JP2941725B2 - Distributed processing computer system - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a distributed processing computer system in which a client computer remotely accesses a server computer and causes the server computer to execute processing.

[0002]

2. Description of the Related Art In recent years, with the development of network computing, it has become common for one computer to access another computer via a network or to request processing. .

[0003] As a simple form of this access, for example, there is a mechanism called remote login. In this remote login, a user inputs user identification information such as a user ID and a password from a client computer. The user identification information is transmitted to the server computer via the network, and the server computer authenticates the identification information and determines whether to permit login of the remote user.

[0004] With the spread of networks, the necessity of strengthening security has also increased, and several techniques have been proposed as techniques for improving security over the above-described remote login.

[0005] A first example of such a prior art is the "center function centralized access control method" disclosed in JP-A-7-56795. FIG. 13 is a block diagram of a system employing this conventional method.

In this method, the server computer 2 has a user management file 4 and an access control table 6. The user management file 4 stores a user ID and a password. In the access control table 6, IDs of users and terminals who are permitted to access the individual business database 8 and individual businesses that can be used are registered in advance. When the terminal 10 wants to access the server computer 2, the terminal 10 first sends the user ID and password to the server computer 2,
Checks this against the contents of the user management file 4. If the collation result is "match", the terminal 10 sends the terminal ID next, and the server computer 2 collates this with the contents of the access control table 6, and if they match, the access to the individual business database 8 is permitted. I do.

As described above, in this method, the server computer 2 centrally manages access control of permitting access only to terminals registered and defined in advance.

A second conventional example is disclosed in Japanese Patent Application Laid-Open No. 6-274431.
No. 5, “A method for authentication and authorization in a heterogeneous connection environment”. FIG. 14 is a block diagram of a system employing the conventional method.

In this method, the correspondence between the client computer and the user identifier for management in the server computer is registered in the server computer in advance. At the time of access to the server computer, it is determined whether or not this correspondence has been registered. If the correspondence has been registered, the user is permitted to access the resources of the server computer. If the user is not registered, a shared user identifier indicating that the user is an unregistered user is assigned, and a resource permission attribute for the unregistered user is added when the resource to be accessed is generated. The permission of access to the shared user is determined based on the permission attribute.

A third conventional example is disclosed in Japanese Patent Application Laid-Open No. 1-263856.
This is a "user ID management method" disclosed in Japanese Patent Application Laid-Open Publication No. H10-202,199. FIG.
FIG. 5 is a block diagram of a system adopting the conventional method.

In this system, in a system in which a server computer 20 and a client computer 22 are connected via a network 24, the client computer 22 transmits a user ID notified from the server computer 20 in advance and a node number unique to the server computer. User ID to be stored in association
-It has a node number correspondence table 26. When a user ID is input from the user terminal 28, the client computer 22 searches for a node number corresponding to the input user ID based on the correspondence table, and transmits data to the server computer 20 of the node number.

In this system, a user ID-node number correspondence table 26 representing the correspondence between the user ID and the node number is provided.
Is a copy of the correspondence table registered in the server computer 20 in advance.

[0013]

In the above-mentioned prior art, the server computer is a client computer which permits access to the server computer or a processing request, a correspondence between the client computer and a user identifier, or a server computer. The correspondence between the user ID that can access the server and the node number of the server computer is registered. In other words, the prior art restricts the accessible client computers and users by registering the information of the client computers and users who can access and process requests to the server computer in advance as described above in the server computer. It was intended to enhance security.

For this reason, any client computer to which these registrations have not been made beforehand cannot access or process, or must register them in order to request access or processing. There was a problem that it was complicated. Therefore, there is a problem that even if the computer network is expanded as in today, the client computers that can be used by the user are limited, and a network computing system that is easy for the user to use cannot be realized.

The present invention has been made in order to solve the above-mentioned problems, and eliminates the need for a procedure of registering information of a client computer in a server computer in advance, and allows a user to access his / her own server computer to request processing. It is an object of the present invention to provide a distributed processing computer system capable of realizing a network computing system in which ease of use is improved by increasing the number of terminals that can be used and security of a server computer is maintained and improved.

[0016]

According to the present invention, there is provided a distributed processing computer system in which a client computer and a server computer are connected via a network, a user remotely accesses the server computer from the client computer, and Is a distributed processing computer system that executes remote processing requested by the user,
The client computer transmits access request source information including user identification information of an access requesting user who requests the remote access and client identification information for identifying the client computer on the network to the server computer. Request transmitting means, processing request transmitting means for transmitting a remote processing request to the server computer, together with the processing request source information including the user identification information of the processing request user requesting the remote processing and the client identification information; Wherein the server computer has a registered user storage unit for storing a remotely accessible registered user; an entry information holding unit for holding the access request source information relating to the user who is performing remote access as entry information; The requesting user Determining whether the user is a user based on the user identification information included in the access request source information, an access user authentication unit for permitting the remote access, the processing request source information attached to the remote processing request, Processing request permission determining means for determining permission of the remote processing request in accordance with a result of collation with the entry information regarding the user who is performing the remote access.

