response to the request for the setup information
acquisition processing issued by the supervising manager program
220 in a step S651.
[0102] Each of the management-subjected equipment control programs
250 executes the equipment setup information (MIB value)
acquisition processing in response to the SNMP command from the
management platform program 230 in a step S661. The equipment setup
information (MIB value) as acquired is then sent through the medium
of the management platform program 230 to the supervising manager
program 220, which receives the information through the processing
in the step S645.
[0103] Next, in a step S646, the supervising manager program 220
executes a processing for updating the equipment setup information
database on the basis of the equipment setup information as
received. The updated equipment setup information is sent back to
the web server module 223 to be received by the management console
program 210 through the upload processing in the step S641 and the
download processing in the step S631.
[0104] Furthermore, in a step S647, the supervising manager program
220 executes a processing for generating three-dimensional display
data.
[0105] Hereat, referring to FIG. 10, description will be made of
the concept of storing or packaging to network setup information in
the object-oriented database in the network management system
according to the instant embodiment of the invention.
[0106] Individual objects appearing in a directory tree structure
view 81 representing an organization are packaged or stored in the
directory database 241, while individual objects in a tree
structure view 82 representing a structure or configuration of the
virtual network are packaged in the equipment setup information
database 221, wherein correlations are established to individual
equipment setup information 83 (831a, . . . , and 831k),
respectively, which correspond to the individual equipment and the
functions thereof determined through the equipment control
procedure execution module 231 of the management platform computer
23.
[0107] In the case of the example illustrated in FIG. 10, two
objects "Department #1" and "Department #2" bear correspondences to
two virtual segments of LAN emulations "ELAN #1" and "ELAN #2",
respectively, while two sections "Section #1" and "Section #2",
correspond to two virtual segments "VLAN #1" and "VLAN #2",
respectively. At this juncture, it should be mentioned that in the
case where the correspondence relations lack consistency, it is
possible to indicate the correspondence relations by arrows.
[0108] Furthermore, relations between the users and the individual
LEC objects are defined. When the user occupies exclusively one
LEC, the correspondence relation with the object is indicated by
one-to-one correspondence relation. On the other hand, when a
plurality of users use one LEC, the correspondence relation is
indicated by a "plural-to-one" correspondence relation. Similarly,
in the case where one user is using a plurality of LECs, the
relation can be given by "one-to-plural" correspondence
relation.
[0109] The objects 831a, . . . and 831k represent object data of
the equipment displayed on the physical network, respectively, and
are related to the individual objects on the virtual network.
[0110] Thus, when the setup status of an object on the virtual
network is to be altered, the relevant equipment for which
manipulation should be performed can easily be identified. Besides,
when the department to which a user belongs is to be changed, it
can be easily determined how to alter or change the configuration
of the virtual network or for which of the equipment the alteration
of the network configuration is to be performed.
[0111] Next, referring to FIG. 11, description will be directed to
an exemplary or typical data structure for handling the object data
on a plurality of network structure views handled by the network
management system according to the instant embodiment of the
invention.
[0112] Object items 85 and object attributes 86 are stored as parts
of the main storage 412 of the supervising manager computer 22,
wherein the object items 85 represents the data of one object
displayed on a given one of the network layers.
[0113] An object identifier 851a is composed of an ID (identifier)
of the network layer to which the relevant object belongs and an ID
of the object on that network layer.
[0114] Individual information such as object information 851b of
the physical network layer, link information 851c for the physical
network layers, object information 851d of the virtual network
layer, link information 851e for the virtual network layers, object
information 851f of the logical network layer, link information
851g for the logical network layers, object information 851h of the
directory layer, link information 851i for the directory layers,
object information 851j of added layer and link information 851k
for the added layer are stored as pointers at respective relevant
areas of the main storage 412 storing actually the data of the
object attribute database 86 to be used as the association
information (relation establishing information) for the other
objects in the same network or objects on the other network
layers.
[0115] By way of example, in order to know in what fashion a given
object is shown on the physical network layer, then the physical
network layer object information 851b may be referenced to make
access to the area where the attribute information of that object
is stored. Thus, the information of concern can be obtained.
[0116] Furthermore, in order to know what kind of relation or
association the above-mentioned object bears to other object on the
physical network, then the physical network layer link information
851c may be referenced to make access to the area where the object
attribute information is stored, to thereby acquire the information
of concern.
[0117] By adding the object association information such as
mentioned above, information concerning services or the like on the
other networks can also be added easily although not described
concretely herein.
[0118] Next, referring to FIG. 12, description will be made of a
structure of an address management table employed in the
environment in which address allocation is performed dynamically in
the network management system according to the instant embodiment
of the invention.
