Cloud application migration method, system and storage medium
By acquiring virtual IP information and network policies, and combining this with network packet capture information, the network configuration and application instance mounting were performed on the second data center. The F5 device was used to carry business traffic, which solved the problems of transaction loss and response time extension in cloud application migration and achieved lossless migration.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA MERCHANTS BANK
- Filing Date
- 2023-10-11
- Publication Date
- 2026-06-09
Smart Images

Figure CN117354279B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data migration technology, and more particularly to a method, system, and storage medium for migrating cloud applications, as well as related equipment. Background Technology
[0002] Cloud applications refer to applications that run on a cloud platform, and users access and use the related services of these applications via the internet. Cloud applications include both mobile and non-mobile applications.
[0003] In related technologies, for non-migratory applications, when migrating cloud applications due to data center relocation, off-site deployment and decommissioning of application instances from the old data center are required. In traditional methods, directly scaling up or down when migrating transaction-based cloud applications can easily lead to transaction losses. Summary of the Invention
[0004] The main purpose of this application is to provide a method, system, and storage medium for migrating cloud applications, aiming to solve the technical problem of transaction loss risk during the migration of transaction-related cloud applications in related technologies.
[0005] To achieve the above objectives, this application adopts the following technical solution:
[0006] Firstly, this application provides a method for migrating cloud applications, the method comprising:
[0007] Obtain the virtual IP information, application instance information, network policies, and first packet capture information of the first data center; among which, the application instance information is the instance information of the application to be migrated, and the first packet capture information is the network access status of the first data center within a preset time period captured by network packet capture.
[0008] Based on the virtual IP information, add virtual IPs corresponding to the F5 devices for the target applications in the second data center; the target applications and the applications to be migrated have a corresponding relationship.
[0009] Based on the application instance information, mount the application instance of the second data center on the virtual IP;
[0010] Based on the network policy and the first packet capture information, the network was opened to the second computer room;
[0011] Based on the second data center with the network enabled, start application instances and enable DNS resolution of domain names so that the F5 devices in the second data center can carry business traffic.
[0012] Optionally, in the above cloud application migration method, after the step of starting the application instance and enabling DNS resolution of the domain name based on the second data center after the network is opened, so that the F5 device in the second data center can carry the business traffic, the method further includes:
[0013] Stop resolving the virtual IP address corresponding to the F5 device in the first data center, and disable DNS resolution for the domain name in the first data center;
[0014] Network packet capture was performed on the virtual IP and application instances in the first computer room to obtain the second packet capture information;
[0015] Determine whether there is business traffic in the first data center based on the second packet capture information;
[0016] If there is business traffic in the first data center, the corresponding first target link is determined, and a modification instruction is sent to the terminal device of the first target link so that the terminal device can modify the access method and transfer the business traffic to the application instance in the second data center; wherein, the terminal device is the access device located upstream of the server in the first target link, and the access method includes accessing through the DNS resolution domain name or virtual IP of the second data center;
[0017] If there is no business traffic in the first data center, then the application instances in the first data center will be taken offline.
[0018] Optionally, in the above cloud application migration method, after determining the corresponding first target link and sending a modification instruction to the terminal device of the first target link so that the terminal device modifies the access method and transfers the business traffic to the application instance in the second data center, the method further includes:
[0019] Return to the steps of capturing network packets for the virtual IP and application instance in the first data center to obtain the second packet capture information, and repeat until there is no business traffic in the first data center.
[0020] Optionally, in the above cloud application migration method, before the step of adding a virtual IP corresponding to the F5 device for the target application in the second data center based on the virtual IP information, the method further includes:
[0021] Based on the memory size of the application to be migrated in the first data center, determine whether there is a corresponding amount of reserved space in the second data center;
[0022] If so, expand the memory of the second data center, create the application corresponding to the application to be migrated and its corresponding instance to be started, and obtain the target application and the instance of the application to be started in the second data center;
[0023] Configure the environment and certificates for the application instance to be launched to obtain the application instance in the second data center.
[0024] Optionally, in the above cloud application migration method, after the steps of configuring the environment and certificates of the application instance to be launched to obtain the application instance in the second data center, the method further includes:
[0025] Determine whether the target application in the second data center is associated with an F5 device;
[0026] If so, then execute the step of adding a virtual IP corresponding to the F5 device for the target application in the second computer room based on the virtual IP information;
[0027] If not, then isolate the application instance in the first server room.
[0028] Optionally, in the above cloud application migration method, the step of enabling network access to the second data center based on network policies and the first packet capture information includes:
[0029] According to the network policy, the network of the second data center is activated for the first time to obtain the network activation information of the second data center;
[0030] The IP addresses of the first packet capture information and the information of the already activated network are compared to obtain the information of the unactivated network in the second data center;
[0031] Based on the information that the network was not yet activated, the second network was activated for the second computer room.
[0032] Optionally, in the above cloud application migration method, the steps of starting application instances and enabling DNS resolution of domain names based on the second data center after network access, so that the F5 device in the second data center can carry business traffic, include:
[0033] Start the application instance based on the second data center after the network is activated;
[0034] The application instances in the second computer room were sequentially verified for operational status, technical capabilities, and business operations.
[0035] Once the application instance in the second data center passes verification, DNS resolution for the domain name will be enabled so that the F5 device in the second data center can carry business traffic.
[0036] Optionally, in the above cloud application migration method, after the step of starting the application instance and enabling DNS resolution of the domain name based on the second data center after the network is opened, so that the F5 device in the second data center can carry the business traffic, the method further includes:
[0037] When the direction of business traffic is detected to be the first data center, the corresponding second target link is determined;
[0038] Ping the DNS domain name and virtual IP of the second target link to obtain potential risk information;
[0039] Alerts and reminders are issued based on potential risk information.
[0040] Secondly, this application provides a cloud application migration system, the system comprising:
[0041] The first data center includes the first cloud platform and the applications to be migrated that are running on the first cloud platform;
[0042] The second data center includes a second cloud platform, target applications running on the second cloud platform, and F5 devices.
[0043] The first data center is used to obtain virtual IP information, application instance information, network policies, and first packet capture information, and send them to the second data center. Among them, the application instance information is the instance information of the application to be migrated, and the first packet capture information is the network access status of the first data center within a preset time period captured by network packet capture.
[0044] The second data center is used to receive virtual IP information, application instance information, network policies, and first packet capture information sent by the first data center; based on the virtual IP information, it adds a virtual IP corresponding to the F5 device for the target application; wherein the target application and the application to be migrated have a corresponding relationship; based on the application instance information, it mounts the application instance of the second data center on the virtual IP; based on the network policy and the first packet capture information, it opens the network to the second data center; based on the second data center after the network is opened, it starts the application instance and opens DNS resolution domain name so that the F5 device in the second data center can carry business traffic.
[0045] Thirdly, this application provides a computer-readable storage medium storing a computer program that, when executed by one or more processors, implements the cloud application migration method described above.