The distributed processing computer system according to the present invention comprises:
The server computer has job management information holding means for holding the processing request source information relating to the remote processing being executed as job management information, and the processing request permission determining means further includes: The processing request source information attached to the subsequent remote processing request requesting the interfering processing is compared with the job management information related to the preceding remote processing being executed, and when the comparison result is the same, the subsequent remote processing Execution is permitted.

The distributed processing computer system according to the present invention comprises:
A mode setting means for setting any one of a mode in which the processing request permission determining means determines a match using both the user identification information and the client identification information and a mode in which a match is determined using only the user identification information And a mode switching means for switching the mode.

The distributed processing computer system according to the present invention comprises:
The server computer compares the access request source information newly received from the client computer with the entry information regarding the user who is performing the remote access, and in this comparison, the client identification information matches each other, and the user Multiple access detection means for detecting the same client multiple access request state having different identification information, and preceding access disconnection processing for, when the same client multiple access request state is detected, performing logout processing of a preceding user corresponding to the entry information Means, and the access user authentication means permits the remote access of a subsequent user corresponding to the access request source information.

The distributed processing computer system according to the present invention comprises:
The server computer has client identifier defining means for defining a client identifier for the client computer that has permitted the remote access, and client identifier transmitting means for transmitting the client identifier to the client computer. And a client identifier storing unit for storing the client identifier, wherein the processing request transmitting unit transmits the client identifier in place of the client identification information in the subsequent remote processing request.

The distributed processing computer system according to the present invention comprises:
The parent process generated on the server computer by the start request from the parent process starting client computer and the child process generated on the parent process starting client computer by the parent process mutually communicate and execute processing. A distributed processing computer system, wherein the server computer confirms that the entry information that matches the processing request source information of the remote processing request that starts the parent process exists, Is generated.

The distributed processing computer system according to the present invention comprises:
A distributed processing computer system in which a parent process generated on the server computer by a start request from a parent process starting client computer and a child process generated on the client computer by the parent process mutually communicate and execute processing. Wherein the processing request transmitting unit transmits information specifying a client process generation destination client computer to the server computer at the time of the start request of the parent process, and the server computer is specified by the start request. The entry information corresponding to the child process generation destination client computer exists in the storage device, and the entry information is the same as that included in the processing request source information of the remote processing request that activated the parent process. After confirming that it contains the user identification information, And it has a parent process generating means for forming.

The distributed processing computer system according to the present invention comprises:
A distributed processing computer system in which a parent process generated on the server computer by a start request from a parent process starting client computer and a child process generated on the client computer by the parent process mutually communicate and execute processing. Wherein the server computer comprises:
Means for generating the child process in the client computer which has made a connection request to the parent process, wherein the entry information coincides with the processing request source information of the remote processing request which is a connection request to the parent process And that the entry information contains the same user identification information as that contained in the processing request source information of the remote processing request that started the parent process, Is generated.

[0024]

BEST MODE FOR CARRYING OUT THE INVENTION

[Embodiment 1] Next, an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a conceptual diagram of a distributed processing computer system according to the present embodiment. In this distributed processing computer system, a server computer 50 and a plurality of client computers 52 (client computers A, B, and C) are connected to a network 54. The server computer 50 has a job control unit 56. The remote access authentication process is performed by an access user authentication process 58 included in the job control unit 56 using a registered user file 60 that is a registered user storage unit. The remote process request permission process is performed by the process request permission determination process 62 included in the job control unit 56 using the access management correspondence table 64 that is the entry information holding unit. This figure shows a situation where the client computers A to C remotely access the server computer.

FIG. 2 is a schematic diagram of the access management correspondence table 64 used in the processing request permission decision processing 62. Each entry 70, 70A-C that makes up this correspondence table 64 is:
It corresponds to each client computer that remotely accesses the server computer.
Correspond to the client computers A to C, respectively. Each entry is a record in which fields including information such as a user name, a client computer name, a login process ID, and a login state are continuous. At the end of this record, the start address of the next entry is stored, and each entry is sequentially linked using this as a pointer. That is, in this example, the correspondence table takes a form of a chain of entries, and the processing request permission determination processing 62 performs the correspondence table 64 according to the chain.
Can be searched.

Each entry will be described in more detail. The entry 70A indicates a state in which a certain user (user) from the client computer A requests remote access with the user name (user ID) “AAA” and the server computer permits the remote access. The login process ID is a number assigned for managing a process in the server computer 50, and here, for example, a number “100” is assigned to the permitted remote login process. Usually, this number is different for each process. The log-in state is “logged-in” in this entry, which indicates that a communication connection has been established between the client computer and the server computer.

The entry 70B is for the client computer B
Corresponds to a remote access request requested by a user with a user name "BBB". The log-in status of this entry is “transition to logout”.
This indicates that remote access termination processing is in progress, for example, a state in which a communication connection between the client computer and the server computer is being disconnected.

