CN109783196B - Virtual machine migration method and device - Google Patents

Virtual machine migration method and device Download PDF

Info

Publication number
CN109783196B
CN109783196B CN201910044144.XA CN201910044144A CN109783196B CN 109783196 B CN109783196 B CN 109783196B CN 201910044144 A CN201910044144 A CN 201910044144A CN 109783196 B CN109783196 B CN 109783196B
Authority
CN
China
Prior art keywords
security engine
virtual machine
engine group
configuration file
target virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910044144.XA
Other languages
Chinese (zh)
Other versions
CN109783196A (en
Inventor
周帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN201910044144.XA priority Critical patent/CN109783196B/en
Publication of CN109783196A publication Critical patent/CN109783196A/en
Application granted granted Critical
Publication of CN109783196B publication Critical patent/CN109783196B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the application provides a virtual machine migration method and device, and relates to the technical field of communication. The method comprises the following steps: receiving a virtual machine migration command, wherein the virtual machine migration command is used for instructing a target virtual machine to be migrated from a first security engine group to a second security engine group; and if the second security engine group meets the preset migration condition, copying the configuration file of the target virtual machine, which is pre-stored in the first security engine group, into the second security engine group, and establishing the corresponding relation between the configuration file and the target virtual machine. By adopting the virtual machine migration method provided by the embodiment of the application, the virtual machine migration efficiency can be improved, and various problems caused by misoperation in the virtual machine migration process can be reduced.