[0046] The above-mentioned one or more technical solutions provided in this application may have the following advantages or at least achieve the following technical effects:
[0047] This application proposes a cloud application migration method, system, and storage medium. By acquiring the virtual IP information of a first data center, a new virtual IP corresponding to an F5 device is added to the target application in a second data center. Then, based on the instance information of the application to be migrated in the first data center, the application instance in the second data center is mounted on the virtual IP in the second data center. According to the network policy of the first data center and the first packet capture information, the network in the second data center is opened. Finally, based on the network-opened second data center, the application instance is started and DNS resolution of the domain name is enabled, allowing the F5 device in the second data center to carry business traffic. This achieves the purpose of migrating the cloud application from the first data center to the second data center, thus expanding the capacity of the target application in the second data center. In this method, network access in the first data center is captured within a preset time period through network packet capture, and then the network is opened in the second data center in conjunction with the network policy. This method is applicable to various cloud application migration scenarios, including both mobile and non-mobile applications, completely migrating the application to be migrated from the first data center to the second data center. This avoids application data loss and direct external access to the virtual IP, thereby preventing transaction losses in transaction-related cloud applications and achieving a lossless transaction effect. In addition, with the complete migration of application data, the application's transaction data will not be isolated, which can avoid extending the response time of cloud applications. Attached Figure Description
[0048] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these provided drawings without creative effort.
[0049] Figure 1 This is a flowchart illustrating the first embodiment of the cloud application migration method of this application;
[0050] Figure 2 This is a schematic diagram of the architecture of the first computer room involved in an embodiment of this application;
[0051] Figure 3 This is a schematic diagram of the architecture of the second computer room involved in the embodiments of this application;
[0052] Figure 4 This is a flowchart illustrating the second embodiment of the cloud application migration method of this application;
[0053] Figure 5 This is an interactive schematic diagram of the second embodiment of the cloud application migration method of this application;
[0054] Figure 6 This is a connection diagram of the cloud application migration system involved in the embodiments of this application;
[0055] Figure 7 This is a schematic diagram of the workflow of the cloud application migration system in this application.
[0056] The realization of the purpose, functional features and advantages of this application will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation
[0057] To make the objectives, technical solutions, and advantages of this application clearer, the technical solutions in the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0058] It should be noted that in this application, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or system. Without further limitations, an element defined by the phrase "comprising..." does not exclude the presence of other identical elements in the process, method, article, or system that includes that element. In this application, descriptions involving "first," "second," etc., are for descriptive purposes only and should not be construed as indicating or implying their relative importance or implicitly specifying the number of indicated technical features. Thus, a feature defined with "first" or "second" may explicitly or implicitly include at least one of those features. Those skilled in the art can understand the specific meaning of the above terms in this application according to the specific circumstances. Furthermore, the technical solutions of the various embodiments can be combined with each other, but this is based on the fact that those skilled in the art can implement them. When the combination of technical solutions is contradictory or cannot be implemented, it should be considered that such combination of technical solutions does not exist and is not within the scope of protection claimed in this application.
[0059] Cloud applications refer to applications running on cloud platforms, accessible and used by users via the internet. Cloud applications enable cross-platform and cross-device access and feature elastic scaling, greatly simplifying application deployment and maintenance. For promotional cloud applications, temporary scaling is required when business volume surges necessitate significant resource capacity increases, followed by scaling down to conserve resources after the promotion ends. These applications are generally considered stateless and volatile. Conversely, there are also non-volatile applications, such as routing and gateway applications. Therefore, cloud applications include both volatile and non-volatile applications.
[0060] In related technologies, for non-migratable applications, when migrating cloud applications through data center relocation, it is necessary to deploy in a new data center and take application instances offline from the old data center. Analysis of these technologies reveals that in traditional methods, when migrating transaction-related cloud applications, directly scaling up or down—that is, directly deploying in a new data center and taking application instances offline from the old data center—can easily lead to transaction losses. The reasons for these losses are: firstly, some applications access each other directly through VIPs (Virtual IP Addresses) instead of domain names; secondly, the impact of various application caches in the transaction chain, such as Nginx (a high-performance HTTP and reverse proxy web server), DNS (Domain Name Server), and F5 (load balancer); and thirdly, inconsistent versions of underlying infrastructure components. Furthermore, during the canary rollout process, scaling up or down can cause transaction data to be routed to a different Availability Zone (AZ), which can also lead to prolonged cloud application response times.
[0061] In view of the technical problems in related technologies, such as the risk of transaction loss and application response delay when migrating non-drifting transaction-type cloud applications during data center relocation, this application provides a cloud application migration method, system and storage medium.
[0062] The cloud application migration method, system, and storage medium provided in this application will be described in detail below with reference to the accompanying drawings and through specific embodiments and implementation methods.
[0063] Example 1
[0064] Reference Figure 1 This application presents a first embodiment of a cloud application migration method. This cloud application migration method is applied to a scenario where cloud applications are migrated from a first data center to a second data center.
[0065] The first data center refers to a server cluster capable of network connectivity or a data center equipped with network devices such as servers and cloud platforms. The second data center refers to a server cluster capable of network connectivity or a data center equipped with network devices such as servers and cloud platforms. The first data center can be an older data center, and the second data center can be a new data center, which is the destination data center to be migrated to.
[0066] like Figure 2 The diagram shown illustrates the architecture of the first data center, which may include:
[0067] First Cloud Platform ( Figure 2 (Not shown in the image) Applications to be migrated that are running on the first cloud platform.
[0068] like Figure 2 As shown, the first data center may also include F5 devices, which are hardware-based load balancers that can balance network traffic by distributing traffic to multiple servers. Figure 2 The applications to be migrated include SZ applications and SH applications. SZ applications include instances 101 and 102, and SH applications include instances 201 and 202. In practice, SZ and SH applications can be installed on the same server, or each can be installed on a separate server, or they can be located in different data centers; that is, SZ applications can be in one data center and SH applications in another, depending on actual needs. This embodiment uses the example of SZ and SH applications located on different application servers in the same data center for illustration.
[0069] like Figure 3 The diagram shows the architecture of the second data center, which may include:
[0070] Second cloud platform, target application running on second cloud platform, F5 device.
[0071] like Figure 3 As shown, in this second data center, the target applications include application H1 and application H2. Application H1 includes instances 301 and 302, and application H2 includes instances 401 and 402. In practical applications, application H1 and application H2 can be installed on the same server, or each can be installed on a separate server, or they can be located in different data centers, i.e., application H1 is in one data center and application H2 is in another data center, which can be configured according to actual needs. In this embodiment, the example of application H1 and application H2 being located on different application servers in the same data center is used for illustration. At the same time, application H1 represents the application when migrating application SZ from the first data center to the second data center, and application H2 represents the application when migrating application SH from the first data center to the second data center.
[0072] Based on the first and second computer rooms mentioned above, the following combines... Figure 1 The flowchart shown illustrates the cloud application migration method of this embodiment in detail. The method may include the following steps:
[0073] Step S100: Obtain the virtual IP information, application instance information, network policy and first packet capture information of the first data center; wherein, the application instance information is the instance information of the application to be migrated, and the first packet capture information is the network access status of the first data center within a preset time period captured by network packet capture.