The entry 70C indicates that the client computer C is remotely accessing the same user name "AAA" as the entry 70A. In this case, since the client computer A corresponding to the entry 70A and the client computer C corresponding to the entry 70C are different terminal devices, generally, the users who use them are different persons. However, in some cases, it is convenient for operation to share user identification information such as a user name and a password among a plurality of users. Therefore, as described above, in this system, remote access from the same user identification information from multiple client computers is performed. The request is to be granted. In this example, the entry 70C is the last entry, and has no link to the next entry. That is, the last field storing the pointer in the record of the entry 70C stores not the head address of the next entry but a code indicating the end of the correspondence table, for example, 0 (null) in FIG.

FIG. 3 is a schematic flow chart showing the access user authentication processing 58 in the server computer 50. The server computer 50 requests a user logged in to the client computer 52 for a user ID and a password when permitting remote access. The user identification information such as the user ID and the password input by the user at the client computer 52 is stored in the client computer 52.
A program that operates on the above and functions as an access request transmitting unit transmits to the server computer 50. Server computer 50
Receives the remote access request from the access request transmitting means of the client computer 52, the job control unit 56 determines whether the request is accompanied by user identification information, and that the user identification information is registered in the registered user file. User authentication processing S2 for searching whether or not it is
00 is performed. If the authentication fails, the server computer 50 requests the user of the client computer to re-enter a correct user ID and the like.

On the other hand, if the user authentication process is passed,
The job control unit 56 of the server computer 50 receives client identification information for uniquely identifying the client computer on the network 54 from the client computer (S202). Note that an identifier unique to the present system may be defined as the client identification information. However, simply, a host name or the like set for managing the client computer on the network may be used as it is. It is possible.

The delivery of the client identification information is as follows:
The configuration is automatically performed between the access request transmitting unit and the job control unit 56, so that the user is not conscious. As the timing of the delivery,
It may be performed simultaneously with the transfer of the user identification information such as the user ID, or may be performed separately after the user authentication is passed. In any case, the client computer 52
The user identification information and the client identification information (hereinafter, these two types of information in the remote access request are collectively referred to as access request source information) are passed to the server computer 50 at the time of remote access. And for users who have been granted remote access,
As described above, the main element of the access request source information corresponding to the remote access request is registered as the entry 70 (S204).

FIG. 4 is a flow chart of a schematic process of a remote processing request in the client computer 52. In the present system, when requesting remote processing from a client computer, a program that operates on the client computer and functions as a processing request transmission unit includes a user ID of a user requesting the remote processing and client identification information of the client computer. The processing request source information is attached to, for example, a remote processing request requesting business execution (job execution) (S210), and the remote processing request is transmitted to the server computer (S212). Thereby, the job control unit 56 of the server computer can completely grasp which user has requested the processing request from which client computer. The server computer 50 uses this processing request source information to execute processing request permission determination processing 62.
Can determine permission to the request. For example, the processing request permission determination processing 62 checks the processing request source information of the remote processing request against the entry information of the entry registered in the correspondence table 64, and permits the remote processing request if the two match. A determination can be made. As described above, in the present system, the processing request permission determination processing 62 determines the permission of the processing request using the processing request source information, such as collating the user who is remotely accessing the user requesting the processing. , It is possible to operate a highly reliable system.

[Second Embodiment] Next, a second embodiment of the present invention will be described with reference to the drawings. FIG. 5 is a conceptual diagram of the distributed processing computer system according to the present embodiment.
Among the components shown in FIG. 5, those corresponding to those shown in FIG. 1 are denoted by the same reference numerals, and description thereof will be omitted.

The figure shows a state in which different users are sharing access from the client computers A and C, that is, remotely accessing the server computer 50 with the same user name "AAA". Then, on the server computer 50, a job 80 requested to be processed by the client computer A is being executed. The job 80 has the job identifier “J
OB1 ". The server computer of the present system has a job control table as job management information holding means for storing processing request source information relating to remote processing during execution of a job 80 or the like. The job control table stores, for each remote process, job management information including, for example, a job identifier, a name of a user who started the process, and client identification information. This job control table corresponds to, for example, the access management correspondence table 6 described above.
If the job management information corresponding to each job has a chain structure linked by pointers as in 4, the size of the table, that is, the file size is flexibly changed according to the number of jobs, which is convenient.

Now, a case where the user of the client computer A makes a job cancellation request 82 specifying the job identifier "JOB1" to the server computer 50 as a remote processing request will be described. In this system,
In addition to the job identifier, user identification information and client identification information are added to the remote processing request as processing request source information. That is, the job cancel request 82 includes
The user name “AAA” of the user of the client computer A and the identification information of the client computer A are added,
It is transmitted to the server computer 50. When receiving the job cancellation request 82, the job control unit 56 of the server computer 50 searches the job control table using the job identifier specified in the job cancellation request as a key, and executes the job "J
Find the job management information of "OB1". The job control unit 56 compares the user name and the client identification information, which are the processing request source information in the job cancellation request 82, with those in the job management information. Recognizing that 82 is the same user who started the job “JOB1”, the job cancellation request 82 is granted.