Description

Virtual machine migration method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for migrating a virtual machine.
Background
At present, a security device generally provides services for a user in a multi-tenant shared virtual machine manner, in which one security device may be virtualized into multiple logical devices (i.e., virtual machines). Each virtual machine has own exclusive software and hardware resources and operates independently. For users, each virtual machine is an independent device, and management and maintenance are convenient; for a manager, one physical device is virtualized into a plurality of logical devices for different branches, so that the existing investment can be protected, and the networking flexibility is improved.
The security device is provided with a service processing board card (which may be referred to as a security engine), and a technician may divide the security engine in the security device into a plurality of security engine groups, for example, may divide one service processing board card (i.e., the security engine) into a plurality of security engine groups, or may divide a plurality of service processing board cards (i.e., the security engines) into one security engine group. After each virtual machine is created, a technician needs to allocate a security engine group to the virtual machine, and store a configuration file of the virtual machine in the security engine group corresponding to the virtual machine. And then, running the configuration file of the virtual machine through the security engine group to realize the operations of starting, configuring, restarting and the like on the virtual machine, thereby providing an actual running environment for the virtual machine. The configuration files of a plurality of virtual machines can be stored in one security engine group.
When a plurality of security engine groups exist on the security device, if the virtual machines in the security engine group a need to be migrated into the security engine group B, a technician needs to manually migrate the configuration files of the virtual machines in the security engine group B, which results in low migration efficiency of the virtual machines. For example, a security engine group a is configured in a certain security device, and 30 virtual machines reside in the security engine group a, that is, configuration files of the 30 virtual machines are stored in the security engine group a. Based on business requirements, technicians increase a security engine group B and need to migrate 15 virtual machines in the security engine group A to the security engine group B, at this time, the technicians need to copy configuration files of the 15 virtual machines to the security engine group B one by one, and migration efficiency is low.
Disclosure of Invention
In view of this, the present application provides a method and an apparatus for migrating a virtual machine, so as to achieve the technical effect of improving the migration efficiency of the virtual machine and reduce various problems caused by misoperation during the migration process of the virtual machine. The specific technical scheme is as follows:
in a first aspect, a migration method of a virtual machine is provided, where the method includes:
receiving a virtual machine migration command, wherein the virtual machine migration command is used for instructing a target virtual machine to be migrated from a first security engine group to a second security engine group;
and if the second security engine group meets the preset migration condition, copying the configuration file of the target virtual machine, which is pre-stored in the first security engine group, into the second security engine group, and establishing the corresponding relation between the configuration file and the target virtual machine.
Optionally, if the second security engine group meets a preset migration condition, copying the configuration file of the target virtual machine, which is pre-stored in the first security engine group, to the second security engine group, including:
detecting whether a security engine exists in the second security engine group;
if a security engine exists in the second security engine group, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group.
Optionally, the method further includes:
and if no security engine exists in the second security engine group, displaying first prompt information, wherein the first prompt information is used for prompting that no security engine exists in the second security engine group.
Optionally, if a security engine exists in the second security engine group, copying the configuration file of the target virtual machine, which is pre-stored in the first security engine group, into the second security engine group, including:
if the second security engine group has a security engine, judging whether the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group;
and if the storage space occupied by the configuration file of the target virtual machine is not more than the current residual storage space of the second security engine group, copying the configuration file of the target virtual machine, which is stored in the first security engine group in advance, into the second security engine group.
Optionally, the method further includes:
and if the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group, displaying second prompt information, wherein the second prompt information is used for prompting that the storage space of the second security engine group is insufficient.
Optionally, before copying the configuration file of the target virtual machine pre-stored in the first security engine group to the second security engine group, the method further includes:
judging whether a configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group;
if the configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group, displaying the coverage prompt information of the configuration file;
if a coverage prohibition instruction input by a user is received, establishing a corresponding relation between a configuration file corresponding to the equipment identifier in the second security engine group and the target virtual machine;
and if a coverage instruction input by a user is received, deleting the configuration file corresponding to the equipment identifier in the second security engine group, and executing the step of copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group.
In a second aspect, an apparatus for migrating a virtual machine is provided, the apparatus including:
the virtual machine migration module is used for receiving a virtual machine migration command, and the virtual machine migration command is used for indicating that a target virtual machine is migrated from a first security engine group to a second security engine group;
and the migration module is used for copying the configuration file of the target virtual machine, which is pre-stored in the first security engine group, into the second security engine group and establishing the corresponding relation between the configuration file and the target virtual machine if the second security engine group meets a preset migration condition.
Optionally, the migration module is specifically configured to:
detecting whether a security engine exists in the second security engine group;
if a security engine exists in the second security engine group, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group.
Optionally, the apparatus further comprises:
the first display module is configured to display first prompt information if no security engine exists in the second security engine group, where the first prompt information is used to prompt that no security engine exists in the second security engine group.
Optionally, the migration module is specifically configured to:
if the second security engine group has a security engine, judging whether the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group;
and if the storage space occupied by the configuration file of the target virtual machine is not more than the current residual storage space of the second security engine group, copying the configuration file of the target virtual machine, which is stored in the first security engine group in advance, into the second security engine group.
Optionally, the apparatus further comprises:
and the second display module is used for displaying second prompt information if the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group, wherein the second prompt information is used for prompting that the storage space of the second security engine group is insufficient.
Optionally, the apparatus further comprises:
the judging module is used for judging whether a configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group;
if the configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group, triggering a third display module to display the coverage prompt information of the configuration file;