[0074] Specifically, virtual IP information refers to the virtual IP information configured for each application on the F5 device within the primary data center, such as... Figure 2The SZ VIP and SH VIP are mentioned. Application instance information refers to the instance information mounted on various applications in the first data center. Only instance information for applications identified as needing migration is obtained here, such as... Figure 2 Both SZ VIP and SH VIP are applications to be migrated. Therefore, the application instance information includes information on SZ application instances 101 and 102, and SH application instances 201 and 202. Network policy refers to the basic network architecture of the first data center, network layout information based on that architecture, etc. The first packet capture information is the network access situation of the first data center within a preset time period, captured through network packet capture, such as network access situation within the most recent month based on the current time. This includes information such as network access source, access method, and access target, which can be configured according to actual needs.
[0075] In practical applications, the first cloud platform in the first data center can independently collect virtual IP information, application instance information, network policies, and initial packet capture information from the first data center. It then sends this collected information to the second data center, allowing the second data center to receive the same information before performing subsequent operations. Alternatively, the second cloud platform in the second data center can query the same information from storage servers, databases, or other storage devices before executing further operations.
[0076] Because the basic network architecture of the first data center (the old data center) and the second data center (the new data center) may differ, and because applications deployed in the DMZ (Demilitarized Zone) and BIZ (Business Internet Zone) may have inconsistent default network activation settings for different network segments, directly adopting the network activation method for business migration—that is, directly migrating the network policy of the first data center to the second data center—can only achieve the activation of most networks, resulting in some network activation omissions.
[0077] Therefore, in order to ensure the comprehensiveness of the network activation in the future, on the one hand, the network policy of the first data center was migrated to the second data center, and on the other hand, network access in the first data center was captured within a preset time period by network packet capture to obtain the first packet capture information, so that the network can be activated in the future according to the network policy of the first data center and the first packet capture information.
[0078] Step S200: Based on the virtual IP information, add a virtual IP corresponding to the F5 device for the target application in the second computer room; wherein, the target application and the application to be migrated have a corresponding relationship.
[0079] Specifically, the F5 device is the load balancer and traffic control device in the second data center. The second cloud platform can query the virtual IPs corresponding to the F5 device in the second data center based on the virtual IP information, and add virtual IPs for the target applications in the second data center. Specifically, a virtual IP named H1 VIP is added for application H1, and a virtual IP named H2 VIP is added for application H2. Figure 3 The system includes H1 VIP and H2 VIP. H1 applications correspond to SZ applications, and H2 applications correspond to SH applications. To completely migrate the SZ applications from the first data center to the H1 applications in the second data center, and to completely migrate the SH applications from the first data center to the H2 applications in the second data center, further steps are required.
[0080] Step S300: Based on the application instance information, mount the application instance of the second data center on the virtual IP.
[0081] Specifically, application instances in the second data center can be created and stored in the second cloud platform based on the target application. Specifically, application instances of the target application can be created based on the instance information of the application to be migrated in the first data center. For example, instance 301 of the H1 application can be created for instance 101 of the SZ application. Then, the second cloud platform can mount the application instances of the target application onto the virtual IP of the target application. Specifically, the application instances are mounted based on the instance mounting information of the application to be migrated in the first data center. For example, instances 301 and 302 of the H1 application are mounted on the H1 VIP, and instances 401 and 402 of the H2 application are mounted on the H2 VIP.
[0082] Step S400: Based on the network policy and the first packet capture information, enable the network in the second computer room.
[0083] Specifically, network activation refers to establishing the production environment application call relationships for the target application. The production environment refers to the environment used to deploy and run the target application, including all hardware devices and software platforms used to run the application, as well as all middleware and infrastructure supporting its operation. For example, activating the network from the target application's front-end device to the H1 VIP corresponding to the F5 device in the new data center, and the network from the front-end device to the H2 VIP, etc. Network activation is a complex process, especially for application gateways with mobile banking access points applicable to various branches. These application gateways are non-drifting applications; if the network is not fully activated, business data omissions can easily occur, leading to transaction losses.
[0084] In practical applications, the second cloud platform can enable the network in the second data center based on the obtained network policies and the first packet capture information. Specifically, it first migrates the network policies of the first data center to the second data center according to the network policies, enabling most of the network to be enabled. Then, it compares the IP addresses with the first packet capture information based on the enabled network status, identifies the networks in the new data center (i.e., the second data center) that have not been enabled, and enables them.
[0085] When the first computer room has a direct access to a virtual IP, for example Figure 2 External traffic can directly call the SZ VIP or access the virtual machine directly through a microservice, for example. Figure 2 When other microservices directly access instance 101, etc., network packet capture can discover the application call relationships in these situations in advance, and then deploy them in the new data center to avoid omissions, thereby achieving comprehensive network access.
[0086] Step S500: Based on the second data center after the network is opened, start the application instance and enable DNS resolution of the domain name so that the F5 device in the second data center can carry business traffic.
[0087] Specifically, DNS domain name resolution refers to resolving the domain name of a virtual IP address, converting the domain name entered by the user into the corresponding virtual IP address. DNS domain name resolution can be achieved through communication between the F5 device in the data center and the DNS server. For example... Figure 2 As shown, when an external access point, such as an external terminal device, enters a domain name and sends a query request to the DNS server, the DNS server will recursively query based on its own cache, such as SZ corresponding to SZ VIP, SH corresponding to SH VIP, etc., to obtain the virtual IP address corresponding to the domain name, and then return the result to the external accessing device so that the device can access the corresponding virtual machine based on the virtual IP address. Similarly, the second data center, based on the network after it is opened, also has this DNS domain name resolution function, such as... Figure 3 External access sends a request to the DNS server in the second data center. The DNS server obtains the virtual IP address based on its own cache, such as H1 corresponding to H1 VIP and H2 corresponding to H2 VIP, and returns it so that the external access device can access the corresponding virtual machine and realize the external access function.
[0088] In practical applications, after the second cloud platform opens the network of the second data center, the created application instances can be started and DNS resolution domain names can be enabled. At this time, the target application in the new data center will carry business traffic and achieve load balancing and traffic control through F5 devices.
[0089] It should be noted that steps S200-S300 can be executed simultaneously with step S400, or steps S200-S300 can be executed first, and then step S400 can be executed. The specific choice can be made according to the actual needs.