Next, the user of the client computer C
A case will be described where a job cancellation request 84 specifying the job identifier “JOB1” is made as a remote processing request to the server computer 50. In this case, the user name “AAA” of the user of the client computer C and the identification information of the client computer C are added to the job cancel request 84. Upon receiving the job cancel request 84, the job control unit 56 searches the job control table in the same manner as described above, and compares the job management information of the job “JOB1” being executed with the processing request source information in the job cancel request 84. Compare. In this case, the user name "AA
“A” matches, but the client identification information does not match. Such a case occurs, for example, when a user different from the user who started the job “JOB1” uses the shared account and makes a job cancel request 84,
Generally, such a request is not expected by the user who has started the job “JOB1”. Therefore, in this system, if the client identification information does not match even if the user identification information matches, the remote processing request is rejected.

[Third Embodiment] Next, a third embodiment of the present invention will be described with reference to the drawings. FIG. 6 is a conceptual diagram of the distributed processing computer system according to the present embodiment.
6, components corresponding to those shown in FIGS. 1 and 5 are denoted by the same reference numerals, and description thereof is omitted.

The figure shows a state in which different users are sharing access from the client computers A and C, that is, remotely accessing the server computer 50 with the same user name "AAA". Then, on the server computer 50, a job 80 requested to be processed by the client computer A is being executed. The job 80 has the job identifier “J
OB1 ". The server computer of this system has a mode flag 90 in addition to the same job control table as in the second embodiment. The job control unit 92
Similar to the second embodiment, the processing request source information of the remote processing is compared with the job management information of the job control table. However, the difference is that the matching determination condition is changed according to the mode flag 90.

That is, in the present system, the job control unit 9
2 checks the mode flag 90 prior to the comparison operation, and when the mode flag 90 is set to, for example, off, similarly to the second embodiment, both the user identification information and the client identification information are used. Based on the match, the matching between the processing request source information and the job management information is recognized. On the other hand, when the mode flag 90 is set to ON,
The job control unit 92 recognizes the matching between the processing request source information and the job management information as long as the user identification information matches even if the client identification information does not match. As described above, the mode flag 90 is a mode setting unit that sets the mode of the match determination in the job control unit 92.

This mode switching is performed by a program operating on the server computer and functioning as mode switching means. This program receives a mode designation from a user and sets a mode flag 90. Access to this mode switching program is often defined by an operation rule performed only by a specific person among a plurality of users sharing the user identification information, for example, an administrator. Therefore, as a system configuration, a user identifier as a privileged user may be separately provided to the administrator, and only the privileged user may have the execution right of the mode switching program.

[Embodiment 4] Next, a fourth embodiment of the present invention will be described with reference to FIG. The fourth field of the entry included in the correspondence table 64 shown in FIG. 2 holds a login state. This field is
When the client computer 52 succeeds in remote access, the content is set to “login”. On the other hand, when the work is completed and a so-called logout process is performed, the server computer 50 performs the logout process and then deletes this entry. At this time, during execution of the logout process, the login state is “transitioning to logout”.
Is set to indicate That is, the entry whose login state is “transition to logout” indicates that a logout request has already been correctly made.

For example, if a client computer remotely accessing a server computer causes an error such as a system down, and the remote access is abnormally terminated due to this, the correspondence table 64 shows the corresponding client computer that has gone down. Entry may remain as "logged in".

The present embodiment deals with such a case by using the access request source information. First, upon receiving a request for remote access, the job control unit accesses the access request source information and the entry 7 in the correspondence table 64.
Compare with 0 information. By this comparison, the job control unit searches for an entry that matches the access request source information and the client identification information.

If there is an entry corresponding to the same client computer as the new remote access request, the remote access request and the user identification information of the entry match, and the login state in the entry is "logged in." In this case, since the communication connection corresponding to the new remote access request has already been realized, the subsequent remote access request is rejected, and the process of opening a new communication connection is not performed.

On the other hand, if the search detects an entry in which the remote access request and the entry match in the client identification information but differ in the user identification information and the login state is “logged in”, This means that users are multiplexed for the same client computer. Here, this state is referred to as the same client multiple access request state. Here, since a plurality of users cannot simultaneously log in locally at the client computer, such a multiple access request state is abnormal. When the job control unit of the present system detects this multiple access request state, the user of the client computer has been replaced, and the preceding user indicated in the entry detected in the multiple access detection is:
It is determined that the remote access has already been actually ended due to the above-described error or the like. That is, it is determined that the detected entry is a so-called orphan process in which logout processing has not been performed due to a system failure of the client computer or the like. Then, the job control unit functions as a preceding access disconnection processing unit, deletes an entry corresponding to the preceding user, and performs logout processing of the preceding user from the same client computer. Then, the job control unit permits the remote access request of the subsequent user from the same client computer by the access user authentication function.