[0119] The address management table 50 for managing the IP address
allocation status contains a list of addresses 501 of the IPs which
are to be managed with this table as the subjects for the address
allocation, information concerning active/reserved/unoccupied
statuses of the IP addresses, as designated by reference numeral
502, and information concerning MAC addresses allocated to network
ports of the machines or equipment to which the IP addresses have
been allocated, as designated by reference numeral 503. The address
management table 50 is stored in the main storage 412 incorporated
in the supervising manager computer 22.
[0120] The active/reserved/unoccupied statuses 502 of the IP
addresses can be indicated by the respective records 541a 541b, . .
. and 541z. By way of example, the IP address "192.168.11.0" of the
record 541a is allocated with the MAC address "00:00:00:22:11:42"
at the port, indicating that the corresponding IP address is
currently in the reserved state, which in turn means that the
relevant IP address is not currently being used. The IP address
"192.168.11.2" is allocated with the MAC address
"00:00:00:23:11:55" and is in the active state, i.e., "used or
occupied states". Needless to say, similar management can be
performed on the other logical addresses than the IP addresses.
[0121] In this manner, with the dynamic logical address allocation
facility described above, it is possible to manage the address
allocation status on a real-time basis.
[0122] Now, turning back to FIG. 9, processings executed by the
management console program 210 in succession to the step S632 will
be described.
[0123] In a step S632 in FIG. 9, the management console program 210
executes the directory information acquisition processing for the
supervising manager program 220.
[0124] In a step S648, the supervising manager program 220 responds
to a directory information acquisition request issued by the
management console program 210 to thereby issue a request for
search of the directory database 241.
[0125] In a step S671, the directory service program 240 makes
access to the directory server module 242 in response to the
above-mentioned search request to thereby acquire the directory
information which is then transferred to the supervising manager
program 220.
[0126] On the other hand, the supervising manager program 220
transfers the received directory information to the management
console program 210 through the processing in a step S648.
[0127] Thus, the management console program 210 acquires the
directory information through the processing in the step S632.
[0128] At this juncture, referring to FIG. 13, description will be
made of a registration method which allows the network setup
information packaged in the object-oriented database shown in FIG.
10 to be handled on the directory database 241 in a consolidated
manner.
[0129] As described hereinbefore by reference to FIG. 10, the data
91, 92 and 93 hierarchized on a group basis are registered in the
directory database 241, respectively, at locations determined with
reference to other object of a same level in each of the groups.
More specifically, of the data 91, the user related information
"User Info.", and the logical network structure information of the
virtual network "Virtual Network Info." and the physical connection
information of the equipment and the network "physical Equipment"
are registered in a same hierarchical layer.
[0130] The directory "User Info.", for the user-related information
has a tree structure in which "Organization" is located at
hierarchically lower layer with "Department #1" and "Department #2"
being located hierarchically at lower layer than "User Info.". As
to the logical network structure information "Virtual Network
Info.", data 92 of tree structure is registered in "Virtual Network
Info." of the data 91, whereby such a tree structure is realized in
which "LECS" is disposed at a hierarchically lower layer of
"Virtual Network Info." of the data 91 with "ELAN #1" and "ELAN #2"
being located at hierarchically lower layer than "LECS". Similarly,
in the physical connection information "Physical Equipment", data
93 is registered in data 91 "Physical Equipment", wherein
information "ATM", "LECS", "LES", etc., are located at
hierarchically lower level than the data 91 "Physical
Equipment".
[0131] By virtue of the registration such as described above, the
setup information of the individual equipment, the information of
the virtual network structure or configuration and the user
management information can be handled as the same type directory
service data, and at the same time the relations or associations
between the users and the equipment can easily be packaged in
association with the individual object data on the directory
service.
[0132] Furthermore, owing to the availability of the inter-object
access control list and the authentication function, manipulation
as well as method for allowing the user to make access to the
individual equipment can easily be defined. In this conjunction, it
should also be mentioned that by defining the authentication
functions for the equipment and the virtual networks similarly to
the authentication of the users, the network management system of
significantly high reliability can be realized while assuring very
high security.
[0133] Now, referring to FIG. 14, description will be made of an
example of display generated on a screen of a display device of the
management console computer 21 according to the invention.