if a coverage prohibition instruction input by a user is received, triggering the migration module to establish a corresponding relation between the configuration file corresponding to the equipment identifier in the second security engine group and the target virtual machine;
and if a coverage instruction input by a user is received, triggering the migration module to delete the configuration file corresponding to the equipment identifier in the second security engine group, and executing the step of copying the configuration file of the target virtual machine pre-stored in the first security engine group to the second security engine group.
In a third aspect, an electronic device is provided, which includes a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of the first aspect when executing the program stored in the memory.
In a fourth aspect, a computer-readable storage medium is provided, having stored thereon a computer program which, when being executed by a processor, carries out the method steps of the first aspect.
In a fifth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method steps of the first aspect described above.
Therefore, by applying the virtual machine migration method and apparatus provided by the present application, the network device may receive a virtual machine migration command, where the virtual machine migration command is used to instruct to migrate the target virtual machine from the first security engine group to the second security engine group. If the network equipment determines that the second security engine group meets the preset migration condition, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group, and establishing a corresponding relation between the configuration file and the target virtual machine. Therefore, automatic copying of the configuration file of the virtual machine can be realized, technicians do not need to manually migrate the configuration file of the virtual machine in the security engine group, and the migration efficiency of the virtual machine is improved. In addition, according to the scheme, automatic copying of the configuration file of the virtual machine can be realized, and manual configuration of technicians is not needed, so that various problems caused by misoperation in the virtual machine migration process can be reduced.
Of course, not all advantages described above need to be achieved at the same time in the practice of any one product or method of the present application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a network system provided in an embodiment of the present application;
fig. 2 is a flowchart of a migration method of a virtual machine according to an embodiment of the present application;
fig. 3 is a flowchart of a migration method of a virtual machine according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a migration apparatus of a virtual machine according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a migration apparatus of a virtual machine according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a migration apparatus of a virtual machine according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a migration apparatus of a virtual machine according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a network device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a virtual machine migration method, which can be applied to network equipment, wherein the network equipment can be security equipment such as firewall equipment and the like, and can also be routing equipment. The network device may be virtualized into multiple logical devices (i.e., virtual machines). Each virtual machine has own exclusive software and hardware resources and operates independently. Therefore, for a user, each virtual machine is an independent device, and management and maintenance are convenient; for a manager, one physical device can be virtualized into a plurality of logical devices for different branches, so that the existing investment can be protected, and the networking flexibility is improved.
As shown in fig. 1, a schematic diagram of a network system provided in an embodiment of the present application is a network system in which three different local area networks, namely, LAN 1, LAN 2, and LAN 3, exist, and are connected to an external network through the same network device. Through virtualization technology, three virtual machines (i.e., virtual machine 1, virtual machine 2, and virtual machine 3) are created on a network device, each virtual machine logically corresponds to an independent device, has an independent configuration file, and is respectively responsible for secure access to LAN (chinese: local area network) 1, LAN 2, and LAN 3. In this way, the network administrators of LAN 1, LAN 2, and LAN 3 can log on their own devices (virtual machines) to perform configuration, saving, and restarting operations, as if they were operating an independent device without affecting the use of other networks.
A service processing board card (which may be referred to as a security engine) is disposed in the network device, and a technician may divide the security engine in the network device into a plurality of security engine groups, for example, may divide one service processing board card (i.e., the security engine) into a plurality of security engine groups, or may divide a plurality of service processing board cards (i.e., the security engines) into one security engine group. After each virtual machine is created, a technician needs to allocate a security engine group to the virtual machine, and store a configuration file of the virtual machine in the security engine group corresponding to the virtual machine. And then, running the configuration file of the virtual machine through the security engine group to realize the operations of starting, restarting and the like on the virtual machine and provide an actual running environment for the virtual machine. In practical applications, a security engine group typically stores configuration files of multiple virtual machines.
The following describes in detail a migration method of a virtual machine provided in an embodiment of the present application with reference to a specific embodiment, and as shown in fig. 2, specific steps are as follows.
Step 201, receiving a virtual machine migration command.
The virtual machine migration command is used for instructing the target virtual machine to be migrated from the first security engine group to the second security engine group.
In the embodiment of the present invention, a network device may be provided with a virtual machine management function, and a technician may manage and configure a virtual machine created in the network device through the virtual machine management function. When a technician needs to migrate a target virtual machine in a certain security engine group (which may be referred to as a first security engine group) to another security engine group (which may be referred to as a second security engine group), the technician can modify the security engine group in which the target virtual machine resides through a virtual machine management function.
In one possible implementation, the network device may display a virtual machine management interface, where the management interface may include a device identifier of each virtual machine and an identifier of a security engine group in which each virtual machine resides. The technician may modify the identifier of the first security engine group corresponding to the target virtual machine into the identifier of the second security engine group in the management interface. Accordingly, the network device receives a virtual machine migration command, where the virtual machine migration command includes an identifier of the target virtual machine, an identifier of the first security engine group, and an identifier of the second security engine group, and is used to instruct the target virtual machine to be migrated from the first security engine group to the second security engine group.
In another possible implementation manner, the technician may directly input a virtual machine migration command in the network device by inputting a command line, where the virtual machine migration command is used to instruct to migrate the target virtual machine from the first security engine group to the second security engine group, and accordingly, the network device may receive the virtual machine migration command input by the technician. The embodiment of the application does not limit the input mode of the virtual machine migration command.
Step 202, if the second security engine group meets the preset migration condition, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group, and establishing a corresponding relationship between the configuration file and the target virtual machine.