If there is no entry having the same client identification information as the client identification information of the remote access request, there is no preceding user, and the job control unit normally executes the remote access request as shown in FIG. The access user authentication process 58 is performed using the registered user file 60 to set up a communication connection between the client computer and the server computer. In addition, even if there is an entry that matches the remote access request and the client identification information, if the login state is “Logout transition”, the client computer has successfully logged out and the server computer has Indicates that the post-processing of the logout process is being continued, and is not an abnormal state. In this case, the job control unit waits until the logout process is completed, and performs the communication connection setting process as usual.

In the present system, as described above, an orphan process remaining in the server computer due to a system shutdown of the client computer is detected, and this process is forcibly terminated to handle an entry corresponding to a new remote access request. By registering in the table 64, a consistent system state can be maintained.

[Fifth Embodiment] Next, a fifth embodiment of the present invention will be described with reference to the drawings. FIG. 7 is a flowchart illustrating an outline of a process performed by the job control unit according to the present embodiment. The processing of the job control unit in the present embodiment
Since it is almost the same as the first embodiment, the following description focuses on the features of the present embodiment. In FIG. 7, FIG.
The same reference numerals are given to the same processes as.

The job control section of the present system performs the same user authentication processing S200 as in the first embodiment. In the user authentication process S200, if the user name and the password pass, the process of opening a communication connection between the client computer and the server computer is performed. At this time, the job control unit automatically generates a client identifier representing the authenticated client computer. Since this client identifier only needs to be a unique identifier, it may be one that sequentially assigns a simple serial number, or may be a unique one such as an index of the entry 70 of the correspondence table 64 or a memory address. Anything may be used. The job control unit transmits the generated client identifier to the client computer using the established communication connection (S220).

The job control unit generates an entry of the correspondence table 64 using the generated client identifier as client identification information (S222). On the other hand, on the client computer side, the client identifier sent from the server computer is stored and held in storage means such as a memory. The client computer uses this client identifier as its own client name, and thereafter uses this to make a remote access request and a remote processing request to the server computer.

Embodiment 6 Next, a sixth embodiment of the present invention will be described with reference to the drawings. FIG. 8 is a conceptual diagram of the distributed processing computer system according to the present embodiment.
8, components corresponding to those shown in FIG. 1 are denoted by the same reference numerals, and description thereof will be omitted.

This system is characterized in the way of starting a server / client type application. Processes 100 and 102 are server processes (parent processes) “SVAPP1” and “SVV” executed on the server computer 50 of the server / client type application, respectively.
APP2 ". Processes 104 and 106 also include
The server processes "SVAPP1" and "SVA
Client processes (child processes) “CLAPP1”, “C” generated on the client computer by “PP2”
LAPP2 ". For example, “SVAPP1” is a server / server from the client computer A to the server computer 50.
Generated by a request to start a client application. When the activation of “SVAPP1” succeeds on this server computer, the “SVAPP1” is transmitted to the client computer A, which is the parent process requesting client computer, with “CAPP1”.
LAPP1 "is started. That is, the server / client type application here has a server application-driven mechanism. Then, when the activation of “CLAPP1” is successful, “SVAPP1” and “CLAPP1”
"1" starts communication with each other and executes a task in cooperation with each other. The same applies to the server process “SVAPP2” and the client process “CLAPP2”.

Hereinafter, the features of this system will be described with reference to FIG. In the figure, different users from the client computers A and B respectively have user names "AAA",
"BBB" indicates a state in which the server computer 50 is remotely accessed. In this state, it is assumed that a request is made from the client computer A to activate the job “JOB1” of the client / server type application. This job “JOB1” is the “SVAPP1”
And “CLAPP1”. JOB1 from client computer A to server computer
Of the job control unit 108 of the present system.
Checks whether an environment capable of executing the client process “CLAPP1” is established on the client computer A when the server process “SAPP1” is started. Specifically, the user who has requested the activation of "JOB1" confirms by searching the correspondence table 64 that a connection exists between the client computer A and the server computer when "SVAPP1" is activated. .

If there is no user logged in to the client computer A and a client process cannot be created in the client computer A, starting the server process is useless. In the present system, this is confirmed in advance, so that unnecessary server process generation is not performed. Further, by confirming that the user who has logged in to the client computer A is the same as the user who has started the server process, the situation in which the user is switched between the server process start request and the start of the client process generation process And the creation of the server process and the client process can be stopped.
That is, a situation in which there is a problem in security, such as generating a client process in the client computer A to which another user is logged in, is avoided.

FIG. 9 is a flowchart showing an outline of the above-described processing performed by the job control unit of this embodiment. The user
Client / server type job "J
An activation request for “OB1” is input from the client computer A to the server computer, and the server computer receives the request. The job control unit 108 obtains the user identification information and the client identification information which are given as the processing request source information to the start request, and sets the client which is the parent process start source client computer as the client computer for which the client process is to be generated. Set the computer A (S2
30).