[0090] The cloud application migration method provided in this embodiment obtains the virtual IP information of the first data center, adds a virtual IP corresponding to the F5 device for the target application in the second data center, and then, based on the instance information of the application to be migrated in the first data center, mounts the application instance of the second data center on the virtual IP of the second data center. According to the network policy of the first data center and the first packet capture information, the network is opened in the second data center. Finally, based on the second data center with the network opened, the application instance is started and DNS resolution of the domain name is enabled, allowing the F5 device in the second data center to carry business traffic. This achieves the purpose of migrating the cloud application from the first data center to the second data center, thus expanding the capacity of the target application in the second data center. In this method, network access in the first data center is captured within a preset time period through network packet capture, and then the network is opened in the second data center in conjunction with the network policy. This method is applicable to various cloud application migration scenarios, including both mobile and non-mobile applications, completely migrating the application to be migrated from the first data center to the second data center. This avoids application data loss and direct external access to the virtual IP, thereby preventing transaction losses in transaction-type cloud applications and achieving a lossless transaction effect. In addition, with the complete migration of application data, the application's transaction data will not be isolated, which can avoid extending the response time of cloud applications.
[0091] In one optional implementation, step S400, "activating the network in the second computer room according to the network policy and the first packet capture information," may include:
[0092] Step S401: Perform the first network activation for the second data center according to the network policy, and obtain the network activation information for the second data center;
[0093] Step S402: Compare the IP addresses of the first packet capture information and the activated network information to obtain the unactivated network information of the second data center;
[0094] Step S403: Activate the network in the second computer room a second time based on the information about the unactivated network.
[0095] Specifically, the first network activation adopts the method of migrating the network strategy of the first data center to the second data center. Before the second network activation, the network access status of the first data center within a preset time period is compared with the network status of the second data center after the first network activation. Specifically, IP comparison is performed to identify the networks in the second data center that are not activated, thus obtaining the information on the networks that are not activated. Then, the second network activation is performed on the second data center based on the information on the networks that are not activated.
[0096] By combining network packet capture and IP comparison in application migration, network packet capture can gather more information about the network in the first data center, especially recent network access patterns, to prevent transaction losses. Then, IP comparison allows for a more comprehensive migration of the network from the first data center to the second data center, ensuring full network connectivity and preventing omissions. This approach is applicable to scenarios where the basic network architecture of the new and old data centers may differ, and where applications deployed in the DMZ and BIZ zones may have inconsistent default network connectivity settings for different network segments.
[0097] In one optional implementation, step S500, "based on the second data center after the network is activated, start the application instance and enable DNS resolution of the domain name so that the F5 device in the second data center can carry service traffic," may include:
[0098] Step S501: Based on the second data center after the network is activated, start the application instance;
[0099] Step S502: Perform operational verification, technical verification, and business verification on the application instances in the second computer room in sequence;
[0100] Step S503: When the application instance in the second data center passes verification, enable DNS resolution of the domain name so that the F5 device in the second data center can carry business traffic.
[0101] Specifically, application instance operational verification can be performed by the load balancer (F5 device) in the second data center. This checks the application instance status by routing traffic from failed instances to normal instances to handle abnormal applications. It monitors memory, disk, and other physical server resource usage to understand their normal operation. Operational verification can test the target application's dependencies to confirm their availability and proper functioning. Technical verification of application instances can be performed by the second cloud platform, specifically verifying whether the application instances meet requirements, quality, and constraints. These requirements, quality, and constraints can be configured according to actual needs. Business verification of application instances can also be performed by the second cloud platform, specifically detecting and testing the application instances to confirm that they meet user requirements and specifications, ensuring the quality and stability of the application instances.
[0102] In practical applications, after the network is activated in the second data center, the second cloud platform can start each application instance of the target application and then perform operational verification, technical verification, and business verification on the application instances in sequence. If each stage of verification passes, DNS resolution of the domain name can be enabled so that the F5 device in the second data center can carry business traffic. Conversely, if a certain stage of verification fails, a timely reminder can be given so that the user can take timely measures to ensure that each stage of verification passes, thereby enabling DNS resolution of the domain name and allowing the F5 device in the second data center to carry business traffic. In other words, the access, request, and other traffic operations are migrated from the first data center to the second data center.
[0103] Optionally, after starting the application instance and enabling DNS resolution of the domain name in the second data center with the network enabled, the second cloud platform can also monitor the changes in transaction volume and response time of the target application in real time during the process of the F5 device in the second data center carrying business traffic. It can also identify abnormal situations in the second data center. For example, when there is a network outage, there will be a small loss of transaction volume, or when the number of instances in each AZ area does not reach the preset ratio, there will be response time delays and other abnormalities. Specifically, this can be identified by comparing the access IP.
[0104] By analyzing access IPs, changes in transaction volume or response delays can be detected and predicted in advance, allowing users to take preventative measures early and prevent larger incidents, thus achieving a controllable risk outcome.
[0105] Example 2
[0106] Based on the same technical concept, referring to Figure 4 and Figure 5 This application presents a second embodiment of the cloud application migration method.
[0107] The following is combined Figure 4 The flowchart shown below provides a detailed description of the cloud application migration method in this embodiment.
[0108] Furthermore, after step S500 "Based on the second data center after the network is opened, start the application instance and enable DNS resolution of the domain name so that the F5 device in the second data center can carry the service traffic", the following steps S600 to S820 can be executed in sequence to achieve the purpose of expanding the capacity of the second data center and then reducing the capacity of the first data center; or steps S600 to S820 can be executed as independent steps to achieve the reduction of the capacity of the data center.
[0109] In one alternative implementation, such as Figure 5 The interactive diagram shown, after step S500, may further include:
[0110] Step S600: Stop resolving the virtual IP corresponding to the F5 device in the first data center, and disable DNS resolution of the domain name in the first data center.
[0111] Specifically, after expanding the application capacity of the second data center (which is now a new data center) through steps S100-S500, the application capacity of the first data center (which is now an old data center) can be reduced. For example... Figure 2 In the first data center shown, SZ VIP and SHVIP are both virtual IPs corresponding to the F5 devices in the first data center. The applications to be migrated in the first data center are application SZ and application SH. Their production environment, i.e. the first cloud platform, can stop resolving the virtual IPs corresponding to the F5 devices in the first data center and disable the DNS domain name resolution function of the first data center.
[0112] Step S700: Perform network packet capture on the virtual IP and application instance of the first computer room to obtain the second packet capture information.
[0113] Because the production environment of the applications to be migrated is complex, and some applications may have multiple versions, there may be cases where some applications connect directly to the virtual IP without DNS resolution. In this case, there is still a very small amount of traffic that may reach the first data center. To address this, the first cloud platform can capture network information of the virtual IP and application instances in the first data center through network packet capture to obtain the second packet capture information.
[0114] Optionally, the network packet capture operation can be performed after a certain period of time, such as a preset duration, in step S600, so as to obtain packet capture information more accurately. This facilitates subsequent identification of whether the first data center has no business traffic within a certain period of time, thereby accurately determining whether the first data center meets the conditions for taking application instances offline.
[0115] Step S800: Determine whether there is business traffic in the first data center based on the second packet capture information.
[0116] like Figure 2 As shown, even if DNS resolution of domain names is disabled, external access cannot access the virtual IP through DNS and F5. However, assuming that other microservices directly access application instance 101 or external traffic directly accesses the SZ VIP instead of through domain name resolution, there may still be business traffic in the first data center. This indicates that the upstream devices of these links have not been transferred to access the second data center, which means that the application migration has not been fully realized.