[0134] The screen of the display device which serves as the output
device 36 of the management console computer 21 may be composed of
display areas 1901, 1904 and 1905, a control area or field 1903 and
others. In the display area 1901 located at a left-hand side of the
display screen, the data acquired or read out from the directory
database 241 are displayed in a tree structure. In the case of the
illustrated example, the user-related information "User Info."
contained in the data 91 described hereinbefore by reference to
FIG. 14 is displayed in the area 1901. Incidentally, by displaying
the menu by clicking a button 1901A, it is possible to display
equally the logical network configuration information "Virtual
Network Info.". or the physical connection information "Physical
Equipment" in place of the user-related information "User
Info.".
[0135] In the display area 1904, a three-dimensional display is
generated. The three-dimensional display is composed of a user's
display plane 1040 for displaying the user-related information, a
virtual network display plane 1020 for displaying the logical
network configuration information and a physical network display
plane 1010 for displaying the physical connection information,
details of which will be described later on by reference to FIG.
16. By generating the three-dimensional display in this manner, the
information of the users as well as the network information can be
displayed very effectively. In this conjunction, it should however
be added that although the three-dimensional image is displayed in
the case of the example illustrated in FIG. 14, the two-dimensional
image generated through the processing in the step S633 shown in
FIG. 9 can equally be displayed by changing the display method
correspondingly.
[0136] The control field 1903 is provided for allowing the sight
line for the display area 1904 displayed three-dimensionally. The
display area 1905 serves as a status display area for displaying
the menu of items for manipulation and the current statuses.
[0137] Now referring to FIG. 15, description will be directed to a
typical method of handling inter-layer relations in the case where
a plurality of network structure views and a directory structure
view are displayed stereoscopically in hierarchical layers in the
network management system according to the instant embodiment of
the invention. Parenthetically, FIG. 15 shows the contents
displayed in the three-dimensional display area 1904 described
above by reference to FIG. 14.
[0138] In the physical network display plane 1010 for displaying
the physical interconnection information, there is displayed an
example of the physical network structure view showing
three-dimensionally the physical interconnection relation of the
networks handled by the network management system according to the
instant embodiment of the invention.
[0139] More specifically, there are arrayed in the form of
stereoscopic object icons on the three-dimensionally displayed
plane 1010, an ATM (Asynchronous Transfer Mode) switch 1012, a
router 1013 connected to the ATM switch 1012, a personal computer
1011 on which LECS is running, personal computers 1014a and 1014b
on which LES is running, personal computers 1015a, . . . , 1015f on
which LEC are running, a switch 1016 and connection 1019 to other
network, respectively. Further, in order to indicate mutual
connections among the machines or equipment, lines indicating the
equipment interconnection relations are displayed among the
individual object icons.
[0140] Displayed on the virtual network display plane 1020 for
displaying the logical network configuration information is a
typical virtual network structure view showing three-dimensionally
implementation statuses of virtual network segments of the network,
as handled by the network management system according to the
invention.
[0141] More specifically, shown on the virtual network display
plane 1020 as the virtual network segments are emulated LANs 1027a
and 1027b as well as VLANs 1028a and 1028b in the form of closed
areas, respectively, wherein servers and clients constituting the
virtual network are shown as stereoscopical object icons,
respectively. In more concrete, the LECS 1021 and the LESs 1024a
and 1024b are shown as server objects of the LAN emulation as
connected to the ATM while the LESs 1025a, . . . , 1025f and the
Ethernet switch apparatus 1022 are shown as the client objects,
respectively. It can further be seen that lines are displayed for
indicating server-client relations between the server objects and
the client objects, respectively.
[0142] The user display 1040 is generated in dependence on the
users and the departments or sections of an organization to which
the users belongs. In the case of the example illustrated in FIG.
10, the directory data are displayed three-dimensionally in the
form of a directory data structure 81. Two departments "Department
#1" and "Department #2" mentioned previously by reference to FIG.
10 are shown as the closed areas, respectively. On the other hand,
sections "Section #1" and "Section #2" are shown in the form of
closed areas 1048a and 1048b, respectively. The ranking relation
among the individual areas and the affiliations of the users are
indicated by subsumptive relations among the closed areas,
respectively. Thus, the individual users 1045a, . . . , 1045f are
disposed within the closed areas indicating the departments or
sections to which the users belong, respectively.
[0143] Arrows 1401a; 1401b and 1402a; 1402b represent relations or
associations among the objects shown as the stereoscopical object
icons in a plurality of network structure views. By way of example,
the arrow 1401b indicates that in the virtual network, the user
1045a is a same entity as the LEC computer 1025a which belongs to
the virtual segment 1027a. Further, the arrow 1401c indicates that
in the physical network, the LEC computer 1025a is a same entity as
the computer 1015a. Similarly, correspondence relations among the
user 1045c, the computer 1025c on the virtual network and the
computer 1015a on the physical network are indicated by the arrows
1402b and 1402c, respectively.