Next, the job control unit 108 activates the server process “SVAPP1” when starting the server process “SVAPP1”.
(S232), and confirms whether or not an entry having information matching the user name and the client identification information acquired in the processing S230 exists in the correspondence table 64 (S234). If the execution condition confirmation process S234 is passed, the server process "SVAPP1" is started on the server computer (S236), and then the "SVAPP1" is executed.
“1” generates a client process “CLAPP1” in the client computer A, and the business process is started.

[Seventh Embodiment] Next, a seventh embodiment of the present invention will be described with reference to the drawings. FIG.
FIG. 4 is a schematic diagram of a job control table provided in the server computer according to the present embodiment. Each entry 120, 120A-C constituting this job control table corresponds to each job being executed by the server computer. For example, the entry 120A indicates that the remote processing request that has started the job having the job identifier “JOB1” includes the user name “AAA” and the client computer A as the processing request source information. In this system, when a client computer requests a remote process of a client / server type application from a client computer to a server computer, information specifying the client computer where the client process is to be generated is also transmitted. In the entry of the job control table, the identification information of the client computer on which the client process is to be created is stored in a field called an executing client computer name. By storing the execution client computer name in this way, when the job is a client / server type application, not only the startup client computer that has requested the start of the server process, but also the execution client computer of the client process. Can be managed.

Each entry 120 includes, for example, a user name,
The record is a record in which fields including information such as a start client computer name, an execution client computer name, a job ID (identifier), a login process ID, job attribute information, and a job execution state are continuous. At the end of this record, the start address of the next entry is stored, and each entry is sequentially linked using this as a pointer. That is, in this example, the job control table takes a form of a chain of entries, like the correspondence table 64.

FIG. 11 is a conceptual diagram of the distributed processing computer system according to this embodiment. Among the components shown in FIG. 11, those corresponding to those shown in FIG. 1 are given the same reference numerals, and descriptions thereof will be omitted. The process 130 is a server computer 5 of a server / client type application.
Server process (parent process) "SV
APP1 ". In addition, the process 132 includes “SVA
"PP1" represents a client process (child process) "CLAPP1" generated in the client computer.

Next, the flow of the processing will be described. In FIG. 11, the client computers A and C have already been registered with the user name “A”.
AA ", a communication connection for remote access with the server computer is set. In this state, first, the user of the client computer A
, A job start request 134 which is a start request of a server / client type application as a remote processing request
Input. The job start request 134 includes or includes information such as a job identifier “JOB1”, a user name “AAA”, a start client computer name “client computer A”, and an execution client computer name “client computer C”. Job control unit 13 of server computer 50
6 receives the job start request 134 and stores and holds the information built in or accompanying the start request in the job control table.

When starting the server process “SAPP1”, the job control unit 136 searches the correspondence table 64 and matches the user name and the execution client computer name of the job start request 134 held in the job control table. It is confirmed whether or not the entry having the information exists in the correspondence table 64. If the execution condition confirmation process is passed, the job control unit 136 sends the server process “S
VAPP1 ”is started on the server computer, and then“ S
The client process “CL” is assigned to the client computer C whose “VAPP1” is specified as the executing client computer.
APP1 "is generated, and the business process is started.

On the other hand, if no such entry is found, that is, if the client computer C is not logged in with the user name that made the job start request 134, and a client process cannot be created in the client computer C, It is useless to start a server process. In this system, this is confirmed in advance, and not only the generation of the client process but also the unnecessary generation of the server process itself is stopped, and an error indicating that the startup of the server process has failed is notified to the startup client computer A.

Eighth Embodiment Next, an eighth embodiment of the present invention will be described with reference to the drawings. FIG.
It is a conceptual diagram of the distributed processing computer system of this Embodiment. 12, components corresponding to those shown in FIG. 1 are denoted by the same reference numerals, and description thereof will be omitted.

A job start request 142 from the client computer A to the job control unit 140 of the server computer starts the server process (parent process) “SAPP1” of the server / client type application and the client process (child process) of the client process (child process). This is a remote processing request that specifies itself, that is, the client computer A, as the executing client computer. Process 14
Reference numeral 4 denotes a server process “SAPP1” generated in response to the job activation request 142. The job connection request 146 in the client computer C sends the client process to itself, that is, the client computer C.
Is a remote processing request for "SVAPP1".

Next, the flow of processing will be described. In FIG. 12, the client computers A and C have already been registered with the user name “A”.
AA ", a communication connection for remote access with the server computer is set. The job activation request 142 activates a server process having a job identifier “JOB1” in the server computer. The server process generates a client process in the client computer A that has issued the job activation request 142. I do. Furthermore, the server process "SVAP
P1 "communicates with multiple client processes,
It is assumed that services can be provided for each.

In this state, first, the client computer C
User of the server computer sends a job connection request 146 to the server computer 50.
Send The job connection request 146 includes the job identifier “JOB1” of the job that is the connection request partner and the user name “A
AA "and information such as a client computer name" client computer C "which is a connection request source.