[0117] Based on this, after the first cloud platform obtains the second packet capture information, it can determine whether there is business traffic in the first data center. If business traffic is still found, certain measures need to be taken to transfer the access of the upstream device in the link to the second data center. If no business traffic is found, the application instance can be taken offline to realize the scaling down of the application to be migrated in the first data center.
[0118] Step S810: If there is business traffic in the first data center, determine the corresponding first target link and send a modification instruction to the terminal device of the first target link so that the terminal device can modify the access method and transfer the business traffic to the application instance in the second data center; wherein, the terminal device is the access device located upstream of the server in the first target link, and the access method includes accessing through the DNS resolution domain name or virtual IP of the second data center.
[0119] Specifically, if the second packet capture information determines that there is business traffic in the first data center, the first cloud platform can identify the first target link corresponding to this business traffic, that is, the business link generated by this business traffic. This link can include which network the terminal device accesses through, which specific virtual IP, or which application instance is being requested. After identifying the first target link, the first cloud platform can send a modification instruction to the upstream of the first target link, i.e., the terminal device that initiated the access request. This allows the terminal device to modify its access method according to the received modification instruction. The access method may include accessing through the DNS resolution domain name or virtual IP of the second data center, etc. In other words, the access operation of the terminal device in the first target link is transferred to the second data center, so that the first target link is reconstructed in the second data center. The terminal device's access to the application to be migrated in the first data center becomes an access to the target application in the second data center. The business traffic of this business link will be transferred to the application instance in the second data center, completing the supplementary migration of the target application. For example, Figure 2 Migrating other microservice access application instances 101 to, for example Figure 3 Other microservices accessing application instances 301, for example, Figure 2 Migrating external traffic directly to SZVIP to such Figure 3 External traffic can directly access the F5 device, enabling virtual IP access.
[0120] Based on the aforementioned network policy and first packet capture information, which enabled a relatively comprehensive application migration to the second data center, we will now perform network packet capture on the first data center (the old data center) to migrate access in other special circumstances to the second data center. This will allow the target applications in the second data center to more comprehensively reproduce the network situation of the original first data center, completely transferring the traffic from the old data center to the application instances in the new data center. This will achieve a more comprehensive application migration and prevent data traffic from being missed in the first data center, thus avoiding risks such as transaction losses.
[0121] Step S820: If there is no business traffic in the first data center, then take the application instance in the first data center offline.
[0122] Specifically, if the second packet capture information determines that there is no business traffic in the first data center, such as zero business traffic, it means that there are no other special circumstances or network activation omissions in the first data center. In this case, the first cloud platform can take the application instances of the old data center, i.e. the first data center, offline, thereby achieving application scaling down in the first data center.
[0123] Optionally, during the process of taking the application instance in the first data center offline, the first cloud platform can also monitor the business traffic of the first data center in real time and identify abnormal situations in the first data center. For example, when new business traffic appears, it indicates that there are still omissions in the application migration. Then, an alarm can be issued to remind users to suspend the offline operation. Alternatively, the corresponding link can be determined based on the new business traffic, so that the terminal device can modify the access method and transfer the business traffic to the application instance in the second data center, ensuring that there is no more business traffic in the first data center.
[0124] Traffic monitoring here allows us to identify any application migration omissions in the first data center, enabling timely measures to fill these gaps and prevent risks such as transaction losses. This achieves a controllable risk outcome, allowing the second data center to fully reconstruct the network conditions of the first data center and achieve a more comprehensive application migration.
[0125] Furthermore, after step S810, which involves "determining the corresponding first target link and sending a modification instruction to the terminal device of the first target link so that the terminal device modifies the access method and transfers the service traffic to the application instance in the second data center," the method may further include:
[0126] Step S830: Return to the step of performing network packet capture on the virtual IP and application instance of the first data center to obtain the second packet capture information, and repeat until there is no business traffic in the first data center.
[0127] Specifically, if there is business traffic in the first data center, the access method of the terminal device is modified in step S810 to transfer the business traffic to the application instance in the second data center. However, it is possible that other links may still be accessing the first data center. Therefore, we can return to step S700 to capture network packets again for the virtual IP and application instance in the first data center to obtain new second packet capture information. Then, we repeat step S800 to determine whether there is still business traffic in the first data center based on the new second packet capture information. If there is, we determine the link corresponding to the business traffic in the same way as in step S810, so that the terminal device of the link modifies the access method to transfer the business traffic to the application instance in the second data center. This process is repeated until there is no business traffic in the first data center or the business traffic captured by the second packet capture information is 0. Then, we execute step S820 to take the application instance in the first data center offline to achieve application scaling down in the first data center.
[0128] The cloud application migration method provided in this embodiment expands the application capacity of the second data center (which serves as the new data center) and then shrinks the application capacity of the first data center (which serves as the old data center). First, the virtual VIP and DNS resolution domain name function of the DNS server corresponding to the F5 device are disabled. Then, network packet capture is performed to monitor the business traffic of the first data center. Only after ensuring that there is no more business traffic in the first data center are the application instances taken offline to prevent data loss due to omissions in the migration. The access method of the upstream terminal devices on the link where the business traffic in the first data center is located is also changed to access the second data center to realize the link access transfer, thereby achieving a more comprehensive application migration and reducing the risks of transaction loss and data loss.
[0129] In one optional implementation, before step S200 "adding a virtual IP corresponding to the F5 device for the target application in the second computer room based on the virtual IP information", the method may further include:
[0130] Step S110: Based on the memory size of the application to be migrated in the first data center, determine whether there is a corresponding amount of reserved space in the second data center;
[0131] Step S120: If yes, expand the memory of the second data center, create the application corresponding to the application to be migrated and its corresponding instance to be started, and obtain the target application and the instance of the application to be started in the second data center.
[0132] Step S130: Configure the environment and certificates for the application instance to be started to obtain the application instance in the second data center.
[0133] Specifically, before expanding the application capacity in the second data center, the hardware configuration of the second data center can be configured first. The applications to be migrated in the first data center can be non-migratable applications such as routing applications and gateway applications. After identifying the applications to be migrated, the second cloud platform can obtain the memory size of the applications to be migrated in the first data center, and then determine whether the second data center has the corresponding size of reserved space or more. If not, no further operations will be performed, and the application migration will not occur. If so, the second cloud platform can expand the memory capacity of the second data center, create the application corresponding to the application to be migrated (i.e., the target application), and the corresponding instance to be started. Then, the environment and certificate configurations are performed on the instance to be started, resulting in the application instance in the second data center. For example... Figure 2 The first computer room shown and Figure 3In the second data center shown, when the SZ application is identified as the application to be migrated, its memory size is obtained. If the second data center has reserved space of the corresponding size, the memory of the second data center is expanded. An H1 application corresponding to the SZ application and two instances of the H1 application to be started are created. After configuring the environment and certificates for the two instances to be started, application instance 301 and application instance 302 are obtained. At this time, the application instances are not associated with the F5 device, and the application instances in the second data center are not started.