In the embodiment of the present invention, after receiving the virtual machine migration command, the network device may detect the second security engine group to determine whether the second security engine group meets the preset migration condition. If the second security engine group meets the preset migration condition, the network device may copy the configuration file of the target virtual machine, which is pre-stored in the first security engine group, to the second security engine group, and establish a corresponding relationship between the configuration file and the target virtual machine.
For example, the corresponding relationship between the identifier of the configuration file and the identifier of the target virtual machine may be stored, or the file name of the configuration file may be generated according to the device identifier of the target virtual machine, for example, if the device identifier of the target virtual machine is aa, the file name of the configuration file may be aa 1. If the second security engine group does not meet the preset migration condition, the network device may terminate the migration of the target virtual machine, that is, perform no subsequent processing.
For example, after the network device copies the configuration file a of the virtual machine 1 from the security engine group 1 to the security engine group 2, the network device may store the corresponding relationship between the configuration file a and the virtual machine 1 in the security engine group 2. In addition, the network device may also delete the configuration file of the target virtual machine stored in the first security engine group, and delete the corresponding relationship between the configuration file and the target virtual machine stored in the first security engine group.
In this embodiment, a network device may receive a virtual machine migration command, where the virtual machine migration command is used to instruct a target virtual machine to be migrated from a first security engine group to a second security engine group. If the network equipment determines that the second security engine group meets the preset migration condition, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group, and establishing a corresponding relation between the configuration file and the target virtual machine. Therefore, automatic copying of the configuration file of the virtual machine can be realized, technicians do not need to manually migrate the configuration file of the virtual machine in the security engine group, and the migration efficiency of the virtual machine is improved. In addition, according to the scheme, automatic copying of the configuration file of the virtual machine can be realized, and manual configuration of technicians is not needed, so that various problems caused by misoperation in the virtual machine migration process can be reduced.
Optionally, the network device may detect the second security engine group to determine whether to migrate the virtual machine. Correspondingly, in the foregoing embodiment of the present invention, if the second security engine group meets the preset migration condition, the step of copying the configuration file of the target virtual machine, which is stored in the first security engine group in advance, to the second security engine group may include: detecting whether a security engine exists in the second security engine group; and if the security engine exists in the second security engine group, copying the configuration file of the target virtual machine which is stored in the first security engine group in advance into the second security engine group.
In the embodiment of the present invention, a technician may configure a security engine group in a network device, specifically, the technician may set a security engine included in the security engine group, and the network device may store a correspondence between the security engine group and the security engine. For example, a security engine a, a security engine B, and a security engine C are included in the network device, and a technician may configure security engine group 1 to include security engine a and security engine group 2 to include security engine B and security engine C.
After receiving the virtual machine migration command, the network device may query whether a security engine exists in the second security engine group according to the correspondence between the security engine group and the security engine, and if a security engine corresponding to the second security engine group is queried in the correspondence, it may be determined that a security engine exists in the second security engine group, and the network device may copy a configuration file of a target virtual machine, which is pre-stored in the first security engine group, to the second security engine group. If the second security engine group is not queried in the corresponding relationship, or if the security engine corresponding to the second security engine group is queried to be empty, it can be determined that no security engine exists in the second security engine group, and the second security engine group does not meet the preset migration condition.
Optionally, if no security engine exists in the second security engine group, the network device may further display first prompt information, where the first prompt information is used to prompt that no security engine exists in the second security engine group. And, the network device may terminate the target virtual machine migration, i.e., not perform subsequent processing. The technician can know that the target virtual machine fails to migrate by checking the first prompt message, and can know that the reason for the failure of the target virtual machine migration is that no security engine exists in the second security engine group.
Optionally, when a security engine exists in the second security engine group, the network device may further determine whether the remaining storage space of the second security engine group is sufficient, and the specific processing procedure may be as follows: if the second security engine group has the security engine, judging whether the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group; and if the storage space occupied by the configuration file of the target virtual machine is not more than the current residual storage space of the second security engine group, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group.
In the embodiment of the present invention, if the network device determines that a security engine exists in the second security engine group, the network device may further obtain a current remaining storage space of the second security engine group, for example, the network device may obtain a remaining hard disk space of a service processing board included in the second security engine group.
Then, the network device determines whether the storage space occupied by the configuration file of the target virtual machine is larger than the current remaining storage space of the second security engine group. If the storage space occupied by the configuration file of the target virtual machine is not larger than the current remaining storage space of the second security engine group, it indicates that the remaining storage space of the second security engine group can store the configuration file of the target virtual machine, and the network device may copy the configuration file of the target virtual machine, which is stored in the first security engine group in advance, to the second security engine group. If the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group, the fact that the residual storage space of the second security engine group is not enough for storing the configuration file of the target virtual machine is indicated, and the network equipment judges that the second security engine group does not meet the preset migration condition.
Optionally, if the storage space occupied by the configuration file of the target virtual machine is greater than the current remaining storage space of the second security engine group, displaying second prompt information, where the second prompt information is used to prompt that the storage space of the second security engine group is insufficient. And, the network device may terminate the target virtual machine migration, i.e., not perform subsequent processing. The technician can know that the target virtual machine migration failure is caused by insufficient storage space of the second security engine group by checking the second prompt message.