[0144] Next, referring to FIG. 16, description will be made of a
flow of processings involved in setting the information concerning
the individual network equipment up to the generation of display of
the information concerning an altered or updated network structure
or configuration in response to a user's command demanding
alteration or change of the network configuration in the network
management system according to the invention.
[0145] In a step S71, when user inputs a command for alteration or
change or modification of the network configuration, processings
according to the instant embodiment of the invention is
started.
[0146] In a step S731, the management console program 210 decides
whether or not the user's command indicates alteration of the
network configuration. Unless the command indicates the alteration,
i.e., when the decision step S731 results in negation "NO", the
processing proceeds to a step S733.
[0147] When the network configuration being set up is to be
altered, the management console program 210 messages or informs the
supervising manager program 220 of the contents of the
alteration.
[0148] Upon reception of the message informing the alteration, the
supervising manager program 220 acquires the contents of alteration
in a step S741.
[0149] In succession, the supervising manager program 220 searches
the equipment setup information database 221 in a step S742.
[0150] In a step S743, the supervising manager program 220 lists up
the machines or equipment for which the setup status is to be
altered.
[0151] Subsequently, the supervising manager program 220 checks
validity of the contents of the alteration as well as the validity
of the setup status updating processing in a step S744.
[0152] In a step S745, the supervising manager program 220
generates a sequence of the equipment setup information (MIB
(Management Information Base) values).
[0153] In succession, in a step S746, the supervising manager
computer 22 activates the setup processing while informing the
management platform program 230 of the setup processing.
[0154] In a step S751, the management platform program 230 issues
the SNMP command to the individual management-subjected equipment
control programs 250, respectively, in accordance with the setup
processing information issued by the supervising manager program
220.
[0155] In a step S761, the management-subjected equipment control
program 250 executes the setup processing in accordance with the
equipment setup information (MIB values) in response to the SNMP
command issued by the management platform program 230. Upon
completion of the setup processing, information concerning
completion of the setup processing is sent to the supervising
manager program 220 through the medium of the management platform
program 230 and received by the former through the processing in a
step S746.
[0156] In succession, in a step S747, the supervising manager
computer 22 updates the contents of the equipment setup information
database 221.
[0157] Additionally, in a step S748, the supervising manager
program 220 issues a request to the directory service program 240
for updating the contents of the directory database 241.
[0158] Upon reception of the content updating request mentioned
above, the directory service program 240 makes access to the
directory server module 242 to update the contents of the directory
database 241 in a step S771.
[0159] On the other hand, the supervising manager program 220
terminates the alteration or updating processing in a step
S749.
[0160] Upon reception of the information of completion of the
alteration processing, the management console program decides
whether or not the contents of display is to be updated in a step
S733. When the display is not to be updated, the processing
proceeds to a step S736.
[0161] By contrast, when the content of display is to be updated,
the management console program 210 executes the two-dimensional
display program for altering or modifying the content of display,
to thereby generate two-dimensional display data on the screen of
the output device 36 such as the display device of the management
console computer 21 in a step S734.
[0162] In a step S735, the management console program 210 executes
the three-dimensional display program to alter the content of
display, for thereby generating the three-dimensional display data
on the screen of the output device 36 such as the display screen of
the management console computer 21.
[0163] Furthermore, in a step S736, the management console program
210 executes the directory display data generating processing for
generating the directory display data on the screen of the output
device 36 such as the display screen of the management console
computer 21.
[0164] Thereafter, the processing of the management console program
210 makes transition to a step S737 where the user's input is
waited for.
[0165] Next, referring to FIG. 17, description will be made of a
flow of processings for identifying the network equipment and
searching or retrieving the MAC (Media Access Control) addresses
intrinsic to network cards each mounted on the equipment by making
use of the dynamic virtual network altering facility, for thereby
acquiring topology information which represents the
physical-interconnection relations of the network equipment in the
network management system according to the invention.
[0166] Referring to FIG. 17, in a step S910, the supervising
manager program 220 responds to activation of the VLAN topology
search by activating a topology search system in a step S911.
[0167] In succession, the supervising manager program 220 executes
a processing for retrieving the setup information of the individual
network equipment.
[0168] At that time, the supervising manager program 220 decides in
a step S913 whether or not the setup information of all the LANs
have been acquired while confirming the interconnection relations
of the equipment on all the LANs. When it is decided that the setup
information of the equipment on all the LANs have already been
acquired, the processing proceeds to a step S919.