[0134] Furthermore, after step S130, "configure the environment and certificates for the application instance to be launched to obtain the application instance in the second data center," the method may further include:
[0135] Step S140: Determine whether the target application in the second data center is associated with an F5 device;
[0136] Step S150: If yes, then execute the step of adding a virtual IP corresponding to the F5 device for the target application in the second computer room based on the virtual IP information;
[0137] Step S160: If not, isolate the application instance in the first computer room.
[0138] Specifically, after step S130 and before step S200, the second cloud platform can also determine whether the target application in the second data center, such as application H1, is associated with the F5 device, that is, whether application H1 has load balancing and traffic control functions; if so, step S200 can be executed to add a virtual IP to the target application based on the virtual IP information obtained in step S100, and the virtual IP corresponds to the F5 device; if not, the application instance in the first data center can be isolated, the application migration operation can be suspended, or an alarm can be issued to remind the user to take timely measures to ensure the normal progress of the application migration.
[0139] The cloud application migration method provided in this embodiment first creates a target application and application instance in the second data center corresponding to the application to be migrated in the first data center. Then, it performs subsequent operations such as adding a virtual IP, mounting the application instance, opening the network, starting the application instance, and opening DNS resolution domain name to ensure that the second data center has enough space to completely migrate the cloud application from the first data center to the second data center and achieve a comprehensive application migration.
[0140] In one optional implementation, after step S500, "based on the second data center after the network is opened, start the application instance and enable DNS resolution of the domain name so that the F5 device in the second data center can carry service traffic," the method may further include:
[0141] Step S900: When the direction of service traffic is detected to be the first data center, determine the corresponding second target link;
[0142] Step S910: Perform a PING operation on the DNS domain name and virtual IP of the second target link to obtain potential risk information;
[0143] Step S920: Issue an alert based on potential risk information.
[0144] Specifically, during the data center relocation process, the production environment is highly complex. This is primarily manifested in the complex and even unknown historical application call relationships within the first data center, as well as outdated or incomplete application versions. Facing large-scale application migrations during the data center migration, it is difficult to treat each application with a uniform template. This embodiment employs network packet capture and IP comparison to proactively identify potential risks, such as links that do not normally access virtual IPs through DNS domain name resolution, or cache anomalies in transaction links. When all target application configurations in the first data center are updated and all operations are correct, but business traffic still flows to applications in the old data center (i.e., when business traffic is detected to be flowing to the first data center), the second cloud platform can determine the corresponding second target link based on this business traffic. Then, it performs a PING (Packet Internet Groper) operation on the DNS domain name and virtual IP of the second target link to obtain potential risk information, such as identifying which link in the transaction link is cached. Based on this potential risk information, it then issues alerts.
[0145] Optionally, steps S900-S920 can also be performed after isolating the application instance in the first data center in step S160, so as to provide alarm reminders by monitoring business traffic when the application migration operation is suspended.
[0146] The cloud application migration method provided in this embodiment monitors the flow of business traffic in real time during the process of completing the application migration in the second data center, normally carrying business traffic, and receiving access from external devices. It promptly detects potential risks and avoids impacting subsequent normal work or the application scaling-down process in the first data center, thus ensuring the security of the application migration.
[0147] like Figure 5 The interactive diagram shown illustrates how the cloud application migration method migrates cloud applications from the first data center to the second data center. The terminal device's access to the first data center now accesses the second data center. The specific process of this cloud application migration method is as follows:
[0148] First, the first data center obtains the virtual IP information, application instance information, network policies, and the first packet capture information, and then sends the obtained virtual IP information, application instance information, network policies, and the first packet capture information to the second data center.
[0149] After the second data center adds a virtual IP corresponding to the F5 device for the target application based on the virtual IP information, it mounts the application instance on the virtual IP according to the application instance information. At the same time, according to the network policy and the first packet capture information, it opens the network for the second data center, starts the application instance and opens DNS resolution domain name so that the F5 device can carry business traffic and complete the application expansion of the second data center. When the second data center can carry business traffic normally, it means that the cloud application migration is successful. At this time, a feedback message can be sent to the first data center.
[0150] After receiving the feedback information, the first data center can stop resolving the virtual IP corresponding to the F5 device, disable DNS resolution of the domain name, and perform network packet capture on the virtual IP and application instance to obtain the second packet capture information. It can then determine whether there is business traffic. If there is business traffic, it can determine the corresponding first target link and send a modification instruction to the terminal device.
[0151] After receiving the modification instruction, the terminal device changes the access method, redirecting the access request or business traffic request originally sent to the first data center to the second data center, so that the application instance in the second data center can carry the business traffic.
[0152] When the first data center determines that there is no business traffic or the terminal device changes its access method and the first data center re-determines that there is no business traffic, the application instance in the first data center is taken offline, and the application in the first data center is scaled down.
[0153] The cloud application migration method provided in this embodiment is applicable to situations where cloud applications are scaled up or down. It mainly optimizes the problems of transaction loss and application response latency that exist during the migration of cloud applications. It can achieve lossless migration of stateless driftable applications and stateful non-driftable applications such as routing applications and gateway applications, achieving the effect of lossless transactions when migrating cloud applications. The method is simple to operate, efficient, and widely applicable, and can be extended to all cloud applications that need to be scaled up or down.
[0154] Example 3
[0155] Based on the same technical concept, referring to Figure 6 This application presents a first embodiment of the cloud application migration system. The following is a combination of... Figure 6 The connection diagram shown illustrates the cloud application migration system of this embodiment in detail. The system may include:
[0156] The first data center includes the first cloud platform and the applications to be migrated that are running on the first cloud platform;
[0157] The second data center includes a second cloud platform, target applications running on the second cloud platform, and F5 devices.
[0158] The first data center is used to obtain virtual IP information, application instance information, network policies, and first packet capture information, and send them to the second data center. Among them, the application instance information is the instance information of the application to be migrated, and the first packet capture information is the network access status of the first data center within a preset time period captured by network packet capture.
[0159] The second data center is used to receive virtual IP information, application instance information, network policies, and first packet capture information sent by the first data center; based on the virtual IP information, it adds a virtual IP corresponding to the F5 device for the target application; wherein the target application and the application to be migrated have a corresponding relationship; based on the application instance information, it mounts the application instance of the second data center on the virtual IP; based on the network policy and the first packet capture information, it opens the network for the second data center; after opening the network, it starts the application instance and enables DNS resolution of the domain name so that the F5 device in the second data center can carry business traffic.
[0160] In this embodiment, the application to be migrated running on the first cloud platform is as follows: Figure 6 The first and second applications in the middle, the target application running on the second cloud platform, such as Figure 6 The third and fourth applications.
[0161] The virtual IP information obtained from the first computer room is as follows: Figure 6 The first application VIP and the second application VIP; the second data center adds virtual IPs corresponding to the F5 devices for the target applications, such as... Figure 6 The third and fourth application VIPs; application instances of the second data center mounted on virtual IPs, such as... Figure 6 Mount instances 31 and 32 to the third application VIP, and mount instances 41 and 42 to the fourth application VIP.