In addition, whether the second security engine group meets the preset migration condition may also be determined in other manners, which is not limited in the embodiment of the present application. For example, the operating state of each service board in the second security engine group may be obtained, and it is determined whether each service board in the second security engine group is in an active (active) state, if all the service boards are in the active state, it is determined that the second security engine group satisfies the preset migration condition, and if the operating state of a certain service board is in an inactive state, it is determined that the second security engine group does not satisfy the preset migration condition. For another example, a technician may set some security engine groups as non-migratable security engine groups, and the network device may determine whether the second security engine group is a preset non-migratable security engine group, and if so, determine that the second security engine group does not satisfy the preset migration condition; if not, the second security engine group is judged to meet the preset migration condition.
Optionally, before the network device copies the configuration file of the target virtual machine into the second security engine group, it may also be determined whether a configuration file corresponding to the device identifier of the target virtual machine exists in the second security engine group. If the configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group, displaying the coverage prompt information of the configuration file; if a coverage prohibition instruction input by a user is received, establishing a corresponding relation between a configuration file corresponding to the equipment identifier in the second security engine group and the target virtual machine; and if a coverage instruction input by a user is received, deleting the configuration file corresponding to the equipment identifier in the second security engine group, and copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group.
In the embodiment of the present invention, since the device identifier of the virtual machine is usually only unique in the network device to which the virtual machine belongs, virtual machines with the same device identifier may exist in different network devices. For example, network device 1 includes 3 virtual machines, and the corresponding device identifiers are aa, bb, and cc, respectively, and network device 2 includes 2 virtual machines, and the corresponding device identifiers are aa and bb, respectively. In this way, after the service processing board in the network device 2 is installed in the network device 1, if the configuration file in the service processing board is not deleted, the device identifier corresponding to the configuration file stored in the service processing board may include a device identifier of the target virtual machine (which may be referred to as a target device identifier).
Therefore, after the network device determines that the second security engine group meets the preset migration condition, it may further determine whether a configuration file corresponding to the target device identifier exists in the second security engine group. If the second security engine group has the configuration file corresponding to the target device identifier, the network device may display coverage prompting information of the configuration file, where the coverage prompting information is used to prompt a user whether to cover the configuration file corresponding to the currently stored target device identifier in the second security engine group. If the user wants to override the configuration file corresponding to the currently stored target device identifier in the second security engine group, the user may select an override option, and accordingly, the network device may receive an override instruction input by the user, copy the configuration file of the target virtual machine to the second security engine group, and delete the configuration file corresponding to the target device identifier in the second security engine group. That is, the network device replaces the configuration file corresponding to the target device identifier in the second security engine group with the configuration file corresponding to the target device identifier in the first security engine group.
If the user wants to prohibit the overlay of the configuration file corresponding to the currently stored target device identifier in the second security engine group, the user may select the overlay prohibition option, and accordingly, the network device may receive an overlay prohibition instruction input by the user, and then establish a correspondence between the configuration file corresponding to the target device identifier in the second security engine group and the target virtual machine. In this case, the target virtual machine can successfully migrate into the second security engine group, but the target virtual machine may undergo a configuration change.
In this embodiment, a network device may receive a virtual machine migration command, where the virtual machine migration command is used to instruct a target virtual machine to be migrated from a first security engine group to a second security engine group. If the network equipment determines that the second security engine group meets the preset migration condition, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group, and establishing a corresponding relation between the configuration file and the target virtual machine. Therefore, automatic copying of the configuration file of the virtual machine can be realized, technicians do not need to manually migrate the configuration file of the virtual machine in the security engine group, and the migration efficiency of the virtual machine is improved. In addition, according to the scheme, automatic copying of the configuration file of the virtual machine can be realized, and manual configuration of technicians is not needed, so that various problems caused by misoperation in the virtual machine migration process can be reduced.
An example of a migration method of a virtual machine is also provided in the embodiments of the present application, as shown in fig. 3, which may specifically include the following steps.
Step 301, receiving a virtual machine migration command.
The virtual machine migration command is used for instructing the target virtual machine to be migrated from the first security engine group to the second security engine group.
Step 302, detecting whether a security engine exists in the second security engine group.
If no security engines exist in the second security engine group, step 303 is performed.
If a security engine is present in the second group of security engines, step 304 is performed.
And 303, displaying the first prompt message and stopping the virtual machine migration.
Wherein the first prompt message is used for prompting that no security engine exists in the second security engine group
Step 304, determining whether the storage space occupied by the configuration file of the target virtual machine is larger than the current remaining storage space of the second security engine group.
If the storage space occupied by the configuration file of the target virtual machine is not larger than the current remaining storage space of the second security engine group, step 305 is executed. If the storage space occupied by the configuration file of the target virtual machine is larger than the current remaining storage space of the second security engine group, step 306 is executed.
Step 305, determining whether a configuration file corresponding to the device identifier of the target virtual machine exists in the second security engine group.
If the configuration file corresponding to the device identifier of the target virtual machine exists in the second security engine group, step 307 is executed.
If the configuration file corresponding to the device identifier of the target virtual machine does not exist in the second security engine group, step 310 is executed.
Step 306. And displaying the second prompt message, and stopping the virtual machine migration.
Wherein, the second prompt message is used for prompting that the storage space of the second security engine group is insufficient
Step 307, displaying the coverage prompt information of the configuration file.
If a user input override disable instruction is received, step 308 is performed.
If an override instruction input by the user is received, step 309 is performed.
Step 308, establishing a corresponding relationship between the configuration file corresponding to the device identifier in the second security engine group and the target virtual machine.
Step 309, deleting the configuration file corresponding to the device identifier in the second security engine group, copying the configuration file of the target virtual machine pre-stored in the first security engine group to the second security engine group, and establishing a corresponding relationship between the configuration file and the target virtual machine.
Step 310, copying a configuration file of a target virtual machine pre-stored in the first security engine group to the second security engine group, and establishing a corresponding relationship between the configuration file and the target virtual machine.