Job control unit 140 of server computer 50
Upon receiving the job connection request 146, authenticates whether the user name of the connection request matches the user name information of the server process or the job activation request 142. That is, the job control unit 140 searches the correspondence table 64, checks whether the user “AAA” is logged in to the client computer C that has made the connection request, and confirms the existence of the execution environment of the client process. Above, a client process is generated for the client computer C. The client process on the client computer C is connected to the process 144 of the server computer 50, and business processing by a client / server type application is started.

When granting the job connection request 146 as described above, the job control unit 140 adds the name of the client computer that is the connection request source to the job control table described in the above embodiment and uses it for management. . For example, the server process entry 120 is extended to provide a field called a client list, in which identification information such as the identifier of the client computer C that is the connection request source is stored to manage the processing.

[0069]

According to the distributed computer system of the present invention, the server computer permits the client computer to grant the remote access request to the user identification information such as the user name and the password regardless of the identification information of the client computer. Perform based on. The server computer holds the identification information of the client computer to which the remote access has been granted, and the subsequent remote processing request is granted using access request source information including the user identification information and the client identification information. That is, in the present system, it is not necessary to previously register a client connectable on the network in the server computer, and the client identification information is registered in the server computer when the authentication based on the user identification information succeeds. Thus, according to the present invention, the user:
A client computer that is not registered in advance in its own server computer can remotely access the server computer, thereby improving the ease of use of the system. Since not only user identification information but also client identification information is collated, it is possible to control processing requests from other client computers as unauthorized requests without authority and maintain security and system reliability. -The effect of being improved is also realized.

According to the distributed processing computer system of the present invention, the server computer holds the processing request source information relating to the remote processing being executed as job management information, and performs the processing for the preceding remote processing such as canceling the preceding remote processing being executed. For the request of the subsequent remote processing that interferes, the license is granted using the processing request source information that includes not only the user identification information but also the client identification information. In the case of sharing with other users, it is possible to avoid a situation in which a user different from the user who started remote processing is canceled from another client computer due to an operation error, etc., and system security and reliability are improved. There is an effect that it can be.

According to the distributed processing computer system of the present invention, in matching the processing request source information with the preceding remote processing in the permission of the succeeding remote processing, whether the user identification information and the client identification information are permitted or not is determined. It is possible to switch the mode as to whether or not to permit based on matching of only the user identification information. For example, when one user identification information is shared by a plurality of people, there may be a situation where another user must cancel the remote process started by another client, but in the present invention, By switching the mode, such a situation can be dealt with, and the effect that the usability of the system is further improved can be obtained.

According to the distributed processing computer system of the present invention, when a remote access request is made, it is detected that there is an inconsistent state that the same client computer has already been remotely accessed with different user identification information. Since the logout process of the user who is accessing remotely is performed, the effect of maintaining the consistency of the system and improving the reliability of the system is obtained.

According to the distributed processing computer system of the present invention, the server computer generates a client identifier for identifying the client computer and transmits the generated client identifier to the client computer. A remote processing request can be made to the computer. In other words, the client computer
There is no need to have a table or file for managing unique identifiers on the network, and the system can be used without defining such identifiers in advance, and the system is easy to use and manage. Is improved.

According to the distributed processing computer system of the present invention, when a client / server type application is executed, the existence of the environment for generating the client process in the client computer depends on the user identification information generated at the time of remote access request authentication and the client. Since the entry information including the identification information is checked before the server process is started, there is no need to start a useless server process so that a client process cannot be generated, thereby improving the system efficiency. There is.

According to the distributed processing computer system of the present invention, it is possible to execute a client / server type application by designating a client computer on which a client process is to be generated.
The selection range when executing the server-type application is expanded, the usability of the system is improved, and even in this case, the existence of the environment for generating the client process in the client computer is based on the user identification generated at the time of remote access request authentication. Since the entry information including the information and the client identification information is checked before the server process is started, a useless server process is not started so that a client process cannot be generated, thereby improving the efficiency of the system. The effect that can be obtained is also obtained.

According to the distributed processing computer system of the present invention, when executing a client / server type application having a server process to which a plurality of client processes can be connected, a connection request to the server process is
Since the license is granted based on the collation with the entry information and the confirmation of the match in the user identification information with the server process, only the reliable client computer is connected to the server process, and the effect of improving the reliability of the system is obtained. .

[Brief description of the drawings]

FIG. 1 is a conceptual diagram of a distributed processing computer system according to a first embodiment.

FIG. 2 is a schematic diagram of an access management correspondence table used in a processing request permission determination process according to the first embodiment.

FIG. 3 is a schematic flowchart showing an access user authentication process in the server computer according to the first embodiment.

FIG. 4 is a flowchart of a schematic process of a remote processing request in the client computer according to the first embodiment.

FIG. 5 is a conceptual diagram of a distributed processing computer system according to a second embodiment.

FIG. 6 is a conceptual diagram of a distributed processing computer system according to a third embodiment.

FIG. 7 is a flowchart illustrating an outline of a process performed by a job control unit according to a fifth embodiment;

FIG. 8 is a conceptual diagram of a distributed processing computer system according to a sixth embodiment.