[0162] It should be noted that the first computer room can have its own F5 equipment, such as... Figure 2 As shown, it can also share F5 equipment with the second computer room, such as... Figure 6 As shown, the system may also include a DNS server connected to the F5 device, allowing external access to the application's virtual IP via the DNS server and the F5 device.
[0163] Furthermore, the second data center is also used to: perform the first network activation of the second data center according to the network policy to obtain the activated network information of the second data center; compare the IP addresses of the first packet capture information and the activated network information to obtain the unactivated network information of the second data center; and perform the second network activation of the second data center based on the unactivated network information.
[0164] Furthermore, the second data center is also used to launch application instances after the network is activated, and to sequentially verify the operational status, technical aspects, and business operations of the application instances in the second data center; when the application instance verification is successful, DNS resolution of the domain name is enabled so that the F5 device can carry business traffic.
[0165] Furthermore, the first data center is also used to: stop resolving the virtual IP corresponding to the F5 device in the first data center and disable the DNS resolution domain name of the first data center; perform network packet capture on the virtual IP and application instance of the first data center to obtain second packet capture information; determine whether there is business traffic in the first data center based on the second packet capture information; if there is business traffic in the first data center, determine the corresponding first target link and send a modification instruction to the terminal device of the first target link so that the terminal device modifies the access method and transfers the business traffic to the application instance in the second data center; wherein, the terminal device is the access device located upstream of the server in the first target link, and the access method includes access through the DNS resolution domain name or virtual IP of the second data center; if there is no business traffic in the first data center, take the application instance in the first data center offline.
[0166] Furthermore, the first data center is also used to, after determining the corresponding first target link and sending a modification instruction to the terminal device of the first target link so that the terminal device modifies the access method and transfers the business traffic to the application instance in the second data center, return to the step of performing network packet capture on the virtual IP and application instance in the first data center to obtain the second packet capture information, and repeat the process until there is no business traffic in the first data center.
[0167] Furthermore, the first data center is also used to determine whether the second data center has a corresponding amount of reserved space based on the memory size of the application to be migrated in the first data center; if so, it sends a memory expansion request to the second data center; the second data center is also used to perform memory expansion after receiving the memory expansion request, create the application corresponding to the application to be migrated and its corresponding instance to be started, obtain the target application and the instance to be started, configure the environment and certificate of the instance to be started, and obtain the application instance in the second data center.
[0168] Furthermore, the second data center is also used to determine whether the target application is associated with an F5 device. If so, it executes the step of adding a virtual IP corresponding to the F5 device for the target application in the second data center based on the virtual IP information. If not, it isolates the application instance in the first data center.
[0169] Furthermore, the second data center is also used to determine the corresponding second target link when the direction of business traffic is detected to be the first data center; to perform PING operations on the DNS domain name and virtual IP of the second target link to obtain potential risk information; and to issue alarms based on the potential risk information.
[0170] In this embodiment, as Figure 7 The diagram illustrates the workflow of a cloud application migration system. The dashed boxes represent operations in the first data center, and the solid boxes represent operations in the second data center. The workflow may specifically include:
[0171] A01: Non-drifting applications (routing applications / gateway applications);
[0172] The first data center identified non-migratory applications as applications to be migrated.
[0173] A02: Request to reserve resources;
[0174] Based on the memory size of the application to be migrated in the first data center, determine whether there is a corresponding amount of reserved space in the second data center;
[0175] A03: One-click capacity expansion;
[0176] If the second computer room has reserved space of the corresponding size, then memory expansion will be carried out;
[0177] A04: Create an application instance to be launched;
[0178] After expanding the memory capacity of the second data center, the application corresponding to the application to be migrated and its corresponding instance to be started are created, thus obtaining the target application and the application instance to be started in the second data center.
[0179] A05: Environmental Configuration;
[0180] A06: Certificate Configuration;
[0181] After obtaining the target application and the application instance to be launched in the second data center, the environment and certificate configuration of the application instance to be launched are performed to obtain the application instance in the second data center.
[0182] A07: Network activation;
[0183] The second computer room activates the network based on the network policy of the first computer room and the first packet capture information;
[0184] A08: Start the application instance;
[0185] Once the second data center obtains the application instance, it can start the application instance.
[0186] A09: Operational status verification;
[0187] A10: Technical verification;
[0188] A11: Business Validation;
[0189] After the application instance is started in the second data center, the application instance is verified in sequence for operation, technology and business.
[0190] A12: Is the target application associated with F5?
[0191] The second server room can determine whether the target application is associated with an F5 device; if so, proceed to A13; otherwise, proceed to A23.
[0192] A13: Is there a VIP membership?
[0193] When the target application in the second data center is associated with an F5 device, it is determined whether the F5 device has a corresponding VIP. If not, proceed to A14; if it does, proceed to A15.
[0194] A14: Added F5 VIP and domain name configuration;
[0195] If the F5 device in the second data center does not have a corresponding VIP, the target application can be given a new virtual IP (VIP) corresponding to the F5 device and the domain name can be configured based on the virtual IP information of the first data center.
[0196] A15: Technical verification;
[0197] The second computer room performs technical verification on newly added or existing VIPs of F5 devices; when the verification is successful, A16 is performed.
[0198] A16: Mount F5;
[0199] Based on the application instance information from the first data center, the second data center mounts application instances and F5 devices on verified virtual IPs;
[0200] A17: F5 technology verification;
[0201] The second computer room conducts technical verification of the F5 equipment; when the verification is successful, A18 is performed.
[0202] A18: Upstream verification;
[0203] The second server room can authenticate upstream terminal devices; when authentication is successful, A18 is performed.
[0204] A19: Add DNS resolution domain name;
[0205] Once the upstream terminal equipment in the second data center passes verification, a DNS resolution domain name is added. Then, based on the application instances that have passed the aforementioned operational verification, technical verification, and business verification, the DNS resolution domain name is enabled so that the application instances in the second data center can carry business traffic.
[0206] A20: Technical verification;
[0207] The second data center performs technical verification of DNS resolution domain names. If the verification is successful, it means that the second data center has successfully completed the application expansion.
[0208] A21: Cancel VIP and DNS resolution for domain names;
[0209] After the second data center completes the application expansion, the first data center can stop resolving the virtual IPs corresponding to the F5 devices in the first data center and disable the DNS resolution domain names in the first data center;
[0210] A22: Traffic Observation;
[0211] Monitor the traffic in the second data center; if there is business traffic, it means that the second data center is working normally and the first data center can be monitored (A24); if there is no business traffic, it means that there may be an anomaly in the second data center.
[0212] A23: Isolated Instances;
[0213] When the second data center determines in A13 that the target application is not associated with the F5 device, the second data center can isolate the application instance to prevent the application instance from starting but failing to receive business traffic, resulting in transaction loss; after isolating the application instance, the traffic of the second data center can also be monitored through A22.