Based on the same technical concept, as shown in fig. 4, an embodiment of the present application further provides a migration apparatus of a virtual machine, where the apparatus includes:
a receiving module 410, configured to receive a virtual machine migration command, where the virtual machine migration command is used to instruct a target virtual machine to be migrated from a first security engine group to a second security engine group;
a migration module 420, configured to copy, if the second security engine group meets a preset migration condition, the configuration file of the target virtual machine, which is pre-stored in the first security engine group, to the second security engine group, and establish a corresponding relationship between the configuration file and the target virtual machine.
Optionally, the migration module 420 is specifically configured to:
detecting whether a security engine exists in the second security engine group;
if a security engine exists in the second security engine group, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group.
Optionally, as shown in fig. 5, the apparatus further includes:
a first display module 430, configured to display a first prompt message if no security engine exists in the second security engine group, where the first prompt message is used to prompt that no security engine exists in the second security engine group.
Optionally, the migration module 420 is specifically configured to:
if the second security engine group has a security engine, judging whether the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group;
and if the storage space occupied by the configuration file of the target virtual machine is not more than the current residual storage space of the second security engine group, copying the configuration file of the target virtual machine, which is stored in the first security engine group in advance, into the second security engine group.
Optionally, as shown in fig. 6, the apparatus further includes:
a second display module 440, configured to display second prompt information if the storage space occupied by the configuration file of the target virtual machine is greater than the current remaining storage space of the second security engine group, where the second prompt information is used to prompt that the storage space of the second security engine group is insufficient.
Optionally, as shown in fig. 7, the apparatus further includes:
a determining module 450, configured to determine whether a configuration file corresponding to the device identifier of the target virtual machine exists in the second security engine group;
if the configuration file corresponding to the device identifier of the target virtual machine exists in the second security engine group, triggering a third display module 460 to display the coverage prompt information of the configuration file;
if a coverage prohibition instruction input by a user is received, triggering the migration module 420 to establish a corresponding relationship between the configuration file corresponding to the device identifier in the second security engine group and the target virtual machine;
if a coverage instruction input by a user is received, triggering the migration module 420 to delete the configuration file corresponding to the device identifier in the second security engine group, and executing the step of copying the configuration file of the target virtual machine pre-stored in the first security engine group to the second security engine group.
In this embodiment, a network device may receive a virtual machine migration command, where the virtual machine migration command is used to instruct a target virtual machine to be migrated from a first security engine group to a second security engine group. If the network equipment determines that the second security engine group meets the preset migration condition, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group, and establishing a corresponding relation between the configuration file and the target virtual machine. Therefore, automatic copying of the configuration file of the virtual machine can be realized, technicians do not need to manually migrate the configuration file of the virtual machine in the security engine group, and the migration efficiency of the virtual machine is improved. In addition, according to the scheme, automatic copying of the configuration file of the virtual machine can be realized, and manual configuration of technicians is not needed, so that various problems caused by misoperation in the virtual machine migration process can be reduced.
The embodiment of the present application further provides an electronic device, as shown in fig. 8, which includes a processor 801, a communication interface 802, a memory 803, and a communication bus 804, where the processor 801, the communication interface 802, and the memory 803 complete mutual communication through the communication bus 804,
a memory 803 for storing a computer program;
the processor 801 is configured to implement the migration method of the virtual machine when executing the program stored in the memory 803, and the method includes:
receiving a virtual machine migration command, wherein the virtual machine migration command is used for instructing a target virtual machine to be migrated from a first security engine group to a second security engine group;
and if the second security engine group meets the preset migration condition, copying the configuration file of the target virtual machine, which is pre-stored in the first security engine group, into the second security engine group, and establishing the corresponding relation between the configuration file and the target virtual machine.
Optionally, if the second security engine group meets a preset migration condition, copying the configuration file of the target virtual machine, which is pre-stored in the first security engine group, to the second security engine group, including:
detecting whether a security engine exists in the second security engine group;
if a security engine exists in the second security engine group, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group.
Optionally, the method further includes:
and if no security engine exists in the second security engine group, displaying first prompt information, wherein the first prompt information is used for prompting that no security engine exists in the second security engine group.
Optionally, if a security engine exists in the second security engine group, copying the configuration file of the target virtual machine, which is pre-stored in the first security engine group, into the second security engine group, including:
if the second security engine group has a security engine, judging whether the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group;
and if the storage space occupied by the configuration file of the target virtual machine is not more than the current residual storage space of the second security engine group, copying the configuration file of the target virtual machine, which is stored in the first security engine group in advance, into the second security engine group.
Optionally, the method further includes:
and if the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group, displaying second prompt information, wherein the second prompt information is used for prompting that the storage space of the second security engine group is insufficient.
Optionally, before copying the configuration file of the target virtual machine pre-stored in the first security engine group to the second security engine group, the method further includes:
judging whether a configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group;
if the configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group, displaying the coverage prompt information of the configuration file;
if a coverage prohibition instruction input by a user is received, establishing a corresponding relation between a configuration file corresponding to the equipment identifier in the second security engine group and the target virtual machine;
and if a coverage instruction input by a user is received, deleting the configuration file corresponding to the equipment identifier in the second security engine group, and executing the step of copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, or discrete hardware components.
In another embodiment provided by the present application, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the migration method of any one of the above virtual machines.
In yet another embodiment provided by the present application, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the migration method of any of the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application are included in the protection scope of the present application.