[0169] By contrast, when it is decided that the setup information
of the equipment on all the LANs have not been acquired yet, i.e.,
when the interconnection relations among the equipment have not
defined yet is found, the supervising manager program 220 activates
existing VLAN setup information acquisition processing for saving
temporarily the information concerning the current virtual network
configuration, whereon request for the acquisition processing of
the setup information is issued to the management platform program
230 in a step S914.
[0170] The management platform program 230 issues the SNMP command
to the management-subjected equipment control programs 250,
respectively, in response to the request for the setup information
acquisition processing issued by the supervising manager program
220 in a step S931.
[0171] Each of the management-subjected equipment control programs
250 executes the equipment setup information (MIB value)
acquisition processing in response to the SNMP command from the
management platform program 230 in a step S941. The equipment setup
information (MIB value) as acquired is then sent through the medium
of the management platform program 230 to the supervising manager
program 220, which receives the information through the processing
in the step S914.
[0172] Next, in a step S915, the supervising manager program 220
activates the setup processing for the searching or retrieving VLAN
and issues a message of the processing for setting the setup
information for the management platform program 230.
[0173] In a step S931, the management platform program 230 issues
the SNMP command to the individual management-subjected equipment
control programs 250, respectively, in accordance with the setup
processing information issued by the supervising manager program
220. In that case, the management platform program 230 alters
dynamically the virtual networks managed by the equipment by
performing the control for retrieving the individual network
ports.
[0174] In a step S942, the management-subjected equipment control
program 250 executes the setup processing in accordance with the
equipment setup information (MIB values) in response to the SNMP
command issued by the management platform program 230. Upon
completion of the setup processing, information concerning
completion of the setup processing is sent to the supervising
manager program 220 through the medium of the management platform
program 230.
[0175] In that case, the supervising manager program 220 executes
the MAC address information query processing in a step S916. In
other words, the supervising manager program 220 can grasp the
inter-equipment connection relations by retrieving the MAC
addresses of the equipment connected to the ports,
respectively.
[0176] Next, in a step S917, the supervising manager program 220
executes a processing for restoring the original virtual network
configuration after completion of a series of the processings
described above.
[0177] Furthermore, in a step S918, the supervising manager
computer 22 updates the contents of the equipment setup information
database 221.
[0178] Now, description will be made of an exemplary object
management table indicating the interconnection status of the
network which results from the updating step S918 and which is
stored in the equipment setup information database 221.
[0179] The object management table 60 contains a list of MAC
addresses 61 employed for identification of the objects, a list of
computer names 62 used as the names representing the objects,
respectively, a list of logical address allocation statuses 63
indicating the addresses allocated to the individual objects and a
list of given statuses 64. Each of the objects is identified by the
intrinsic MAC address allocated to the port of the equipment and
can be managed independent of the allocation status of the logical
network addresses. The object management table 60 is generated by
the supervising manager program 220 and stored in the equipment
setup information database 221 of the supervising manager computer
22.
[0180] Now, turning back to FIG. 17, the supervising manager
program 220 makes decision as to whether or not the search has been
completed for all the ports. Unless the search has been completed,
the steps S914 et seq. are executed repeatedly. When the search has
been completed, the VLAN topology search processing comes to an
end.
[0181] As will now be appreciated from the foregoing description,
according to the teachings of the present invention incarnated in
the illustrated embodiment, the interconnection relation of the
physical network equipment, logical structure information of the
virtual networks and the user information can be stored in the
directory service data. By virtue of such arrangement, the setup of
the virtual network can be referenced or supervised or altered
easily at one location or place in a consolidated manner.
[0182] By using the management console computer capable of
generating the two-dimensional or three-dimensional display, the
configuration of the logical network segments based on the virtual
network and the physical network configuration implemented through
physical wiring of the equipment can be managed will very high
reliability and accuracy while establishing concurrently the
correspondences, respectively, to the logical network
configurations as viewed from various upper-rank protocols.
[0183] Additionally, the information concerning the physical
interconnection relations among the network equipment, the
information concerning the logical virtual network configuration
and the user information can be searched and altered in a
consolidated manner by using as the key the MAC addresses allocated
to the physical network equipment even when the information
mentioned above can not be acquired directly by resorting to the
SNMP or like means.
[0184] Besides, by making use of the database, the logical network
segment configuration based on the virtual network, the physical
network configuration as viewed from various upper-rank protocols
can be managed while establishing concurrently correspondences
thereamong by using as the keys the MAC addresses allocated to the
physical network configuration, respectively.
[0185] Thus, according to the teachings of the present invention
management of the network including the virtual networks
implemented in conformance with plural schemes or standards can be
carried out easily.
* * * * *