[0214] A24: Instance offline;
[0215] If the second data center has business traffic and is operating normally, the application instances in the first data center can be taken offline.
[0216] A25: Instance shrinking;
[0217] After the application instances in the first data center are taken offline, the instances can continue to be scaled down.
[0218] A26: Traffic monitoring and alerts;
[0219] When the direction of business traffic is detected to be the first data center, the corresponding second target link is determined; a PING operation is performed on the DNS domain name and virtual IP of the second target link to obtain potential risk information; and an alarm is issued based on the potential risk information.
[0220] A27: Migration complete.
[0221] It should be noted that the functions and corresponding technical effects of the cloud application migration system provided in this embodiment can be referred to the description of the specific implementation methods in the various embodiments of the cloud application migration method of this application. For the sake of brevity, they will not be repeated here.
[0222] Example 4
[0223] Based on the same inventive concept, this embodiment provides a computer-readable storage medium, such as flash memory, hard disk, multimedia card, card-type memory (e.g., SD or DX memory), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic memory, disk, optical disk, server, etc. The storage medium stores a computer program, which can be executed by one or more processors. When the computer program is executed by the processor, it can implement all or part of the steps of the various embodiments of the cloud application migration method of this application.
[0224] It should be noted that the sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments. The above embodiments are only optional embodiments of this application and do not limit the patent scope of this application. All equivalent structural or procedural transformations made based on the inventive concept of this application and the content of the specification and drawings of this application, or direct or indirect applications in other related technical fields, are included within the patent protection scope of this application.
Claims
1. A method for migrating cloud applications, characterized in that, The method includes: Obtain the virtual IP information, application instance information, network policy, and first packet capture information of the first data center; wherein, the application instance information is the instance information of the application to be migrated, and the first packet capture information is the network access status of the first data center within a preset time period captured by network packet capture. Based on the virtual IP information, a new virtual IP corresponding to the F5 device is added for the target application in the second data center; wherein, the target application and the application to be migrated have a corresponding relationship; Based on the application instance information, the application instance of the second data center is mounted on the virtual IP; Based on the network policy and the first packet capture information, the network is enabled for the second computer room; Based on the second data center after the network is opened, start the application instance and enable DNS resolution of the domain name so that the F5 device in the second data center can carry the business traffic.
2. The cloud application migration method as described in claim 1, characterized in that, After the step of starting the application instance and enabling DNS resolution of the domain name in the second data center after the network is activated, so that the F5 device in the second data center can carry service traffic, the method further includes: Stop resolving the virtual IP corresponding to the F5 device in the first data center, and disable DNS resolution of the domain name in the first data center; Network packet capture was performed on the virtual IP and application instance of the first computer room to obtain the second packet capture information; Based on the second packet capture information, determine whether there is any business traffic in the first data center; If there is business traffic in the first data center, the corresponding first target link is determined, and a modification instruction is sent to the terminal device of the first target link so that the terminal device modifies the access method and transfers the business traffic to the application instance in the second data center; wherein, the terminal device is an access device located upstream of the server in the first target link, and the access method includes accessing through DNS resolution of domain name or virtual IP in the second data center; If there is no business traffic in the first data center, then the application instances in the first data center will be taken offline.
3. The cloud application migration method as described in claim 2, characterized in that, After the step of determining the corresponding first target link and sending a modification instruction to the terminal device of the first target link so that the terminal device modifies the access method and transfers the service traffic to the application instance under the second data center, the method further includes: Return to the step of performing network packet capture on the virtual IP and application instance of the first data center to obtain the second packet capture information, and repeat until there is no business traffic in the first data center.
4. The cloud application migration method as described in claim 1, characterized in that, Before the step of adding a virtual IP corresponding to the F5 device for the target application in the second computer room based on the virtual IP information, the method further includes: Based on the memory size of the application to be migrated in the first data center, determine whether there is a corresponding amount of reserved space in the second data center; If so, then the memory capacity of the second data center is expanded, and an application corresponding to the application to be migrated and its corresponding instance to be started are created to obtain the target application and the instance of the application to be started in the second data center. The application instance to be started is configured with environment and certificate to obtain the application instance in the second data center.
5. The cloud application migration method as described in claim 4, characterized in that, After the step of configuring the environment and certificates of the application instance to be launched to obtain the application instance in the second data center, the method further includes: Determine whether the target application in the second data center is associated with an F5 device; If so, then execute the step of adding a virtual IP corresponding to the F5 device for the target application in the second computer room based on the virtual IP information; If not, then isolate the application instances in the first data center.
6. The cloud application migration method as described in claim 1, characterized in that, The step of enabling network access to the second computer room based on the network policy and the first packet capture information includes: According to the network policy, the network of the second data center is activated for the first time to obtain the network activation information of the second data center; The first packet capture information and the information of the activated network are compared by IP address to obtain the information of the unactivated network in the second data center; Based on the information regarding the unactivated network, the second network in the computer room was activated a second time.
7. The cloud application migration method as described in claim 1, characterized in that, The steps of starting application instances and enabling DNS resolution of domain names in the second data center after the network is activated, so that the F5 devices in the second data center can carry service traffic, include: Start the application instance based on the second data center after the network is activated; The application instances in the second computer room were sequentially verified for operational status, technical aspects, and business operations. Once the application instance in the second data center passes verification, DNS resolution for the domain name will be enabled so that the F5 device in the second data center can carry business traffic.
8. The cloud application migration method as described in any one of claims 1 to 7, characterized in that, After the step of starting the application instance and enabling DNS resolution of the domain name in the second data center after the network is activated, so that the F5 device in the second data center can carry service traffic, the method further includes: When the direction of the service traffic is detected to be the first data center, the corresponding second target link is determined; Perform a PING operation on the DNS domain name and virtual IP of the second target link to obtain potential risk information; Warnings and alerts will be issued based on the aforementioned potential risk information.
9. A cloud application migration system, characterized in that, The system includes: The first data center includes a first cloud platform and the application to be migrated running on the first cloud platform; The second data center includes a second cloud platform, a target application running on the second cloud platform, and F5 devices; The first data center is used to obtain virtual IP information, application instance information, network policies and first packet capture information, and send them to the second data center; wherein, the application instance information is the instance information of the application to be migrated, and the first packet capture information is the network access status of the first data center within a preset time period captured by network packet capture. The second data center is used to receive virtual IP information, application instance information, network policies, and first packet capture information sent by the first data center; according to the virtual IP information, a new virtual IP corresponding to the F5 device is added for the target application; wherein, the target application and the application to be migrated have a corresponding relationship; according to the application instance information, the application instance of the second data center is mounted on the virtual IP; according to the network policy and the first packet capture information, the network of the second data center is opened; after the network is opened, the application instance is started and DNS resolution of the domain name is enabled so that the F5 device of the second data center can carry business traffic.
10. A computer-readable storage medium, characterized in that, The storage medium stores a computer program, which, when executed by one or more processors, implements the cloud application migration method as described in any one of claims 1 to 8.