Claims (6)

1. A migration method of a virtual machine, the method comprising:
receiving a virtual machine migration command, wherein the virtual machine migration command is used for instructing a target virtual machine to be migrated from a first security engine group to a second security engine group;
detecting whether a security engine exists in the second security engine group;
if the second security engine group has a security engine, judging whether the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group;
if the storage space occupied by the configuration file of the target virtual machine is not larger than the current residual storage space of the second security engine group, judging whether the configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group;
if the configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group, displaying the coverage prompt information of the configuration file;
if a coverage prohibition instruction input by a user is received, establishing a corresponding relation between a configuration file corresponding to the equipment identifier in the second security engine group and the target virtual machine;
and if a coverage instruction input by a user is received, deleting the configuration file corresponding to the equipment identifier in the second security engine group, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group, and establishing a corresponding relation between the configuration file and the target virtual machine.
2. The method of claim 1, further comprising:
and if no security engine exists in the second security engine group, displaying first prompt information, wherein the first prompt information is used for prompting that no security engine exists in the second security engine group.
3. The method of claim 1, further comprising:
and if the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group, displaying second prompt information, wherein the second prompt information is used for prompting that the storage space of the second security engine group is insufficient.
4. An apparatus for migrating a virtual machine, the apparatus comprising:
the virtual machine migration module is used for receiving a virtual machine migration command, and the virtual machine migration command is used for indicating that a target virtual machine is migrated from a first security engine group to a second security engine group;
the migration module is used for detecting whether a security engine exists in the second security engine group; if the second security engine group has a security engine, judging whether the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group; if the storage space occupied by the configuration file of the target virtual machine is not larger than the current residual storage space of the second security engine group, judging whether the configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group; if the configuration file corresponding to the equipment identifier of the target virtual machine exists in the second security engine group, displaying the coverage prompt information of the configuration file; if a coverage prohibition instruction input by a user is received, establishing a corresponding relation between a configuration file corresponding to the equipment identifier in the second security engine group and the target virtual machine; and if a coverage instruction input by a user is received, deleting the configuration file corresponding to the equipment identifier in the second security engine group, copying the configuration file of the target virtual machine pre-stored in the first security engine group into the second security engine group, and establishing a corresponding relation between the configuration file and the target virtual machine.
5. The apparatus of claim 4, further comprising:
the first display module is configured to display first prompt information if no security engine exists in the second security engine group, where the first prompt information is used to prompt that no security engine exists in the second security engine group.
6. The apparatus of claim 4, further comprising:
and the second display module is used for displaying second prompt information if the storage space occupied by the configuration file of the target virtual machine is larger than the current residual storage space of the second security engine group, wherein the second prompt information is used for prompting that the storage space of the second security engine group is insufficient.
CN201910044144.XA 2019-01-17 2019-01-17 Virtual machine migration method and device Active CN109783196B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910044144.XA CN109783196B (en) 2019-01-17 2019-01-17 Virtual machine migration method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910044144.XA CN109783196B (en) 2019-01-17 2019-01-17 Virtual machine migration method and device