FIG. 9 is a flowchart illustrating an outline of the above-described processing performed by a job control unit according to the sixth embodiment.

FIG. 10 is a schematic diagram of a job control table provided in a server computer according to a seventh embodiment.

FIG. 11 is a conceptual diagram of a distributed processing computer system according to a seventh embodiment.

FIG. 12 is a conceptual diagram of a distributed processing computer system according to an eighth embodiment.

FIG. 13 is a block diagram of a computer system employing a first conventional method.

FIG. 14 is a block diagram of a computer system employing a second conventional method.

FIG. 15 is a block diagram of a computer system employing a third conventional method.

[Explanation of symbols]

50 server computer, 52 client computer, 54
Network, 56, 92, 108, 136, 140
Job control unit, 58 access user authentication processing, 60
Registered user file, 62 processing request permission decision processing,
64 correspondence table, 70 entries, 80 jobs, 82,
84 Job cancel request, 90 mode flag, 1
42 Job start request, 146 Job connection request.

Claims (8)

(57) [Claims] 1. A distributed processing in which a client computer and a server computer are connected via a network, a user remotely accesses the server computer from the client computer, and the server computer executes a remote process requested by the user. In the computer system, the client computer transmits, to the server computer, access request source information including user identification information of an access requesting user who requests the remote access and client identification information for identifying the client computer on the network. Sending request to the server computer together with processing request source information including the user identification information of the processing requesting user requesting the remote processing and the client identification information. Request server means, the server computer includes: a registered user storage means for storing a remotely accessible registered user; and an entry information holding means for holding the access request source information relating to the user who is remotely accessing as entry information. Means for determining whether the access requesting user is the registered user based on the user identification information included in the access requesting source information, and permitting the remote access; Processing request permission determining means for determining permission of the remote processing request in accordance with a result of matching the processing request source information attached to the processing request with the entry information regarding the user who is remotely accessing the processing request. Distributed processing computer system. 2. The server computer further comprises: job management information holding means for holding the processing request source information relating to the remote processing being executed as job management information; and the processing request permission determining means further comprising: Comparing the processing request source information attached to the subsequent remote processing request that requests processing that interferes with the preceding remote processing with the job management information related to the preceding remote processing being executed,
2. The distributed processing computer system according to claim 1, wherein when the comparison result indicates a match, execution of the subsequent remote processing is permitted. 3. The processing request permission determining means includes a mode for determining a match using both the user identification information and the client identification information and a mode for determining a match using only the user identification information. 3. The distributed processing computer system according to claim 2, further comprising: a mode setting unit for setting, and a mode switching unit for switching the mode. 4. The server computer compares the access request source information newly received from the client computer with the entry information on the user who is performing the remote access, and in the comparison, the client identification information of each other is obtained. And a multiple access detecting means for detecting the same client multiple access request status where the user identification information is different from each other, and when the same client multiple access request status is detected, logout of the preceding user corresponding to the entry information 2. The distributed processing according to claim 1, further comprising a preceding access disconnection processing unit for performing processing, wherein the access user authentication unit permits the remote access of a subsequent user corresponding to the access request source information. Computer system. 5. The server computer includes: a client identifier defining unit that defines a client identifier of the client computer that has permitted the remote access; and a client identifier transmitting unit that transmits the client identifier to the client computer. The client computer has a client identifier storage unit that stores the client identifier, and the processing request transmission unit transmits the client identifier instead of the client identification information in the subsequent remote processing request. The distributed processing computer system according to claim 1, wherein: 6. A parent process generated on the server computer by a start request from a parent process starting client computer and a child process generated on the parent process starting client computer by the parent process communicate with each other. A distributed processing computer system for performing a process, wherein the server computer confirms that the entry information corresponding to the processing request source information of the remote processing request for activating the parent process remains. 2. The distributed processing computer system according to claim 1, further comprising a parent process generating means for generating the parent process. 7. A parent process generated on the server computer by an activation request from a parent process activation source client computer and a child process generated on the client computer by the parent process communicate with each other to execute processing. Wherein the processing request transmission unit further transmits, to the server computer, information specifying a child process generation destination client computer at the time of the parent process activation request, wherein the server computer The entry information corresponding to the child process generation destination client computer specified in the request is present in the storage, and the entry information is included in the processing request source information of the remote processing request that activated the parent process. Including the same user identification information as included Distributed processing computer system according to claim 1, wherein it has a parent process generating means for generating the parent process. 8. A parent process generated in the server computer by a start request from a parent process start source client computer, and a child process generated in the client computer by the parent process mutually communicate and execute processing. Wherein the server computer is means for generating the child process on the client computer that has issued a connection request to the parent process, and wherein the remote computer is a connection request to the parent process. The presence of the entry information that matches the processing request source information of the processing request, and the same user as the entry information included in the processing request source information of the remote processing request that started the parent process After confirming that identification information is included, a child process generation step for generating the child process is performed. Distributed processing computer system according to claim 1, wherein it has a.