Publications (2)

Publication Number Publication Date
CN109783196A CN109783196A (en) 2019-05-21
CN109783196B true CN109783196B (en) 2021-03-12

Family

ID=66501529

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910044144.XA Active CN109783196B (en) 2019-01-17 2019-01-17 Virtual machine migration method and device

Country Status (1)

Country Link
CN (1) CN109783196B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112073518B (en) * 2020-09-09 2023-06-02 杭州海康威视***技术有限公司 Cloud storage system, cloud storage system management method and central management node
CN112286866A (en) * 2020-10-23 2021-01-29 星辰天合(北京)数据科技有限公司 Data processing method and device, electronic equipment and computer readable storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794238A (en) * 2008-12-31 2010-08-04 英特尔公司 Effective utilization of remapping engine
CN104346575A (en) * 2014-10-24 2015-02-11 重庆邮电大学 Software defined security architecture
CN106201659A (en) * 2016-07-12 2016-12-07 腾讯科技(深圳)有限公司 A kind of method of live migration of virtual machine and host
CN107113192A (en) * 2014-12-29 2017-08-29 株式会社Ntt都科摩 resource management in cloud system
CN107562512A (en) * 2016-07-01 2018-01-09 华为技术有限公司 A kind of method, apparatus and system for migrating virtual machine
CN107656796A (en) * 2017-09-04 2018-02-02 顺丰科技有限公司 A kind of virtual machine cold moving method, system and equipment
CN107885575A (en) * 2017-03-13 2018-04-06 平安科技(深圳)有限公司 The moving method and device of virtual machine

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120102190A1 (en) * 2010-10-26 2012-04-26 International Business Machines Corporation Inter-virtual machine communication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794238A (en) * 2008-12-31 2010-08-04 英特尔公司 Effective utilization of remapping engine
CN104346575A (en) * 2014-10-24 2015-02-11 重庆邮电大学 Software defined security architecture
CN107113192A (en) * 2014-12-29 2017-08-29 株式会社Ntt都科摩 resource management in cloud system
CN107562512A (en) * 2016-07-01 2018-01-09 华为技术有限公司 A kind of method, apparatus and system for migrating virtual machine
CN106201659A (en) * 2016-07-12 2016-12-07 腾讯科技(深圳)有限公司 A kind of method of live migration of virtual machine and host
CN107885575A (en) * 2017-03-13 2018-04-06 平安科技(深圳)有限公司 The moving method and device of virtual machine
CN107656796A (en) * 2017-09-04 2018-02-02 顺丰科技有限公司 A kind of virtual machine cold moving method, system and equipment

Also Published As

Publication number Publication date
CN109783196A (en) 2019-05-21

Similar Documents

Publication Publication Date Title
CN108549580B (en) Method for automatically deploying Kubernets slave nodes and terminal equipment
CN108427649B (en) Access management method, terminal device, system and storage medium of USB interface
CN109067877B (en) Control method for cloud computing platform deployment, server and storage medium
CN110661658B (en) Node management method and device of block chain network and computer storage medium
WO2017148249A1 (en) Resource configuration method and network device thereof
CN107005426B (en) Method and device for managing life cycle of virtual network function
CN109379347B (en) Safety protection method and equipment
CN110225094B (en) Load balancing application virtual IP switching method and device, computer equipment and storage medium
CN108319492B (en) Method, device and system for resetting physical machine
WO2020093976A1 (en) Resource change method and device, apparatus, and storage medium
CN109783196B (en) Virtual machine migration method and device
WO2020232887A1 (en) Configuration modification method and apparatus for container application, and computer device and storage medium
CN110286996B (en) Container instance IP switching method, device, computer equipment and storage medium
US20220206836A1 (en) Method and Apparatus for Processing Virtual Machine Migration, Method and Apparatus for Generating Virtual Machine Migration Strategy, Device and Storage Medium
CN112153628A (en) Activation management, instruction processing and restart management method and device for code number resources
CN111131131B (en) Vulnerability scanning method and device, server and readable storage medium
CN116170274A (en) Web application access method, device, system and computing equipment
CN114244555B (en) Security policy adjusting method
CN115604103A (en) Configuration method and device of cloud computing system, storage medium and electronic equipment
CN115150268A (en) Network configuration method and device of Kubernetes cluster and electronic equipment
CN112417402B (en) Authority control method, authority control device, authority control equipment and storage medium
CN110290172B (en) Container application cloning method and device, computer equipment and storage medium
CN112130900B (en) User information management method, system, equipment and medium for BMC
CN109218415B (en) Distributed node management method, node and storage medium
CN113688415A (en) File management and control method, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant